diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index 869f830c6..ec824c4e5 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -2,7 +2,7 @@ name: Feature Request about: Suggestions for new features and improvements title: "" -labels: "new feature" +labels: "question" assignees: "" --- diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml index 21bbd018d..391f11c09 100644 --- a/.github/workflows/docker-build-and-push.yml +++ b/.github/workflows/docker-build-and-push.yml @@ -43,9 +43,19 @@ jobs: cp .meta ./backend/ cp .meta ./backend/ciso_assistant/ + - name: Build and Push Frontend Docker Image + uses: docker/build-push-action@v6 + with: + context: ./frontend + file: ./frontend/Dockerfile + push: true + tags: | + ghcr.io/${{ github.repository }}/frontend:${{ env.VERSION }} + ghcr.io/${{ github.repository }}/frontend:latest + platforms: linux/amd64,linux/arm64,linux/arm64/v8 - name: Build and Push Backend Docker Image - uses: docker/build-push-action@v5 + uses: docker/build-push-action@v6 with: context: ./backend file: ./backend/Dockerfile @@ -55,13 +65,3 @@ jobs: ghcr.io/${{ github.repository }}/backend:latest platforms: linux/amd64,linux/arm64,linux/arm64/v8 - - name: Build and Push Frontend Docker Image - uses: docker/build-push-action@v5 - with: - context: ./frontend - file: ./frontend/Dockerfile - push: true - tags: | - ghcr.io/${{ github.repository }}/frontend:${{ env.VERSION }} - ghcr.io/${{ github.repository }}/frontend:latest - platforms: linux/amd64,linux/arm64,linux/arm64/v8 diff --git a/.github/workflows/frontend-coverage.yaml b/.github/workflows/frontend-coverage.yaml index 3df61bc5d..129f34ba3 100644 --- a/.github/workflows/frontend-coverage.yaml +++ b/.github/workflows/frontend-coverage.yaml @@ -26,15 +26,15 @@ jobs: uses: actions/setup-node@v4 with: node-version: ${{ matrix.node-version }} - - name: Install latest npm + - name: Install latest pnpm working-directory: ${{env.working-directory}} run: | - npm install -g npm && - npm --version && - npm list -g --depth 0 + npm install -g pnpm && + pnpm --version && + pnpm list -g --depth 0 - name: Install dependencies working-directory: ${{env.working-directory}} - run: npm ci + run: pnpm i --frozen-lockfile - name: Run coverage working-directory: ${{env.working-directory}} - run: npm run coverage + run: pnpm run coverage diff --git a/.github/workflows/frontend-unit-tests.yml b/.github/workflows/frontend-unit-tests.yml index 1f60c714a..db8a63e48 100644 --- a/.github/workflows/frontend-unit-tests.yml +++ b/.github/workflows/frontend-unit-tests.yml @@ -28,12 +28,12 @@ jobs: - name: Install latest npm working-directory: ${{env.working-directory}} run: | - npm install -g npm && - npm --version && - npm list -g --depth 0 + npm install -g pnpm && + pnpm --version && + pnpm list -g --depth 0 - name: Install dependencies working-directory: ${{env.working-directory}} - run: npm ci + run: pnpm i --frozen-lockfile - name: Run tests working-directory: ${{env.working-directory}} - run: npm run test:ci + run: pnpm run test:ci diff --git a/.github/workflows/functional-tests.yml b/.github/workflows/functional-tests.yml index 37b8eacb3..a6649621a 100644 --- a/.github/workflows/functional-tests.yml +++ b/.github/workflows/functional-tests.yml @@ -53,8 +53,8 @@ jobs: - name: Install dependencies working-directory: ${{ env.working-directory }} run: | - npm install - npm ci + npm install -g pnpm + pnpm i --frozen-lockfile - name: Install Playwright browser ${{ matrix.playwright-browser }} working-directory: ${{ env.working-directory }} run: npx playwright install --with-deps ${{ matrix.playwright-browser }} diff --git a/.github/workflows/startup-tests.yml b/.github/workflows/startup-tests.yml index ff341d1fc..727b43089 100644 --- a/.github/workflows/startup-tests.yml +++ b/.github/workflows/startup-tests.yml @@ -46,8 +46,8 @@ jobs: - name: Install dependencies working-directory: ${{ env.working-directory }} run: | - npm install - npm ci + npm install -g pnpm + pnpm i --frozen-lockfile - name: Install Playwright Browsers working-directory: ${{ env.working-directory }} run: npx playwright install --with-deps @@ -101,8 +101,8 @@ jobs: - name: Install dependencies working-directory: ${{ env.working-directory }} run: | - npm install - npm ci + npm install -g pnpm + pnpm i --frozen-lockfile - name: Install Playwright Browsers working-directory: ${{ env.working-directory }} run: npx playwright install --with-deps diff --git a/README.md b/README.md index 26533afd0..92db3baa3 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,11 @@ The decoupling allows you to save a considerable amount of time: - leave the reporting formatting and sanity check to CISO assistant and focus on your fixes, - balance controls implementation and compliance follow-up +Here is an overview of CISO Assistant features and capabilities: + +![overview](features.png) + + CISO Assistant is developed and maintained by [intuitem](https://intuitem.com/), a French ๐Ÿ‡ซ๐Ÿ‡ท company specialized in Cyber Security, Cloud and Data/AI. ## Quick Start ๐Ÿš€ @@ -78,6 +83,9 @@ and run the starter script > [!WARNING] > If you're getting warnings or errors about image's platform not matching host platform, raise an issue with the details and we'll add it shortly after. You can also use `docker-compose-build.sh` instead (see below) to build for your specific architecture. +> [!CAUTION] +> Don't use the `main` branch code directly for production as it's the merge upstream and can have breaking changes during our developemnt. Either use the `tags` for stable versions or prebuilt images. + ## End-user Documentation Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant. @@ -127,9 +135,17 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant 41. ENISA: 5G Security Controls Matrix ๐Ÿ‡ช๐Ÿ‡บ 42. OWASP Mobile Application Security Verification Standard (MASVS) ๐Ÿ๐Ÿ“ฑ 43. Agile Security Framework (ASF) - baseline - by intuitem ๐Ÿค— -44. EU AI Act ๐Ÿ‡ช๐Ÿ‡บ๐Ÿค– -45. FBI CJIS ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ‘ฎ -46. Operational Technology Cybersecurity Controls (OTCC) ๐Ÿ‡ธ๐Ÿ‡ฆ +44. ISO 27001:2013 ๐ŸŒ (For legacy and migration) +45. EU AI Act ๐Ÿ‡ช๐Ÿ‡บ๐Ÿค– +46. FBI CJIS ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ‘ฎ +47. Operational Technology Cybersecurity Controls (OTCC) ๐Ÿ‡ธ๐Ÿ‡ฆ +48. Secure Controls Framework (SCF) ๐Ÿ‡บ๐Ÿ‡ธ๐ŸŒ +49. NCSC Cyber Assessment Framework (CAF) ๐Ÿ‡ฌ๐Ÿ‡ง +50. California Consumer Privacy Act (CCPA) ๐Ÿ‡บ๐Ÿ‡ธ +51. California Consumer Privacy Act Regulations ๐Ÿ‡บ๐Ÿ‡ธ +52. NCSC Cyber Essentials ๐Ÿ‡ฌ๐Ÿ‡ง +53. General Data Protection Regulation (GDPR) ๐Ÿ‡ช๐Ÿ‡บ +54. Directive Nationale de la Sรฉcuritรฉ des Systรจmes d'Information (DNSSI) Maroc ๐Ÿ‡ฒ๐Ÿ‡ฆ ### Community contributions @@ -150,13 +166,11 @@ Checkout the [library](/backend/library/libraries/) and [tools](/tools/) for the ### Coming soon -- NCSC Cyber Assessment Framework (CAF) -- Secure Controls Framework (SCF) -- CCPA - Part-IS -- SOX - NIST 800-82 -- UK Cyber Essentials +- Korea ISA: ISMS-P +- ENS Esquema Nacional de seguridad (espaรฑol) + - and much more: just ask on [Discord](https://discord.gg/qvkaMdQ8da). If it's an open standard, we'll do it for you, _free of charge_ ๐Ÿ˜‰ ## Add your own library @@ -167,6 +181,8 @@ Take a look at the `tools` directory and its dedicated readme. The `convert_libr You can also find some specific converters in the tools directory (e.g. for CIS or CCM Controls). +There is also a tool to facilitate the creation of mappings, called `prepare_mapping.py` that will create an Excel file based on two framework libraries in yaml. Once properly filled, this Excel file can be processed by the `convert_library.py` tool to get the resulting mapping library. + ## Community Join our [open Discord community](https://discord.gg/qvkaMdQ8da) to interact with the team and other GRC experts. diff --git a/backend/app_tests/api/test_api_compliance_assessments.py b/backend/app_tests/api/test_api_compliance_assessments.py index 406fb46b3..992fc5b76 100644 --- a/backend/app_tests/api/test_api_compliance_assessments.py +++ b/backend/app_tests/api/test_api_compliance_assessments.py @@ -120,6 +120,10 @@ def test_get_compliance_assessments(self, test): "project": { "id": str(project.id), "str": project.folder.name + "/" + project.name, + "folder": { + "id": str(project.folder.id), + "str": project.folder.name, + }, }, "framework": { "id": str(Framework.objects.all()[0].id), @@ -127,6 +131,7 @@ def test_get_compliance_assessments(self, test): "implementation_groups_definition": None, "min_score": 1, "max_score": 4, + "ref_id": str(Framework.objects.all()[0].ref_id), }, }, user_group=test.user_group, @@ -154,6 +159,10 @@ def test_create_compliance_assessments(self, test): "project": { "id": str(project.id), "str": project.folder.name + "/" + project.name, + "folder": { + "id": str(project.folder.id), + "str": project.folder.name, + }, }, "framework": { "id": str(Framework.objects.all()[0].id), @@ -161,6 +170,7 @@ def test_create_compliance_assessments(self, test): "implementation_groups_definition": None, "min_score": Framework.objects.all()[0].min_score, "max_score": Framework.objects.all()[0].max_score, + "ref_id": str(Framework.objects.all()[0].ref_id), }, }, user_group=test.user_group, @@ -200,6 +210,10 @@ def test_update_compliance_assessments(self, test): "project": { "id": str(project.id), "str": project.folder.name + "/" + project.name, + "folder": { + "id": str(project.folder.id), + "str": project.folder.name, + }, }, "framework": { "id": str(Framework.objects.all()[0].id), @@ -207,6 +221,7 @@ def test_update_compliance_assessments(self, test): "implementation_groups_definition": None, "min_score": Framework.objects.all()[0].min_score, "max_score": Framework.objects.all()[0].max_score, + "ref_id": str(Framework.objects.all()[0].ref_id), }, }, user_group=test.user_group, diff --git a/backend/app_tests/api/test_api_requirement_assessments.py b/backend/app_tests/api/test_api_requirement_assessments.py index 94523616c..ef49c83e1 100644 --- a/backend/app_tests/api/test_api_requirement_assessments.py +++ b/backend/app_tests/api/test_api_requirement_assessments.py @@ -13,8 +13,8 @@ from test_utils import EndpointTestsQueries # Generic requirement assessment data for tests -REQUIREMENT_ASSESSMENT_STATUS = "partially_compliant" -REQUIREMENT_ASSESSMENT_STATUS2 = "non_compliant" +REQUIREMENT_ASSESSMENT_STATUS = "to_do" +REQUIREMENT_ASSESSMENT_STATUS2 = "in_progress" REQUIREMENT_ASSESSMENT_OBSERVATION = "Test observation" diff --git a/backend/app_tests/api/test_api_risk_acceptances.py b/backend/app_tests/api/test_api_risk_acceptances.py index 56b6253c1..c0157057f 100644 --- a/backend/app_tests/api/test_api_risk_acceptances.py +++ b/backend/app_tests/api/test_api_risk_acceptances.py @@ -117,7 +117,12 @@ def test_get_risk_acceptances(self, test): }, { "folder": {"id": str(test.folder.id), "str": test.folder.name}, - "approver": {"id": str(approver.id), "str": approver.email}, + "approver": { + "id": str(approver.id), + "str": approver.email, + "last_name": approver.last_name, + "first_name": approver.first_name, + }, "state": RISK_ACCEPTANCE_STATE[1], }, user_group=test.user_group, @@ -157,7 +162,12 @@ def test_create_risk_acceptances(self, test): }, { "folder": {"id": str(test.folder.id), "str": test.folder.name}, - "approver": {"id": str(approver.id), "str": approver.email}, + "approver": { + "id": str(approver.id), + "str": approver.email, + "last_name": approver.last_name, + "first_name": approver.first_name, + }, "risk_scenarios": [ {"id": str(risk_scenario.id), "str": str(risk_scenario)} ], @@ -208,7 +218,12 @@ def test_update_risk_acceptances(self, test): }, { "folder": {"id": str(test.folder.id), "str": test.folder.name}, - "approver": {"id": str(approver.id), "str": approver.email}, + "approver": { + "id": str(approver.id), + "str": approver.email, + "last_name": approver.last_name, + "first_name": approver.first_name, + }, # 'state': RISK_ACCEPTANCE_STATE[1], }, user_group=test.user_group, diff --git a/backend/app_tests/api/test_api_risk_assessments.py b/backend/app_tests/api/test_api_risk_assessments.py index 84feefa51..4afcb6fd9 100644 --- a/backend/app_tests/api/test_api_risk_assessments.py +++ b/backend/app_tests/api/test_api_risk_assessments.py @@ -123,6 +123,10 @@ def test_get_risk_assessments(self, test): "project": { "id": str(project.id), "str": project.folder.name + "/" + project.name, + "folder": { + "id": str(project.folder.id), + "str": project.folder.name, + }, }, "risk_matrix": {"id": str(risk_matrix.id), "str": str(risk_matrix)}, }, @@ -152,6 +156,10 @@ def test_create_risk_assessments(self, test): "project": { "id": str(project.id), "str": project.folder.name + "/" + project.name, + "folder": { + "id": str(project.folder.id), + "str": project.folder.name, + }, }, "risk_matrix": {"id": str(risk_matrix.id), "str": str(risk_matrix)}, }, @@ -193,6 +201,10 @@ def test_update_risk_assessments(self, test): "project": { "id": str(project.id), "str": project.folder.name + "/" + project.name, + "folder": { + "id": str(project.folder.id), + "str": project.folder.name, + }, }, "risk_matrix": {"id": str(risk_matrix.id), "str": str(risk_matrix)}, }, diff --git a/backend/app_tests/api/test_api_risk_scenarios.py b/backend/app_tests/api/test_api_risk_scenarios.py index a402c41be..b848508e5 100644 --- a/backend/app_tests/api/test_api_risk_scenarios.py +++ b/backend/app_tests/api/test_api_risk_scenarios.py @@ -197,6 +197,7 @@ def test_get_risk_scenarios(self, test): "treatment": RISK_SCENARIO_TREATMENT_STATUS[1], "risk_assessment": { "id": str(risk_assessment.id), + "name": str(risk_assessment.name), "str": str(risk_assessment), }, "threats": [{"id": str(threat.id), "str": str(threat)}], @@ -256,6 +257,7 @@ def test_create_risk_scenarios(self, test): "risk_assessment": { "id": str(risk_assessment.id), "str": str(risk_assessment), + "name": str(risk_assessment.name), }, "threats": [{"id": str(threat.id), "str": threat.name}], "risk_matrix": { @@ -339,6 +341,7 @@ def test_update_risk_scenarios(self, test): "risk_assessment": { "id": str(risk_assessment.id), "str": str(risk_assessment), + "name": str(risk_assessment.name), }, "threats": [{"id": str(threat.id), "str": threat.name}], "risk_matrix": { diff --git a/backend/ciso_assistant/settings.py b/backend/ciso_assistant/settings.py index b12724739..9aa2f8676 100644 --- a/backend/ciso_assistant/settings.py +++ b/backend/ciso_assistant/settings.py @@ -196,6 +196,7 @@ def set_ciso_assistant_url(_, __, event_dict): "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination", "PAGE_SIZE": PAGINATE_BY, "DEFAULT_SCHEMA_CLASS": "drf_spectacular.openapi.AutoSchema", + "EXCEPTION_HANDLER": "core.helpers.handle", } REST_KNOX = { diff --git a/backend/core/apps.py b/backend/core/apps.py index faae6b48b..20c023035 100644 --- a/backend/core/apps.py +++ b/backend/core/apps.py @@ -29,6 +29,8 @@ "view_loadedlibrary", "view_storedlibrary", "view_user", + "view_requirementmappingset", + "view_requirementmapping", ] APPROVER_PERMISSIONS_LIST = [ @@ -53,6 +55,8 @@ "view_storedlibrary", "view_loadedlibrary", "view_user", + "view_requirementmappingset", + "view_requirementmapping", ] ANALYST_PERMISSIONS_LIST = [ @@ -107,6 +111,8 @@ "view_storedlibrary", "view_loadedlibrary", "view_user", + "view_requirementmappingset", + "view_requirementmapping", ] DOMAIN_MANAGER_PERMISSIONS_LIST = [ @@ -166,6 +172,8 @@ "view_storedlibrary", "view_loadedlibrary", "view_user", + "view_requirementmappingset", + "view_requirementmapping", ] ADMINISTRATOR_PERMISSIONS_LIST = [ @@ -250,6 +258,8 @@ "restore", "view_globalsettings", "change_globalsettings", + "view_requirementmappingset", + "view_requirementmapping", ] diff --git a/backend/core/base_models.py b/backend/core/base_models.py index cef56cd72..264567870 100644 --- a/backend/core/base_models.py +++ b/backend/core/base_models.py @@ -116,3 +116,15 @@ class Meta: def __str__(self) -> str: return self.name + + +class ETADueDateMixin(models.Model): + """ + Mixin for models that have an ETA and a due date. + """ + + eta = models.DateField(null=True, blank=True, verbose_name=_("ETA")) + due_date = models.DateField(null=True, blank=True, verbose_name=_("Due date")) + + class Meta: + abstract = True diff --git a/backend/core/helpers.py b/backend/core/helpers.py index 4067653c3..831190718 100644 --- a/backend/core/helpers.py +++ b/backend/core/helpers.py @@ -12,6 +12,14 @@ from typing import List, Dict, Optional +from django.core.exceptions import NON_FIELD_ERRORS as DJ_NON_FIELD_ERRORS +from django.core.exceptions import ValidationError as DjValidationError +from rest_framework.exceptions import ValidationError as DRFValidationError +from rest_framework.views import api_settings +from rest_framework.views import exception_handler as drf_exception_handler + +DRF_NON_FIELD_ERRORS = api_settings.NON_FIELD_ERRORS_KEY + def flatten_dict( d: MutableMapping, parent_key: str = "", sep: str = "." @@ -46,9 +54,11 @@ def flatten_dict( def color_css_class(status): return { + "not_assessed": "gray-300", "compliant": "green-500", - "to_do": "gray-300", + "to_do": "gray-400", "in_progress": "blue-500", + "done": "green-500", "non_compliant": "red-500", "partially_compliant": "yellow-400", "not_applicable": "black", @@ -269,11 +279,16 @@ def get_sorted_requirement_nodes_rec(start: list) -> dict: "implementation_groups": node.implementation_groups or None, "ra_id": str(req_as.id) if req_as else None, "status": req_as.status if req_as else None, + "result": req_as.result if req_as else None, "is_scored": req_as.is_scored if req_as else None, "score": req_as.score if req_as else None, "max_score": max_score if req_as else None, + "mapping_inference": req_as.mapping_inference if req_as else None, "status_display": req_as.get_status_display() if req_as else None, "status_i18n": camel_case(req_as.status) if req_as else None, + "result_i18n": camel_case(req_as.result) + if req_as and req_as.result is not None + else None, "node_content": node.display_long, "style": "node", "assessable": node.assessable, @@ -305,12 +320,19 @@ def get_sorted_requirement_nodes_rec(start: list) -> dict: "is_scored": child_req_as.is_scored if child_req_as else None, "score": child_req_as.score if child_req_as else None, "max_score": max_score if child_req_as else None, + "mapping_inference": child_req_as.mapping_inference + if child_req_as + else None, "status_display": child_req_as.get_status_display() if child_req_as else None, "status_i18n": camel_case(child_req_as.status) if child_req_as else None, + "result": child_req_as.result if child_req_as else None, + "result_i18n": camel_case(child_req_as.result) + if child_req_as and child_req_as.result is not None + else None, "style": "leaf", } @@ -621,14 +643,14 @@ def aggregate_risks_per_field( .filter(residual_level=i) # .filter(risk_assessment__risk_matrix__name=["name"]) .count() - ) # What the second filter does ? Is this usefull ? + ) # What the second filter does ? Is this useful ? else: count = ( RiskScenario.objects.filter(id__in=object_ids_view) .filter(current_level=i) # .filter(risk_assessment__risk_matrix__name=["name"]) .count() - ) # What the second filter does ? Is this usefull ? + ) # What the second filter does ? Is this useful ? if "count" not in values[m["risk"][i][field]]: values[m["risk"][i][field]]["count"] = count @@ -984,3 +1006,17 @@ def threats_count_per_name(user: User): label["max"] = max_offset return {"labels": labels, "values": values} + + +def handle(exc, context): + # translate django validation error which ... + # .. causes HTTP 500 status ==> DRF validation which will cause 400 HTTP status + if isinstance(exc, DjValidationError): + data = exc.message_dict + if DJ_NON_FIELD_ERRORS in data: + data[DRF_NON_FIELD_ERRORS] = data[DJ_NON_FIELD_ERRORS] + del data[DJ_NON_FIELD_ERRORS] + + exc = DRFValidationError(detail=data) + + return drf_exception_handler(exc, context) diff --git a/backend/core/migrations/0015_remove_complianceassessment_result_and_more.py b/backend/core/migrations/0015_remove_complianceassessment_result_and_more.py new file mode 100644 index 000000000..af43874aa --- /dev/null +++ b/backend/core/migrations/0015_remove_complianceassessment_result_and_more.py @@ -0,0 +1,110 @@ +# Generated by Django 5.0.6 on 2024-06-26 10:11 + +from django.db import migrations, models + + +class Results(models.TextChoices): + NOT_ASSESSED = "not_assessed", "Not assessed" + PARTIALLY_COMPLIANT = "partially_compliant", "Partially compliant" + NON_COMPLIANT = "non_compliant", "Non-compliant" + COMPLIANT = "compliant", "Compliant" + NOT_APPLICABLE = "not_applicable", "Not applicable" + + +class Status(models.TextChoices): + TODO = "to_do", "To do" + IN_PROGRESS = "in_progress", "In progress" + IN_REVIEW = "in_review", "In review" + DONE = "done", "Done" + + +def create_result(apps, schema_editor): + RequirementAssessment = apps.get_model("core", "RequirementAssessment") + for assessment in RequirementAssessment.objects.all(): + if assessment.status in Results.values: + setattr(assessment, "result", assessment.status) + assessment.status = Status.TODO + if assessment.result == Results.COMPLIANT: + assessment.status = Status.DONE + if assessment.result == Results.PARTIALLY_COMPLIANT: + assessment.status = Status.IN_PROGRESS + if assessment.result == Results.NON_COMPLIANT: + assessment.status = Status.IN_REVIEW + if assessment.result == Results.NOT_APPLICABLE: + assessment.status = Status.DONE + assessment.save() + + +class Migration(migrations.Migration): + dependencies = [ + ("core", "0014_auto_20240522_1731"), + ] + + operations = [ + migrations.RemoveField( + model_name="complianceassessment", + name="result", + ), + migrations.AddField( + model_name="requirementassessment", + name="due_date", + field=models.DateField(blank=True, null=True, verbose_name="Due date"), + ), + migrations.AddField( + model_name="requirementassessment", + name="eta", + field=models.DateField(blank=True, null=True, verbose_name="ETA"), + ), + migrations.AddField( + model_name="requirementassessment", + name="result", + field=models.CharField( + choices=[ + ("not_assessed", "Not assessed"), + ("partially_compliant", "Partially compliant"), + ("non_compliant", "Non-compliant"), + ("compliant", "Compliant"), + ("not_applicable", "Not applicable"), + ], + default="not_assessed", + max_length=64, + verbose_name="Result", + ), + ), + migrations.AlterField( + model_name="complianceassessment", + name="due_date", + field=models.DateField(blank=True, null=True, verbose_name="Due date"), + ), + migrations.AlterField( + model_name="complianceassessment", + name="eta", + field=models.DateField(blank=True, null=True, verbose_name="ETA"), + ), + migrations.AlterField( + model_name="requirementassessment", + name="status", + field=models.CharField( + choices=[ + ("to_do", "To do"), + ("in_progress", "In progress"), + ("in_review", "In review"), + ("done", "Done"), + ], + default="to_do", + max_length=100, + verbose_name="Status", + ), + ), + migrations.AlterField( + model_name="riskassessment", + name="due_date", + field=models.DateField(blank=True, null=True, verbose_name="Due date"), + ), + migrations.AlterField( + model_name="riskassessment", + name="eta", + field=models.DateField(blank=True, null=True, verbose_name="ETA"), + ), + migrations.RunPython(create_result), + ] diff --git a/backend/core/migrations/0016_riskscenario_owner.py b/backend/core/migrations/0016_riskscenario_owner.py new file mode 100644 index 000000000..91c9b41f1 --- /dev/null +++ b/backend/core/migrations/0016_riskscenario_owner.py @@ -0,0 +1,24 @@ +# Generated by Django 5.0.6 on 2024-07-06 13:27 + +from django.conf import settings +from django.db import migrations, models + + +class Migration(migrations.Migration): + dependencies = [ + ("core", "0015_remove_complianceassessment_result_and_more"), + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ] + + operations = [ + migrations.AddField( + model_name="riskscenario", + name="owner", + field=models.ManyToManyField( + blank=True, + related_name="risk_scenarios", + to=settings.AUTH_USER_MODEL, + verbose_name="Owner", + ), + ), + ] diff --git a/backend/core/migrations/0017_requirementassessment_mapping_inference_and_more.py b/backend/core/migrations/0017_requirementassessment_mapping_inference_and_more.py new file mode 100644 index 000000000..825a069c6 --- /dev/null +++ b/backend/core/migrations/0017_requirementassessment_mapping_inference_and_more.py @@ -0,0 +1,207 @@ +# Generated by Django 5.0.6 on 2024-07-08 07:04 + +import django.core.validators +import django.db.models.deletion +import iam.models +import uuid +from django.db import migrations, models + + +class Migration(migrations.Migration): + dependencies = [ + ("core", "0016_riskscenario_owner"), + ("iam", "0005_alter_user_managers"), + ] + + operations = [ + migrations.AddField( + model_name="requirementassessment", + name="mapping_inference", + field=models.JSONField(default=dict, verbose_name="Mapping inference"), + ), + migrations.CreateModel( + name="RequirementMappingSet", + fields=[ + ( + "id", + models.UUIDField( + default=uuid.uuid4, + editable=False, + primary_key=True, + serialize=False, + ), + ), + ( + "created_at", + models.DateTimeField(auto_now_add=True, verbose_name="Created at"), + ), + ( + "updated_at", + models.DateTimeField(auto_now=True, verbose_name="Updated at"), + ), + ( + "is_published", + models.BooleanField(default=False, verbose_name="published"), + ), + ( + "urn", + models.CharField( + blank=True, + max_length=100, + null=True, + unique=True, + verbose_name="URN", + ), + ), + ( + "ref_id", + models.CharField( + blank=True, + max_length=100, + null=True, + verbose_name="Reference ID", + ), + ), + ( + "provider", + models.CharField( + blank=True, max_length=200, null=True, verbose_name="Provider" + ), + ), + ( + "name", + models.CharField(max_length=200, null=True, verbose_name="Name"), + ), + ( + "description", + models.TextField(blank=True, null=True, verbose_name="Description"), + ), + ( + "annotation", + models.TextField(blank=True, null=True, verbose_name="Annotation"), + ), + ( + "target_framework", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + related_name="target_framework", + to="core.framework", + verbose_name="Target framework", + ), + ), + ( + "folder", + models.ForeignKey( + default=iam.models.Folder.get_root_folder, + on_delete=django.db.models.deletion.CASCADE, + related_name="%(class)s_folder", + to="iam.folder", + ), + ), + ( + "library", + models.ForeignKey( + blank=True, + null=True, + on_delete=django.db.models.deletion.CASCADE, + related_name="requirement_mapping_sets", + to="core.loadedlibrary", + ), + ), + ( + "source_framework", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + related_name="source_framework", + to="core.framework", + verbose_name="Source framework", + ), + ), + ], + options={ + "abstract": False, + }, + ), + migrations.CreateModel( + name="RequirementMapping", + fields=[ + ( + "id", + models.BigAutoField( + auto_created=True, + primary_key=True, + serialize=False, + verbose_name="ID", + ), + ), + ( + "relationship", + models.CharField( + choices=[ + ("subset", "Subset"), + ("intersect", "Intersect"), + ("equal", "Equal"), + ("superset", "Superset"), + ("not_related", "Not related"), + ], + default="not_related", + max_length=20, + verbose_name="Relationship", + ), + ), + ( + "rationale", + models.CharField( + blank=True, + choices=[ + ("syntactic", "Syntactic"), + ("semantic", "Semantic"), + ("functional", "Functional"), + ], + max_length=20, + null=True, + verbose_name="Rationale", + ), + ), + ( + "strength_of_relationship", + models.PositiveSmallIntegerField( + null=True, + validators=[django.core.validators.MaxValueValidator(10)], + verbose_name="Strength of relationship", + ), + ), + ( + "annotation", + models.TextField(blank=True, null=True, verbose_name="Annotation"), + ), + ( + "target_requirement", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + related_name="target_requirement", + to="core.requirementnode", + verbose_name="Target requirement", + ), + ), + ( + "source_requirement", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + related_name="source_requirement", + to="core.requirementnode", + verbose_name="Source requirement", + ), + ), + ( + "mapping_set", + models.ForeignKey( + on_delete=django.db.models.deletion.CASCADE, + related_name="mappings", + to="core.requirementmappingset", + verbose_name="Mapping set", + ), + ), + ], + ), + ] diff --git a/backend/core/models.py b/backend/core/models.py index d4d4bbe02..f754812dc 100644 --- a/backend/core/models.py +++ b/backend/core/models.py @@ -1,12 +1,13 @@ from pathlib import Path from django.apps import apps +from django.core.validators import MaxValueValidator from django.forms.models import model_to_dict from django.contrib.auth import get_user_model from django.db import models, transaction from django.utils.translation import gettext_lazy as _ from django.db.models import Q -from .base_models import * +from .base_models import AbstractBaseModel, NameDescriptionMixin, ETADueDateMixin from .validators import validate_file_size, validate_file_name from .utils import camel_case, sha256 from iam.models import FolderMixin, PublishInRootFolderMixin @@ -16,6 +17,8 @@ import json import yaml +from django.core.exceptions import ValidationError + from django.urls import reverse from datetime import date, datetime from typing import Union, Dict, Set, List, Tuple, Type, Self @@ -30,7 +33,7 @@ ########################### Referential objects ######################### -class ReferentialObjectMixin(NameDescriptionMixin, FolderMixin): +class ReferentialObjectMixin(AbstractBaseModel, FolderMixin): """ Mixin for referential objects. """ @@ -41,10 +44,6 @@ class ReferentialObjectMixin(NameDescriptionMixin, FolderMixin): ref_id = models.CharField( max_length=100, blank=True, null=True, verbose_name=_("Reference ID") ) - locale = models.CharField( - max_length=100, null=False, blank=False, default="en", verbose_name=_("Locale") - ) - default_locale = models.BooleanField(default=True, verbose_name=_("Default locale")) provider = models.CharField( max_length=200, blank=True, null=True, verbose_name=_("Provider") ) @@ -85,7 +84,17 @@ def __str__(self) -> str: return self.display_short -class LibraryMixin(ReferentialObjectMixin): +class I18nObjectMixin(models.Model): + locale = models.CharField( + max_length=100, null=False, blank=False, default="en", verbose_name=_("Locale") + ) + default_locale = models.BooleanField(default=True, verbose_name=_("Default locale")) + + class Meta: + abstract = True + + +class LibraryMixin(ReferentialObjectMixin, I18nObjectMixin): class Meta: abstract = True unique_together = [["urn", "locale", "version"]] @@ -170,7 +179,7 @@ def store_library_content( outdated_library.delete() objects_meta = { - key: (1 if key == "framework" else len(value)) + key: (1 if key == "framework" or "requirement_mapping_set" else len(value)) for key, value in library_data["objects"].items() } @@ -408,16 +417,17 @@ def update_library(self) -> Union[str, None]: requirement_node_dict["order_id"] = order_id order_id += 1 - new_requirement_node, created = ( - RequirementNode.objects.update_or_create( - urn=requirement_node["urn"].lower(), - defaults=requirement_node_dict, - create_defaults={ - **referential_object_dict, - **requirement_node_dict, - "framework": new_framework, - }, - ) + ( + new_requirement_node, + created, + ) = RequirementNode.objects.update_or_create( + urn=requirement_node["urn"].lower(), + defaults=requirement_node_dict, + create_defaults={ + **referential_object_dict, + **requirement_node_dict, + "framework": new_framework, + }, ) if created: @@ -445,7 +455,7 @@ def update_library(self) -> Union[str, None]: ) if ( reference_control_to_add is None - ): # I am not 100% this condition is usefull + ): # I am not 100% this condition is useful reference_control_to_add = ReferenceControl.objects.filter( urn=reference_control_urn.lower() ).first() # No locale support @@ -570,7 +580,7 @@ def delete(self, *args, **kwargs): ) -class Threat(ReferentialObjectMixin, PublishInRootFolderMixin): +class Threat(ReferentialObjectMixin, I18nObjectMixin, PublishInRootFolderMixin): library = models.ForeignKey( LoadedLibrary, on_delete=models.CASCADE, @@ -601,7 +611,7 @@ def __str__(self): return self.name -class ReferenceControl(ReferentialObjectMixin): +class ReferenceControl(ReferentialObjectMixin, I18nObjectMixin): CATEGORY = [ ("policy", _("Policy")), ("process", _("Process")), @@ -658,7 +668,7 @@ def __str__(self): ) -class RiskMatrix(ReferentialObjectMixin): +class RiskMatrix(ReferentialObjectMixin, I18nObjectMixin): library = models.ForeignKey( LoadedLibrary, on_delete=models.CASCADE, @@ -740,7 +750,7 @@ def __str__(self) -> str: return self.name -class Framework(ReferentialObjectMixin): +class Framework(ReferentialObjectMixin, I18nObjectMixin): min_score = models.IntegerField(default=0, verbose_name=_("Minimum score")) max_score = models.IntegerField(default=100, verbose_name=_("Maximum score")) scores_definition = models.JSONField( @@ -803,7 +813,7 @@ def process_node(self, node): return node_dict -class RequirementNode(ReferentialObjectMixin): +class RequirementNode(ReferentialObjectMixin, I18nObjectMixin): threats = models.ManyToManyField( "Threat", blank=True, @@ -841,6 +851,109 @@ class Meta: verbose_name_plural = _("RequirementNodes") +class RequirementMappingSet(ReferentialObjectMixin): + library = models.ForeignKey( + LoadedLibrary, + on_delete=models.CASCADE, + null=True, + blank=True, + related_name="requirement_mapping_sets", + ) + + source_framework = models.ForeignKey( + Framework, + on_delete=models.CASCADE, + verbose_name=_("Source framework"), + related_name="source_framework", + ) + target_framework = models.ForeignKey( + Framework, + on_delete=models.CASCADE, + verbose_name=_("Target framework"), + related_name="target_framework", + ) + + def save(self, *args, **kwargs) -> None: + if self.source_framework == self.target_framework: + raise ValidationError(_("Source and related frameworks must be different")) + return super().save(*args, **kwargs) + + +class RequirementMapping(models.Model): + class Coverage(models.TextChoices): + FULL = "full", _("Full") + PARTIAL = "partial", _("Partial") + NOT_RELATED = "not_related", _("Not related") + + class Relationship(models.TextChoices): + SUBSET = "subset", _("Subset") + INTERSECT = "intersect", _("Intersect") + EQUAL = "equal", _("Equal") + SUPERSET = "superset", _("Superset") + NOT_RELATED = "not_related", _("Not related") + + class Rationale(models.TextChoices): + SYNTACTIC = "syntactic", _("Syntactic") + SEMANTIC = "semantic", _("Semantic") + FUNCTIONAL = "functional", _("Functional") + + FULL_COVERAGE_RELATIONSHIPS = [ + Relationship.EQUAL, + Relationship.SUPERSET, + ] + + PARTIAL_COVERAGE_RELATIONSHIPS = [ + Relationship.INTERSECT, + Relationship.SUBSET, + ] + + mapping_set = models.ForeignKey( + RequirementMappingSet, + on_delete=models.CASCADE, + verbose_name=_("Mapping set"), + related_name="mappings", + ) + target_requirement = models.ForeignKey( + RequirementNode, + on_delete=models.CASCADE, + verbose_name=_("Target requirement"), + related_name="target_requirement", + ) + relationship = models.CharField( + max_length=20, + choices=Relationship.choices, + default=Relationship.NOT_RELATED, + verbose_name=_("Relationship"), + ) + rationale = models.CharField( + max_length=20, + null=True, + blank=True, + choices=Rationale.choices, + verbose_name=_("Rationale"), + ) + source_requirement = models.ForeignKey( + RequirementNode, + on_delete=models.CASCADE, + verbose_name=_("Source requirement"), + related_name="source_requirement", + ) + strength_of_relationship = models.PositiveSmallIntegerField( + null=True, + verbose_name=_("Strength of relationship"), + validators=[MaxValueValidator(10)], + ) + annotation = models.TextField(null=True, blank=True, verbose_name=_("Annotation")) + + @property + def coverage(self) -> str: + if self.relationship == RequirementMapping.Relationship.NOT_RELATED: + return RequirementMapping.Coverage.NOT_RELATED + if self.relationship in self.FULL_COVERAGE_RELATIONSHIPS: + return RequirementMapping.Coverage.FULL + return RequirementMapping.Coverage.PARTIAL + + ########################### Domain objects ######################### @@ -1146,7 +1259,7 @@ def save(self, *args, **kwargs): ########################### Secondary objects ######################### -class Assessment(NameDescriptionMixin): +class Assessment(NameDescriptionMixin, ETADueDateMixin): class Status(models.TextChoices): PLANNED = "planned", _("Planned") IN_PROGRESS = "in_progress", _("In progress") @@ -1185,18 +1298,6 @@ class Status(models.TextChoices): verbose_name=_("Reviewers"), related_name="%(class)s_reviewers", ) - eta = models.DateField( - null=True, - blank=True, - help_text=_("Estimated time of arrival"), - verbose_name=_("ETA"), - ) - due_date = models.DateField( - null=True, - blank=True, - help_text=_("Due date"), - verbose_name=_("Due date"), - ) fields_to_check = ["name", "version"] @@ -1217,7 +1318,7 @@ class Meta: verbose_name_plural = _("Risk assessments") def __str__(self) -> str: - return f"{self.project}/{self.name} - {self.version}" + return f"{self.name} - {self.version}" @property def path_display(self) -> str: @@ -1563,6 +1664,12 @@ class RiskScenario(NameDescriptionMixin): blank=True, ) + owner = models.ManyToManyField( + User, + blank=True, + verbose_name=_("Owner"), + related_name="risk_scenarios", + ) # current current_proba = models.SmallIntegerField( default=-1, verbose_name=_("Current probability") @@ -1707,22 +1814,9 @@ def save(self, *args, **kwargs): class ComplianceAssessment(Assessment): - class Result(models.TextChoices): - COMPLIANT = "compliant", _("Compliant") - NON_COMPLIANT_MINOR = "non_compliant_minor", _("Non compliant (minor)") - NON_COMPLIANT_MAJOR = "non_compliant_major", _("Non compliant (major)") - NOT_APPLICABLE = "not_applicable", _("Not applicable") - framework = models.ForeignKey( Framework, on_delete=models.CASCADE, verbose_name=_("Framework") ) - result = models.CharField( - blank=True, - null=True, - max_length=100, - choices=Result.choices, - verbose_name=_("Result"), - ) selected_implementation_groups = models.JSONField( blank=True, null=True, verbose_name=_("Selected implementation groups") ) @@ -1748,8 +1842,9 @@ def get_global_score(self): requirement_assessments_scored = ( RequirementAssessment.objects.filter(compliance_assessment=self) .exclude(score=None) - .exclude(status=RequirementAssessment.Status.NOT_APPLICABLE) + .exclude(status=RequirementAssessment.Result.NOT_APPLICABLE) .exclude(is_scored=False) + .exclude(requirement__assessable=False) ) ig = ( set(self.selected_implementation_groups) @@ -1849,18 +1944,57 @@ def union_queries(base_query, groups, field_name): return queries[0].union(*queries[1:]) if queries else base_query.none() color_map = { - "in_progress": "#3b82f6", - "non_compliant": "#f87171", - "to_do": "#d1d5db", - "partially_compliant": "#fde047", - "not_applicable": "#000000", - "compliant": "#86efac", + RequirementAssessment.Result.NOT_ASSESSED: "#d1d5db", + RequirementAssessment.Result.NON_COMPLIANT: "#f87171", + RequirementAssessment.Result.PARTIALLY_COMPLIANT: "#fde047", + RequirementAssessment.Result.COMPLIANT: "#86efac", + RequirementAssessment.Result.NOT_APPLICABLE: "#000000", + RequirementAssessment.Status.TODO: "#9ca3af", + RequirementAssessment.Status.IN_PROGRESS: "#f59e0b", + RequirementAssessment.Status.IN_REVIEW: "#3b82f6", + RequirementAssessment.Status.DONE: "#86efac", } + compliance_assessments_result = {"values": [], "labels": []} + for result in RequirementAssessment.Result.values: + assessable_requirements_filter = { + "compliance_assessment": self, + "requirement__assessable": True, + } + + base_query = RequirementAssessment.objects.filter( + result=result, **assessable_requirements_filter + ).distinct() + + if self.selected_implementation_groups: + union_query = union_queries( + base_query, + self.selected_implementation_groups, + "requirement__implementation_groups", + ) + else: + union_query = base_query + + count = union_query.count() + value_entry = { + "name": result, + "localName": camel_case(result), + "value": count, + "itemStyle": {"color": color_map[result]}, + } + + compliance_assessments_result["values"].append(value_entry) + compliance_assessments_result["labels"].append(result) + compliance_assessments_status = {"values": [], "labels": []} - for status in RequirementAssessment.Status: + for status in RequirementAssessment.Status.values: + assessable_requirements_filter = { + "compliance_assessment": self, + "requirement__assessable": True, + } + base_query = RequirementAssessment.objects.filter( - status=status, compliance_assessment=self, requirement__assessable=True + status=status, **assessable_requirements_filter ).distinct() if self.selected_implementation_groups: @@ -1875,15 +2009,18 @@ def union_queries(base_query, groups, field_name): count = union_query.count() value_entry = { "name": status, - "localName": camel_case(status.value), + "localName": camel_case(status), "value": count, "itemStyle": {"color": color_map[status]}, } compliance_assessments_status["values"].append(value_entry) - compliance_assessments_status["labels"].append(status.label) + compliance_assessments_status["labels"].append(status) - return compliance_assessments_status + return { + "result": compliance_assessments_result, + "status": compliance_assessments_status, + } def quality_check(self) -> dict: AppliedControl = apps.get_model("core", "AppliedControl") @@ -2006,13 +2143,77 @@ def quality_check(self) -> dict: } return findings + def compute_requirement_assessments_results( + self, mapping_set: RequirementMappingSet, source_assessment: Self + ) -> list["RequirementAssessment"]: + requirement_assessments: list[RequirementAssessment] = [] + result_order = ( + RequirementAssessment.Result.NON_COMPLIANT, + RequirementAssessment.Result.PARTIALLY_COMPLIANT, + RequirementAssessment.Result.COMPLIANT, + ) + for requirement_assessment in self.requirement_assessments.all(): + mappings = mapping_set.mappings.filter( + target_requirement=requirement_assessment.requirement + ) + inferences = [] + refs = [] + if mappings.filter( + relationship__in=RequirementMapping.FULL_COVERAGE_RELATIONSHIPS + ).exists(): + mappings = mappings.filter( + relationship__in=RequirementMapping.FULL_COVERAGE_RELATIONSHIPS + ) + for mapping in mappings: + source_requirement_assessment = RequirementAssessment.objects.get( + compliance_assessment=source_assessment, + requirement=mapping.source_requirement, + ) + inferred_result, inferred_status = requirement_assessment.infer_result( + mapping=mapping, + source_requirement_assessment=source_requirement_assessment, + ) + if inferred_result in result_order: + inferences.append((inferred_result, inferred_status)) + refs.append(source_requirement_assessment) + if inferences: + if len(inferences) == 1: + requirement_assessment.result = inferences[0][0] + if inferences[0][1]: + requirement_assessment.status = inferences[0][1] + ref = refs[0] + else: + lowest_result = min( + inferences, key=lambda x: result_order.index(x[0]) + ) + requirement_assessment.result = lowest_result[0] + if lowest_result[1]: + requirement_assessment.status = lowest_result[1] + ref = refs[inferences.index(lowest_result)] + requirement_assessment.mapping_inference = { + "result": requirement_assessment.result, + "source_requirement_assessment": { + "str": str(ref), + "id": str(ref.id), + "coverage": mapping.coverage, + }, + # "mappings": [mapping.id for mapping in mappings], + } + requirement_assessments.append(requirement_assessment) + return requirement_assessments + -class RequirementAssessment(AbstractBaseModel, FolderMixin): +class RequirementAssessment(AbstractBaseModel, FolderMixin, ETADueDateMixin): class Status(models.TextChoices): TODO = "to_do", _("To do") IN_PROGRESS = "in_progress", _("In progress") - NON_COMPLIANT = "non_compliant", _("Non compliant") + IN_REVIEW = "in_review", _("In review") + DONE = "done", _("Done") + + class Result(models.TextChoices): + NOT_ASSESSED = "not_assessed", _("Not assessed") PARTIALLY_COMPLIANT = "partially_compliant", _("Partially compliant") + NON_COMPLIANT = "non_compliant", _("Non-compliant") COMPLIANT = "compliant", _("Compliant") NOT_APPLICABLE = "not_applicable", _("Not applicable") @@ -2022,6 +2223,12 @@ class Status(models.TextChoices): default=Status.TODO, verbose_name=_("Status"), ) + result = models.CharField( + max_length=64, + choices=Result.choices, + verbose_name=_("Result"), + default=Result.NOT_ASSESSED, + ) score = models.IntegerField( blank=True, null=True, @@ -2057,6 +2264,10 @@ class Status(models.TextChoices): default=True, verbose_name=_("Selected"), ) + mapping_inference = models.JSONField( + default=dict, + verbose_name=_("Mapping inference"), + ) def __str__(self) -> str: return self.requirement.display_short @@ -2064,6 +2275,27 @@ def __str__(self) -> str: def get_requirement_description(self) -> str: return self.requirement.description + def infer_result( + self, mapping: RequirementMapping, source_requirement_assessment: Self + ) -> str | None: + if mapping.coverage == RequirementMapping.Coverage.FULL: + return ( + source_requirement_assessment.result, + source_requirement_assessment.status, + ) + if mapping.coverage == RequirementMapping.Coverage.PARTIAL: + if source_requirement_assessment.result in ( + RequirementAssessment.Result.COMPLIANT, + RequirementAssessment.Result.PARTIALLY_COMPLIANT, + ): + return (RequirementAssessment.Result.PARTIALLY_COMPLIANT, None) + if ( + source_requirement_assessment.result + == RequirementAssessment.Result.NON_COMPLIANT + ): + return (RequirementAssessment.Result.NON_COMPLIANT, None) + return (None, None) + class Meta: verbose_name = _("Requirement assessment") verbose_name_plural = _("Requirement assessments") diff --git a/backend/core/serializers.py b/backend/core/serializers.py index 5b3cf13d1..5ac179ff7 100644 --- a/backend/core/serializers.py +++ b/backend/core/serializers.py @@ -99,9 +99,8 @@ class Meta: class RiskAcceptanceReadSerializer(BaseModelSerializer): folder = FieldsRelatedField() - approver = FieldsRelatedField() risk_scenarios = FieldsRelatedField(many=True) - + approver = FieldsRelatedField(["id", "first_name", "last_name"]) state = serializers.CharField(source="get_state_display") class Meta: @@ -130,7 +129,15 @@ class Meta: exclude = ["created_at", "updated_at"] +class RiskAssessmentDuplicateSerializer(BaseModelSerializer): + class Meta: + model = RiskAssessment + fields = ["name", "version", "project", "description"] + + class RiskAssessmentReadSerializer(AssessmentReadSerializer): + str = serializers.CharField(source="__str__") + project = FieldsRelatedField(["id", "folder"]) risk_scenarios = FieldsRelatedField(many=True) risk_scenarios_count = serializers.IntegerField(source="risk_scenarios.count") risk_matrix = FieldsRelatedField() @@ -205,7 +212,7 @@ class Meta: class RiskScenarioReadSerializer(RiskScenarioWriteSerializer): - risk_assessment = FieldsRelatedField() + risk_assessment = FieldsRelatedField(["id", "name"]) risk_matrix = FieldsRelatedField(source="risk_assessment.risk_matrix") project = FieldsRelatedField( source="risk_assessment.project", fields=["id", "name", "folder"] @@ -228,6 +235,8 @@ class RiskScenarioReadSerializer(RiskScenarioWriteSerializer): applied_controls = FieldsRelatedField(many=True) rid = serializers.CharField() + owner = FieldsRelatedField(many=True) + class AppliedControlWriteSerializer(BaseModelSerializer): class Meta: @@ -468,8 +477,9 @@ class Meta: class ComplianceAssessmentReadSerializer(AssessmentReadSerializer): + project = FieldsRelatedField(["id", "folder"]) framework = FieldsRelatedField( - ["id", "min_score", "max_score", "implementation_groups_definition"] + ["id", "min_score", "max_score", "implementation_groups_definition", "ref_id"] ) selected_implementation_groups = serializers.ReadOnlyField( source="get_selected_implementation_groups" @@ -481,6 +491,16 @@ class Meta: class ComplianceAssessmentWriteSerializer(BaseModelSerializer): + baseline = serializers.PrimaryKeyRelatedField( + write_only=True, + queryset=ComplianceAssessment.objects.all(), + required=False, + allow_null=True, + ) + + def create(self, validated_data: Any): + return super().create(validated_data) + class Meta: model = ComplianceAssessment fields = "__all__" @@ -532,3 +552,27 @@ def get_compliance_assessment(self): class Meta: model = RequirementAssessment fields = "__all__" + + +class RequirementMappingSetReadSerializer(BaseModelSerializer): + source_framework = FieldsRelatedField() + target_framework = FieldsRelatedField() + library = FieldsRelatedField(["name", "urn"]) + folder = FieldsRelatedField() + + class Meta: + model = RequirementMappingSet + fields = "__all__" + + +class RequirementMappingSetWriteSerializer(RequirementMappingSetReadSerializer): + pass + + +class ComputeMappingSerializer(serializers.Serializer): + mapping_set = serializers.PrimaryKeyRelatedField( + queryset=RequirementMappingSet.objects.all() + ) + source_assessment = serializers.PrimaryKeyRelatedField( + queryset=ComplianceAssessment.objects.all() + ) diff --git a/backend/core/templates/core/audit_report.html b/backend/core/templates/core/audit_report.html index 4a341a372..5f8109d34 100644 --- a/backend/core/templates/core/audit_report.html +++ b/backend/core/templates/core/audit_report.html @@ -17,6 +17,9 @@

{{ compliance_assessment.name }}: {{ compliance_assessment.framework }}

+ {% if compliance_assessment.get_global_score > -1 %} +

{% trans "Score:" %}

{{ compliance_assessment.get_global_score|floatformat }} + {% endif %} {% bar_graph assessments ancestors %}
diff --git a/backend/core/templates/snippets/ra_data.html b/backend/core/templates/snippets/ra_data.html index ad4ae4e97..5f13e534a 100644 --- a/backend/core/templates/snippets/ra_data.html +++ b/backend/core/templates/snippets/ra_data.html @@ -6,7 +6,7 @@
{% trans "Risk assessment" %}
-
{{ risk_assessment }}
+
{{ risk_assessment.project}}/{{ risk_assessment }}

    diff --git a/backend/core/templates/snippets/req_node.html b/backend/core/templates/snippets/req_node.html index 0d6156233..fa6e564e8 100644 --- a/backend/core/templates/snippets/req_node.html +++ b/backend/core/templates/snippets/req_node.html @@ -9,14 +9,23 @@ {% bar_graph assessments ancestors node.requirement_node %} {% endif %} {% else %} -
    +
    {{ node.assessments.requirement }}
    -
    {{ node.status }}
    +
    +
    {{ node.status }}
    +
    {{ node.result }}
    + {% if node.assessments.is_scored %} +
    {{ node.assessments.score }}
    + {% endif %} +
    {% if node.assessments.requirement.description %}
    {{ node.assessments.requirement.description }}
    {% endif %} + {% if node.assessments.observation %} +

    {% trans "Observation:" %}

    {{ node.assessments.observation }}

    + {% endif %}
    {% if node.bar_graph %} {% bar_graph assessments ancestors node.requirement_node %} @@ -44,7 +53,7 @@
    {% for control in node.applied_controls %} -
  • {{ control.measure.name }}: {{ control.measure.get_status_display }}
    • +
  • {{ control.measure.name }}: {{ control.measure.get_result_display }}
    • {% endfor %}
    diff --git a/backend/core/templatetags/core_extras.py b/backend/core/templatetags/core_extras.py index ef3c37b66..6b0d222c1 100644 --- a/backend/core/templatetags/core_extras.py +++ b/backend/core/templatetags/core_extras.py @@ -62,7 +62,7 @@ def isinstance_filter(val, instance_type): @register.simple_tag def bar_graph(assessments, ancestors, node=None): - compliance_assessments_status = [] + compliance_assessments_result = [] candidates = [ c for c in assessments.filter(requirement__assessable=True) @@ -70,20 +70,20 @@ def bar_graph(assessments, ancestors, node=None): ] total = len(candidates) if total > 0: - for st in RequirementAssessment.Status: - count = len([c for c in candidates if c.status == st]) - compliance_assessments_status.append((st, round(count * 100 / total))) + for st in RequirementAssessment.Result: + count = len([c for c in candidates if c.result == st]) + compliance_assessments_result.append((st, round(count * 100 / total))) content = '
    ' - for status, percentage in reversed(compliance_assessments_status): + for result, percentage in reversed(compliance_assessments_result): if percentage > 0: - color = f"bg-{color_css_class(status)}" + color = f"bg-{color_css_class(result)}" if color == "bg-black": color += " text-white dark:bg-white dark:text-black" content += f"""
    """ - if status != "to_do": + if result != "to_do": content += f"{percentage}%" content += "
    " content += "
    " diff --git a/backend/core/tests/test_models.py b/backend/core/tests/test_models.py index e21387024..32ab9444a 100644 --- a/backend/core/tests/test_models.py +++ b/backend/core/tests/test_models.py @@ -6,6 +6,8 @@ from core.models import ( Policy, Project, + RequirementMapping, + RequirementMappingSet, RiskAssessment, ComplianceAssessment, RiskScenario, @@ -49,6 +51,20 @@ def risk_matrix_fixture(): library.load() +@pytest.fixture +def iso27001_csf1_1_frameworks_fixture(): + iso27001_library = StoredLibrary.objects.get( + urn="urn:intuitem:risk:library:iso27001-2022", locale="en" + ) + assert iso27001_library is not None + iso27001_library.load() + csf_1_1_library = StoredLibrary.objects.get( + urn="urn:intuitem:risk:library:nist-csf-1.1", locale="en" + ) + assert csf_1_1_library is not None + csf_1_1_library.load() + + @pytest.mark.django_db class TestEvidence: pytestmark = pytest.mark.django_db @@ -1181,3 +1197,79 @@ def test_library_cannot_be_deleted_if_it_is_a_dependency_of_other_libraries(self except: None assert LoadedLibrary.objects.count() == 0 + + +@pytest.mark.django_db +class TestRequirementMapping: + pytestmark = pytest.mark.django_db + + @pytest.mark.usefixtures("iso27001_csf1_1_frameworks_fixture") + def test_requirement_mapping_creation(self): + target_framework = Framework.objects.get( + urn="urn:intuitem:risk:framework:iso27001-2022" + ) + source_framework = Framework.objects.get( + urn="urn:intuitem:risk:framework:nist-csf-1.1" + ) + mapping_set = RequirementMappingSet.objects.create( + source_framework=source_framework, + target_framework=target_framework, + ) + + target_requirement = RequirementNode.objects.filter( + urn="urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-1" + ).last() + source_requirement = RequirementNode.objects.get( + urn="urn:intuitem:risk:req_node:iso27001-2022:a.5.15" + ) + + mapping = RequirementMapping.objects.create( + target_requirement=target_requirement, + source_requirement=source_requirement, + relationship=RequirementMapping.Relationship.INTERSECT, + mapping_set=mapping_set, + ) + + assert mapping.target_requirement == target_requirement + assert mapping.relationship == RequirementMapping.Relationship.INTERSECT + assert mapping.source_requirement == source_requirement + + +@pytest.mark.django_db +class TestRequirementMappingSet: + pytestmark = pytest.mark.django_db + + @pytest.mark.usefixtures("iso27001_csf1_1_frameworks_fixture") + def test_requirement_mapping_set_creation(self): + root_folder = Folder.objects.get(content_type=Folder.ContentType.ROOT) + iso27001 = Framework.objects.get( + urn="urn:intuitem:risk:framework:iso27001-2022" + ) + csf1_1 = Framework.objects.get(urn="urn:intuitem:risk:framework:nist-csf-1.1") + requirement_mapping_set = RequirementMappingSet.objects.create( + name="Requirement Mapping Set", + description="Requirement Mapping Set description", + source_framework=csf1_1, + target_framework=iso27001, + ) + assert requirement_mapping_set.name == "Requirement Mapping Set" + assert ( + requirement_mapping_set.description == "Requirement Mapping Set description" + ) + assert requirement_mapping_set.folder == root_folder + assert requirement_mapping_set.target_framework == iso27001 + assert requirement_mapping_set.source_framework == csf1_1 + assert requirement_mapping_set.mappings.count() == 0 + + @pytest.mark.usefixtures("iso27001_csf1_1_frameworks_fixture") + def test_requirement_mapping_set_source_and_target_frameworks_must_be_distinct( + self, + ): + csf1_1 = Framework.objects.get(urn="urn:intuitem:risk:framework:nist-csf-1.1") + with pytest.raises(ValidationError): + RequirementMappingSet.objects.create( + name="Requirement Mapping Set", + description="Requirement Mapping Set description", + source_framework=csf1_1, + target_framework=csf1_1, + ) diff --git a/backend/core/urls.py b/backend/core/urls.py index 2854fa616..eee2be01e 100644 --- a/backend/core/urls.py +++ b/backend/core/urls.py @@ -43,6 +43,11 @@ ) router.register(r"stored-libraries", StoredLibraryViewSet, basename="stored-libraries") router.register(r"loaded-libraries", LoadedLibraryViewSet, basename="loaded-libraries") +router.register( + r"requirement-mapping-sets", + RequirementMappingSetViewSet, + basename="requirement-mapping-sets", +) urlpatterns = [ path("", include(router.urls)), diff --git a/backend/core/utils.py b/backend/core/utils.py index bb6eca6f9..27aa80237 100644 --- a/backend/core/utils.py +++ b/backend/core/utils.py @@ -5,6 +5,8 @@ def camel_case(s): + if not s: + return "" s = sub(r"(_|-)+", " ", s).title().replace(" ", "") return "".join([s[0].lower(), s[1:]]) diff --git a/backend/core/views.py b/backend/core/views.py index 71002d998..21f267018 100644 --- a/backend/core/views.py +++ b/backend/core/views.py @@ -40,7 +40,7 @@ from weasyprint import HTML from core.helpers import * -from core.models import AppliedControl, ComplianceAssessment +from core.models import AppliedControl, ComplianceAssessment, RequirementMappingSet from core.serializers import ComplianceAssessmentReadSerializer from core.utils import RoleCodename, UserGroupCodename @@ -547,6 +547,53 @@ def treatment_plan_pdf(self, request, pk): else: return Response({"error": "Permission denied"}) + @action( + detail=True, + name="Duplicate risk assessment", + methods=["post"], + serializer_class=RiskAssessmentDuplicateSerializer, + ) + def duplicate(self, request, pk): + (object_ids_view, _, _) = RoleAssignment.get_accessible_object_ids( + Folder.get_root_folder(), request.user, RiskAssessment + ) + if UUID(pk) in object_ids_view: + risk_assessment = self.get_object() + data = request.data + duplicate_risk_assessment = RiskAssessment.objects.create( + name=data["name"], + description=data["description"], + project=Project.objects.get(id=data["project"]), + version=data["version"], + risk_matrix=risk_assessment.risk_matrix, + eta=risk_assessment.eta, + due_date=risk_assessment.due_date, + status=risk_assessment.status, + ) + duplicate_risk_assessment.authors.set(risk_assessment.authors.all()) + duplicate_risk_assessment.reviewers.set(risk_assessment.reviewers.all()) + for scenario in risk_assessment.risk_scenarios.all(): + duplicate_scenario = RiskScenario.objects.create( + risk_assessment=duplicate_risk_assessment, + name=scenario.name, + description=scenario.description, + existing_controls=scenario.existing_controls, + treatment=scenario.treatment, + current_proba=scenario.current_proba, + current_impact=scenario.current_impact, + residual_proba=scenario.residual_proba, + residual_impact=scenario.residual_impact, + strength_of_knowledge=scenario.strength_of_knowledge, + justification=scenario.justification, + ) + duplicate_scenario.threats.set(scenario.threats.all()) + duplicate_scenario.assets.set(scenario.assets.all()) + duplicate_scenario.owner.set(scenario.owner.all()) + duplicate_scenario.applied_controls.set(scenario.applied_controls.all()) + duplicate_scenario.save() + duplicate_risk_assessment.save() + return Response({"results": "risk assessment duplicated"}) + class AppliedControlViewSet(BaseModelViewSet): """ @@ -1103,6 +1150,18 @@ def used(self, request): ) return Response({"results": used_frameworks}) + @action(detail=True, methods=["get"], name="Get target frameworks from mappings") + def mappings(self, request, pk): + framework = self.get_object() + available_target_frameworks_objects = [framework] + mappings = RequirementMappingSet.objects.filter(source_framework=framework) + for mapping in mappings: + available_target_frameworks_objects.append(mapping.target_framework) + available_target_frameworks = FrameworkReadSerializer( + available_target_frameworks_objects, many=True + ).data + return Response({"results": available_target_frameworks}) + class RequirementNodeViewSet(BaseModelViewSet): """ @@ -1313,15 +1372,57 @@ def perform_create(self, serializer): """ Create RequirementAssessment objects for the newly created ComplianceAssessment """ - serializer.save() - instance = ComplianceAssessment.objects.get(id=serializer.data["id"]) + baseline = serializer.validated_data.pop("baseline", None) + instance = serializer.save() requirements = RequirementNode.objects.filter(framework=instance.framework) for requirement in requirements: - RequirementAssessment.objects.create( + requirement_assessment = RequirementAssessment.objects.create( compliance_assessment=instance, requirement=requirement, folder=Folder.objects.get(id=instance.project.folder.id), ) + if baseline and baseline.framework == instance.framework: + baseline_requirement_assessment = RequirementAssessment.objects.get( + compliance_assessment=baseline, requirement=requirement + ) + requirement_assessment.result = baseline_requirement_assessment.result + requirement_assessment.status = baseline_requirement_assessment.status + requirement_assessment.score = baseline_requirement_assessment.score + requirement_assessment.is_scored = ( + baseline_requirement_assessment.is_scored + ) + requirement_assessment.evidences.set( + baseline_requirement_assessment.evidences.all() + ) + requirement_assessment.applied_controls.set( + baseline_requirement_assessment.applied_controls.all() + ) + requirement_assessment.save() + if baseline and baseline.framework != instance.framework: + mapping_set = RequirementMappingSet.objects.get( + target_framework=serializer.validated_data["framework"], + source_framework=baseline.framework, + ) + for ( + requirement_assessment + ) in instance.compute_requirement_assessments_results( + mapping_set, baseline + ): + baseline_requirement_assessment = RequirementAssessment.objects.get( + id=requirement_assessment.mapping_inference[ + "source_requirement_assessment" + ]["id"] + ) + requirement_assessment.evidences.add( + *[ev.id for ev in baseline_requirement_assessment.evidences.all()] + ) + requirement_assessment.applied_controls.add( + *[ + ac.id + for ac in baseline_requirement_assessment.applied_controls.all() + ] + ) + requirement_assessment.save() @action(detail=False, name="Compliance assessments per status") def per_status(self, request): @@ -1528,6 +1629,16 @@ def to_review(self, request): def status(self, request): return Response(dict(RequirementAssessment.Status.choices)) + @action(detail=False, name="Get result choices") + def result(self, request): + return Response(dict(RequirementAssessment.Result.choices)) + + +class RequirementMappingSetViewSet(BaseModelViewSet): + model = RequirementMappingSet + + filterset_fields = ["target_framework", "source_framework"] + @api_view(["GET"]) @permission_classes([permissions.AllowAny]) @@ -1597,6 +1708,7 @@ def generate_data_rec(requirement_node: RequirementNode): "bar_graph": None, "direct_evidences": [], "applied_controls": [], + "result": "", "status": "", "color_class": "", } @@ -1611,8 +1723,10 @@ def generate_data_rec(requirement_node: RequirementNode): if assessment: node_data["assessments"] = assessment + node_data["result"] = assessment.get_result_display() node_data["status"] = assessment.get_status_display() - node_data["color_class"] = color_css_class(assessment.status) + node_data["result_color_class"] = color_css_class(assessment.result) + node_data["status_color_class"] = color_css_class(assessment.status) direct_evidences = assessment.evidences.all() if direct_evidences: selected_evidences += direct_evidences diff --git a/backend/iam/migrations/0005_alter_user_managers.py b/backend/iam/migrations/0005_alter_user_managers.py new file mode 100644 index 000000000..8e1d92bd8 --- /dev/null +++ b/backend/iam/migrations/0005_alter_user_managers.py @@ -0,0 +1,19 @@ +# Generated by Django 5.0.4 on 2024-07-04 10:41 + +import iam.models +from django.db import migrations + + +class Migration(migrations.Migration): + dependencies = [ + ("iam", "0004_ssosettings_user_is_sso"), + ] + + operations = [ + migrations.AlterModelManagers( + name="user", + managers=[ + ("objects", iam.models.CaseInsensitiveUserManager()), + ], + ), + ] diff --git a/backend/iam/models.py b/backend/iam/models.py index ce52e80c0..0d46c8f20 100644 --- a/backend/iam/models.py +++ b/backend/iam/models.py @@ -279,6 +279,15 @@ def create_superuser(self, email, password=None, **extra_fields): return superuser +class CaseInsensitiveUserManager(UserManager): + def get_by_natural_key(self, username): + """ + By default, Django does a case-sensitive check on usernamesโ„ข. + Overriding this method fixes it. + """ + return self.get(**{self.model.USERNAME_FIELD + "__iexact": username}) + + class User(AbstractBaseUser, AbstractBaseModel, FolderMixin): """a user is a principal corresponding to a human""" @@ -312,7 +321,7 @@ class User(AbstractBaseUser, AbstractBaseModel, FolderMixin): "granted to each of their user groups." ), ) - objects = UserManager() + objects = CaseInsensitiveUserManager() # USERNAME_FIELD is used as the unique identifier for the user # and is required by Django to be set to a non-empty value. diff --git a/backend/iam/tests/test_models.py b/backend/iam/tests/test_models.py index d91a39744..64dbe95ab 100644 --- a/backend/iam/tests/test_models.py +++ b/backend/iam/tests/test_models.py @@ -1,3 +1,4 @@ +from django.core.exceptions import ValidationError from core.models import * from core.models import * from iam.models import * diff --git a/backend/library/libraries/ai-act.yaml b/backend/library/libraries/ai-act.yaml index 5f98df8db..6280b7537 100644 --- a/backend/library/libraries/ai-act.yaml +++ b/backend/library/libraries/ai-act.yaml @@ -2,13 +2,13 @@ urn: urn:intuitem:risk:library:ai-act locale: en ref_id: AI Act name: EU Artificial Intelligence Act (AI Act) -description: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down - harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, - (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 - and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence - Act) +description: Regulation (EU) 2024/1689 of the European Parliament and of the Council + of 13 June 2024 laying down harmonised rules on artificial intelligence and amending + Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, + (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) + 2020/1828 (Artificial Intelligence Act). copyright: European Union law -version: 1 +version: 2 provider: EU packager: intuitem objects: @@ -16,11 +16,11 @@ objects: urn: urn:intuitem:risk:framework:ai-act ref_id: AI Act name: EU Artificial Intelligence Act - description: REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL laying down - harmonised rules on artificial intelligence and amending Regulations (EC) No - 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 - and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 - (Artificial Intelligence Act) + description: Regulation (EU) 2024/1689 of the European Parliament and of the Council + of 13 June 2024 laying down harmonised rules on artificial intelligence and + amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) + 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) + 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act). requirement_nodes: - urn: urn:intuitem:risk:req_node:ai-act:node2 assessable: false @@ -32,7 +32,7 @@ objects: parent_urn: urn:intuitem:risk:req_node:ai-act:node2 ref_id: Recital 1 description: "The purpose of this Regulation is to improve the functioning of\ - \ the internal market by\nlaying down a uniform legal framework in particular\ + \ the internal market by laying down a uniform legal framework in particular\ \ for the development, the placing on the market, the putting into service\ \ and the use of artificial intelligence systems (AI systems) in the Union,\ \ in accordance with Union values, to promote the uptake of human centric\ @@ -190,22 +190,22 @@ objects: \ Member States as well as the right to negotiate, to conclude and enforce\ \ collective agreements or to take collective action in accordance with national\ \ law.\nThis Regulation should not affect the provisions aiming to improve\ - \ working conditions in platform work laid down in Directive (EU) 2024/...\ - \ of the European Parliament and of the Council. Moreover, this Regulation\ - \ aims to strengthen the effectiveness of such existing rights and remedies\ - \ by establishing specific requirements and obligations, including in respect\ - \ of transparency, technical documentation and record-keeping of AI systems.\ - \ Furthermore, the obligations placed on various operators involved in the\ - \ AI value chain under this Regulation should apply without prejudice to national\ - \ law, in accordance with Union law, having the effect of limiting the use\ - \ of certain AI systems where such law falls outside the scope of this Regulation\ - \ or pursues other legitimate public interest objectives than those pursued\ - \ by this Regulation. For example, national labour law and law on the protection\ - \ of minors, namely persons below the age of 18, taking into account the United\ - \ Nations General Comment No 25 (2021) on children\u2019s rights in relation\ - \ to the digital environment, insofar as they are not specific to AI systems\ - \ and pursue other legitimate public interest objectives, should not be affected\ - \ by this Regulation." + \ working conditions in platform work laid down in a Directive of the European\ + \ Parliament and of the Council on improving working conditions in platform\ + \ work. Moreover, this Regulation aims to strengthen the effectiveness of\ + \ such existing rights and remedies by establishing specific requirements\ + \ and obligations, including in respect of transparency, technical documentation\ + \ and record-keeping of AI systems. Furthermore, the obligations placed on\ + \ various operators involved in the AI value chain under this Regulation should\ + \ apply without prejudice to national law, in accordance with Union law, having\ + \ the effect of limiting the use of certain AI systems where such law falls\ + \ outside the scope of this Regulation or pursues other legitimate public\ + \ interest objectives than those pursued by this Regulation. For example,\ + \ national labour law and law on the protection of minors, namely persons\ + \ below the age of 18, taking into account the United Nations General Comment\ + \ No 25 (2021) on children\u2019s rights in relation to the digital environment,\ + \ insofar as they are not specific to AI systems and pursue other legitimate\ + \ public interest objectives, should not be affected by this Regulation." - urn: urn:intuitem:risk:req_node:ai-act:recital-10 assessable: false depth: 2 @@ -1512,7 +1512,7 @@ objects: parent_urn: urn:intuitem:risk:req_node:ai-act:node2 ref_id: Recital 62 description: Without prejudice to the rules provided for in Regulation (EU) - 2024/... of the European Parliament and of the Council, and in order to address + 2024/900 of the European Parliament and of the Council, and in order to address the risks of undue external interference to the right to vote enshrined in Article 39 of the Charter, and of adverse effects on democracy and the rule of law, AI systems intended to be used to influence the outcome of an election @@ -1878,22 +1878,25 @@ objects: ref_id: Recital 77 description: Without prejudice to the requirements related to robustness and accuracy set out in this Regulation, high-risk AI systems which fall within - the scope of the Regulation (EU) 2024/... of the European Parliament and of - the Council38+, in accordance with Article 8 of that Regulation may demonstrate - compliance with the cybersecurity requirements of this Regulation by fulfilling - the essential cybersecurity requirements set out in Article 10 of, and Annex - I to, Regulation (EU) 2024/...++.When high-risk AI systems fulfil the essential - requirements of Regulation (EU) 2024/...++, they should be deemed compliant - with the cybersecurity requirements set out in this Regulation in so far as - the achievement of those requirements is demonstrated in the EU declaration - of conformity or parts thereof issued under Regulation (EU) 2024/...++. For - this purpose, the assessment of the cybersecurity risks, associated to a product - with digital elements classified as high-risk AI system according to this - Regulation, carried out under Regulation (EU) 2024/...++, should consider - risks to the cyber resilience of an AI system as regards attempts by unauthorised - third parties to alter its use, behaviour or performance, including AI specific - vulnerabilities such as data poisoning or adversarial attacks, as well as, - as relevant, risks to fundamental rights as required by this Regulation. + the scope of a regulation of the European Parliament and of the Council on + horizontal cybersecurity requirements for products with digital elements, + in accordance with that regulation may demonstrate compliance with the cybersecurity + requirements of this Regulation by fulfilling the essential cybersecurity + requirements set out in that regulation. When high-risk AI systems fulfil + the essential requirements of a regulation of the European Parliament and + of the Council on horizontal cybersecurity requirements for products with + digital elements, they should be deemed compliant with the cybersecurity requirements + set out in this Regulation in so far as the achievement of those requirements + is demonstrated in the EU declaration of conformity or parts thereof issued + under that regulation. To that end, the assessment of the cybersecurity risks, + associated to a product with digital elements classified as high-risk AI system + according to this Regulation, carried out under a regulation of the European + Parliament and of the Council on horizontal cybersecurity requirements for + products with digital elements, should consider risks to the cyber resilience + of an AI system as regards attempts by unauthorised third parties to alter + its use, behaviour or performance, including AI specific vulnerabilities such + as data poisoning or adversarial attacks, as well as, as relevant, risks to + fundamental rights as required by this Regulation. - urn: urn:intuitem:risk:req_node:ai-act:recital-78 assessable: false depth: 2 @@ -1901,34 +1904,38 @@ objects: ref_id: Recital 78 description: The conformity assessment procedure provided by this Regulation should apply in relation to the essential cybersecurity requirements of a - product with digital elements covered by Regulation (EU) 2024/...+ and classified - as a high-risk AI system under this Regulation. However, this rule should - not result in reducing the necessary level of assurance for critical products - with digital elements covered by Regulation (EU) 2024/...+. Therefore, by - way of derogation from this rule, high-risk AI systems that fall within the - scope of this Regulation and are also qualified as important and critical - products with digital elements pursuant to Regulation (EU) 2024/...+ and to - which the conformity assessment procedure based on internal control set out - in an annex to this Regulation applies, are subject to the conformity assessment - provisions of Regulation (EU) 2024/...+ insofar as the essential cybersecurity - requirements of that Regulation are concerned. In this case, for all the other - aspects covered by this Regulation the respective provisions on conformity - assessment based on internal control set out in an annex to this Regulation - should apply. Building on the knowledge and expertise of ENISA on the cybersecurity - policy and tasks assigned to ENISA under the Regulation (EU) 2019/1020, the - Commission should cooperate with ENISA on issues related to cybersecurity + product with digital elements covered by a regulation of the European Parliament + and of the Council on horizontal cybersecurity requirements for products with + digital elements and classified as a high-risk AI system under this Regulation. + However, this rule should not result in reducing the necessary level of assurance + for critical products with digital elements covered by a regulation of the + European Parliament and of the Council on horizontal cybersecurity requirements + for products with digital elements. Therefore, by way of derogation from this + rule, high-risk AI systems that fall within the scope of this Regulation and + are also qualified as important and critical products with digital elements + pursuant to a regulation of the European Parliament and of the Council on + horizontal cybersecurity requirements for products with digital elements and + to which the conformity assessment procedure based on internal control set + out in an annex to this Regulation applies, are subject to the conformity + assessment provisions of a regulation of the European Parliament and of the + Council on horizontal cybersecurity requirements for products with digital + elements insofar as the essential cybersecurity requirements of that regulation + are concerned. In this case, for all the other aspects covered by this Regulation + the respective provisions on conformity assessment based on internal control + set out in an annex to this Regulation should apply. Building on the knowledge + and expertise of ENISA on the cybersecurity policy and tasks assigned to ENISA + under the Regulation (EU) 2019/881 of the European Parliament and of the Council, + the Commission should cooperate with ENISA on issues related to cybersecurity of AI systems. - urn: urn:intuitem:risk:req_node:ai-act:recital-79 assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:ai-act:node2 ref_id: Recital 79 - description: 'It is appropriate that a specific natural or legal person, defined - as the provider, takes the - - responsibility for the placing on the market or the putting into service of - a high-risk AI system, regardless of whether that natural or legal person - is the person who designed or developed the system.' + description: It is appropriate that a specific natural or legal person, defined + as the provider, takes the responsibility for the placing on the market or + the putting into service of a high-risk AI system, regardless of whether that + natural or legal person is the person who designed or developed the system. - urn: urn:intuitem:risk:req_node:ai-act:recital-80 assessable: false depth: 2 @@ -3859,24 +3866,22 @@ objects: depth: 2 parent_urn: urn:intuitem:risk:req_node:ai-act:node2 ref_id: Recital 174 - description: Given the rapid technological developments and the required technical - expertise in the effective application of this Regulation, the Commission - should evaluate and review this Regulation by ... [five years from the date - of entry into force of this Regulation] and every four years thereafter and - report to the European Parliament and the Council. In addition, taking into - account the implications for the scope of this Regulation, the Commission + description: Given the rapid technological developments and the technical expertise + required to effectively apply this Regulation, the Commission should evaluate + and review this Regulation by 2 August 2029 and every four years thereafter + and report to the European Parliament and the Council. In addition, taking + into account the implications for the scope of this Regulation, the Commission should carry out an assessment of the need to amend the list of high-risk AI systems and the list of prohibited practices once a year. Moreover, by - two years after entry into application and every four years thereafter, the - Commission should evaluate and report to the European Parliament and to the - Council on the need to amend the list of high-risk areas in the annex to this - Regulation, the AI systems within the scope of the transparency obligations, - the effectiveness of the supervision and governance system and the progress - on the development of standardisation deliverables on energy efficient development - of general-purpose AI models, including the need for further measures or actions. - Finally, by ... [four years from the entry into force of this Regulation] - and every three years thereafter, the Commission should evaluate the impact - and effectiveness of voluntary codes of conduct to foster the application + 2 August 2028 and every four years thereafter, the Commission should evaluate + and report to the European Parliament and to the Council on the need to amend + the list of high-risk areas headings in the annex to this Regulation, the + AI systems within the scope of the transparency obligations, the effectiveness + of the supervision and governance system and the progress on the development + of standardisation deliverables on energy efficient development of general-purpose + AI models, including the need for further measures or actions. Finally, by + 2 August 2028 and every three years thereafter, the Commission should evaluate + the impact and effectiveness of voluntary codes of conduct to foster the application of the requirements provided for high-risk AI systems in the case of AI systems other than high-risk AI systems and possibly other additional requirements for such AI systems. @@ -3939,30 +3944,26 @@ objects: depth: 2 parent_urn: urn:intuitem:risk:req_node:ai-act:node2 ref_id: Recital 179 - description: This Regulation should apply from ... [two years from the date - of entry into force of this Regulation]. However, taking into account the - unacceptable risk associated with the use of AI in certain ways, the prohibitions - should apply already from ... [six months from the date of entry into force - of this Regulation]. While the full effect of those prohibitions follows with - the establishment of the governance and enforcement of this Regulation, anticipating - the application of the prohibitions is important to take account of unacceptable - risks and to have an effect on other procedures, such as in civil law. Moreover, - the infrastructure related to the governance and the conformity assessment - system should be operational before that date, therefore the provisions on - notified bodies and governance structure should apply from ... [ 12 months - from the date of entry into force of this Regulation]. Given the rapid pace - of technological advancements and adoption of general-purpose AI models, obligations - for providers of general-purpose AI models should apply from ... [12 months - from the date of entry into force of this Regulation]. Codes of practice should - be ready by... [9 months from the date of entry into force of this Regulation] - in view of enabling providers to demonstrate compliance on time. The AI Office - should ensure that classification rules and procedures are up to date in light - of technological developments. In addition, Member States should lay down - and notify to the Commission the rules on penalties, including administrative - fines, and ensure that they are properly and effectively implemented by the - date of application of this Regulation. Therefore the provisions on penalties - should apply from ... [12 months from the date of entry into force of this - Regulation]. + description: This Regulation should apply from 2 August 2026. However, taking + into account the unacceptable risk associated with the use of AI in certain + ways, the prohibitions as well as the general provisions of this Regulation + should already apply from 2 February 2025. While the full effect of those + prohibitions follows with the establishment of the governance and enforcement + of this Regulation, anticipating the application of the prohibitions is important + to take account of unacceptable risks and to have an effect on other procedures, + such as in civil law. Moreover, the infrastructure related to the governance + and the conformity assessment system should be operational before 2 August + 2026, therefore the provisions on notified bodies and governance structure + should apply from 2 August 2025. Given the rapid pace of technological advancements + and adoption of general-purpose AI models, obligations for providers of general-purpose + AI models should apply from 2 August 2025. Codes of practice should be ready + by 2 May 2025 in view of enabling providers to demonstrate compliance on time. + The AI Office should ensure that classification rules and procedures are up + to date in light of technological developments. In addition, Member States + should lay down and notify to the Commission the rules on penalties, including + administrative fines, and ensure that they are properly and effectively implemented + by the date of application of this Regulation. Therefore the provisions on + penalties should apply from 2 August 2025. - urn: urn:intuitem:risk:req_node:ai-act:recital-180 assessable: false depth: 2 @@ -5217,11 +5218,10 @@ objects: parent_urn: urn:intuitem:risk:req_node:ai-act:node302 ref_id: '6.5' description: "The Commission shall, after consulting the European Artificial\ - \ Intelligence Board (the \u2018Board\u2019), and no later than ... [18 months\ - \ from the date of entry into force of this Regulation], provide guidelines\ - \ specifying the practical implementation of this Article in line with Article\ - \ 96 together with a comprehensive list of practical examples of use cases\ - \ of AI systems that are high-risk and not high-risk." + \ Intelligence Board (the \u2018Board\u2019), and no later than 2 February\ + \ 2026, provide guidelines specifying the practical implementation of this\ + \ Article in line with Article 96 together with a comprehensive list of practical\ + \ examples of use cases of AI systems that are high-risk and not high-risk." - urn: urn:intuitem:risk:req_node:ai-act:6.6 assessable: false depth: 4 @@ -9433,10 +9433,9 @@ objects: depth: 4 parent_urn: urn:intuitem:risk:req_node:ai-act:node765 ref_id: '56.9' - description: Codes of practice shall be ready at the latest by ... [nine months - from the date of entry into force of this Regulation]. The AI Office shall - take the necessary steps, including inviting providers pursuant to paragraph - 7. + description: Codes of practice shall be ready at the latest by 2 May 2025. The + AI Office shall take the necessary steps, including inviting providers pursuant + to paragraph 7. - urn: urn:intuitem:risk:req_node:ai-act:node780 assessable: false depth: 1 @@ -9455,9 +9454,8 @@ objects: ref_id: '57.1' description: 'Member States shall ensure that their competent authorities establish at least one AI regulatory sandbox at national level, which shall be operational - by ... [24 months from the date of entry into force of this Regulation]. That - sandbox may also be established jointly with the competent authorities of - one or more other Member States. The Commission may provide technical support, + by 2 August 2026. That sandbox may also be established jointly with the competent + authorities of other Member States. The Commission may provide technical support, advice and tools for the establishment and operation of AI regulatory sandboxes. The obligation under the first subparagraph may also be fulfilled by participating @@ -10749,11 +10747,10 @@ objects: tasks of those authorities, as well as any subsequent changes thereto. Member States shall make publicly available information on how competent authorities and single points of contact can be contacted, through electronic communication - means by... [12 months from the date of entry into force of this Regulation]. - Member States shall designate a market surveillance authority to act as the - single point of contact for this Regulation, and shall notify the Commission - of the identity of the single point of contact. The Commission shall make - a list of the single points of contact publicly available. + means by 2 August 2025. Member States shall designate a market surveillance + authority to act as the single point of contact for this Regulation, and shall + notify the Commission of the identity of the single point of contact. The + Commission shall make a list of the single points of contact publicly available. - urn: urn:intuitem:risk:req_node:ai-act:70.3 assessable: false depth: 4 @@ -10789,11 +10786,11 @@ objects: depth: 4 parent_urn: urn:intuitem:risk:req_node:ai-act:node898 ref_id: '70.6' - description: By ..., [one year from the date of entry into force of this Regulation] - and once every two years thereafter, Member States shall report to the Commission on - the status of the financial and human resources of the national competent - authorities, with an assessment of their adequacy. The Commission shall transmit - that information to the Board for discussion and possible recommendations. + description: By 2 August 2025, and once every two years thereafter, Member States + shall report to the Commission on the status of the financial and human resources + of the national competent authorities, with an assessment of their adequacy. + The Commission shall transmit that information to the Board for discussion + and possible recommendations. - urn: urn:intuitem:risk:req_node:ai-act:70.7 assessable: false depth: 4 @@ -10939,10 +10936,9 @@ objects: monitoring plan. The post-market monitoring plan shall be part of the technical documentation referred to in Annex IV. The Commission shall adopt an implementing act laying down detailed provisions establishing a template for the post-market - monitoring plan and the list of elements to be included in the plan by ... - [six months before the entry into application of this Regulation]. That implementing - act shall be adopted in accordance with the examination procedure referred - to in Article 98(2). + monitoring plan and the list of elements to be included in the plan by 2 February + 2026. That implementing act shall be adopted in accordance with the examination + procedure referred to in Article 98(2). - urn: urn:intuitem:risk:req_node:ai-act:72.4 assessable: true depth: 4 @@ -11048,13 +11044,11 @@ objects: depth: 4 parent_urn: urn:intuitem:risk:req_node:ai-act:node924 ref_id: '73.8' - description: Upon receiving a notification related to a serious incident referred - to in Article 3, point (44)(c), the relevant market surveillance authority - shall inform the national public authorities or bodies referred to in Article - 77(1). The Commission shall develop dedicated guidance to facilitate compliance - with the obligations set out in paragraph 1 of this Article. That guidance - shall be issued by ... [12 months after the entry into force of this Regulation], - and shall be assessed regularly. + description: The market surveillance authority shall take appropriate measures, + as provided for in Article 19 of Regulation (EU) 2019/1020, within seven days + from the date it received the notification referred to in paragraph 1 of this + Article, and shall follow the notification procedures as provided in that + Regulation. - urn: urn:intuitem:risk:req_node:ai-act:73.9 assessable: false depth: 4 @@ -11413,11 +11407,10 @@ objects: depth: 4 parent_urn: urn:intuitem:risk:req_node:ai-act:node963 ref_id: '77.2' - description: By ... [three months after the entry into force of this Regulation], - each Member State shall identify the public authorities or bodies referred - to in paragraph 1 and make a list of them publicly available . Member States - shall notify the list to the Commission and to the other Member States, and - shall keep the list up to date. + description: By 2 November 2024, each Member State shall identify the public + authorities or bodies referred to in paragraph 1 and make a list of them publicly + available. Member States shall notify the list to the Commission and to the + other Member States, and shall keep the list up to date. - urn: urn:intuitem:risk:req_node:ai-act:77.3 assessable: false depth: 4 @@ -12443,15 +12436,15 @@ objects: depth: 3 parent_urn: urn:intuitem:risk:req_node:ai-act:node1068 ref_id: '97.2' - description: The power to adopt delegated acts referred to in Article 6(6), - Article 7(1) and (3), Article 11(3), Article 43(5) and (6), Article 47(5), + description: The power to adopt delegated acts referred to in Article 6(6) and + (7), Article 7(1) and (3), Article 11(3), Article 43(5) and (6), Article 47(5), Article 51(3), Article 52(4) and Article 53(5) and (6) shall be conferred - on the Commission for a period of five years from ... [date of entry into - force of this Regulation]. The Commission shall draw up a report in respect - of the delegation of power not later than nine months before the end of the - five-year period. The delegation of power shall be tacitly extended for periods - of an identical duration, unless the European Parliament or the Council opposes - such extension not later than three months before the end of each period. + on the Commission for a period of five years from 1 August 2024. The Commission + shall draw up a report in respect of the delegation of power not later than + nine months before the end of the five-year period. The delegation of power + shall be tacitly extended for periods of an identical duration, unless the + European Parliament or the Council opposes such extension not later than three + months before the end of each period. - urn: urn:intuitem:risk:req_node:ai-act:97.3 assessable: false depth: 3 @@ -12874,7 +12867,7 @@ objects: \ subparagraph is added:\n\u2018When adopting detailed measures related to\ \ technical specifications and procedures for approval and use of security\ \ equipment concerning Artificial Intelligence systems within the meaning\ - \ of Regulation (EU) 2024/... of the European Parliament and of the Council*+,\ + \ of Regulation (EU) 2024/1689 of the European Parliament and of the Council,\ \ the requirements set out in Title III, Chapter 2 of that Regulation shall\ \ be taken into account." - urn: urn:intuitem:risk:req_node:ai-act:node1109 @@ -12891,8 +12884,8 @@ objects: description: "In Article 17(5) of Regulation (EU) No 167/2013, the following\ \ subparagraph is added:\n\u2018When adopting delegated acts pursuant to the\ \ first subparagraph concerning artificial intelligence systems which are\ - \ safety components within the meaning of Regulation (EU) 2024/... of the\ - \ European Parliament and of the Council*+, the requirements set out in Title\ + \ safety components within the meaning of Regulation (EU) 2024/1689 of the\ + \ European Parliament and of the Council, the requirements set out in Title\ \ III, Chapter 2 of that Regulation shall be taken into account." - urn: urn:intuitem:risk:req_node:ai-act:node1111 assessable: false @@ -12908,8 +12901,8 @@ objects: description: "In Article 22(5) of Regulation (EU) No 168/2013, the following\ \ subparagraph is added:\n\u2018When adopting delegated acts pursuant to the\ \ first subparagraph concerning Artificial Intelligence systems which are\ - \ safety components within the meaning of Regulation (EU) 2024/... of the\ - \ European Parliament and of the Council*+, the requirements set out in Title\ + \ safety components within the meaning of Regulation (EU) 2024/1689 of the\ + \ European Parliament and of the Council, the requirements set out in Title\ \ III, Chapter 2 of that Regulation shall be taken into account." - urn: urn:intuitem:risk:req_node:ai-act:node1113 assessable: false @@ -12924,8 +12917,8 @@ objects: ref_id: '105.1' description: "In Article 8 of Directive 2014/90/EU, the following paragraph\ \ is added:\n\u20185. For Artificial Intelligence systems which are safety\ - \ components within the meaning of Regulation (EU) 2024/... of the European\ - \ Parliament and of the Council*+, when carrying out its activities pursuant\ + \ components within the meaning of Regulation (EU) 2024/1689 of the European\ + \ Parliament and of the Council, when carrying out its activities pursuant\ \ to paragraph 1 and when adopting technical specifications and testing standards\ \ in accordance with paragraphs 2 and 3, the Commission shall take into account\ \ the requirements set out in Title III, Chapter 2 of that Regulation." @@ -12944,7 +12937,7 @@ objects: \ is added:\n\u201812. When adopting delegated acts pursuant to paragraph\ \ 1 and implementing acts pursuant to paragraph 11 concerning Artificial Intelligence\ \ systems which are safety components within the meaning of Regulation (EU)\ - \ 2024/... of the European Parliament and of the Council*+, the requirements\ + \ 2024/1689 of the European Parliament and of the Council, the requirements\ \ set out in Title III, Chapter 2 of that Regulation shall be taken into account." - urn: urn:intuitem:risk:req_node:ai-act:node1117 assessable: false @@ -12960,8 +12953,8 @@ objects: description: "In Article 5 of Regulation (EU) 2018/858 the following paragraph\ \ is added:\n\u20184. When adopting delegated acts pursuant to paragraph 3\ \ concerning Artificial Intelligence systems which are safety components within\ - \ the meaning of Regulation (EU) 2024/... of the European Parliament and of\ - \ the Council*+, the requirements set out in Title III, Chapter 2 of that\ + \ the meaning of Regulation (EU) 2024/1689 of the European Parliament and\ + \ of the Council, the requirements set out in Title III, Chapter 2 of that\ \ Regulation shall be taken into account." - urn: urn:intuitem:risk:req_node:ai-act:node1119 assessable: false @@ -12978,31 +12971,31 @@ objects: \ 17, the following paragraph is added:\n\u20183. Without prejudice to paragraph\ \ 2, when adopting implementing acts pursuant to paragraph 1 concerning Artificial\ \ Intelligence systems which are safety components within the meaning of Regulation\ - \ (EU) 2024/... of the European Parliament and of the Council*+, the requirements\ + \ (EU) 2024/1689 of the European Parliament and of the Council, the requirements\ \ set out in Title III, Chapter 2 of that Regulation shall be taken into account.\n\ the Council*+, the requirements set out in Title III, Chapter 2 of that Regulation\ \ shall be taken into account.\n(2) in Article 19, the following paragraph\ \ is added:\n\u20184. When adopting delegated acts pursuant to paragraphs\ \ 1 and 2 concerning Artificial Intelligence systems which are safety components\ - \ within the meaning of Regulation (EU) 2024/...++, the requirements set out\ + \ within the meaning of Regulation (EU) 2024/1689, the requirements set out\ \ in Title III, Chapter 2 of that Regulation shall be taken into account.\u2019\ ;\n(3) in Article 43, the following paragraph is added:\n\u20184. When adopting\ \ implementing acts pursuant to paragraph 1 concerning Artificial Intelligence\ \ systems which are safety components within the meaning of Regulation (EU)\ - \ 2024/...+, the requirements set out in Title III, Chapter 2 of that Regulation\ + \ 2024/1689, the requirements set out in Title III, Chapter 2 of that Regulation\ \ shall be taken into account.\u2019;\n(4) in Article 47, the following paragraph\ \ is added:\n\u20183. When adopting delegated acts pursuant to paragraphs\ \ 1 and 2 concerning Artificial Intelligence systems which are safety components\ - \ within the meaning of Regulation (EU) 2024/...+, the requirements set out\ + \ within the meaning of Regulation (EU) 2024/1689, the requirements set out\ \ in Title III, Chapter 2 of that Regulation shall be taken into account.\u2019\ ;\n(5) in Article 57, the following subparagraph is added:\n\u2018When adopting\ \ those implementing acts concerning Artificial Intelligence systems which\ - \ are safety components within the meaning of Regulation (EU) 2024/...+, the\ + \ are safety components within the meaning of Regulation (EU) 2024/1689, the\ \ requirements set out in Title III, Chapter 2 of that Regulation shall be\ \ taken into account.\u2019;\n(6) in Article 58, the following paragraph is\ \ added:\n\u20183. When adopting delegated acts pursuant to paragraphs 1 and\ \ 2 concerning Artificial Intelligence systems which are safety components\ - \ within the meaning of Regulation (EU) 2024/...+, the requirements set out\ + \ within the meaning of Regulation (EU) 2024/1689, the requirements set out\ \ in Title III, Chapter 2 of that Regulation shall be taken into account.\u2019\ ." - urn: urn:intuitem:risk:req_node:ai-act:node1121 @@ -13017,11 +13010,11 @@ objects: parent_urn: urn:intuitem:risk:req_node:ai-act:node1121 ref_id: '109.1' description: "In Article 11 of Regulation (EU) 2019/2144, the following paragraph\ - \ is added:\n\u20183. When adopting the implementing acts pursuant to paragraph\ + \ is added:\n\u20183. When adopting the implementing acts pursuant to paragraph\ \ 2, concerning artificial intelligence systems which are safety components\ - \ within the meaning of Regulation (EU) 2024/... of the European Parliament\ - \ and of the Council*++, the requirements set out in Title III, Chapter 2\ - \ of that Regulation shall be taken into account." + \ within the meaning of Regulation (EU) 2024/1689 of the European Parliament\ + \ and of the Council (*8), the requirements set out in Chapter III, Section\ + \ 2, of that Regulation shall be taken into account." - urn: urn:intuitem:risk:req_node:ai-act:node1123 assessable: false depth: 2 @@ -13034,10 +13027,13 @@ objects: parent_urn: urn:intuitem:risk:req_node:ai-act:node1123 ref_id: '110.1' description: "In Annex I to Directive (EU) 2020/1828 of the European Parliament\ - \ and of the Council61, the following point is added:\n\u2018(68)\nRegulation\ - \ (EU) 2024/... of the European Parliament and of the Council laying down\ - \ harmonised rules on artificial intelligence (Artificial Intelligence Act)\ - \ and amending certain Union legislative acts (OJ L, ..., ELI: ...)\u2019." + \ and of the Council (58), the following point is added:\n\u2018(68) Regulation\ + \ (EU) 2024/1689 of the European Parliament and of the Council of 13 June\ + \ 2024 laying down harmonised rules on artificial intelligence and amending\ + \ Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858,\ + \ (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797\ + \ and (EU) 2020/1828 (Artificial Intelligence Act) (OJ L, 2024/1689, 12.7.2024,\ + \ ELI: http://data.europa.eu/eli/reg/2024/1689/oj).\u2019." - urn: urn:intuitem:risk:req_node:ai-act:node1125 assessable: false depth: 2 @@ -13049,34 +13045,30 @@ objects: depth: 3 parent_urn: urn:intuitem:risk:req_node:ai-act:node1125 ref_id: '111.1' - description: '1. Without prejudice to the application of Article 5 as referred + description: '1. Without prejudice to the application of Article 5 as referred to in Article 113(3), point (a), AI systems which are components of the large-scale IT systems established by the legal acts listed in Annex X that have been - placed on the market or put into service before ... [36 months from the date - of entry into force of this Regulation] shall be brought into compliance with - this Regulation by 31 December 2030. + placed on the market or put into service before 2 August 2027 shall be brought + into compliance with this Regulation by 31 December 2030. - The requirements laid down in this Regulation shall be taken into account in - the evaluation of each large-scale IT system established by the legal acts + The requirements laid down in this Regulation shall be taken into account + in the evaluation of each large-scale IT system established by the legal acts listed in Annex X to be undertaken as provided for in those legal acts and where those legal acts are replaced or amended. - 2. Without prejudice to the application of Article 5 as referred to in Article + 2. Without prejudice to the application of Article 5 as referred to in Article 113(3), point (a), this Regulation shall apply to operators of high-risk AI systems, other than the systems referred to in paragraph 1 of this Article, - that have been placed on the market or put into service before ... [24 months - from the date of entry into force of this Regulation], only if, as from that - date, those systems are subject to significant changes in their designs. In - the case of high-risk AI systems intended to be used by public authorities, - the providers and deployers of such systems shall take the necessary steps - to comply with the requirements of this Regulation by ...[ six years from - the date of entry into force of this Regulation]. - - 3. Providers of general-purpose AI models that have been placed on the market - before ... [12 months from the date of entry into force of this Regulation] - shall take the necessary steps in order to comply with the obligations laid - down in this Regulation by ... [36 months from the date of entry into force - of this Regulation].' + that have been placed on the market or put into service before 2 August 2026, + only if, as from that date, those systems are subject to significant changes + in their designs. In any case, the providers and deployers of high-risk AI + systems intended to be used by public authorities shall take the necessary + steps to comply with the requirements and obligations of this Regulation by + 2 August 2030. + + 3. Providers of general-purpose AI models that have been placed on the market + before 2 August 2025 shall take the necessary steps in order to comply with + the obligations laid down in this Regulation by 2 August 2027.' - urn: urn:intuitem:risk:req_node:ai-act:node1127 assessable: false depth: 2 @@ -13089,15 +13081,14 @@ objects: parent_urn: urn:intuitem:risk:req_node:ai-act:node1127 ref_id: '112.1' description: '1. The Commission shall assess the need for amendment of the list - in Annex III and of the list of prohibited AI practices in Article 5, once - a year following the entry into force of this Regulation, and until the end - of the period of the delegation of power set out in Article 97. The Commission - shall submit the findings of that assessment to the European Parliament and - the Council. + set out in Annex III and of the list of prohibited AI practices laid down + in Article 5, once a year following the entry into force of this Regulation, + and until the end of the period of the delegation of power laid down in Article + 97. The Commission shall submit the findings of that assessment to the European + Parliament and the Council. - 2. By ... [four years from the date of entry into force of this Regulation] - and every four years thereafter, the Commission shall evaluate and report - to the European Parliament and to the Council on the following: + 2. By 2 August 2028 and every four years thereafter, the Commission shall + evaluate and report to the European Parliament and to the Council on the following: (a) the need for amendments extending existing area headings or adding new area headings in Annex III; @@ -13108,44 +13099,21 @@ objects: (c) amendments enhancing the effectiveness of the supervision and governance system. - 3. By ... [four years from the date of entry into force of this Regulation] - and every four years thereafter, the Commission shall submit a report on the - evaluation and review of this Regulation to the European Parliament and to - the Council. The report shall include an assessment with regard to the structure - of enforcement and the possible need for a Union agency to resolve any identified - shortcomings. On the basis of the findings, that report shall, where appropriate, - be accompanied by a proposal for amendment of this Regulation. The reports - shall be made public. + 3. By 2 August 2029 and every four years thereafter, the Commission shall + submit a report on the evaluation and review of this Regulation to the European + Parliament and to the Council. The report shall include an assessment with + regard to the structure of enforcement and the possible need for a Union agency + to resolve any identified shortcomings. On the basis of the findings, that + report shall, where appropriate, be accompanied by a proposal for amendment + of this Regulation. The reports shall be made public. - 4. The reports referred to in paragraph 2 shall devote specific attention - to the following: + 4. The reports referred to in paragraph 2 shall pay specific attention to + the following: (a) the status of the financial, technical and human resources of the national competent authorities in order to effectively perform the tasks assigned to them under this Regulation; - (c) adopted harmonised standards and common specifications developed to support - this Regulation; - - (d) the number of undertakings that enter the market after the entry into - application of this Regulation, and how many of them are SMEs. - - 5. By ... [four years from the date of entry into force of this Regulation)] - the Commission shall evaluate the functioning of the AI Office, whether the - Office has been given sufficient powers and competences to fulfil its tasks - and whether it would be relevant and needed for the proper implementation - and enforcement of this Regulation to upgrade the AI Office and its enforcement - competences and to increase its resources. The Commission shall submit this - evaluation report to the European Parliament and to the Council. - - 6. By ... [four years from the date of entry into force of this Regulation)] - and every four years thereafter, the Commission shall submit a report on the - review of the progress on the development of standardisation deliverables - on the energy-efficient development of general-purpose models, and asses the - need for further measures or actions, including binding measures or actions. - The report shall be submitted to the European Parliament and to the Council, - and it shall be made public. - (b) the state of penalties, in particular administrative fines as referred to in Article 99(1), applied by Member States for infringements of this Regulation; @@ -13155,28 +13123,26 @@ objects: (d) the number of undertakings that enter the market after the entry into application of this Regulation, and how many of them are SMEs. - 5. By ... [four years from the date of entry into force of this Regulation)] - the Commission shall evaluate the functioning of the AI Office, whether the - Office has been given sufficient powers and competences to fulfil its tasks - and whether it would be relevant and needed for the proper implementation - and enforcement of this Regulation to upgrade the AI Office and its enforcement - competences and to increase its resources. The Commission shall submit this - evaluation report to the European Parliament and to the Council. - - 6. By ... [four years from the date of entry into force of this Regulation)] - and every four years thereafter, the Commission shall submit a report on the - review of the progress on the development of standardisation deliverables - on the energy-efficient development of general-purpose models, and asses the - need for further measures or actions, including binding measures or actions. - The report shall be submitted to the European Parliament and to the Council, - and it shall be made public. - - 7. By ... [four years from the date of entry into force of this Regulation] - and every three years thereafter, the Commission shall evaluate the impact - and effectiveness of voluntary codes of conduct to foster the application - of the requirements set out in Chapter II, Section 2 for AI systems other - than high-risk AI systems and possibly other additional requirements for AI - systems other than high-risk AI systems, including as regards environmental + 5. By 2 August 2028, the Commission shall evaluate the functioning of the + AI Office, whether the AI Office has been given sufficient powers and competences + to fulfil its tasks, and whether it would be relevant and needed for the proper + implementation and enforcement of this Regulation to upgrade the AI Office + and its enforcement competences and to increase its resources. The Commission + shall submit a report on its evaluation to the European Parliament and to + the Council. + + 6. By 2 August 2028 and every four years thereafter, the Commission shall + submit a report on the review of the progress on the development of standardisation + deliverables on the energy-efficient development of general-purpose AI models, + and asses the need for further measures or actions, including binding measures + or actions. The report shall be submitted to the European Parliament and to + the Council, and it shall be made public. + + 7. By 2 August 2028 and every three years thereafter, the Commission shall + evaluate the impact and effectiveness of voluntary codes of conduct to foster + the application of the requirements set out in Chapter III, Section 2 for + AI systems other than high-risk AI systems and possibly other additional requirements + for AI systems other than high-risk AI systems, including as regards environmental sustainability. 8. For the purposes of paragraphs 1 to 7, the Board, the Member States and @@ -13191,41 +13157,34 @@ objects: 10. The Commission shall, if necessary, submit appropriate proposals to amend this Regulation, in particular taking into account developments in technology, the effect of AI systems on health and safety, and on fundamental rights, - and in the light of the state of progress in the information society. + and in light of the state of progress in the information society. 11. To guide the evaluations and reviews referred to in paragraphs 1 to 7 of this Article, the AI Office shall undertake to develop an objective and participative methodology for the evaluation of risk levels based on the criteria outlined in the relevant Articles and the inclusion of new systems in: - (a) the list in Annex III, including the extension of existing area headings - or the addition of new area headings in that Annex; + (a) the list set out in Annex III, including the extension of existing area + headings or the addition of new area headings in that Annex; - (b) the list of prohibited practices laid down in Article 5; and, + (b) the list of prohibited practices set out in Article 5; and (c) the list of AI systems requiring additional transparency measures pursuant - to - - Article 50. + to Article 50. 12. Any amendment to this Regulation pursuant to paragraph 10, or relevant - delegated or - - implementing acts, which concerns sectoral Union harmonisation legislation - listed in Section B of Annex I shall take into account the regulatory specificities - of each sector, and the existing governance, conformity assessment and enforcement - mechanisms and authorities established therein. - - 13. By ... [seven years from the date of entry into force of this Regulation], - the Commission shall carry out an assessment of the enforcement of this Regulation - and shall report on it to the European Parliament, the Council and the European - Economic and Social Committee, taking into account the first years of application - of this Regulation. On the basis of the findings, that report shall, where - appropriate, be accompanied by a proposal for amendment of this Regulation - with regard to the structure of enforcement and the need for a Union agency - to resolve any identified shortcomings. - - ' + delegated or implementing acts, which concerns sectoral Union harmonisation + legislation listed in Section B of Annex I shall take into account the regulatory + specificities of each sector, and the existing governance, conformity assessment + and enforcement mechanisms and authorities established therein. + + 13. By 2 August 2031, the Commission shall carry out an assessment of the + enforcement of this Regulation and shall report on it to the European Parliament, + the Council and the European Economic and Social Committee, taking into account + the first years of application of this Regulation. On the basis of the findings, + that report shall, where appropriate, be accompanied by a proposal for amendment + of this Regulation with regard to the structure of enforcement and the need + for a Union agency to resolve any identified shortcomings.' - urn: urn:intuitem:risk:req_node:ai-act:node1129 assessable: false depth: 2 @@ -13240,26 +13199,23 @@ objects: description: 'This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. - It shall apply from ... [24 months from the date of entry into force of this - Regulation]. However: + It shall apply from 2 August 2026. - (a) Chapters I and II shall apply from ... [six months from the date of entry - into force of this Regulation]; + However: - (b) Chapter III Section 4, Chapter V, Chapter VII and Chapter XII shall apply - from ... [12 months from the date of entry into force of this Regulation], - with the exception of Article 101; + (a) Chapters I and II shall apply from 2 February 2025; - (c) Article 6(1) and the corresponding obligations in this Regulation shall - apply from ... [36 months from the date of entry into force of this Regulation]. + (b) Chapter III Section 4, Chapter V, Chapter VII and Chapter XII and Article + 78 shall apply from 2 August 2025, with the exception of Article 101; - ' + (c) Article 6(1) and the corresponding obligations in this Regulation shall + apply from 2 August 2027.' - urn: urn:intuitem:risk:req_node:ai-act:node1131 assessable: true depth: 3 parent_urn: urn:intuitem:risk:req_node:ai-act:node1129 - description: This Regulation shall be binding in its entirety and directly applicable - in all Member States. Done at ..., + description: "This Regulation shall be binding in its entirety and directly\ + \ applicable in all Member States. \nDone at Brussels, 13 June 2024." - urn: urn:intuitem:risk:req_node:ai-act:node1132 assessable: false depth: 1 @@ -14212,17 +14168,17 @@ objects: assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:ai-act:node1184 - description: '3. Eurodac - - (a) Regulation (EU) 2024/... of the European Parliament and of the Council - on the establishment of ''Eurodac'' for the comparison of biometric data for - the effective application of Regulation (EU) .../... [Regulation on Asylum - and Migration Management], of Regulation (EU) .../... [Resettlement Regulation] - and Directive 2001/55/EC [Temporary Protection Directive] for identifying - an illegally staying third-country national or stateless person and on requests - for the comparison with Eurodac data by Member States'' law enforcement authorities - and Europol for law enforcement purposes and amending Regulations (EU) 2018/1240 - and (EU) 2019/818+.' + description: "3. Eurodac\nRegulation (EU) 2024/1358 of the European Parliament\ + \ and of the Council of 14 May 2024 on the establishment of \u2018Eurodac\u2019\ + \ for the comparison of biometric data in order to effectively apply Regulations\ + \ (EU) 2024/1315 and (EU) 2024/1350 of the European Parliament and of the\ + \ Council and Council Directive 2001/55/EC and to identify illegally staying\ + \ third-country nationals and stateless persons and on requests for the comparison\ + \ with Eurodac data by Member States\u2019 law enforcement authorities and\ + \ Europol for law enforcement purposes, amending Regulations (EU) 2018/1240\ + \ and (EU) 2019/818 of the European Parliament and of the Council and repealing\ + \ Regulation (EU) No 603/2013 of the European Parliament and of the Council\ + \ (OJ L, 2024/1358, 22.5.2024, ELI: http://data.europa.eu/eli/reg/2024/1358/oj)." - urn: urn:intuitem:risk:req_node:ai-act:node1188 assessable: false depth: 2 diff --git a/backend/library/libraries/ccpa act.yaml b/backend/library/libraries/ccpa act.yaml new file mode 100644 index 000000000..6481372ce --- /dev/null +++ b/backend/library/libraries/ccpa act.yaml @@ -0,0 +1,5164 @@ +urn: urn:intuitem:risk:library:ccpa_act +locale: en +ref_id: 'CCPA ACT ' +name: California Consumer Privacy Act (CCPA) +description: "The California Consumer Privacy Act of 2018 (CCPA) gives consumers more\ + \ control over the personal information that businesses collect about them and the\ + \ CCPA regulations provide guidance on how to implement the law. Effective 1/1/2024\ + \ \u2013 AB 947 and AB 1194 updates\nhttps://cppa.ca.gov/regulations/pdf/cppa_act.pdf" +copyright: State of California +version: 1 +provider: State of California +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:ccpa_act + ref_id: 'CCPA ACT ' + name: California Consumer Privacy Act (CCPA) + description: "The California Consumer Privacy Act of 2018 (CCPA) gives consumers\ + \ more control over the personal information that businesses collect about them\ + \ and the CCPA regulations provide guidance on how to implement the law. Effective\ + \ 1/1/2024 \u2013 AB 947 and AB 1194 updates\nhttps://cppa.ca.gov/regulations/pdf/cppa_act.pdf" + requirement_nodes: + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100 + assessable: false + depth: 1 + ref_id: '1798.100' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-a + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100 + ref_id: 1798.100-a + description: "A business that controls the collection of a consumer\u2019s personal\ + \ information shall, at or before the point of collection, inform consumers\ + \ of the following: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-a-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-a + ref_id: 1798.100-a-1 + description: 'The categories of personal information to be collected and the + purposes for which the categories of personal information are collected or + used and whether that information is sold or shared. A business shall not + collect additional categories of personal information or use personal information + collected for additional purposes that are incompatible with the disclosed + purpose for which the personal information was collected without providing + the consumer with notice consistent with this section. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-a-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-a + ref_id: 1798.100-a-2 + description: 'If the business collects sensitive personal information, the categories + of sensitive personal information to be collected and the purposes for which + the categories of sensitive personal information are collected or used, and + whether that information is sold or shared. A business shall not collect additional + categories of sensitive personal information or use sensitive personal information + collected for additional purposes that are incompatible with the disclosed + purpose for which the sensitive personal information was collected without + providing the consumer with notice consistent with this section. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-a.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-a + ref_id: 1798.100-a.3 + description: "The length of time the business intends to retain each category\ + \ of personal information, including sensitive personal information, or if\ + \ that is not possible, the criteria used to determine that period provided\ + \ that a business shall not retain a consumer\u2019s personal information\ + \ or sensitive personal information for each disclosed purpose for which the\ + \ personal information was collected for longer than is reasonably necessary\ + \ for that disclosed purpose. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100 + ref_id: 1798.100-b + description: 'A business that, acting as a third party, controls the collection + of personal information about a consumer may satisfy its obligation under + subdivision (a) by providing the required information prominently and conspicuously + on the homepage of its internet website. In addition, if a business acting + as a third party controls the collection of personal information about a consumer + on its premises, including in a vehicle, then the business shall, at or before + the point of collection, inform consumers as to the categories of personal + information to be collected and the purposes for which the categories of personal + information are used, and whether that personal information is sold, in a + clear and conspicuous manner at the location. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100 + ref_id: 1798.100-c + description: "A business\u2019 collection, use, retention, and sharing of a\ + \ consumer\u2019s personal information shall be reasonably necessary and proportionate\ + \ to achieve the purposes for which the personal information was collected\ + \ or processed, or for another disclosed purpose that is compatible with the\ + \ context in which the personal information was collected, and not further\ + \ processed in a manner that is incompatible with those purposes." + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100 + ref_id: 1798.100-d + description: "A business that collects a consumer\u2019s personal information\ + \ and that sells that personal information to, or shares it with, a third\ + \ party or that discloses it to a service provider or contractor for a business\ + \ purpose shall enter into an agreement with the third party, service provider,\ + \ or contractor, that: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d + ref_id: 1798.100-d.1 + description: 'Specifies that the personal information is sold or disclosed by + the business only for limited and specified purposes. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d + ref_id: 1798.100-d.2 + description: 'Obligates the third party, service provider, or contractor to + comply with applicable obligations under this title and obligate those persons + to provide the same level of privacy protection as is required by this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d + ref_id: 1798.100-d.3 + description: "Grants the business rights to take reasonable and appropriate\ + \ steps to help ensure that the third party, service provider, or contractor\ + \ uses the personal information transferred in a manner consistent with the\ + \ business\u2019 obligations under this title. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d + ref_id: 1798.100-d.4 + description: 'Requires the third party, service provider, or contractor to notify + the business if it makes a determination that it can no longer meet its obligations + under this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-d + ref_id: 1798.100-d.5 + description: 'Grants the business the right, upon notice, including under paragraph + (4), to take reasonable and appropriate steps to stop and remediate unauthorized + use of personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-e + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100 + ref_id: 1798.100-e + description: "A business that collects a consumer\u2019s personal information\ + \ shall implement reasonable security procedures and practices appropriate\ + \ to the nature of the personal information to protect the personal information\ + \ from unauthorized or illegal access, destruction, use, modification, or\ + \ disclosure in accordance with Section 1798.81.5. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.100-f + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.100 + ref_id: 1798.100-f + description: 'Nothing in this section shall require a business to disclose trade + secrets, as specified in regulations adopted pursuant to paragraph (3) of + subdivision (a) of Section 1798.185. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105 + assessable: false + depth: 1 + ref_id: '1798.105' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105 + ref_id: 1798.105-a + description: 'A consumer shall have the right to request that a business delete + any personal information about the consumer which the business has collected + from the consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105 + ref_id: 1798.105-b + description: "A business that collects personal information about consumers\ + \ shall disclose, pursuant to Section 1798.130, the consumer\u2019s rights\ + \ to request the deletion of the consumer\u2019s personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-c.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105 + ref_id: 1798.105-c.1 + description: "A business that receives a verifiable consumer request from a\ + \ consumer to delete the consumer\u2019s personal information pursuant to\ + \ subdivision (a) of this section shall delete the consumer\u2019s personal\ + \ information from its records, notify any service providers or contractors\ + \ to delete the consumer\u2019s personal information from their records, and\ + \ notify all third parties to whom the business has sold or shared the personal\ + \ information to delete the consumer\u2019s personal information unless this\ + \ proves impossible or involves disproportionate effort. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-c.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-c.1 + ref_id: 1798.105-c.2 + description: 'The business may maintain a confidential record of deletion requests + solely for the purpose of preventing the personal information of a consumer + who has submitted a deletion request from being sold, for compliance with + laws or for other purposes, solely to the extent permissible under this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-c.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-c.1 + ref_id: 1798.105-c.3 + description: "A service provider or contractor shall cooperate with the business\ + \ in responding to a verifiable consumer request, and at the direction of\ + \ the business, shall delete, or enable the business to delete and shall notify\ + \ any of its own service providers or contractors to delete personal information\ + \ about the consumer collected, used, processed, or retained by the service\ + \ provider or the contractor. The service provider or contractor shall notify\ + \ any service providers, contractors, or third parties who may have accessed\ + \ personal information from or through the service provider or contractor,\ + \ unless the information was accessed at the direction of the business, to\ + \ delete the consumer\u2019s personal information unless this proves impossible\ + \ or involves disproportionate effort. A service provider or contractor shall\ + \ not be required to comply with a deletion request submitted by the consumer\ + \ directly to the service provider or contractor to the extent that the service\ + \ provider or contractor has collected, used, processed, or retained the consumer\u2019\ + s personal information in its role as a service provider or contractor to\ + \ the business." + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105 + ref_id: 1798.105-d + description: "A business, or a service provider or contractor acting pursuant\ + \ to its contract with the business, another service provider, or another\ + \ contractor, shall not be required to comply with a consumer\u2019s request\ + \ to delete the consumer\u2019s personal information if it is reasonably necessary\ + \ for the business, service provider, or contractor to maintain the consumer\u2019\ + s personal information in order to: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + ref_id: 1798.105-d.1 + description: "Complete the transaction for which the personal information was\ + \ collected, fulfill the terms of a written warranty or product recall conducted\ + \ in accordance with federal law, provide a good or service requested by the\ + \ consumer, or reasonably anticipated by the consumer within the context of\ + \ a business\u2019 ongoing business relationship with the consumer, or otherwise\ + \ perform a contract between the business and the consumer. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + ref_id: 1798.105-d.2 + description: "Help to ensure security and integrity to the extent the use of\ + \ the consumer\u2019s personal information is reasonably necessary and proportionate\ + \ for those purposes. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + ref_id: 1798.105-d.3 + description: 'Debug to identify and repair errors that impair existing intended + functionality. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + ref_id: 1798.105-d.4 + description: "Exercise free speech, ensure the right of another consumer to\ + \ exercise that consumer\u2019s right of free speech, or exercise another\ + \ right provided for by law. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + ref_id: 1798.105-d.5 + description: 'Comply with the California Electronic Communications Privacy Act + pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part + 2 of the Penal Code. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + ref_id: 1798.105-d.6 + description: "Engage in public or peer-reviewed scientific, historical, or statistical\ + \ research that conforms or adheres to all other applicable ethics and privacy\ + \ laws, when the business\u2019 deletion of the information is likely to render\ + \ impossible or seriously impair the ability to complete such research, if\ + \ the consumer has provided informed consent. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + ref_id: 1798.105-d.7 + description: "To enable solely internal uses that are reasonably aligned with\ + \ the expectations of the consumer based on the consumer\u2019s relationship\ + \ with the business and compatible with the context in which the consumer\ + \ provided the information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.105-d + ref_id: 1798.105-d.8 + description: 'Comply with a legal obligation. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.106 + assessable: false + depth: 1 + ref_id: '1798.106' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.106-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.106 + ref_id: 1798.106-a + description: 'A consumer shall have the right to request a business that maintains + inaccurate personal information about the consumer to correct that inaccurate + personal information, taking into account the nature of the personal information + and the purposes of the processing of the personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.106-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.106 + ref_id: 1798.106-b + description: "A business that collects personal information about consumers\ + \ shall disclose, pursuant to Section 1798.130, the consumer\u2019s right\ + \ to request correction of inaccurate personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.106-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.106 + ref_id: 1798.106-c + description: 'A business that receives a verifiable consumer request to correct + inaccurate personal information shall use commercially reasonable efforts + to correct the inaccurate personal information as directed by the consumer, + pursuant to Section 1798.130 and regulations adopted pursuant to paragraph + (8) of subdivision (a) of Section 1798.185. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110 + assessable: false + depth: 1 + ref_id: '1798.110' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110 + ref_id: 1798.110-a + description: 'A consumer shall have the right to request that a business that + collects personal information about the consumer disclose to the consumer + the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a + ref_id: 1798.110-a.1 + description: 'The categories of personal information it has collected about + that consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a + ref_id: 1798.110-a.2 + description: 'The categories of sources from which the personal information + is collected. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a + ref_id: 1798.110-a.3 + description: 'The business or commercial purpose for collecting, selling, or + sharing personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a + ref_id: 1798.110-a.4 + description: 'The categories of third parties to whom the business discloses + personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-a + ref_id: 1798.110-a.5 + description: 'The specific pieces of personal information it has collected about + that consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110 + ref_id: 1798.110-b + description: 'A business that collects personal information about a consumer + shall disclose to the consumer, pursuant to subparagraph (B) of paragraph + (3) of subdivision (a) of Section 1798.130, the information specified in subdivision + (a) upon receipt of a verifiable consumer request from the consumer, provided + that a business shall be deemed to be in compliance with paragraphs (1) to + (4), inclusive, of subdivision (a) to the extent that the categories of information + and the business or commercial purpose for collecting, selling, or sharing + personal information it would be required to disclose to the consumer pursuant + to paragraphs (1) to (4), inclusive, of subdivision (a) is the same as the + information it has disclosed pursuant to paragraphs (1) to (4), inclusive, + of subdivision (c). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110 + ref_id: 1798.110-c + description: 'A business that collects personal information about consumers + shall disclose, pursuant to subparagraph (B) of paragraph (5) of subdivision + (a) of Section 1798.130: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c + ref_id: 1798.110-c.1 + description: 'The categories of personal information it has collected about + consumers. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c + ref_id: 1798.110-c.2 + description: 'The categories of sources from which the personal information + is collected. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c + ref_id: 1798.110-c.3 + description: 'The business or commercial purpose for collecting, selling, or + sharing personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c + ref_id: 1798.110-c.4 + description: 'The categories of third parties to whom the business discloses + personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.110-c + ref_id: 1798.110-c.5 + description: 'That a consumer has the right to request the specific pieces of + personal information the business has collected about that consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115 + assessable: false + depth: 1 + ref_id: '1798.115' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115 + ref_id: 1798.115-a + description: "A consumer shall have the right to request that a business that\ + \ sells or shares the consumer\u2019s personal information, or that discloses\ + \ it for a business purpose, disclose to that consumer: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-a.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-a + ref_id: 1798.115-a.1 + description: 'The categories of personal information that the business collected + about the consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-a.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-a + ref_id: 1798.115-a.2 + description: 'The categories of personal information that the business sold + or shared about the consumer and the categories of third parties to whom the + personal information was sold or shared, by category or categories of personal + information for each category of third parties to whom the personal information + was sold or shared. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-a.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-a + ref_id: 1798.115-a.3 + description: 'The categories of personal information that the business disclosed + about the consumer for a business purpose and the categories of persons to + whom it was disclosed for a business purpose. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115 + ref_id: 1798.115-b + description: "A business that sells or shares personal information about a consumer,\ + \ or that discloses a consumer\u2019s personal information for a business\ + \ purpose, shall disclose, pursuant to paragraph (4) of subdivision (a) of\ + \ Section 1798.130, the information specified in subdivision (a) to the consumer\ + \ upon receipt of a verifiable consumer request from the consumer. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115 + ref_id: 1798.115-c + description: "A business that sells or shares consumers\u2019 personal information,\ + \ or that discloses consumers\u2019 personal information for a business purpose,\ + \ shall disclose, pursuant to subparagraph (C) of paragraph (5) of subdivision\ + \ (a) of Section 1798.130: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-c.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-c + ref_id: 1798.115-c.1 + description: "The category or categories of consumers\u2019 personal information\ + \ it has sold or shared, or if the business has not sold or shared consumers\u2019\ + \ personal information, it shall disclose that fact. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-c.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-c + ref_id: 1798.115-c.2 + description: "The category or categories of consumers\u2019 personal information\ + \ it has disclosed for a business purpose, or if the business has not disclosed\ + \ consumers\u2019 personal information for a business purpose, it shall disclose\ + \ that fact. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.115-d + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.115 + ref_id: 1798.115-d + description: 'A third party shall not sell or share personal information about + a consumer that has been sold to, or shared with, the third party by a business + unless the consumer has received explicit notice and is provided an opportunity + to exercise the right to opt-out pursuant to Section 1798.120. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.120 + assessable: false + depth: 1 + ref_id: '1798.120' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.120-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.120 + ref_id: 1798.120-a + description: "A consumer shall have the right, at any time, to direct a business\ + \ that sells or shares personal information about the consumer to third parties\ + \ not to sell or share the consumer\u2019s personal information. This right\ + \ may be referred to as the right to opt-out of sale or sharing. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.120-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.120 + ref_id: 1798.120-b + description: "A business that sells consumers\u2019 personal information to,\ + \ or shares it with, third parties shall provide notice to consumers, pursuant\ + \ to subdivision (a) of Section 1798.135, that this information may be sold\ + \ or shared and that consumers have the \u201Cright to opt-out\u201D of the\ + \ sale or sharing of their personal information." + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.120-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.120 + ref_id: 1798.120-c + description: "Notwithstanding subdivision (a), a business shall not sell or\ + \ share the personal information of consumers if the business has actual knowledge\ + \ that the consumer is less than 16 years of age, unless the consumer, in\ + \ the case of consumers at least 13 years of age and less than 16 years of\ + \ age, or the consumer\u2019s parent or guardian, in the case of consumers\ + \ who are less than 13 years of age, has affirmatively authorized the sale\ + \ or sharing of the consumer\u2019s personal information. A business that\ + \ willfully disregards the consumer\u2019s age shall be deemed to have had\ + \ actual knowledge of the consumer\u2019s age. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.120-d + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.120 + ref_id: 1798.120-d + description: "A business that has received direction from a consumer not to\ + \ sell or share the consumer\u2019s personal information or, in the case of\ + \ a minor consumer\u2019s personal information has not received consent to\ + \ sell or share the minor consumer\u2019s personal information, shall be prohibited,\ + \ pursuant to paragraph (4) of subdivision (c) of Section 1798.135, from selling\ + \ or sharing the consumer\u2019s personal information after its receipt of\ + \ the consumer\u2019s direction, unless the consumer subsequently provides\ + \ consent, for the sale or sharing of the consumer\u2019s personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.121 + assessable: false + depth: 1 + ref_id: '1798.121' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.121-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.121 + ref_id: 1798.121-a + description: "A consumer shall have the right, at any time, to direct a business\ + \ that collects sensitive personal information about the consumer to limit\ + \ its use of the consumer\u2019s sensitive personal information to that use\ + \ which is necessary to perform the services or provide the goods reasonably\ + \ expected by an average consumer who requests those goods or services, to\ + \ perform the services set forth in paragraphs (2), (4), (5), and (8) of subdivision\ + \ (e) of Section 1798.140, and as authorized by regulations adopted pursuant\ + \ to subparagraph (C) of paragraph (19) of subdivision (a) of Section 1798.185.\ + \ A business that uses or discloses a consumer\u2019s sensitive personal information\ + \ for purposes other than those specified in this subdivision shall provide\ + \ notice to consumers, pursuant to subdivision (a) of Section 1798.135, that\ + \ this information may be used, or disclosed to a service provider or contractor,\ + \ for additional, specified purposes and that consumers have the right to\ + \ limit the use or disclosure of their sensitive personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.121-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.121 + ref_id: 1798.121-b + description: "A business that has received direction from a consumer not to\ + \ use or disclose the consumer\u2019s sensitive personal information, except\ + \ as authorized by subdivision (a), shall be prohibited, pursuant to paragraph\ + \ (4) of subdivision (c) of Section 1798.135, from using or disclosing the\ + \ consumer\u2019s sensitive personal information for any other purpose after\ + \ its receipt of the consumer\u2019s direction unless the consumer subsequently\ + \ provides consent for the use or disclosure of the consumer\u2019s sensitive\ + \ personal information for additional purposes. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.121-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.121 + ref_id: 1798.121-c + description: 'A service provider or contractor that assists a business in performing + the purposes authorized by subdivision (a) may not use the sensitive personal + information after it has received instructions from the business and to the + extent it has actual knowledge that the personal information is sensitive + personal information for any other purpose. A service provider or contractor + is only required to limit its use of sensitive personal information received + pursuant to a written contract with the business in response to instructions + from the business and only with respect to its relationship with that business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.121-d + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.121 + ref_id: 1798.121-d + description: Sensitive personal information that is collected or processed without + the purpose of inferring characteristics about a consumer is not subject to + this section, as further defined in regulations adopted pursuant to subparagraph + (C) of paragraph (19) of subdivision (a) of Section 1798.185, and shall be + treated as personal information for purposes of all other sections of this + act, including Section 1798.100. + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125 + assessable: false + depth: 1 + ref_id: '1798.125' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125 + ref_id: 1798.125-a.1 + description: "A business shall not discriminate against a consumer because the\ + \ consumer exercised any of the consumer\u2019s rights under this title, including,\ + \ but not limited to, by: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1.a + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1 + ref_id: 1798.125-a.1.A + description: Denying goods or services to the consumer + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1.b + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1 + ref_id: 1798.125-a.1.B + description: 'Charging different prices or rates for goods or services, including + through the use of discounts or other benefits or imposing penalties. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1.c + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1 + ref_id: 1798.125-a.1.C + description: 'Providing a different level or quality of goods or services to + the consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1.d + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1 + ref_id: 1798.125-a.1.D + description: 'Suggesting that the consumer will receive a different price or + rate for goods or services or a different level or quality of goods or services. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1.e + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.1 + ref_id: 1798.125-a.1.E + description: 'Retaliating against an employee, applicant for employment, or + independent contractor, as defined in subparagraph (A) of paragraph (2) of + subdivision (m) of Section 1798.145, for exercising their rights under this + title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125 + ref_id: 1798.125-a.2 + description: "Nothing in this subdivision prohibits a business, pursuant to\ + \ subdivision (b), from charging a consumer a different price or rate, or\ + \ from providing a different level or quality of goods or services to the\ + \ consumer, if that difference is reasonably related to the value provided\ + \ to the business by the consumer\u2019s data. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-a.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125 + ref_id: 1798.125-a.3 + description: 'This subdivision does not prohibit a business from offering loyalty, + rewards, premium features, discounts, or club card programs consistent with + this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-b.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125 + ref_id: 1798.125-b.1 + description: "A business may offer financial incentives, including payments\ + \ to consumers as compensation, for the collection of personal information,\ + \ the sale or sharing of personal information, or the retention of personal\ + \ information. A business may also offer a different price, rate, level, or\ + \ quality of goods or services to the consumer if that price or difference\ + \ is reasonably related to the value provided to the business by the consumer\u2019\ + s data. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-b.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125 + ref_id: 1798.125-b.2 + description: 'A business that offers any financial incentives pursuant to this + subdivision, shall notify consumers of the financial incentives pursuant to + Section 1798.130. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-b.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125 + ref_id: 1798.125-b.3 + description: 'A business may enter a consumer into a financial incentive program + only if the consumer gives the business prior opt-in consent pursuant to Section + 1798.130 that clearly describes the material terms of the financial incentive + program, and which may be revoked by the consumer at any time. If a consumer + refuses to provide optin consent, then the business shall wait for at least + 12 months before next requesting that the consumer provide opt-in consent, + or as prescribed by regulations adopted pursuant to Section 1798.185. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.125-b.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.125 + ref_id: 1798.125-b.4 + description: 'A business shall not use financial incentive practices that are + unjust, unreasonable, coercive, or usurious in nature. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130 + assessable: false + depth: 1 + ref_id: '1798.130' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130 + ref_id: 1798.130-a + description: 'In order to comply with Sections 1798.100, 1798.105, 1798.106, + 1798.110, 1798.115, and 1798.125, a business shall, in a form that is reasonably + accessible to consumers: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.1.a + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a + ref_id: 1798.130-a.1.A + description: 'Make available to consumers two or more designated methods for + submitting requests for information required to be disclosed pursuant to Sections + 1798.110 and 1798.115, or requests for deletion or correction pursuant to + Sections 1798.105 and 1798.106, respectively, including, at a minimum, a tollfree + telephone number. A business that operates exclusively online and has a direct + relationship with a consumer from whom it collects personal information shall + only be required to provide an email address for submitting requests for information + required to be disclosed pursuant to Sections 1798.110 and 1798.115, or for + requests for deletion or correction pursuant to Sections 1798.105 and 1798.106, + respectively. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.1.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.1.a + ref_id: 1798.130-a.1.B + description: 'If the business maintains an internet website, make the internet + website available to consumers to submit requests for information required + to be disclosed pursuant to Sections 1798.110 and 1798.115, or requests for + deletion or correction pursuant to Sections 1798.105 and 1798.106, respectively. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.2.a + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a + ref_id: 1798.130-a.2.A + description: "Disclose and deliver the required information to a consumer free\ + \ of charge, correct inaccurate personal information, or delete a consumer\u2019\ + s personal information, based on the consumer\u2019s request, within 45 days\ + \ of receiving a verifiable consumer request from the consumer. The business\ + \ shall promptly take steps to determine whether the request is a verifiable\ + \ consumer request, but this shall not extend the business\u2019s duty to\ + \ disclose and deliver the information, to correct inaccurate personal information,\ + \ or to delete personal information within 45 days of receipt of the consumer\u2019\ + s request. The time period to provide the required information, to correct\ + \ inaccurate personal information, or to delete personal information may be\ + \ extended once by an additional 45 days when reasonably necessary, provided\ + \ the consumer is provided notice of the extension within the first 45-day\ + \ period. The disclosure of the required information shall be made in writing\ + \ and delivered through the consumer\u2019s account with the business, if\ + \ the consumer maintains an account with the business, or by mail or electronically\ + \ at the consumer\u2019s option if the consumer does not maintain an account\ + \ with the business, in a readily useable format that allows the consumer\ + \ to transmit this information from one entity to another entity without hindrance.\ + \ The business may require authentication of the consumer that is reasonable\ + \ in light of the nature of the personal information requested, but shall\ + \ not require the consumer to create an account with the business in order\ + \ to make a verifiable consumer request provided that if the consumer, has\ + \ an account with the business, the business may require the consumer to use\ + \ that account to submit a verifiable consumer request. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.2.a + ref_id: 1798.130-a.2.B + description: "The disclosure of the required information shall cover the 12-month\ + \ period preceding the business\u2019 receipt of the verifiable consumer request\ + \ provided that, upon the adoption of a regulation pursuant to paragraph (9)\ + \ of subdivision (a) of Section 1798.185, a consumer may request that the\ + \ business disclose the required information beyond the 12-month period, and\ + \ the business shall be required to provide that information unless doing\ + \ so proves impossible or would involve a disproportionate effort. A consumer\u2019\ + s right to request required information beyond the 12-month period, and a\ + \ business\u2019s obligation to provide that information, shall only apply\ + \ to personal information collected on or after January 1, 2022. Nothing in\ + \ this subparagraph shall require a business to keep personal information\ + \ for any length of time. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.a + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a + ref_id: 1798.130-a.3.A + description: "A business that receives a verifiable consumer request pursuant\ + \ to Section 1798.110 or 1798.115 shall disclose any personal information\ + \ it has collected about a consumer, directly or indirectly, including through\ + \ or by a service provider or contractor, to the consumer. A service provider\ + \ or contractor shall not be required to comply with a verifiable consumer\ + \ request received directly from a consumer or a consumer\u2019s authorized\ + \ agent, pursuant to Section 1798.110 or 1798.115, to the extent that the\ + \ service provider or contractor has collected personal information about\ + \ the consumer in its role as a service provider or contractor. A service\ + \ provider or contractor shall provide assistance to a business with which\ + \ it has a contractual relationship with respect to the business\u2019 response\ + \ to a verifiable consumer request, including, but not limited to, by providing\ + \ to the business the consumer\u2019s personal information in the service\ + \ provider or contractor\u2019s possession, which the service provider or\ + \ contractor obtained as a result of providing services to the business, and\ + \ by correcting inaccurate information or by enabling the business to do the\ + \ same. A service provider or contractor that collects personal information\ + \ pursuant to a written contract with a business shall be required to assist\ + \ the business through appropriate technical and organizational measures in\ + \ complying with the requirements of subdivisions (d) to (f), inclusive, of\ + \ Section 1798.100, taking into account the nature of the processing. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.a + ref_id: 1798.130-a.3.B + description: 'For purposes of subdivision (b) of Section 1798.110: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.b.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.b + ref_id: 1798.130-a.3.B.i + description: 'To identify the consumer, associate the information provided by + the consumer in the verifiable consumer request to any personal information + previously collected by the business about the consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.b.ii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.b + ref_id: 1798.130-a.3.B.ii + description: "Identify by category or categories the personal information collected\ + \ about the consumer for the applicable period of time by reference to the\ + \ enumerated category or categories in subdivision (c) that most closely describes\ + \ the personal information collected; the categories of sources from which\ + \ the consumer\u2019s personal information was collected; the business or\ + \ commercial purpose for collecting, selling, or sharing the consumer\u2019\ + s personal information; and the categories of third parties to whom the business\ + \ discloses the consumer\u2019s personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.b.iii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.3.b + ref_id: 1798.130-a.3.B.iii + description: "Provide the specific pieces of personal information obtained from\ + \ the consumer in a format that is easily understandable to the average consumer,\ + \ and to the extent technically feasible, in a structured, commonly used,\ + \ machine-readable format that may also be transmitted to another entity at\ + \ the consumer\u2019s request without hindrance. \u201CSpecific pieces of\ + \ information\u201D do not include data generated to help ensure security\ + \ and integrity or as prescribed by regulation. Personal information is not\ + \ considered to have been disclosed by a business when a consumer instructs\ + \ a business to transfer the consumer\u2019s personal information from one\ + \ business to another in the context of switching services. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a + ref_id: 1798.130-a.4 + description: 'For purposes of subdivision (b) of Section 1798.115: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.4.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.4 + ref_id: 1798.130-a.4.A + description: 'Identify the consumer and associate the information provided by + the consumer in the verifiable consumer request to any personal information + previously collected by the business about the consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.4.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.4 + ref_id: 1798.130-a.4.B + description: "Identify by category or categories the personal information of\ + \ the consumer that the business sold or shared during the applicable period\ + \ of time by reference to the enumerated category in subdivision (c) that\ + \ most closely describes the personal information, and provide the categories\ + \ of third parties to whom the consumer\u2019s personal information was sold\ + \ or shared during the applicable period of time by reference to the enumerated\ + \ category or categories in subdivision (c) that most closely describes the\ + \ personal information sold or shared. The business shall disclose the information\ + \ in a list that is separate from a list generated for the purposes of subparagraph\ + \ (C). " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.4.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.4 + ref_id: 1798.130-a.4.C + description: "Identify by category or categories the personal information of\ + \ the consumer that the business disclosed for a business purpose during the\ + \ applicable period of time by reference to the enumerated category or categories\ + \ in subdivision (c) that most closely describes the personal information,\ + \ and provide the categories of persons to whom the consumer\u2019s personal\ + \ information was disclosed for a business purpose during the applicable period\ + \ of time by reference to the enumerated category or categories in subdivision\ + \ (c) that most closely describes the personal information disclosed. The\ + \ business shall disclose the information in a list that is separate from\ + \ a list generated for the purposes of subparagraph (B). " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a + ref_id: 1798.130-a.5 + description: "Disclose the following information in its online privacy policy\ + \ or policies if the business has an online privacy policy or policies and\ + \ in any California-specific description of consumers\u2019 privacy rights,\ + \ or if the business does not maintain those policies, on its internet website,\ + \ and update that information at least once every 12 months: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5 + ref_id: 1798.130-a.5.A + description: "A description of a consumer\u2019s rights pursuant to Sections\ + \ 1798.100, 1798.105, 1798.106, 1798.110, 1798.115, and 1798.125 and two or\ + \ more designated methods for submitting requests, except as provided in subparagraph\ + \ (A) of paragraph (1) of subdivision (a). " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5 + ref_id: 1798.130-a.5.B + description: 'For purposes of subdivision (c) of Section 1798.110: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b + ref_id: 1798.130-a.5.B.i + description: 'A list of the categories of personal information it has collected + about consumers in the preceding 12 months by reference to the enumerated + category or categories in subdivision (c) that most closely describe the personal + information collected. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b.ii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b + ref_id: 1798.130-a.5.B.ii + description: "The categories of sources from which consumers\u2019 personal\ + \ information is collected. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b.iii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b + ref_id: 1798.130-a.5.B.iii + description: "The business or commercial purpose for collecting, selling, or\ + \ sharing consumers\u2019 personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b.iv + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.b + ref_id: 1798.130-a.5.B.iv + description: "The categories of third parties to whom the business discloses\ + \ consumers\u2019 personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5 + ref_id: 1798.130-a.5.C + description: 'For purposes of paragraphs (1) and (2) of subdivision (c) of Section + 1798.115, two separate lists: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.c.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.c + ref_id: 1798.130-a.5.C.i + description: "A list of the categories of personal information it has sold or\ + \ shared about consumers in the preceding 12 months by reference to the enumerated\ + \ category or categories in subdivision (c) that most closely describe the\ + \ personal information sold or shared, or if the business has not sold or\ + \ shared consumers\u2019 personal information in the preceding 12 months,\ + \ the business shall prominently disclose that fact in its privacy policy. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.c.ii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5.c + ref_id: 1798.130-a.5.C.ii + description: "A list of the categories of personal information it has disclosed\ + \ about consumers for a business purpose in the preceding 12 months by reference\ + \ to the enumerated category in subdivision (c) that most closely describes\ + \ the personal information disclosed, or if the business has not disclosed\ + \ consumers\u2019 personal information for a business purpose in the preceding\ + \ 12 months, the business shall disclose that fact. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5 + ref_id: 1798.130-a.6 + description: "Ensure that all individuals responsible for handling consumer\ + \ inquiries about the business\u2019 privacy practices or the business\u2019\ + \ compliance with this title are informed of all requirements in Sections\ + \ 1798.100, 1798.105, 1798.106, 1798.110, 1798.115, 1798.125, and this section,\ + \ and how to direct consumers to exercise their rights under those sections. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-a.5 + ref_id: 1798.130-a.7 + description: "Use any personal information collected from the consumer in connection\ + \ with the business\u2019 verification of the consumer\u2019s request solely\ + \ for the purposes of verification and shall not further disclose the personal\ + \ information, retain it longer than necessary for purposes of verification,\ + \ or use it for unrelated purposes. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130 + ref_id: 1798.130-b + description: 'A business is not obligated to provide the information required + by Sections 1798.110 and 1798.115 to the same consumer more than twice in + a 12-month period. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.130-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.130 + ref_id: 1798.130-c + description: 'The categories of personal information required to be disclosed + pursuant to Sections 1798.100, 1798.110, and 1798.115 shall follow the definitions + of personal information and sensitive personal information in Section 1798.140 + by describing the categories of personal information using the specific terms + set forth in subparagraphs (A) to (K), inclusive, of paragraph (1) of subdivision + (v) of Section 1798.140 and by describing the categories of sensitive personal + information using the specific terms set forth in paragraphs (1) to (9), inclusive, + of subdivision (ae) of Section 1798.140. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135 + assessable: false + depth: 1 + ref_id: '1798.135' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135 + ref_id: 1798.135-a + description: "A business that sells or shares consumers\u2019 personal information\ + \ or uses or discloses consumers\u2019 sensitive personal information for\ + \ purposes other than those authorized by subdivision (a) of Section 1798.121\ + \ shall, in a form that is reasonably accessible to consumers: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a + ref_id: 1798.135-a.1 + description: "Provide a clear and conspicuous link on the business\u2019s internet\ + \ homepages, titled \u201CDo Not Sell or Share My Personal Information,\u201D\ + \ to an internet web page that enables a consumer, or a person authorized\ + \ by the consumer, to opt-out of the sale or sharing of the consumer\u2019\ + s personal information" + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a + ref_id: 1798.135-a.2 + description: "Provide a clear and conspicuous link on the business\u2019 internet\ + \ homepages, titled \u201CLimit the Use of My Sensitive Personal Information,\u201D\ + \ that enables a consumer, or a person authorized by the consumer, to limit\ + \ the use or disclosure of the consumer\u2019s sensitive personal information\ + \ to those uses authorized by subdivision (a) of Section 1798.121. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a + ref_id: 1798.135-a.3 + description: "At the business\u2019 discretion, utilize a single, clearly labeled\ + \ link on the business\u2019 internet homepages, in lieu of complying with\ + \ paragraphs (1) and (2), if that link easily allows a consumer to opt out\ + \ of the sale or sharing of the consumer\u2019s personal information and to\ + \ limit the use or disclosure of the consumer\u2019s sensitive personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-a + ref_id: 1798.135-a.4 + description: "In the event that a business responds to opt-out requests received\ + \ pursuant to paragraph (1), (2), or (3) by informing the consumer of a charge\ + \ for the use of any product or service, present the terms of any financial\ + \ incentive offered pursuant to subdivision (b) of Section 1798.125 for the\ + \ retention, use, sale, or sharing of the consumer\u2019s personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135 + ref_id: 1798.135-b.1 + description: "A business shall not be required to comply with subdivision (a)\ + \ if the business allows consumers to opt out of the sale or sharing of their\ + \ personal information and to limit the use of their sensitive personal information\ + \ through an opt-out preference signal sent with the consumer\u2019s consent\ + \ by a platform, technology, or mechanism, based on technical specifications\ + \ set forth in regulations adopted pursuant to paragraph (20) of subdivision\ + \ (a) of Section 1798.185, to the business indicating the consumer\u2019s\ + \ intent to opt out of the business\u2019 sale or sharing of the consumer\u2019\ + s personal information or to limit the use or disclosure of the consumer\u2019\ + s sensitive personal information, or both. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.1 + ref_id: 1798.135-b.2 + description: "A business that allows consumers to opt out of the sale or sharing\ + \ of their personal information and to limit the use of their sensitive personal\ + \ information pursuant to paragraph (1) may provide a link to a web page that\ + \ enables the consumer to consent to the business ignoring the opt-out preference\ + \ signal with respect to that business\u2019 sale or sharing of the consumer\u2019\ + s personal information or the use of the consumer\u2019s sensitive personal\ + \ information for additional purposes provided that: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.2 + ref_id: 1798.135-b.2.A + description: 'The consent web page also allows the consumer or a person authorized + by the consumer to revoke the consent as easily as it is affirmatively provided. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.2 + ref_id: 1798.135-b.2.B + description: "The link to the web page does not degrade the consumer\u2019s\ + \ experience on the web page the consumer intends to visit and has a similar\ + \ look, feel, and size relative to other links on the same web page. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.2 + ref_id: 1798.135-b.2.C + description: 'The consent web page complies with technical specifications set + forth in regulations adopted pursuant to paragraph (20) of subdivision (a) + of Section 1798.185. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-b.1 + ref_id: 1798.135-b.3 + description: 'A business that complies with subdivision (a) is not required + to comply with subdivision (b). For the purposes of clarity, a business may + elect whether to comply with subdivision (a) or subdivision (b). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135 + ref_id: 1798.135-c + description: 'A business that is subject to this section shall: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c + ref_id: 1798.135-c.1 + description: "Not require a consumer to create an account or provide additional\ + \ information beyond what is necessary in order to direct the business not\ + \ to sell or share the consumer\u2019s personal information or to limit use\ + \ or disclosure of the consumer\u2019s sensitive personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c + ref_id: 1798.135-c.2 + description: "Include a description of a consumer\u2019s rights pursuant to\ + \ Sections 1798.120 and 1798.121, along with a separate link to the \u201C\ + Do Not Sell or Share My Personal Information\u201D internet web page and a\ + \ separate link to the \u201CLimit the Use of My Sensitive Personal Information\u201D\ + \ internet web page, if applicable, or a single link to both choices, or a\ + \ statement that the business responds to and abides by opt-out preference\ + \ signals sent by a platform, technology, or mechanism in accordance with\ + \ subdivision (b), in: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.2 + ref_id: 1798.135-c.2.A + description: 'Its online privacy policy or policies if the business has an online + privacy policy or policies. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.2 + ref_id: 1798.135-c.2.B + description: "Any California-specific description of consumers\u2019 privacy\ + \ rights. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c + ref_id: 1798.135-c.3 + description: "Ensure that all individuals responsible for handling consumer\ + \ inquiries about the business\u2019s privacy practices or the business\u2019\ + s compliance with this title are informed of all requirements in Sections\ + \ 1798.120, 1798.121, and this section and how to direct consumers to exercise\ + \ their rights under those sections. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c + ref_id: 1798.135-c.4 + description: "For consumers who exercise their right to opt-out of the sale\ + \ or sharing of their personal information or limit the use or disclosure\ + \ of their sensitive personal information, refrain from selling or sharing\ + \ the consumer\u2019s personal information or using or disclosing the consumer\u2019\ + s sensitive personal information and wait for at least 12 months before requesting\ + \ that the consumer authorize the sale or sharing of the consumer\u2019s personal\ + \ information or the use and disclosure of the consumer\u2019s sensitive personal\ + \ information for additional purposes, or as authorized by regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c + ref_id: 1798.135-c.5 + description: "For consumers under 16 years of age who do not consent to the\ + \ sale or sharing of their personal information, refrain from selling or sharing\ + \ the personal information of the consumer under 16 years of age and wait\ + \ for at least 12 months before requesting the consumer\u2019s consent again,\ + \ or as authorized by regulations or until the consumer attains 16 years of\ + \ age. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-c + ref_id: 1798.135-c.6 + description: "Use any personal information collected from the consumer in connection\ + \ with the submission of the consumer\u2019s opt-out request solely for the\ + \ purposes of complying with the opt-out request. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-d + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135 + ref_id: 1798.135-d + description: 'Nothing in this title shall be construed to require a business + to comply with the title by including the required links and text on the homepage + that the business makes available to the public generally, if the business + maintains a separate and additional homepage that is dedicated to California + consumers and that includes the required links and text, and the business + takes reasonable steps to ensure that California consumers are directed to + the homepage for California consumers and not the homepage made available + to the public generally. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-e + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135 + ref_id: 1798.135-e + description: "A consumer may authorize another person to opt-out of the sale\ + \ or sharing of the consumer\u2019s personal information and to limit the\ + \ use of the consumer\u2019s sensitive personal information on the consumer\u2019\ + s behalf, including through an opt-out preference signal, as defined in paragraph\ + \ (1) of subdivision (b), indicating the consumer\u2019s intent to opt out,\ + \ and a business shall comply with an opt-out request received from a person\ + \ authorized by the consumer to act on the consumer\u2019s behalf, pursuant\ + \ to regulations adopted by the Attorney General regardless of whether the\ + \ business has elected to comply with subdivision (a) or (b). For purposes\ + \ of clarity, a business that elects to comply with subdivision (a) may respond\ + \ to the consumer\u2019s opt-out consistent with Section 1798.125." + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135 + ref_id: 1798.135-f + description: "If a business communicates a consumer\u2019s opt-out request to\ + \ any person authorized by the business to collect personal information, the\ + \ person shall thereafter only use that consumer\u2019s personal information\ + \ for a business purpose specified by the business, or as otherwise permitted\ + \ by this title, and shall be prohibited from: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f + ref_id: 1798.135-f.1 + description: 'Selling or sharing the personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f + ref_id: 1798.135-f.2 + description: "Retaining, using, or disclosing that consumer\u2019s personal\ + \ information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f.2 + ref_id: 1798.135-f.2.A + description: 'For any purpose other than for the specific purpose of performing + the services offered to the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f.2 + ref_id: 1798.135-f.2.B + description: 'Outside of the direct business relationship between the person + and the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-f.2 + ref_id: 1798.135-f.2.C + description: 'For a commercial purpose other than providing the services to + the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.135-g + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.135 + ref_id: 1798.135-g + description: "A business that communicates a consumer\u2019s opt-out request\ + \ to a person pursuant to subdivision (f) shall not be liable under this title\ + \ if the person receiving the opt-out request violates the restrictions set\ + \ forth in the title provided that, at the time of communicating the opt-out\ + \ request, the business does not have actual knowledge, or reason to believe,\ + \ that the person intends to commit such a violation. Any provision of a contract\ + \ or agreement of any kind that purports to waive or limit in any way this\ + \ subdivision shall be void and unenforceable. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140 + assessable: false + depth: 1 + ref_id: '1798.140' + - urn: urn:intuitem:risk:req_node:ccpa_act:node143 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140 + description: 'For purposes of this title: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-a + description: "\u201CAdvertising and marketing\u201D means a communication by\ + \ a business or a person acting on the business\u2019 behalf in any medium\ + \ intended to induce a consumer to obtain goods, services, or employment. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-b + description: "\u201CAggregate consumer information\u201D means information that\ + \ relates to a group or category of consumers, from which individual consumer\ + \ identities have been removed, that is not linked or reasonably linkable\ + \ to any consumer or household, including via a device. \u201CAggregate consumer\ + \ information\u201D does not mean one or more individual consumer records\ + \ that have been deidentified. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-c + description: "\u201CBiometric information\u201D means an individual\u2019s physiological,\ + \ biological, or behavioral characteristics, including information pertaining\ + \ to an individual\u2019s deoxyribonucleic acid (DNA), that is used or is\ + \ intended to be used singly or in combination with each other or with other\ + \ identifying data, to establish individual identity. Biometric information\ + \ includes, but is not limited to, imagery of the iris, retina, fingerprint,\ + \ face, hand, palm, vein patterns, and voice recordings, from which an identifier\ + \ template, such as a faceprint, a minutiae template, or a voiceprint, can\ + \ be extracted, and keystroke patterns or rhythms, gait patterns or rhythms,\ + \ and sleep, health, or exercise data that contain identifying information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-d + description: "\u201CBusiness\u201D means: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d + ref_id: 1798.140-d.1 + description: "A sole proprietorship, partnership, limited liability company,\ + \ corporation, association, or other legal entity that is organized or operated\ + \ for the profit or financial benefit of its shareholders or other owners,\ + \ that collects consumers\u2019 personal information, or on the behalf of\ + \ which such information is collected and that alone, or jointly with others,\ + \ determines the purposes and means of the processing of consumers\u2019 personal\ + \ information, that does business in the State of California, and that satisfies\ + \ one or more of the following thresholds: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.1 + ref_id: 1798.140-d.1.A + description: 'As of January 1 of the calendar year, had annual gross revenues + in excess of twenty-five million dollars ($25,000,000) in the preceding calendar + year, as adjusted pursuant to paragraph (5) of subdivision (a) of Section + 1798.185. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.1 + ref_id: 1798.140-d.1.B + description: 'Alone or in combination, annually buys, sells, or shares the personal + information of 100,000 or more consumers or households. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.1 + ref_id: 1798.140-d.1.C + description: "Derives 50 percent or more of its annual revenues from selling\ + \ or sharing consumers\u2019 personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d + ref_id: 1798.140-d.2 + description: "Any entity that controls or is controlled by a business, as defined\ + \ in paragraph (1), and that shares common branding with the business and\ + \ with whom the business shares consumers\u2019 personal information. \u201C\ + Control\u201D or \u201Ccontrolled\u201D means ownership of, or the power to\ + \ vote, more than 50 percent of the outstanding shares of any class of voting\ + \ security of a business; control in any manner over the election of a majority\ + \ of the directors, or of individuals exercising similar functions; or the\ + \ power to exercise a controlling influence over the management of a company.\ + \ \u201CCommon branding\u201D means a shared name, servicemark, or trademark\ + \ that the average consumer would understand that two or more entities are\ + \ commonly owned. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d + ref_id: 1798.140-d.3 + description: 'A joint venture or partnership composed of businesses in which + each business has at least a 40 percent interest. For purposes of this title, + the joint venture or partnership and each business that composes the joint + venture or partnership shall separately be considered a single business, except + that personal information in the possession of each business and disclosed + to the joint venture or partnership shall not be shared with the other business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-d + ref_id: 1798.140-d.4 + description: 'A person that does business in California, that is not covered + by paragraph (1), (2), or (3), and that voluntarily certifies to the California + Privacy Protection Agency that it is in compliance with, and agrees to be + bound by, this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-e + description: "\u201CBusiness purpose\u201D means the use of personal information\ + \ for the business\u2019 operational purposes, or other notified purposes,\ + \ or for the service provider or contractor\u2019s operational purposes, as\ + \ defined by regulations adopted pursuant to paragraph (11) of subdivision\ + \ (a) of Section 1798.185, provided that the use of personal information shall\ + \ be reasonably necessary and proportionate to achieve the purpose for which\ + \ the personal information was collected or processed or for another purpose\ + \ that is compatible with the context in which the personal information was\ + \ collected. Business purposes are: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + ref_id: 1798.140-e.1 + description: 'Auditing related to counting ad impressions to unique visitors, + verifying positioning and quality of ad impressions, and auditing compliance + with this specification and other standards. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + ref_id: 1798.140-e.2 + description: "Helping to ensure security and integrity to the extent the use\ + \ of the consumer\u2019s personal information is reasonably necessary and\ + \ proportionate for these purposes. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + ref_id: 1798.140-e.3 + description: 'Debugging to identify and repair errors that impair existing intended + functionality. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + ref_id: 1798.140-e.4 + description: "Short-term, transient use, including, but not limited to, nonpersonalized\ + \ advertising shown as part of a consumer\u2019s current interaction with\ + \ the business, provided that the consumer\u2019s personal information is\ + \ not disclosed to another third party and is not used to build a profile\ + \ about the consumer or otherwise alter the consumer\u2019s experience outside\ + \ the current interaction with the business. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + ref_id: 1798.140-e.5 + description: 'Performing services on behalf of the business, including maintaining + or servicing accounts, providing customer service, processing or fulfilling + orders and transactions, verifying customer information, processing payments, + providing financing, providing analytic services, providing storage, or providing + similar services on behalf of the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + ref_id: 1798.140-e.6 + description: 'Providing advertising and marketing services, except for cross-context + behavioral advertising, to the consumer provided that, for the purpose of + advertising and marketing, a service provider or contractor shall not combine + the personal information of opted-out consumers that the service provider + or contractor receives from, or on behalf of, the business with personal information + that the service provider or contractor receives from, or on behalf of, another + person or persons or collects from its own interaction with consumers. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + ref_id: 1798.140-e.7 + description: 'Undertaking internal research for technological development and + demonstration. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-e + ref_id: 1798.140-e.8 + description: 'Undertaking activities to verify or maintain the quality or safety + of a service or device that is owned, manufactured, manufactured for, or controlled + by the business, and to improve, upgrade, or enhance the service or device + that is owned, manufactured, manufactured for, or controlled by the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-f + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-f + description: "\u201CCollects,\u201D \u201Ccollected,\u201D or \u201Ccollection\u201D\ + \ means buying, renting, gathering, obtaining, receiving, or accessing any\ + \ personal information pertaining to a consumer by any means. This includes\ + \ receiving information from the consumer, either actively or passively, or\ + \ by observing the consumer\u2019s behavior. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-g + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-g + description: "\u201CCommercial purposes\u201D means to advance a person\u2019\ + s commercial or economic interests, such as by inducing another person to\ + \ buy, rent, lease, join, subscribe to, provide, or exchange products, goods,\ + \ property, information, or services, or enabling or effecting, directly or\ + \ indirectly, a commercial transaction. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-h + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-h + description: "\u201CConsent\u201D means any freely given, specific, informed,\ + \ and unambiguous indication of the consumer\u2019s wishes by which the consumer,\ + \ or the consumer\u2019s legal guardian, a person who has power of attorney,\ + \ or a person acting as a conservator for the consumer, including by a statement\ + \ or by a clear affirmative action, signifies agreement to the processing\ + \ of personal information relating to the consumer for a narrowly defined\ + \ particular purpose. Acceptance of a general or broad terms of use, or similar\ + \ document, that contains descriptions of personal information processing\ + \ along with other, unrelated information, does not constitute consent. Hovering\ + \ over, muting, pausing, or closing a given piece of content does not constitute\ + \ consent. Likewise, agreement obtained through use of dark patterns does\ + \ not constitute consent. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-i + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-i + description: "\u201CConsumer\u201D means a natural person who is a California\ + \ resident, as defined in Section 17014 of Title 18 of the California Code\ + \ of Regulations, as that section read on September 1, 2017, however identified,\ + \ including by any unique identifier. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-j.1 + description: "\u201CContractor\u201D means a person to whom the business makes\ + \ available a consumer\u2019s personal information for a business purpose,\ + \ pursuant to a written contract with the business, provided that the contract: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1 + ref_id: 1798.140-j.1.A + description: 'Prohibits the contractor from: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a + ref_id: 1798.140-j.1.A.i + description: 'Selling or sharing the personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a.ii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a + ref_id: 1798.140-j.1.A.ii + description: 'Retaining, using, or disclosing the personal information for any + purpose other than for the business purposes specified in the contract, including + retaining, using, or disclosing the personal information for a commercial + purpose other than the business purposes specified in the contract, or as + otherwise permitted by this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a.iii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a + ref_id: 1798.140-j.1.A.iii + description: 'Retaining, using, or disclosing the information outside of the + direct business relationship between the contractor and the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a.iv + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.a + ref_id: 1798.140-j.1.A.iv + description: 'Combining the personal information that the contractor receives + pursuant to a written contract with the business with personal information + that it receives from or on behalf of another person or persons, or collects + from its own interaction with the consumer, provided that the contractor may + combine personal information to perform any business purpose as defined in + regulations adopted pursuant to paragraph (10) of subdivision (a) of Section + 1798.185, except as provided for in paragraph (6) of subdivision (e) and in + regulations adopted by the California Privacy Protection Agency. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1 + ref_id: 1798.140-j.1.B + description: 'Includes a certification made by the contractor that the contractor + understands the restrictions in subparagraph (A) and will comply with them. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1 + ref_id: 1798.140-j.1.C + description: "Permits, subject to agreement with the contractor, the business\ + \ to monitor the contractor\u2019s compliance with the contract through measures,\ + \ including, but not limited to, ongoing manual reviews and automated scans\ + \ and regular assessments, audits, or other technical and operational testing\ + \ at least once every 12 months. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-j.1 + ref_id: 1798.140-j.2 + description: 'If a contractor engages any other person to assist it in processing + personal information for a business purpose on behalf of the business, or + if any other person engaged by the contractor engages another person to assist + in processing personal information for that business purpose, it shall notify + the business of that engagement, and the engagement shall be pursuant to a + written contract binding the other person to observe all the requirements + set forth in paragraph (1). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-k + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-k + description: "\u201CCross-context behavioral advertising\u201D means the targeting\ + \ of advertising to a consumer based on the consumer\u2019s personal information\ + \ obtained from the consumer\u2019s activity across businesses, distinctly-branded\ + \ websites, applications, or services, other than the business, distinctly-branded\ + \ website, application, or service with which the consumer intentionally interacts. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-l + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-l + description: "\u201CDark pattern\u201D means a user interface designed or manipulated\ + \ with the substantial effect of subverting or impairing user autonomy, decisionmaking,\ + \ or choice, as further defined by regulation. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-m + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-m + description: "\u201CDeidentified\u201D means information that cannot reasonably\ + \ be used to infer information about, or otherwise be linked to, a particular\ + \ consumer provided that the business that possesses the information: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-m.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-m + ref_id: 1798.140-m.1 + description: 'Takes reasonable measures to ensure that the information cannot + be associated with a consumer or household. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-m.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-m + ref_id: 1798.140-m.2 + description: 'Publicly commits to maintain and use the information in deidentified + form and not to attempt to reidentify the information, except that the business + may attempt to reidentify the information solely for the purpose of determining + whether its deidentification processes satisfy the requirements of this subdivision. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-m.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-m + ref_id: 1798.140-m.3 + description: 'Contractually obligates any recipients of the information to comply + with all provisions of this subdivision. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-n + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-n + description: "\u201CDesignated methods for submitting requests\u201D means a\ + \ mailing address, email address, internet web page, internet web portal,\ + \ toll-free telephone number, or other applicable contact information, whereby\ + \ consumers may submit a request or direction under this title, and any new,\ + \ consumer-friendly means of contacting a business, as approved by the Attorney\ + \ General pursuant to Section 1798.185. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-o + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-o + description: "\u201CDevice\u201D means any physical object that is capable of\ + \ connecting to the Internet, directly or indirectly, or to another device. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-p + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-p + description: "\u201CHomepage\u201D means the introductory page of an internet\ + \ website and any internet web page where personal information is collected.\ + \ In the case of an online service, such as a mobile application, homepage\ + \ means the application\u2019s platform page or download page, a link within\ + \ the application, such as from the application configuration, \u201CAbout,\u201D\ + \ \u201CInformation,\u2019\u2019 or settings page, and any other location\ + \ that allows consumers to review the notices required by this title, including,\ + \ but not limited to, before downloading the application. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-q + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-q + description: "\u201CHousehold\u201D means a group, however identified, of consumers\ + \ who cohabitate with one another at the same residential address and share\ + \ use of common devices or services. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-r + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-r + description: "\u201CInfer\u201D or \u201Cinference\u201D means the derivation\ + \ of information, data, assumptions, or conclusions from facts, evidence,\ + \ or another source of information or data. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-s + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-s + description: "\u201CIntentionally interacts\u201D means when the consumer intends\ + \ to interact with a person, or disclose personal information to a person,\ + \ via one or more deliberate interactions, including visiting the person\u2019\ + s website or purchasing a good or service from the person. Hovering over,\ + \ muting, pausing, or closing a given piece of content does not constitute\ + \ a consumer\u2019s intent to interact with a person. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-t + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-t + description: "\u201CNonpersonalized advertising\u201D means advertising and\ + \ marketing that is based solely on a consumer\u2019s personal information\ + \ derived from the consumer\u2019s current interaction with the business with\ + \ the exception of the consumer\u2019s precise geolocation. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-u + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-u + description: "\u201CPerson\u201D means an individual, proprietorship, firm,\ + \ partnership, joint venture, syndicate, business trust, company, corporation,\ + \ limited liability company, association, committee, and any other organization\ + \ or group of persons acting in concert. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-v.1 + description: "\u201CPersonal information\u201D means information that identifies,\ + \ relates to, describes, is reasonably capable of being associated with, or\ + \ could reasonably be linked, directly or indirectly, with a particular consumer\ + \ or household. Personal information includes, but is not limited to, the\ + \ following if it identifies, relates to, describes, is reasonably capable\ + \ of being associated with, or could be reasonably linked, directly or indirectly,\ + \ with a particular consumer or household: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.A + description: "Identifiers such as a real name, alias, postal address, unique\ + \ personal identifier, online identifier, Internet Protocol address, email\ + \ address, account name, social security number, driver\u2019s license number,\ + \ passport number, or other similar identifiers. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.B + description: 'Any personal information described in subdivision (e) of Section + 1798.80. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.C + description: 'Characteristics of protected classifications under California + or federal law. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.D + description: 'Commercial information, including records of personal property, + products or services purchased, obtained, or considered, or other purchasing + or consuming histories or tendencies. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.E + description: 'Biometric information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.f + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.F + description: "Internet or other electronic network activity information, including,\ + \ but not limited to, browsing history, search history, and information regarding\ + \ a consumer\u2019s interaction with an internet website application, or advertisement. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.g + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.G + description: 'Geolocation data. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.h + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.H + description: 'Audio, electronic, visual, thermal, olfactory, or similar information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.i + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.I + description: 'Professional or employment-related information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.j + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.J + description: 'Education information, defined as information that is not publicly + available personally identifiable information as defined in the Family Educational + Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.k + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.K + description: "Inferences drawn from any of the information identified in this\ + \ subdivision to create a profile about a consumer reflecting the consumer\u2019\ + s preferences, characteristics, psychological trends, predispositions, behavior,\ + \ attitudes, intelligence, abilities, and aptitudes. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1.l + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.1.L + description: 'Sensitive personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.2 + description: "\u201CPersonal information\u201D does not include publicly available\ + \ information or lawfully obtained, truthful information that is a matter\ + \ of public concern. For purposes of this paragraph, \u201Cpublicly available\u201D\ + \ means: information that is lawfully made available from federal, state,\ + \ or local government records, or information that a business has a reasonable\ + \ basis to believe is lawfully made available to the general public by the\ + \ consumer or from widely distributed media; or information made available\ + \ by a person to whom the consumer has disclosed the information if the consumer\ + \ has not restricted the information to a specific audience. \u201CPublicly\ + \ available\u201D does not mean biometric information collected by a business\ + \ about a consumer without the consumer\u2019s knowledge. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-v.1 + ref_id: 1798.140-v.3 + description: "\u201CPersonal information\u201D does not include consumer information\ + \ that is deidentified or aggregate consumer information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-w + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-w + description: "\u201CPrecise geolocation\u201D means any data that is derived\ + \ from a device and that is used or intended to be used to locate a consumer\ + \ within a geographic area that is equal to or less than the area of a circle\ + \ with a radius of 1,850 feet, except as prescribed by regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-x + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-x + description: "\u201CProbabilistic identifier\u201D means the identification\ + \ of a consumer or a consumer\u2019s device to a degree of certainty of more\ + \ probable than not based on any categories of personal information included\ + \ in, or similar to, the categories enumerated in the definition of personal\ + \ information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-y + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-y + description: "\u201CProcessing\u201D means any operation or set of operations\ + \ that are performed on personal information or on sets of personal information,\ + \ whether or not by automated means. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-z + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-z + description: "\u201CProfiling\u201D means any form of automated processing of\ + \ personal information, as further defined by regulations pursuant to paragraph\ + \ (16) of subdivision (a) of Section 1798.185, to evaluate certain personal\ + \ aspects relating to a natural person and in particular to \nanalyze or predict\ + \ aspects concerning that natural person\u2019s performance at work, economic\ + \ situation, health, personal preferences, interests, reliability, behavior,\ + \ location, or movements. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-aa + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-aa + description: "\u201CPseudonymize\u201D or \u201CPseudonymization\u201D means\ + \ the processing of personal information in a manner that renders the personal\ + \ information no longer attributable to a specific consumer without the use\ + \ of additional information, provided that the additional information is kept\ + \ separately and is subject to technical and organizational measures to ensure\ + \ that the personal information is not attributed to an identified or identifiable\ + \ consumer. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ab + description: "\u201CResearch\u201D means scientific analysis, systematic study,\ + \ and observation, including basic research or applied research that is designed\ + \ to develop or contribute to public or scientific knowledge and that adheres\ + \ or otherwise conforms to all other applicable ethics and privacy laws, including,\ + \ but not limited to, studies conducted in the public interest in the area\ + \ of public health. Research with personal information that may have been\ + \ collected from a consumer in the course of the consumer\u2019s interactions\ + \ with a business\u2019 service or device for other purposes shall be: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + ref_id: 1798.140-ab.1 + description: 'Compatible with the business purpose for which the personal information + was collected. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + ref_id: 1798.140-ab.2 + description: 'Subsequently pseudonymized and deidentified, or deidentified and + in the aggregate, such that the information cannot reasonably identify, relate + to, describe, be capable of being associated with, or be linked, directly + or indirectly, to a particular consumer, by a business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + ref_id: 1798.140-ab.3 + description: 'Made subject to technical safeguards that prohibit reidentification + of the consumer to whom the information may pertain, other than as needed + to support the research. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + ref_id: 1798.140-ab.4 + description: 'Subject to business processes that specifically prohibit reidentification + of the information, other than as needed to support the research. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + ref_id: 1798.140-ab.5 + description: 'Made subject to business processes to prevent inadvertent release + of deidentified information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + ref_id: 1798.140-ab.6 + description: 'Protected from any reidentification attempts. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + ref_id: 1798.140-ab.7 + description: 'Used solely for research purposes that are compatible with the + context in which the personal information was collected. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ab + ref_id: 1798.140-ab.8 + description: 'Subjected by the business conducting the research to additional + security controls that limit access to the research data to only those individuals + as are necessary to carry out the research purpose. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ac + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ac + description: "\u201CSecurity and integrity\u201D means the ability of: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ac.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ac + ref_id: 1798.140-ac.1 + description: 'Networks or information systems to detect security incidents that + compromise the availability, authenticity, integrity, and confidentiality + of stored or transmitted personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ac.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ac + ref_id: 1798.140-ac.2 + description: 'Businesses to detect security incidents, resist malicious, deceptive, + fraudulent, or illegal actions and to help prosecute those responsible for + those actions. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ac.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ac + ref_id: 1798.140-ac.3 + description: 'Businesses to ensure the physical safety of natural persons. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ad.1 + description: "\u201CSell,\u201D \u201Cselling,\u201D \u201Csale,\u201D or \u201C\ + sold,\u2019\u2019 means selling, renting, releasing, disclosing, disseminating,\ + \ making available, transferring, or otherwise communicating orally, in writing,\ + \ or by electronic or other means, a consumer\u2019s personal information\ + \ by the business to a third party for monetary or other valuable consideration. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.1 + ref_id: 1798.140-ad.2 + description: 'For purposes of this title, a business does not sell personal + information when: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.2 + ref_id: 1798.140-ad.A + description: 'A consumer uses or directs the business to intentionally: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.a.i + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.a + ref_id: 1798.140-ad.A.i + description: 'Disclose personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.a.ii + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.a + ref_id: 1798.140-ad.A.ii + description: 'Interact with one or more third parties. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.2 + ref_id: 1798.140-ad.B + description: "The business uses or shares an identifier for a consumer who has\ + \ opted out of the sale of the consumer\u2019s personal information or limited\ + \ the use of the consumer\u2019s sensitive personal information for the purposes\ + \ of alerting persons that the consumer has opted out of the sale of the consumer\u2019\ + s personal information or limited the use of the consumer\u2019s sensitive\ + \ personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ad.2 + ref_id: 1798.140-ad.C + description: 'The business transfers to a third party the personal information + of a consumer as an asset that is part of a merger, acquisition, bankruptcy, + or other transaction in which the third party assumes control of all or part + of the business, provided that information is used or shared consistently + with this title. If a third party materially alters how it uses or shares + the personal information of a consumer in a manner that is materially inconsistent + with the promises made at the time of collection, it shall provide prior notice + of the new or changed practice to the consumer. The notice shall be sufficiently + prominent and robust to ensure that existing consumers can easily exercise + their choices consistently with this title. This subparagraph does not authorize + a business to make material, retroactive privacy policy changes or make other + changes in their privacy policy in a manner that would violate the Unfair + and Deceptive Practices Act (Chapter 5 (commencing with Section 17200) of + Part 2 of Division 7 of the Business and Professions Code). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ae + description: "\u201CSensitive personal information\u201D means: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae + ref_id: 1798.140-ae.1 + description: 'Personal information that reveals: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1 + ref_id: 1798.140-ae.1.A + description: "A consumer\u2019s social security, driver\u2019s license, state\ + \ identification card, or passport number. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1 + ref_id: 1798.140-ae.1.B + description: "A consumer\u2019s account log-in, financial account, debit card,\ + \ or credit card number in combination with any required security or access\ + \ code, password, or credentials allowing access to an account. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1 + ref_id: 1798.140-ae.1.C + description: "A consumer\u2019s precise geolocation. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1 + ref_id: 1798.140-ae.1.D + description: "A consumer\u2019s racial or ethnic origin, citizenship or immigration\ + \ status, religious or philosophical beliefs, or union membership. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1 + ref_id: 1798.140-ae.1.E + description: "The contents of a consumer\u2019s mail, email, and text messages\ + \ unless the business is the intended recipient of the communication. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.1 + ref_id: 1798.140-ae.1.F + description: "A consumer\u2019s genetic data. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.2.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae + ref_id: 1798.140-ae.2.A + description: 'The processing of biometric information for the purpose of uniquely + identifying a consumer. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.2.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.2.a + ref_id: 1798.140-ae.2.B + description: "Personal information collected and analyzed concerning a consumer\u2019\ + s health. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.2.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.2.a + ref_id: 1798.140-ae.2.C + description: "Personal information collected and analyzed concerning a consumer\u2019\ + s sex life or sexual orientation. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ae + ref_id: 1798.140-ae.3 + description: "Sensitive personal information that is \u201Cpublicly available\u201D\ + \ pursuant to paragraph (2) of subdivision (v) shall not be considered sensitive\ + \ personal information or personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-af + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-af + description: " \u201CService\u201D or \u201Cservices\u201D means work, labor,\ + \ and services, including services furnished in connection with the sale or\ + \ repair of goods. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ag.1 + description: "\u201CService provider\u201D means a person that processes personal\ + \ information on behalf of a business and that receives from or on behalf\ + \ of the business consumer\u2019s personal information for a business purpose\ + \ pursuant to a written contract, provided that the contract prohibits the\ + \ person from: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1 + ref_id: 1798.140-ag.1.A + description: 'Selling or sharing the personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1 + ref_id: 1798.140-ag.1.B + description: 'Retaining, using, or disclosing the personal information for any + purpose other than for the business purposes specified in the contract for + the business, including retaining, using, or disclosing the personal information + for a commercial purpose other than the business purposes specified in the + contract with the business, or as otherwise permitted by this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1 + ref_id: 1798.140-ag.1.C + description: 'Retaining, using, or disclosing the information outside of the + direct business relationship between the service provider and the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.1 + ref_id: 1798.140-ag.1.D + description: "Combining the personal information that the service provider receives\ + \ from, or on behalf of, the business with personal information that it receives\ + \ from, or on behalf of, another person or persons, or collects from its own\ + \ interaction with the consumer, provided that the service provider may combine\ + \ personal information to perform any business purpose as defined in regulations\ + \ adopted pursuant to paragraph (10) of subdivision (a) of Section 1798.185,\ + \ except as provided for in paragraph (6) of subdivision (e) of this section\ + \ and in regulations adopted by the California Privacy Protection Agency.\ + \ The contract may, subject to agreement with the service provider, permit\ + \ the business to monitor the service provider\u2019s compliance with the\ + \ contract through measures, including, but not limited to, ongoing manual\ + \ reviews and automated scans and regular assessments, audits, or other technical\ + \ and operational testing at least once every 12 months. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ag.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ag.2 + description: 'If a service provider engages any other person to assist it in + processing personal information for a business purpose on behalf of the business, + or if any other person engaged by the service provider engages another person + to assist in processing personal information for that business purpose, it + shall notify the business of that engagement, and the engagement shall be + pursuant to a written contract binding the other person to observe all the + requirements set forth in paragraph (1). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ah.1 + description: "\u201CShare,\u201D \u201Cshared,\u201D or \u201Csharing\u201D\ + \ means sharing, renting, releasing, disclosing, disseminating, making available,\ + \ transferring, or otherwise communicating orally, in writing, or by electronic\ + \ or other means, a consumer\u2019s personal information by the business to\ + \ a third party for cross-context behavioral advertising, whether or not for\ + \ monetary or other valuable consideration, including transactions between\ + \ a business and a third party for cross-context behavioral advertising for\ + \ the benefit of a business in which no money is exchanged. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.1 + ref_id: 1798.140-ah.2 + description: 'For purposes of this title, a business does not share personal + information when: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.2.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.2 + ref_id: 1798.140-ah.2.A + description: 'A consumer uses or directs the business to intentionally disclose + personal information or intentionally interact with one or more third parties. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.2.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.2 + ref_id: 1798.140-ah.2.B + description: "The business uses or shares an identifier for a consumer who has\ + \ opted out of the sharing of the consumer\u2019s personal information or\ + \ limited the use of the consumer\u2019s sensitive personal information for\ + \ the purposes of alerting persons that the consumer has opted out of the\ + \ sharing of the consumer\u2019s personal information or limited the use of\ + \ the consumer\u2019s sensitive personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.2.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ah.2 + ref_id: 1798.140-ah.2.C + description: 'The business transfers to a third party the personal information + of a consumer as an asset that is part of a merger, acquisition, bankruptcy, + or other transaction in which the third party assumes control of all or part + of the business, provided that information is used or shared consistently + with this title. If a third party materially alters how it uses or shares + the personal information of a consumer in a manner that is materially inconsistent + with the promises made at the time of collection, it shall provide prior notice + of the new or changed practice to the consumer. The notice shall be sufficiently + prominent and robust to ensure that existing consumers can easily exercise + their choices consistently with this title. This subparagraph does not authorize + a business to make material, retroactive privacy policy changes or make other + changes in their privacy policy in a manner that would violate the Unfair + and Deceptive Practices Act (Chapter 5 (commencing with Section 17200) of + Part 2 of Division 7 of the Business and Professions Code). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ai + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ai + description: "\"Third party\u201D means a person who is not any of the following: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ai.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ai + ref_id: 1798.140-ai.1 + description: "The business with whom the consumer intentionally interacts and\ + \ that collects personal information from the consumer as part of the consumer\u2019\ + s current interaction with the business under this title. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ai.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ai + ref_id: 1798.140-ai.2 + description: 'A service provider to the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ai.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ai + ref_id: 1798.140-ai.3 + description: 'A contractor. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-aj + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-aj + description: "\u201CUnique identifier\u201D or \u201Cunique personal identifier\u201D\ + \ means a persistent identifier that can be used to recognize a consumer,\ + \ a family, or a device that is linked to a consumer or family, over time\ + \ and across different services, including, but not limited to, a device identifier;\ + \ an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers,\ + \ or similar technology; customer number, unique pseudonym, or user alias;\ + \ telephone numbers, or other forms of persistent or probabilistic identifiers\ + \ that can be used to identify a particular consumer or device that is linked\ + \ to a consumer or family. For purposes of this subdivision, \u201Cfamily\u201D\ + \ means a custodial parent or guardian and any children under 18 years of\ + \ age over which the parent or guardian has custody. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.140-ak + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node143 + ref_id: 1798.140-ak + description: "\u201CVerifiable consumer request\u201D means a request that is\ + \ made by a consumer, by a consumer on behalf of the consumer\u2019s minor\ + \ child, by a natural person or a person registered with the Secretary of\ + \ State, authorized by the consumer to act on the consumer\u2019s behalf,\ + \ or by a person who has power of attorney or is acting as a conservator for\ + \ the consumer, and that the business can verify, using commercially reasonable\ + \ methods, pursuant to regulations adopted by the Attorney General pursuant\ + \ to paragraph (7) of subdivision (a) of Section 1798.185 to be the consumer\ + \ about whom the business has collected personal information. A business is\ + \ not obligated to provide information to the consumer pursuant to Sections\ + \ 1798.110 and 1798.115, to delete personal information pursuant to Section\ + \ 1798.105, or to correct inaccurate personal information \npursuant to Section\ + \ 1798.106, if the business cannot verify, pursuant to this subdivision and\ + \ regulations adopted by the Attorney General pursuant to paragraph (7) of\ + \ subdivision (a) of Section 1798.185, that the consumer making the request\ + \ is the consumer about whom the business has collected information or is\ + \ a person authorized by the consumer to act on such consumer\u2019s behalf. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + assessable: false + depth: 1 + ref_id: '1798.145' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-a.1 + description: "The obligations imposed on businesses by this title shall not\ + \ restrict a business\u2019s ability to: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.a + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1 + ref_id: 1798.145-a.1.A + description: 'Comply with federal, state, or local laws or comply with a court + order or subpoena to provide information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.a + ref_id: 1798.145-a.1.B + description: "Comply with a civil, criminal, or regulatory inquiry, investigation,\ + \ subpoena, or summons by federal, state, or local authorities. Law enforcement\ + \ agencies, including police and sheriff\u2019s departments, may direct a\ + \ business pursuant to a law enforcement agency-approved investigation with\ + \ an active case number not to delete a consumer\u2019s personal information,\ + \ and, upon receipt of that direction, a business shall not delete the personal\ + \ information for 90 days in order to allow the law enforcement agency to\ + \ obtain a court-issued subpoena, order, or warrant to obtain a consumer\u2019\ + s personal information. For good cause and only to the extent necessary for\ + \ investigatory purposes, a law enforcement agency may direct a business not\ + \ to delete the consumer\u2019s personal information for additional 90-day\ + \ periods. A business that has received direction from a law enforcement agency\ + \ not to delete the personal information of a consumer who has requested deletion\ + \ of the consumer\u2019s personal information shall not use the consumer\u2019\ + s personal information for any purpose other than retaining it to produce\ + \ to law enforcement in response to a court-issued subpoena, order, or warrant\ + \ unless the consumer\u2019s deletion request is subject to an exemption from\ + \ deletion under this title. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.a + ref_id: 1798.145-a.1.C + description: 'Cooperate with law enforcement agencies concerning conduct or + activity that the business, service provider, or third party reasonably and + in good faith believes may violate federal, state, or local law. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.d.i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.a + ref_id: 1798.145-a.1.D.i + description: "Cooperate with a government agency request for emergency access\ + \ to a consumer\u2019s personal information if a natural person is at risk\ + \ or danger of death or serious physical injury provided that: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.d.i.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.d.i + ref_id: 1798.145-a.1.D.i.I + description: "The request is approved by a high-ranking agency officer for emergency\ + \ access to a consumer\u2019s personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.d.i.ii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.d.i + ref_id: 1798.145-a.1.D.i.II + description: "The request is based on the agency\u2019s good faith determination\ + \ that it has a lawful basis to access the information on a nonemergency basis. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.d.i.iii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.d.i + ref_id: 1798.145-a.1.D.i.III + description: 'The agency agrees to petition a court for an appropriate order + within three days and to destroy the information if that order is not granted. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.d.ii + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.a + ref_id: 1798.145-a.1.D.ii + description: 'For purposes of this subparagraph, a consumer accessing, procuring, + or searching for services regarding contraception, pregnancy care, and perinatal + care, including, but not limited to, abortion services, shall not constitute + a natural person being at risk or danger of death or serious physical injury. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.a + ref_id: 1798.145-a.1.E + description: 'Exercise or defend legal claims. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.a + ref_id: 1798.145-a.1.F + description: "Collect, use, retain, sell, share, or disclose consumers\u2019\ + \ personal information that is deidentified or aggregate consumer information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1.a + ref_id: 1798.145-a.1.G + description: "Collect, sell, or share a consumer\u2019s personal information\ + \ if every aspect of that commercial conduct takes place wholly outside of\ + \ California. For purposes of this title, commercial conduct takes place wholly\ + \ outside of California if the business collected that information while the\ + \ consumer was outside of California, no part of the sale of the consumer\u2019\ + s personal information occurred in California, and no personal information\ + \ collected while the consumer was in California is sold. This paragraph shall\ + \ not prohibit a business from storing, including on a device, personal information\ + \ about a consumer when the consumer is in California and then collecting\ + \ that personal information when the consumer and stored personal information\ + \ is outside of California. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.2.a + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.1 + ref_id: 1798.145-a.2.A + description: "This subdivision shall not apply if the consumer\u2019s personal\ + \ information contains information related to accessing, procuring, or searching\ + \ for services regarding contraception, pregnancy care, and perinatal care,\ + \ including, but not limited to, abortion services. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.2.a + ref_id: 1798.145-a.2.B + description: 'This paragraph does not alter the use of aggregated or deidentified + personal information consistent with a business purpose as defined in paragraphs + (1), (2), (3), (4), (5), (7), or (8) of subdivision (e) of Section 1798.140, + provided that the personal information is only retained in aggregated and + deidentified form and is not sold or shared. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-a.2.a + ref_id: 1798.145-a.2.C + description: 'This paragraph does not alter the duty of a business to preserve + or retain evidence pursuant to California or federal law in an ongoing civil + proceeding. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-b + description: 'The obligations imposed on businesses by Sections 1798.110, 1798.115, + 1798.120, 1798.121, 1798.130, and 1798.135 shall not apply where compliance + by the business with the title would violate an evidentiary privilege under + California law and shall not prevent a business from providing the personal + information of a consumer to a person covered by an evidentiary privilege + under California law as part of a privileged communication. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-c.1 + description: 'This title shall not apply to any of the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.1.a + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.1 + ref_id: 1798.145-c.1.A + description: 'Medical information governed by the Confidentiality of Medical + Information Act (Part 2.6 (commencing with Section 56) of Division 1) or protected + health information that is collected by a covered entity or business associate + governed by the privacy, security, and breach notification rules issued by + the United States Department of Health and Human Services, Parts 160 and 164 + of Title 45 of the Code of Federal Regulations, established pursuant to the + Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191) + and the Health Information Technology for Economic and Clinical Health Act + (Public Law 111-5). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.1.b + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.1 + ref_id: 1798.145-c.1.B + description: 'A provider of health care governed by the Confidentiality of Medical + Information Act (Part 2.6 (commencing with Section 56) of Division 1) or a + covered entity governed by the privacy, security, and breach notification + rules issued by the United States Department of Health and Human Services, + Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established + pursuant to the Health Insurance Portability and Accountability Act of 1996 + (Public Law 104-191), to the extent the provider or covered entity maintains + patient information in the same manner as medical information or protected + health information as described in subparagraph (A) of this section. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.1.c + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.1 + ref_id: 1798.145-c.1.C + description: 'Personal information collected as part of a clinical trial or + other biomedical research study subject to, or conducted in accordance with, + the Federal Policy for the Protection of Human Subjects, also known as the + Common Rule, pursuant to good clinical practice guidelines issued by the International + Council for Harmonisation or pursuant to human subject protection requirements + of the United States Food and Drug Administration, provided that the information + is not sold or shared in a manner not permitted by this subparagraph, and, + if it is inconsistent, that participants be informed of that use and provide + consent. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-c.1 + ref_id: 1798.145-c.2 + description: "For purposes of this subdivision, the definitions of \u201Cmedical\ + \ information\u201D and \u201Cprovider of health care\u201D in Section 56.05\ + \ shall apply and the definitions of \u201Cbusiness associate,\u201D \u201C\ + covered entity,\u201D and \u201Cprotected health information\u201D in Section\ + \ 160.103 of Title 45 of the Code of Federal Regulations shall apply. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-d.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-d.1 + description: "This title shall not apply to an activity involving the collection,\ + \ maintenance, disclosure, sale, communication, or use of any personal information\ + \ bearing on a consumer\u2019s creditworthiness, credit standing, credit capacity,\ + \ character, general reputation, personal characteristics, or mode of living\ + \ by a consumer reporting agency, as defined in subdivision (f) of Section\ + \ 1681a of Title 15 of the United States Code, by a furnisher of information,\ + \ as set forth in Section 1681s-2 of Title 15 of the United States Code, who\ + \ provides information for use in a consumer report, as defined in subdivision\ + \ (d) of Section 1681a of Title 15 of the United States Code, and by a user\ + \ of a consumer report as set forth in Section 1681b of Title 15 of the United\ + \ States Code. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-d.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-d.1 + ref_id: 1798.145-d.2 + description: 'Paragraph (1) shall apply only to the extent that such activity + involving the collection, maintenance, disclosure, sale, communication, or + use of such information by that agency, furnisher, or user is subject to regulation + under the Fair Credit Reporting Act, Section 1681 et seq., Title 15 of the + United States Code and the information is not collected, maintained, used, + communicated, disclosed, or sold except as authorized by the Fair Credit Reporting + Act. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-d.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-d.1 + ref_id: 1798.145-d.3 + description: 'This subdivision shall not apply to Section 1798.150. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-e + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-e + description: 'This title shall not apply to personal information collected, + processed, sold, or disclosed subject to the federal Gramm-Leach-Bliley Act + (Public Law 106-102), and implementing regulations, or the California Financial + Information Privacy Act (Division 1.4 (commencing with Section 4050) of the + Financial Code), or the federal Farm Credit Act of 1971 (as amended in 12 + U.S.C. 2001-2279cc and implementing regulations, 12 C.F.R. 600, et seq.). + This subdivision shall not apply to Section 1798.150. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-f + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-f + description: "This title shall not apply to personal information collected,\ + \ processed, sold, or disclosed pursuant to the Driver\u2019s Privacy Protection\ + \ Act of 1994 (18 U.S.C. Sec. 2721 et seq.). This subdivision shall not apply\ + \ to Section 1798.150. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-g.1 + description: "Section 1798.120 shall not apply to vehicle information or ownership\ + \ information retained or shared between a new motor vehicle dealer, as defined\ + \ in Section 426 of the Vehicle Code, and the vehicle\u2019s manufacturer,\ + \ as defined in Section 672 of the Vehicle Code, if the vehicle information\ + \ or ownership information is shared for the purpose of effectuating, or in\ + \ anticipation of effectuating, a vehicle repair covered by a vehicle warranty\ + \ or a recall conducted pursuant to Sections 30118 to 30120, inclusive, of\ + \ Title 49 of the United States Code, provided that the new motor vehicle\ + \ dealer or vehicle manufacturer with which that vehicle information or ownership\ + \ information is shared does not sell, share, or use that information for\ + \ any other purpose. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.1 + ref_id: 1798.145-g.2 + description: "Section 1798.120 shall not apply to vessel information or ownership\ + \ information retained or shared between a vessel dealer and the vessel\u2019\ + s manufacturer, as defined in Section 651 of the Harbors and Navigation Code,\ + \ if the vessel information or ownership information is shared for the purpose\ + \ of effectuating, or in anticipation of effectuating, a vessel repair covered\ + \ by a vessel warranty or a recall conducted pursuant to Section 4310 of Title\ + \ 46 of the United States Code, provided that the \nvessel dealer or vessel\ + \ manufacturer with which that vessel information or ownership information\ + \ is shared does not sell, share, or use that information for any other purpose. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.1 + ref_id: 1798.145-g.3 + description: 'For purposes of this subdivision: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3 + ref_id: 1798.145-g.3.A + description: "\u201COwnership information\u201D means the name or names of the\ + \ registered owner or owners and the contact information for the owner or\ + \ owners. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3 + ref_id: 1798.145-g.3.B + description: "\u201CVehicle information\u201D means the vehicle information\ + \ number, make, model, year, and odometer reading. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3 + ref_id: 1798.145-g.3.C + description: "\u201CVessel dealer\u201D means a person who is engaged, wholly\ + \ or in part, in the business of selling or offering for sale, buying or taking\ + \ in trade for the purpose of resale, or exchanging, any vessel or vessels,\ + \ as defined in Section 651 of the Harbors and Navigation Code, and receives\ + \ or expects to receive money, profit, or any other thing of value. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3 + ref_id: 1798.145-g.3.D + description: "\u201CVessel information\u201D means the hull identification number,\ + \ model, year, month and year of production, and information describing any\ + \ of the following equipment as shipped, transferred, or sold from the place\ + \ of manufacture, including all attached parts and accessories: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d + ref_id: 1798.145-g.3.D.i + description: 'An inboard engine. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d.ii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d + ref_id: 1798.145-g.3.D.ii + description: 'An outboard engine. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d.iii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d + ref_id: 1798.145-g.3.D.iii + description: 'A stern drive unit. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d.iv + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-g.3.d + ref_id: 1798.145-g.3.D.iv + description: 'An inflatable personal floatation device approved under Section + 160.076 of Title 46 of the Code of Federal Regulations. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-h + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-h + description: "Notwithstanding a business\u2019s obligations to respond to and\ + \ honor consumer rights requests pursuant to this title: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-h.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-h + ref_id: 1798.145-h.1 + description: 'A time period for a business to respond to a consumer for any + verifiable consumer request may be extended by up to a total of 90 days where + necessary, taking into account the complexity and number of the requests. + The business shall inform the consumer of any such extension within 45 days + of receipt of the request, together with the reasons for the delay. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-h.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-h + ref_id: 1798.145-h.2 + description: 'If the business does not take action on the request of the consumer, + the business shall inform the consumer, without delay and at the latest within + the time period permitted of response by this section, of the reasons for + not taking action and any rights the consumer may have to appeal the decision + to the business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-h.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-h + ref_id: 1798.145-h.3 + description: 'If requests from a consumer are manifestly unfounded or excessive, + in particular because of their repetitive character, a business may either + charge a reasonable fee, taking into account the administrative costs of providing + the information or communication or taking the action requested, or refuse + to act on the request and notify the consumer of the reason for refusing the + request. The business shall bear the burden of demonstrating that any verifiable + consumer request is manifestly unfounded or excessive. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-i.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-i.1 + description: 'A business that discloses personal information to a service provider + or contractor in compliance with this title shall not be liable under this + title if the service provider or contractor receiving the personal information + uses it in violation of the restrictions set forth in the title, provided + that, at the time of disclosing the personal information, the business does + not have actual knowledge, or reason to believe, that the service provider + or contractor intends to commit such a violation. A service provider or contractor + shall likewise not be liable under this title for the obligations of a business + for which it provides services as set forth in this title provided that the + service provider or contractor shall be liable for its own violations of this + title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-i.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-i.1 + ref_id: 1798.145-i.2 + description: "A business that discloses personal information of a consumer,\ + \ with the exception of consumers who have exercised their right to opt out\ + \ of the sale or sharing of their personal information, consumers who have\ + \ limited the use or disclosure of their sensitive personal information, and\ + \ minor consumers who have not opted in to the collection or sale of their\ + \ personal information, to a third party pursuant to a written contract that\ + \ requires the third party to provide the same level of protection of the\ + \ consumer\u2019s rights under this title as provided by the business shall\ + \ not be liable under this title if the third party receiving the personal\ + \ information uses it in violation of the restrictions set forth in this title\ + \ provided that, at the time of disclosing the personal information, the business\ + \ does not have actual knowledge, or reason to believe, that the third party\ + \ intends to commit such a violation. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-j + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-j + description: 'This title shall not be construed to require a business, service + provider, or contractor to: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-j.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-j + ref_id: 1798.145-j.1 + description: 'Reidentify or otherwise link information that, in the ordinary + course of business, is not maintained in a manner that would be considered + personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-j.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-j + ref_id: 1798.145-j.2 + description: 'Retain any personal information about a consumer if, in the ordinary + course of business, that information about the consumer would not be retained. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-j.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-j + ref_id: 1798.145-j.3 + description: 'Maintain information in identifiable, linkable, or associable + form, or collect, obtain, retain, or access any data or technology, in order + to be capable of linking or associating a verifiable consumer request with + personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-k + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-k + description: "The rights afforded to consumers and the obligations imposed on\ + \ the business in this title shall not adversely affect the rights and freedoms\ + \ of other natural persons. A verifiable consumer request for specific pieces\ + \ of personal information pursuant to Section \n1798.110, to delete a consumer\u2019\ + s personal information pursuant to Section 1798.105, or to correct inaccurate\ + \ personal information pursuant to Section 1798.106, shall not extend to personal\ + \ information about the consumer that belongs to, or the business maintains\ + \ on behalf of, another natural person. A business may rely on representations\ + \ made in a verifiable consumer request as to rights with respect to personal\ + \ information and is under no legal requirement to seek out other persons\ + \ that may have or claim to have rights to personal information, and a business\ + \ is under no legal obligation under this title or any other provision of\ + \ law to take any action under this title in the event of a dispute between\ + \ or among persons claiming rights to personal information in the business\u2019\ + s possession. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-l + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-l + description: 'The rights afforded to consumers and the obligations imposed on + any business under this title shall not apply to the extent that they infringe + on the noncommercial activities of a person or entity described in subdivision + (b) of Section 2 of Article I of the California Constitution. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-m.1 + description: 'This title shall not apply to any of the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1.a + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1 + ref_id: 1798.145-m.1.A + description: "Personal information that is collected by a business about a natural\ + \ person in the course of the natural person acting as a job applicant to,\ + \ an employee of, owner of, director of, officer of, medical staff member\ + \ of, or independent contractor of, that business to the extent that the natural\ + \ person\u2019s personal information is collected and used by the business\ + \ solely within the context of the natural person\u2019s role or former role\ + \ as a job applicant to, an employee of, owner of, director of, officer of,\ + \ medical staff member of, or an independent contractor of, that business. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1.b + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1 + ref_id: 1798.145-m.1.B + description: 'Personal information that is collected by a business that is emergency + contact information of the natural person acting as a job applicant to, an + employee of, owner of, director of, officer of, medical staff member of, or + independent contractor of, that business to the extent that the personal information + is collected and used solely within the context of having an emergency contact + on file. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1.c + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1 + ref_id: 1798.145-m.1.C + description: 'Personal information that is necessary for the business to retain + to administer benefits for another natural person relating to the natural + person acting as a job applicant to, an employee of, owner of, director of, + officer of, medical staff member of, or independent contractor of, that business + to the extent that the personal information is collected and used solely within + the context of administering those benefits. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1 + ref_id: 1798.145-m.2 + description: 'For purposes of this subdivision: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2 + ref_id: 1798.145-m.2.A + description: "\u201CIndependent contractor\u201D means a natural person who\ + \ provides any service to a business pursuant to a written contract. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2 + ref_id: 1798.145-m.2.B + description: "\u201CDirector\u201D means a natural person designated in the\ + \ articles of incorporation as director, or elected by the incorporators and\ + \ natural persons designated, elected, or appointed by any other name or title\ + \ to act as directors, and their successors. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2 + ref_id: 1798.145-m.2.C + description: "\u201CMedical staff member\u201D means a licensed physician and\ + \ surgeon, dentist, or podiatrist, licensed pursuant to Division 2 (commencing\ + \ with Section 500) of the Business and Professions Code and a clinical psychologist\ + \ as defined in Section 1316.5 of the Health and Safety Code. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2 + ref_id: 1798.145-m.2.D + description: "\u201COfficer\u201D means a natural person elected or appointed\ + \ by the board of directors to manage the daily operations of a corporation,\ + \ including a chief executive officer, president, secretary, or treasurer. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2 + ref_id: 1798.145-m.2.E + description: "\u201COwner\u201D means a natural person who meets one of the\ + \ following criteria: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.e.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.e + ref_id: 1798.145-m.2.E.i + description: 'Has ownership of, or the power to vote, more than 50 percent of + the outstanding shares of any class of voting security of a business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.e.ii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.e + ref_id: 1798.145-m.2.E.ii + description: 'Has control in any manner over the election of a majority of the + directors or of individuals exercising similar functions. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.e.iii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.2.e + ref_id: 1798.145-m.2.E.iii + description: 'Has the power to exercise a controlling influence over the management + of a company. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1 + ref_id: 1798.145-m.3 + description: 'This subdivision shall not apply to subdivision (a) of Section + 1798.100 or Section 1798.150. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-m.1 + ref_id: 1798.145-m.4 + description: 'This subdivision shall become inoperative on January 1, 2023. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-n.1 + description: 'The obligations imposed on businesses by Sections 1798.100, 1798.105, + 1798.106, 1798.110, 1798.115, 1798.121, 1798.130, and 1798.135 shall not apply + to personal information reflecting a written or verbal communication or a + transaction between the business and the consumer, where the consumer is a + natural person who acted or is acting as an employee, owner, director, officer, + or independent contractor of a company, partnership, sole proprietorship, + nonprofit, or government agency and whose communications or transaction with + the business occur solely within the context of the business conducting due + diligence regarding, or providing or receiving a product or service to or + from such company, partnership, sole proprietorship, nonprofit, or government + agency. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.1 + ref_id: 1798.145-n.2 + description: 'For purposes of this subdivision: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2 + ref_id: 1798.145-n.2.A + description: "\u201CIndependent contractor\u201D means a natural person who\ + \ provides any service to a business pursuant to a written contract. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2 + ref_id: 1798.145-n.2.B + description: "\u201CDirector\u201D means a natural person designated in the\ + \ articles of incorporation as such or elected by the incorporators and natural\ + \ persons designated, elected, or appointed by any other name or title to\ + \ act as directors, and their successors. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2 + ref_id: 1798.145-n.2.C + description: "\u201COfficer\u201D means a natural person elected or appointed\ + \ by the board of directors to manage the daily operations of a corporation,\ + \ such as a chief executive officer, president, secretary, or treasurer. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2 + ref_id: 1798.145-n.2.D + description: "\u201COwner\u201D means a natural person who meets one of the\ + \ following: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.d.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.d + ref_id: 1798.145-n.2.D.i + description: 'Has ownership of, or the power to vote, more than 50 percent of + the outstanding shares of any class of voting security of a business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.d.ii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.d + ref_id: 1798.145-n.2.D.ii + description: 'Has control in any manner over the election of a majority of the + directors or of individuals exercising similar functions. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.d.iii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.2.d + ref_id: 1798.145-n.2.D.iii + description: 'Has the power to exercise a controlling influence over the management + of a company. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-n.1 + ref_id: 1798.145-n.3 + description: 'This subdivision shall become inoperative on January 1, 2023. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-o.1 + description: "Sections 1798.105 and 1798.120 shall not apply to a commercial\ + \ credit reporting agency\u2019s collection, processing, sale, or disclosure\ + \ of business controller information to the extent the commercial credit reporting\ + \ agency uses the business controller information solely to identify the relationship\ + \ of a consumer to a business that the consumer owns or contact the consumer\ + \ only in the consumer\u2019s role as the owner, director, officer, or management\ + \ employee of the business. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.1 + ref_id: 1798.145-o.2 + description: 'For the purposes of this subdivision: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2 + ref_id: 1798.145-o.2.A + description: "\u201CBusiness controller information\u201D means the name or\ + \ names of the owner or owners, director, officer, or management employee\ + \ of a business and the contact information, including a business title, for\ + \ the owner or owners, director, officer, or management employee. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2 + ref_id: 1798.145-o.2.B + description: "\u201CCommercial credit reporting agency\u201D has the meaning\ + \ set forth in subdivision (b) of Section 1785.42. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2 + ref_id: 1798.145-o.2.C + description: "\u201COwner\u201D means a natural person that meets one of the\ + \ following: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.c.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.c + ref_id: 1798.145-o.2.C.i + description: 'Has ownership of, or the power to vote, more than 50 percent of + the outstanding shares of any class of voting security of a business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.c.ii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.c + ref_id: 1798.145-o.2.C.ii + description: 'Has control in any manner over the election of a majority of the + directors or of individuals exercising similar functions. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.c.iii + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.c + ref_id: 1798.145-o.2.C.iii + description: 'Has the power to exercise a controlling influence over the management + of a company. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2 + ref_id: 1798.145-o.2.D + description: "\u201CDirector\u201D means a natural person designated in the\ + \ articles of incorporation of a business as director, or elected by the incorporators\ + \ and natural persons designated, elected, or appointed by any other name\ + \ or title to act as directors, and their successors. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2 + ref_id: 1798.145-o.2.E + description: "\u201COfficer\u201D means a natural person elected or appointed\ + \ by the board of directors of a business to manage the daily operations of\ + \ a corporation, including a chief executive officer, president, secretary,\ + \ or treasurer. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2.f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-o.2 + ref_id: 1798.145-o.2.F + description: "\u201CManagement employee\u201D means a natural person whose name\ + \ and contact information is reported to or collected by a commercial credit\ + \ reporting agency as the primary manager of a business and used solely within\ + \ the context of the natural person\u2019s role as the primary manager of\ + \ the business. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-p + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-p + description: 'The obligations imposed on businesses in Sections 1798.105, 1798.106, + 1798.110, and 1798.115 shall not apply to household data. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-q.1 + description: "This title does not require a business to comply with a verifiable\ + \ consumer request to delete a consumer\u2019s personal information under\ + \ Section 1798.105 to the extent the verifiable consumer request applies to\ + \ a student\u2019s grades, educational scores, or educational test results\ + \ that the business holds on behalf of a local educational agency, as defined\ + \ in subdivision (d) of Section 49073.1 of the Education Code, at which the\ + \ student is currently enrolled. If a business does not comply with a request\ + \ pursuant to this section, it shall notify the consumer that it is acting\ + \ pursuant to this exception. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.1 + ref_id: 1798.145-q.2 + description: "This title does not require, in response to a request pursuant\ + \ to Section 1798.110, that a business disclose on educational standardized\ + \ assessment or educational assessment or a consumer\u2019s specific responses\ + \ to the educational standardized assessment or educational assessment if\ + \ consumer access, possession, or control would jeopardize the validity and\ + \ reliability of that educational standardized assessment or educational assessment.\ + \ If a business does not comply with a request pursuant to this section, it\ + \ shall notify the consumer that it is acting pursuant to this exception. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.1 + ref_id: 1798.145-q.3 + description: 'For purposes of this subdivision: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.3.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.3 + ref_id: 1798.145-q.3.A + description: "\u201CEducational standardized assessment or educational assessment\u201D\ + \ means a standardized or nonstandardized quiz, test, or other assessment\ + \ used to evaluate students in or for entry to kindergarten and grades 1 to\ + \ 12, inclusive, schools, postsecondary institutions, vocational programs,\ + \ and postgraduate programs that are accredited by an accrediting agency or\ + \ organization recognized by the State of California or the United States\ + \ Department of Education, as well as certification and licensure examinations\ + \ used to determine competency and eligibility to receive certification or\ + \ licensure from a government agency or government certification body. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.3.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-q.3 + ref_id: 1798.145-q.3.B + description: "\u201CJeopardize the validity and reliability of that educational\ + \ standardized assessment or educational assessment\u201D means releasing\ + \ information that would provide an advantage to the consumer who has submitted\ + \ a verifiable consumer request or to another natural person. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-r + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145 + ref_id: 1798.145-r + description: "Sections 1798.105 and 1798.120 shall not apply to a business\u2019\ + s use, disclosure, or sale of particular pieces of a consumer\u2019s personal\ + \ information if the consumer has consented to the business\u2019s use, disclosure,\ + \ or sale of that information to produce a physical item, including a school\ + \ yearbook containing the consumer\u2019s photograph if: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-r.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-r + ref_id: 1798.145-r.1 + description: "The business has incurred significant expense in reliance on the\ + \ consumer\u2019s consent. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-r.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-r + ref_id: 1798.145-r.2 + description: "Compliance with the consumer\u2019s request to opt out of the\ + \ sale of the consumer\u2019s personal information or to delete the consumer\u2019\ + s personal information would not be commercially reasonable. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-r.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.145-r + ref_id: 1798.145-r.3 + description: "The business complies with the consumer\u2019s request as soon\ + \ as it is commercially reasonable to do so. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146 + assessable: false + depth: 1 + ref_id: '1798.146' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146 + ref_id: 1798.146-a + description: 'This title shall not apply to any of the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a + ref_id: 1798.146-a.1 + description: 'Medical information governed by the Confidentiality of Medical + Information Act (Part 2.6 (commencing with Section 56) of Division 1) or protected + health information that is collected by a covered entity or business associate + governed by the privacy, security, and breach notification rules issued by + the United States Department of Health and Human Services, Parts 160 and 164 + of Title 45 of the Code of Federal Regulations, established pursuant to the + federal Health Insurance Portability and Accountability Act of 1996 (Public + Law 104-191) and the federal Health Information Technology for Economic and + Clinical Health Act, Title XIII of the federal American Recovery and Reinvestment + Act of 2009 (Public Law 111-5). ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a + ref_id: 1798.146-a.2 + description: "A provider of health care governed by the Confidentiality of Medical\ + \ Information Act (Part 2.6 (commencing with Section 56) of Division 1) or\ + \ a covered entity governed by the privacy, security, and breach notification\ + \ rules issued by the United States Department of Health and Human Services,\ + \ Parts 160 and 164 of Title 45 of the Code of Federal Regulations, established\ + \ pursuant to the federal Health Insurance Portability and Accountability\ + \ Act of 1996 (Public Law 104-191), to the extent the provider or covered\ + \ entity maintains, uses, and discloses patient information in the \nsame\ + \ manner as medical information or protected health information as described\ + \ in paragraph (1). " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a + ref_id: 1798.146-a.3 + description: "A business associate of a covered entity governed by the privacy,\ + \ security, and data breach notification rules issued by the United States\ + \ Department of Health and Human Services, Parts 160 and 164 of Title 45 of\ + \ the Code of Federal Regulations, established pursuant to the federal Health\ + \ Insurance Portability and Accountability Act of 1996 (Public Law 104-191)\ + \ and the federal Health Information Technology for \nEconomic and Clinical\ + \ Health Act, Title XIII of the federal American Recovery and Reinvestment\ + \ Act of 2009 (Public Law 111-5), to the extent that the business associate\ + \ maintains, uses, and discloses patient information in the same manner as\ + \ medical information or protected health information as described in paragraph\ + \ (1). " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.4.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a + ref_id: 1798.146-a.4.A + description: 'Information that meets both of the following conditions: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.4.a.i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.4.a + ref_id: 1798.146-a.4.A.i + description: 'It is deidentified in accordance with the requirements for deidentification + set forth in Section 164.514 of Part 164 of Title 45 of the Code of Federal + Regulations. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.4.a.ii + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.4.a + ref_id: 1798.146-a.4.A.ii + description: "It is derived from patient information that was originally collected,\ + \ created, transmitted, or maintained by an entity regulated by the Health\ + \ \nInsurance Portability and Accountability Act, the Confidentiality Of Medical\ + \ Information Act, or the Federal Policy for the Protection of Human Subjects,\ + \ also known as the Common Rule. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.4.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.4.a + ref_id: 1798.146-a.4.B + description: 'Information that met the requirements of subparagraph (A) but + is subsequently reidentified shall no longer be eligible for the exemption + in this paragraph, and shall be subject to applicable federal and state data + privacy and security laws, including, but not limited to, the Health Insurance + Portability and Accountability Act, the Confidentiality Of Medical Information + Act, and this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-a + ref_id: 1798.146-a.5 + description: 'Information that is collected, used, or disclosed in research, + as defined in Section 164.501 of Title 45 of the Code of Federal Regulations, + including, but not limited to, a clinical trial, and that is conducted in + accordance with applicable ethics, confidentiality, privacy, and security + rules of Part 164 of Title 45 of the Code of Federal Regulations, the Federal + Policy for the Protection of Human Subjects, also known as the Common Rule, + good clinical practice guidelines issued by the International Council for + Harmonisation, or human subject protection requirements of the United States + Food and Drug Administration. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146 + ref_id: 1798.146-b + description: 'For purposes of this section, all of the following shall apply: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + ref_id: 1798.146-b.1 + description: " \u201CBusiness associate\u201D has the same meaning as defined\ + \ in Section 160.103 of Title 45 of the Code of Federal Regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + ref_id: 1798.146-b.2 + description: " \u201CCovered entity\u201D has the same meaning as defined in\ + \ Section 160.103 of Title 45 of the Code of Federal Regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + ref_id: 1798.146-b.3 + description: "\u201CIdentifiable private information\u201D has the same meaning\ + \ as defined in Section \n46.102 of Title 45 of the Code of Federal Regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + ref_id: 1798.146-b.4 + description: "\_ \u201CIndividually identifiable health information\u201D has\ + \ the same meaning as defined in Section 160.103 of Title 45 of the Code of\ + \ Federal Regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + ref_id: 1798.146-b.5 + description: "\u201CMedical information\u201D has the same meaning as defined\ + \ in Section 56.05. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + ref_id: 1798.146-b.6 + description: "\u201CPatient information\u201D shall mean identifiable private\ + \ information, protected health information, individually identifiable health\ + \ information, or medical information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + ref_id: 1798.146-b.7 + description: "\u201CProtected health information\u201D has the same meaning\ + \ as defined in Section 160.103 of Title 45 of the Code of Federal Regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.146-b + ref_id: 1798.146-b.8 + description: "\u201CProvider of health care\u201D has the same meaning as defined\ + \ in Section 56.05. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148 + assessable: false + depth: 1 + ref_id: '1798.148' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148 + ref_id: 1798.148-a + description: 'A business or other person shall not reidentify, or attempt to + reidentify, information that has met the requirements of paragraph (4) of + subdivision (a) of Section 1798.146, except for one or more of the following + purposes: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a + ref_id: 1798.148-a.1 + description: "Treatment, payment, or health care operations conducted by a covered\ + \ entity or business associate acting on behalf of, and at the written direction\ + \ of, the covered entity. For purposes of this paragraph, \u201Ctreatment,\u201D\ + \ \u201Cpayment,\u201D \u201Chealth care operations,\u201D \u201Ccovered entity,\u201D\ + \ and \u201Cbusiness associate\u201D have the same meaning as defined in Section\ + \ 164.501 of Title 45 of the Code of Federal Regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a + ref_id: 1798.148-a.2 + description: 'Public health activities or purposes as described in Section 164.512 + of Title 45 of the Code of Federal Regulations. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a + ref_id: 1798.148-a.3 + description: "Research, as defined in Section 164.501 of Title 45 of the Code\ + \ of Federal \nRegulations, that is conducted in accordance with Part 46 of\ + \ Title 45 of the Code of Federal Regulations, the Federal Policy for the\ + \ Protection of Human Subjects, also known as the Common Rule. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a + ref_id: 1798.148-a.4 + description: 'Pursuant to a contract where the lawful holder of the deidentified + information that met the requirements of paragraph (4) of subdivision (a) + of Section 1798.146 expressly engages a person or entity to attempt to reidentify + the deidentified information in order to conduct testing, analysis, or validation + of deidentification, or related statistical techniques, if the contract bans + any other use or disclosure of the reidentified information and requires the + return or destruction of the information that was reidentified upon completion + of the contract. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-a + ref_id: 1798.148-a.5 + description: 'If otherwise required by law. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148 + ref_id: 1798.148-b + description: 'In accordance with paragraph (4) of subdivision (a) of Section + 1798.146, information reidentified pursuant this section shall be subject + to applicable federal and state data privacy and security laws including, + but not limited to, the Health Insurance Portability and Accountability Act, + the Confidentiality of Medical Information Act, and this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-c + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148 + ref_id: 1798.148-c + description: 'Beginning January 1, 2021, any contract for the sale or license + of deidentified information that has met the requirements of paragraph (4) + of subdivision (a) of Section 1798.146, where one of the parties is a person + residing or doing business in the state, shall include the following, or substantially + similar, provisions: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-c.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-c + ref_id: 1798.148-c.1 + description: 'A statement that the deidentified information being sold or licensed + includes deidentified patient information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-c.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-c + ref_id: 1798.148-c.2 + description: 'A statement that reidentification, and attempted reidentification, + of the deidentified information by the purchaser or licensee of the information + is prohibited pursuant to this section. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-c.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-c + ref_id: 1798.148-c.3 + description: 'A requirement that, unless otherwise required by law, the purchaser + or licensee of the deidentified information may not further disclose the deidentified + information to any third party unless the third party is contractually bound + by the same or stricter restrictions and conditions. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.148-d + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.148 + ref_id: 1798.148-d + description: "For purposes of this section, \u201Creidentify\u201D means the\ + \ process of reversal of deidentification techniques, including, but not limited\ + \ to, the addition of specific pieces of information or data elements that\ + \ can, individually or in combination, be used to uniquely identify an individual\ + \ or usage of any statistical method, contrivance, computer software, or other\ + \ means that have the effect of associating deidentified information with\ + \ a specific identifiable individual. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.150 + assessable: false + depth: 1 + ref_id: '1798.150' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.150 + ref_id: 1798.150-a.1 + description: "Any consumer whose nonencrypted and nonredacted personal information,\ + \ as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section\ + \ 1798.81.5, or whose email address in combination with a password or security\ + \ question and answer that would permit access to the account is subject to\ + \ an unauthorized access and exfiltration, theft, or disclosure as a result\ + \ of the business\u2019s violation of the duty to implement and maintain reasonable\ + \ security procedures and practices appropriate to the nature of the information\ + \ to protect the personal information may institute a civil action for any\ + \ of the following: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.1.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.1 + ref_id: 1798.150-a.1.A + description: 'To recover damages in an amount not less than one hundred dollars + ($100) and not greater than seven hundred and fifty ($750) per consumer per + incident or actual damages, whichever is greater. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.1.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.1 + ref_id: 1798.150-a.1.B + description: 'Injunctive or declaratory relief. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.1.c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.1 + ref_id: 1798.150-a.1.C + description: 'Any other relief the court deems proper. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-a.1 + ref_id: 1798.150-a.2 + description: "In assessing the amount of statutory damages, the court shall\ + \ consider any one or more of the relevant circumstances presented by any\ + \ of the parties to the case, including, but not limited to, the nature and\ + \ seriousness of the misconduct, the number of violations, the persistence\ + \ of the misconduct, the length of time over which the misconduct occurred,\ + \ the willfulness of the defendant\u2019s misconduct, and the defendant\u2019\ + s assets, liabilities, and net worth. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.150 + ref_id: 1798.150-b + description: "Actions pursuant to this section may be brought by a consumer\ + \ if, prior to initiating any action against a business for statutory damages\ + \ on an individual or class-wide basis, a consumer provides a business 30\ + \ days\u2019 written notice identifying the specific provisions of this title\ + \ the consumer alleges have been or are being violated. In the event a cure\ + \ is possible, if within the 30 days the business actually cures the noticed\ + \ violation and provides the consumer an express written statement that the\ + \ violations have been cured and that no further violations shall occur, no\ + \ action for individual statutory damages or class-wide statutory damages\ + \ may be initiated against the business. The implementation and maintenance\ + \ of reasonable security procedures and practices pursuant to Section 1798.81.5\ + \ following a breach does not constitute a cure with respect to that breach.\ + \ No notice shall be required prior to an individual consumer initiating an\ + \ action solely for actual pecuniary damages suffered as a result of the alleged\ + \ violations of this title. If a business continues to violate this title\ + \ in breach of the express written statement provided to the consumer under\ + \ this section, the consumer may initiate an action against the business to\ + \ enforce the written statement and may pursue statutory damages for each\ + \ breach of the express written statement, as well as any other violation\ + \ of the title that postdates the written statement. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.150-c + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.150 + ref_id: 1798.150-c + description: 'The cause of action established by this section shall apply only + to violations as defined in subdivision (a) and shall not be based on violations + of any other section of this title. Nothing in this title shall be interpreted + to serve as the basis for a private right of action under any other law. This + shall not be construed to relieve any party from any duties or obligations + imposed under other law or the United States or California Constitution. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.155 + assessable: false + depth: 1 + ref_id: '1798.155' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.155-a + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.155 + ref_id: 1798.155-a + description: 'Any business, service provider, contractor, or other person that + violates this title shall be liable for an administrative fine of not more + than two thousand five hundred dollars ($2,500) for each violation or seven + thousand five hundred dollars ($7,500) for each intentional violation or violations + involving the personal information of consumers whom the business, service + provider, contractor, or other person has actual knowledge are under 16 years + of age, as adjusted pursuant to paragraph (5) of subdivision (a) of Section + 1798.185, in an administrative enforcement action brought by the California + Privacy Protection Agency. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.155-b + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.155 + ref_id: 1798.155-b + description: 'Any administrative fine assessed for a violation of this title, + and the proceeds of any settlement of an action brought pursuant to subdivision + (a), shall be deposited in the Consumer Privacy Fund, created within the General + Fund pursuant to subdivision (a) of Section 1798.160 with the intent to fully + offset any costs incurred by the state courts, the Attorney General, and the + California Privacy Protection Agency in connection with this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160 + assessable: false + depth: 1 + ref_id: '1798.160' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160 + ref_id: 1798.160-a + description: "A special fund to be known as the \u201CConsumer Privacy Fund\u201D\ + \ is hereby created within the General Fund in the State Treasury, and is\ + \ available upon appropriation by the Legislature first to offset any costs\ + \ incurred by the state courts in connection with actions brought to enforce\ + \ this title, the costs incurred by the Attorney General in carrying out the\ + \ Attorney General\u2019s duties under this title, and then for the purposes\ + \ of establishing an investment fund in the State Treasury, with any earnings\ + \ or interest from the fund to be deposited in the General Fund, and making\ + \ grants to promote and protect consumer privacy, educate children in the\ + \ area of online privacy, and fund cooperative programs with international\ + \ law enforcement organizations to combat fraudulent activities with respect\ + \ to consumer data breaches. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160 + ref_id: 1798.160-b + description: 'Funds transferred to the Consumer Privacy Fund shall be used exclusively + as follows: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b + ref_id: 1798.160-b.1 + description: 'To offset any costs incurred by the state courts and the Attorney + General in connection with this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b + ref_id: 1798.160-b.2 + description: 'After satisfying the obligations under paragraph (1), the remaining + funds shall be allocated each fiscal year as follows: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2 + ref_id: 1798.160-b.2.A + description: 'Ninety-one percent shall be invested by the Treasurer in financial + assets with the goal of maximizing long term yields consistent with a prudent + level of risk. The principal shall not be subject to transfer or appropriation, + provided that any interest and earnings shall be transferred on an annual + basis to the General Fund for appropriation by the Legislature for General + Fund purposes. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2 + ref_id: 1798.160-b.2.B + description: 'Nine percent shall be made available to the California Privacy + Protection Agency for the purposes of making grants in California, with 3 + percent allocated to each of the following grant recipients: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2.b.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2.b + ref_id: 1798.160-b.2.B.i + description: 'Nonprofit organizations to promote and protect consumer privacy. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2.b.ii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2.b + ref_id: 1798.160-b.2.B.ii + description: 'Nonprofit organizations and public agencies, including school + districts, to educate children in the area of online privacy. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2.b.iii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2.b + ref_id: 1798.160-b.2.B.iii + description: 'State and local law enforcement agencies to fund cooperative programs + with international law enforcement organizations to combat fraudulent activities + with respect to consumer data breaches. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.160-b.2 + ref_id: 1798.160-c + description: 'Funds in the Consumer Privacy Fund shall not be subject to appropriation + or transfer by the Legislature for any other purpose. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.175 + assessable: false + depth: 1 + ref_id: '1798.175' + - urn: urn:intuitem:risk:req_node:ccpa_act:node412 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.175 + description: "This title is intended to further the constitutional right of\ + \ privacy and to supplement existing laws relating to consumers\u2019 personal\ + \ information, including, but not limited to, Chapter 22 (commencing with\ + \ Section 22575) of Division 8 of the Business and Professions Code and Title\ + \ 1.81 (commencing with Section 1798.80). The provisions of this title are\ + \ not limited to information collected electronically or over the Internet,\ + \ but apply to the collection and sale of all personal information collected\ + \ by a business from consumers. Wherever possible, law relating to consumers\u2019\ + \ personal information should be construed to harmonize with the provisions\ + \ of this title, but in the event of a conflict between other laws and the\ + \ provisions of this title, the provisions of the law that afford the greatest\ + \ protection for the right of privacy for consumers shall control. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.180 + assessable: false + depth: 1 + ref_id: '1798.180' + - urn: urn:intuitem:risk:req_node:ccpa_act:node414 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.180 + description: "This title is a matter of statewide concern and supersedes and\ + \ preempts all rules, regulations, codes, ordinances, and other laws adopted\ + \ by a city, county, city and county, municipality, or local agency regarding\ + \ the collection and sale of consumers\u2019 personal information by a business. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185 + assessable: false + depth: 1 + ref_id: '1798.185' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185 + ref_id: 1798.185-a + description: 'On or before July 1, 2020, the Attorney General shall solicit + broad public participation and adopt regulations to further the purposes of + this title, including, but not limited to, the following areas: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.1 + description: 'Updating or adding categories of personal information to those + enumerated in subdivision (c) of Section 1798.130 and subdivision (v) of Section + 1798.140, and updating or adding categories of sensitive personal information + to those enumerated in subdivision (ae) of Section 1798.140 in order to address + changes in technology, data collection practices, obstacles to implementation, + and privacy concerns. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.2 + description: "Updating as needed the definitions of \u201Cdeidentified\u201D\ + \ and \u201Cunique identifier\u201D to address changes in technology, data\ + \ collection, obstacles to implementation, and privacy concerns, and adding,\ + \ modifying, or deleting categories to the definition of designated methods\ + \ for submitting requests to facilitate a consumer\u2019s ability to obtain\ + \ information from a business pursuant to Section 1798.130. The authority\ + \ to update the definition of \u201Cdeidentified\u201D shall not apply to\ + \ deidentification standards set forth in Section 164.514 of Title 45 of the\ + \ Code of Federal Regulations, where such information previously was \u201C\ + protected health information\u201D as defined in Section 160.103 of Title\ + \ 45 of the Code of Federal Regulations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.3 + description: 'Establishing any exceptions necessary to comply with state or + federal law, including, but not limited to, those relating to trade secrets + and intellectual property rights, within one year of passage of this title + and as needed thereafter, with the intention that trade secrets should not + be disclosed in response to a verifiable consumer request. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.4 + description: 'Establishing rules and procedures for the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.4.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.4 + ref_id: 1798.185-a.4.A + description: "To facilitate and govern the submission of a request by a consumer\ + \ to opt out of the sale or sharing of personal information pursuant to Section\ + \ 1798.120 and to limit the use of a consumer\u2019s sensitive personal information\ + \ pursuant to Section 1798.121 to ensure that consumers have the ability to\ + \ exercise their choices without undue burden and to prevent business from\ + \ engaging in deceptive or harassing conduct, including in retaliation against\ + \ consumers for exercising their rights, while allowing businesses to inform\ + \ consumers of the consequences of their decision to opt out of the sale or\ + \ sharing of their personal information or to limit the use of their sensitive\ + \ personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.4.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.4 + ref_id: 1798.185-a.4.B + description: "To govern business compliance with a consumer\u2019s opt-out request. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.4.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.4 + ref_id: 1798.185-a.4.C + description: 'For the development and use of a recognizable and uniform opt + out logo or button by all businesses to promote consumer awareness of the + opportunity to opt-out of the sale of personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.5 + description: 'Adjusting the monetary thresholds, in January of every odd-numbered + year to reflect any increase in the Consumer Price Index, in: subparagraph + (A) of paragraph (1) of subdivision (d) of Section 1798.140; subparagraph + (A) of paragraph (1) of subdivision (a) of Section 1798.150; subdivision (a) + of Section 1798.155; Section 1798.199.25; and subdivision (a) of Section 1798.199.90. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.6 + description: 'Establishing rules, procedures, and any exceptions necessary to + ensure that the notices and information that businesses are required to provide + pursuant to this title are provided in a manner that may be easily understood + by the average consumer, are accessible to consumers with disabilities, and + are available in the language primarily used to interact with the consumer, + including establishing rules and guidelines regarding financial incentives + within one year of passage of this title and as needed thereafter. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.7 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.7 + description: "Establishing rules and procedures to further the purposes of Sections\ + \ 1798.105, 1798.106, 1798.110, and 1798.115 and to facilitate a consumer\u2019\ + s or the consumer\u2019s authorized agent\u2019s ability to delete personal\ + \ information, correct inaccurate personal information pursuant to Section\ + \ 1798.106, or obtain information pursuant to Section 1798.130, with the goal\ + \ of minimizing the administrative burden on consumers, taking into account\ + \ available technology, security concerns, and the burden on the business,\ + \ to govern a business\u2019s determination that a request for information\ + \ received from a consumer is a verifiable consumer request, including treating\ + \ a request submitted through a password-protected account maintained by the\ + \ consumer with the business while the consumer is logged into the account\ + \ as a verifiable consumer request and providing a mechanism for a consumer\ + \ who does not maintain an account with the business to request information\ + \ through the business\u2019s authentication of the consumer\u2019s identity,\ + \ within one year of passage of this title and as needed thereafter. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.8 + description: 'Establishing how often, and under what circumstances, a consumer + may request a correction pursuant to Section 1798.106, including standards + governing the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8 + ref_id: 1798.185-a.8.A + description: 'How a business responds to a request for correction, including + exceptions for requests to which a response is impossible or would involve + disproportionate effort, and requests for correction of accurate information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8 + ref_id: 1798.185-a.8.B + description: 'How concerns regarding the accuracy of the information may be + resolved. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8 + ref_id: 1798.185-a.8.C + description: 'The steps a business may take to prevent fraud. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.8 + ref_id: 1798.185-a.8.D + description: "If a business rejects a request to correct personal information\ + \ collected and analyzed concerning a consumer\u2019s health, the right of\ + \ a consumer to provide a written addendum to the business with respect to\ + \ any item or statement regarding any such personal information that the consumer\ + \ believes to be incomplete or incorrect. The addendum shall be limited to\ + \ 250 words per alleged incomplete or incorrect item and shall clearly indicate\ + \ in writing that the consumer requests the addendum to be made a part of\ + \ the consumer\u2019s record. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.9 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.9 + description: "Establishing the standard to govern a business\u2019s determination,\ + \ pursuant to subparagraph (B) of paragraph (2) of subdivision (a) of Section\ + \ 1798.130, that providing information beyond the 12-month period in a response\ + \ to a verifiable consumer request is impossible or would involve a disproportionate\ + \ effort. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.10 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.10 + description: "Issuing regulations further defining and adding to the business\ + \ purposes, including other notified purposes, for which businesses, service\ + \ providers, and contractors may use consumers\u2019 personal information\ + \ consistent with consumers\u2019 expectations, and further defining the business\ + \ purposes for which service providers and contractors may combine consumers\u2019\ + \ personal information obtained from different sources, except as provided\ + \ for in paragraph (6) of subdivision (e) of Section 1798.140. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.11 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.11 + description: "Issuing regulations identifying those business purposes, including\ + \ other notified purposes, for which service providers and contractors may\ + \ use consumers\u2019 personal information received pursuant to a written\ + \ contract with a business, for the service provider or contractor\u2019s\ + \ own business purposes, with the goal of maximizing consumer privacy. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.12 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.12 + description: "Issuing regulations to further define \u201Cintentionally interacts,\u201D\ + \ with the goal of maximizing consumer privacy. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.13 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.13 + description: "Issuing regulations to further define \u201Cprecise geolocation,\u201D\ + \ including if the size defined is not sufficient to protect consumer privacy\ + \ in sparsely populated areas or when the personal information is used for\ + \ normal operational purposes, including billing. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.14 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.14 + description: "Issuing regulations to define the term \u201Cspecific pieces of\ + \ information obtained from the consumer\u201D with the goal of maximizing\ + \ a consumer\u2019s right to access relevant personal information while minimizing\ + \ the delivery of information to a consumer that would not be useful to the\ + \ consumer, including system log information and other technical data. For\ + \ delivery of the most sensitive personal information, the regulations may\ + \ require a higher standard of authentication provided that the agency shall\ + \ monitor the impact of the higher standard on the right of consumers to obtain\ + \ their personal information to ensure that the requirements of verification\ + \ do not result in the unreasonable denial of verifiable consumer requests. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.15 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.15 + description: "Issuing regulations requiring businesses whose processing of consumers\u2019\ + \ personal information presents significant risk to consumers\u2019 privacy\ + \ or security, to: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.15.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.15 + ref_id: 1798.185-a.15.A + description: 'Perform a cybersecurity audit on an annual basis, including defining + the scope of the audit and establishing a process to ensure that audits are + thorough and independent. The factors to be considered in determining when + processing may result in significant risk to the security of personal information + shall include the size and complexity of the business and the nature and scope + of processing activities. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.15.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.15 + ref_id: 1798.185-a.15.B + description: 'Submit to the California Privacy Protection Agency on a regular + basis a risk assessment with respect to their processing of personal information, + including whether the processing involves sensitive personal information, + and identifying and weighing the benefits resulting from the processing to + the business, the consumer, other stakeholders, and the public, against the + potential risks to the rights of the consumer associated with that processing, + with the goal of restricting or prohibiting the processing if the risks to + privacy of the consumer outweigh the benefits resulting from processing to + the consumer, the business, other stakeholders, and the public. Nothing in + this section shall require a business to divulge trade secrets. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.16 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.16 + description: "Issuing regulations governing access and opt-out rights with respect\ + \ to businesses\u2019 use of automated decisionmaking technology, including\ + \ profiling and requiring businesses\u2019 response to access requests to\ + \ include meaningful information about the logic involved in those decisionmaking\ + \ processes, as well as a description of the likely outcome of the process\ + \ with respect to the consumer. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.17 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.17 + description: "Issuing regulations to further define a \u201Claw enforcement\ + \ agency-approved investigation\u201D for purposes of the exception in subparagraph\ + \ (B) of paragraph (1) of subdivision (a) of Section 1798.145. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.18 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.18 + description: "Issuing regulations to define the scope and process for the exercise\ + \ of the agency\u2019s audit authority, to establish criteria for selection\ + \ of persons to audit, and to protect consumers\u2019 personal information\ + \ from disclosure to an auditor in the absence of a court order, warrant,\ + \ or subpoena. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.19.A + description: "Issuing regulations to define the requirements and technical specifications\ + \ for an opt-out preference signal sent by a platform, technology, or mechanism,\ + \ to indicate a consumer\u2019s intent to opt out of the sale or sharing of\ + \ the consumer\u2019s personal information and to limit the use or disclosure\ + \ of the consumer\u2019s sensitive personal information. The requirements\ + \ and specifications for the opt-out preference signal should be updated from\ + \ time to time to reflect the means by which consumers interact with businesses,\ + \ and should: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.i + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + ref_id: 1798.185-a.19.A.i + description: 'Ensure that the manufacturer of a platform or browser or device + that sends the opt-out preference signal cannot unfairly disadvantage another + business. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.ii + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + ref_id: 1798.185-a.19.A.ii + description: 'Ensure that the opt-out preference signal is consumer-friendly, + clearly described, and easy to use by an average consumer and does not require + that the consumer provide additional information beyond what is necessary. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.iii + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + ref_id: 1798.185-a.19.A.iii + description: "Clearly represent a consumer\u2019s intent and be free of defaults\ + \ constraining or presupposing that intent. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.iv + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + ref_id: 1798.185-a.19.A.iv + description: 'Ensure that the opt-out preference signal does not conflict with + other commonly used privacy settings or tools that consumers may employ. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.v + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + ref_id: 1798.185-a.19.A.v + description: "Provide a mechanism for the consumer to selectively consent to\ + \ a business\u2019s sale of the consumer\u2019s personal information, or the\ + \ use or disclosure of the consumer\u2019s sensitive personal information,\ + \ without affecting the consumer\u2019s preferences with respect to other\ + \ businesses or disabling the opt-out preference signal globally. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.vi + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + ref_id: 1798.185-a.19.A.vi + description: 'State that in the case of a page or setting view that the consumer + accesses to set the opt-out preference signal, the consumer should see up + to three choices, including: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.vi.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.vi + ref_id: 1798.185-a.19.A.vi.I + description: 'Global opt out from sale and sharing of personal information, + including a direction to limit the use of sensitive personal information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.vi.ii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.vi + ref_id: 1798.185-a.19.A.vi.II + description: "Choice to \u201CLimit the Use of My Sensitive Personal Information.\u201D\ + \ " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.vi.iii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a.vi + ref_id: 1798.185-a.19.A.vi.III + description: "Choice titled \u201CDo Not Sell/Do Not Share My Personal Information\ + \ for Cross-Context Behavioral Advertising.\u201D " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + ref_id: 1798.185-a.19.B + description: "Issuing regulations to establish technical specifications for\ + \ an opt-out preference signal that allows the consumer, or the consumer\u2019\ + s parent or guardian, to specify that the consumer is less than 13 years of\ + \ age or at least 13 years of age and less than 16 years of age. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.a + ref_id: 1798.185-a.19.C + description: "Issuing regulations, with the goal of strengthening consumer privacy\ + \ while considering the legitimate operational interests of businesses, to\ + \ govern the use or disclosure of a consumer\u2019s sensitive personal information,\ + \ notwithstanding the consumer\u2019s direction to limit the use or disclosure\ + \ of the consumer\u2019s sensitive personal information, including: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c + ref_id: 1798.185-a.19.C.i + description: "Determining any additional purposes for which a business may use\ + \ or disclose a consumer\u2019s sensitive personal information. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c.ii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c + ref_id: 1798.185-a.19.C.ii + description: 'Determining the scope of activities permitted under paragraph + (8) of subdivision (e) of Section 1798.140, as authorized by subdivision (a) + of Section 1798.121, to ensure that the activities do not involve health-related + research. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c.iii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c + ref_id: 1798.185-a.19.C.iii + description: "Ensuring the functionality of the business\u2019s operations. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c.iv + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.19.c + ref_id: 1798.185-a.19.C.iv + description: "Ensuring that the exemption in subdivision (d) of Section 1798.121\ + \ for sensitive personal information applies to information that is collected\ + \ or processed incidentally, or without the purpose of inferring characteristics\ + \ about a consumer, while ensuring that businesses do not use the exemption\ + \ for the purpose of evading consumers\u2019 rights to limit the use and disclosure\ + \ of their sensitive personal information under Section 1798.121. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.20 + description: 'Issuing regulations to govern how a business that has elected + to comply with subdivision (b) of Section 1798.135 responds to the opt-out + preference signal and provides consumers with the opportunity subsequently + to consent to the sale or sharing of their personal information or the use + and disclosure of their sensitive personal information for purposes in addition + to those authorized by subdivision (a) of Section 1798.121. The regulations + should: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20 + ref_id: 1798.185-a.20.A + description: 'Strive to promote competition and consumer choice and be technology + neutral. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20 + ref_id: 1798.185-a.20.B + description: 'Ensure that the business does not respond to an opt-out preference + signal by: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b + ref_id: 1798.185-a.20.B.i + description: 'Intentionally degrading the functionality of the consumer experience. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b.ii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b + ref_id: 1798.185-a.20.B.ii + description: "Charging the consumer a fee in response to the consumer\u2019\ + s opt-out preferences. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b.iii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b + ref_id: 1798.185-a.20.B.iii + description: 'Making any products or services not function properly or fully + for the consumer, as compared to consumers who do not use the opt-out preference + signal. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b.iv + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b + ref_id: 1798.185-a.20.B.iv + description: "Attempting to coerce the consumer to opt in to the sale or sharing\ + \ of the consumer\u2019s personal information, or the use or disclosure of\ + \ the consumer\u2019s sensitive personal information, by stating or implying\ + \ that the use of the optout preference signal will adversely affect the consumer\ + \ as compared to consumers who do not use the opt-out preference signal, including\ + \ stating or implying that the consumer will not be able to use the business\u2019\ + s products or services or that those products or services may not function\ + \ properly or fully. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b.v + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.b + ref_id: 1798.185-a.20.B.v + description: "Displaying any notification or pop-up in response to the consumer\u2019\ + s opt-out preference signal. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20 + ref_id: 1798.185-a.20.C + description: 'Ensure that any link to a web page or its supporting content that + allows the consumer to consent to opt in: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c + ref_id: 1798.185-a.20.C.i + description: "Is not part of a popup, notice, banner, or other intrusive design\ + \ that obscures any part of the web page the consumer intended to visit from\ + \ full view or that interferes with or impedes in any way the consumer\u2019\ + s experience visiting or browsing the web page or website the consumer intended\ + \ to visit. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c.ii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c + ref_id: 1798.185-a.20.C.ii + description: 'Does not require or imply that the consumer must click the link + to receive full functionality of any products or services, including the website. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c.iii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c + ref_id: 1798.185-a.20.C.iii + description: 'Does not make use of any dark patterns. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c.iv + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.c + ref_id: 1798.185-a.20.C.iv + description: 'Applies only to the business with which the consumer intends to + interact. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.20 + ref_id: 1798.185-a.20.D + description: 'Strive to curb coercive or deceptive practices in response to + an opt-out preference signal but should not unduly restrict businesses that + are trying in good faith to comply with Section 1798.135. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.21 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.21 + description: 'Review existing Insurance Code provisions and regulations relating + to consumer privacy, except those relating to insurance rates or pricing, + to determine whether any provisions of the Insurance Code provide greater + protection to consumers than the provisions of this title. Upon completing + its review, the agency shall adopt a regulation that applies only the more + protective provisions of this title to insurance companies. For the purpose + of clarity, the Insurance Commissioner shall have jurisdiction over insurance + rates and pricing. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a.22 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-a + ref_id: 1798.185-a.22 + description: 'Harmonizing the regulations governing opt-out mechanisms, notices + to consumers, and other operational mechanisms in this title to promote clarity + and the functionality of this title for consumers. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185 + ref_id: 1798.185-b + description: 'The Attorney General may adopt additional regulations as necessary + to further the purposes of this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-c + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185 + ref_id: 1798.185-c + description: 'The Attorney General shall not bring an enforcement action under + this title until six months after the publication of the final regulations + issued pursuant to this section or July 1, 2020, whichever is sooner. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.185-d + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.185 + ref_id: 1798.185-d + description: 'Notwithstanding subdivision (a), the timeline for adopting final + regulations required by the act adding this subdivision shall be July 1, 2022. + Beginning the later of July 1, 2021, or six months after the agency provides + notice to the Attorney General that it is prepared to begin rulemaking under + this title, the authority assigned to the Attorney General to adopt regulations + under this section shall be exercised by the California Privacy Protection + Agency. Notwithstanding any other law, civil and administrative enforcement + of the provisions of law added or amended by this act shall not commence until + July 1, 2023, and shall only apply to violations occurring on or after that + date. Enforcement of provisions of law contained in the California Consumer + Privacy Act of 2018 amended by this act shall remain in effect and shall be + enforceable until the same provisions of this act become enforceable. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.190 + assessable: false + depth: 1 + ref_id: '1798.190' + - urn: urn:intuitem:risk:req_node:ccpa_act:node480 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.190 + description: 'A court or the agency shall disregard the intermediate steps or + transactions for purposes of effectuating the purposes of this title: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.190-a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node480 + ref_id: 1798.190-a + description: 'If a series of steps or transactions were component parts of a + single transaction intended from the beginning to be taken with the intention + of avoiding the reach of this title, including the disclosure of information + by a business to a third party in order to avoid the definition of sell or + share. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.190-b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node480 + ref_id: 1798.190-b + description: 'If steps or transactions were taken to purposely avoid the definition + of sell or share by eliminating any monetary or other valuable consideration, + including by entering into contracts that do not include an exchange for monetary + or other valuable consideration, but where a party is obtaining something + of value or use. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.192 + assessable: false + depth: 1 + ref_id: '1798.192' + - urn: urn:intuitem:risk:req_node:ccpa_act:node484 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.192 + description: "Any provision of a contract or agreement of any kind, including\ + \ a representative action waiver, that purports to waive or limit in any way\ + \ rights under this title, including, but not limited to, any right to a remedy\ + \ or means of enforcement, shall be deemed contrary to public policy and shall\ + \ be void and unenforceable. This section shall not prevent a consumer from\ + \ declining to request information from a business, declining to opt out of\ + \ a business\u2019s sale of the consumer\u2019s personal information, or authorizing\ + \ a business to sell or share the consumer\u2019s personal information after\ + \ previously opting out. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.194 + assessable: false + depth: 1 + ref_id: '1798.194' + - urn: urn:intuitem:risk:req_node:ccpa_act:node486 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.194 + description: This title shall be liberally construed to effectuate its purposes + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.196. + assessable: false + depth: 1 + ref_id: 1798.196. + - urn: urn:intuitem:risk:req_node:ccpa_act:node488 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.196. + description: 'This title is intended to supplement federal and state law, if + permissible, but shall not apply if such application is preempted by, or in + conflict with, federal law or the United States or California Constitution. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.198. + assessable: false + depth: 1 + ref_id: 1798.198. + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.198-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.198. + ref_id: 1798.198-a + description: 'Subject to limitation provided in subdivision (b), and in Section + 1798.199, this title shall be operative January 1, 2020. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.198-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.198. + ref_id: 1798.198-b + description: 'This title shall become operative only if initiative measure No. + 17-0039, The Consumer Right to Privacy Act of 2018, is withdrawn from the + ballot pursuant to Section 9604 of the Elections Code. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199 + assessable: false + depth: 1 + ref_id: '1798.199' + - urn: urn:intuitem:risk:req_node:ccpa_act:node493 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199 + description: 'Notwithstanding Section 1798.198, Section 1798.180 shall be operative + on the effective date of the act adding this section. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.10 + assessable: false + depth: 1 + ref_id: 1798.199.10 + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.10-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.10 + ref_id: 1798.199.10-a + description: 'There is hereby established in state government the California + Privacy Protection Agency, which is vested with full administrative power, + authority, and jurisdiction to implement and enforce the California Consumer + Privacy Act of 2018. The agency shall be governed by a five-member board, + including the chairperson. The chairperson and one member of the board shall + be appointed by the Governor. The Attorney General, Senate Rules Committee, + and Speaker of the Assembly shall each appoint one member. These appointments + should be made from among Californians with expertise in the areas of privacy, + technology, and consumer rights. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.10-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.10 + ref_id: 1798.199.10-b + description: 'The initial appointments to the agency shall be made within 90 + days of the effective date of the act adding this section. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15 + assessable: false + depth: 1 + ref_id: 1798.199.15 + - urn: urn:intuitem:risk:req_node:ccpa_act:node498 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15 + description: 'Members of the agency board shall: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15-a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node498 + ref_id: 1798.199.15-a + description: ' Have qualifications, experience, and skills, in particular in + the areas of privacy and technology, required to perform the duties of the + agency and exercise its powers. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15-b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node498 + ref_id: 1798.199.15-b + description: 'Maintain the confidentiality of information which has come to + their knowledge in the course of the performance of their tasks or exercise + of their powers, except to the extent that disclosure is required by the Public + Records Act. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15-c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node498 + ref_id: 1798.199.15-c + description: 'Remain free from external influence, whether direct or indirect, + and shall neither seek nor take instructions from another. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15-d + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node498 + ref_id: 1798.199.15-d + description: ' Refrain from any action incompatible with their duties and engaging + in any incompatible occupation, whether gainful or not, during their term. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15-e + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node498 + ref_id: 1798.199.15-e + description: ' Have the right of access to all information made available by + the agency to the chairperson. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15-f + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node498 + ref_id: 1798.199.15-f + description: "Be precluded, for a period of one year after leaving office, from\ + \ accepting employment with a business that was subject to an enforcement\ + \ action or civil action under this title during the member\u2019s tenure\ + \ or during the five-year period preceding the member\u2019s appointment. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.15-g + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node498 + ref_id: 1798.199.15-g + description: ' Be precluded for a period of two years after leaving office from + acting, for compensation, as an agent or attorney for, or otherwise representing, + any other person in a matter pending before the agency if the purpose is to + influence an action of the agency. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.20 + assessable: false + depth: 1 + ref_id: 1798.199.20 + - urn: urn:intuitem:risk:req_node:ccpa_act:node507 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.20 + description: 'Members of the agency board, including the chairperson, shall + serve at the pleasure of their appointing authority but shall serve for no + longer than eight consecutive years. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.25 + assessable: false + depth: 1 + ref_id: 1798.199.25 + - urn: urn:intuitem:risk:req_node:ccpa_act:node509 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.25 + description: 'For each day on which they engage in official duties, members + of the agency board shall be compensated at the rate of one hundred dollars + ($100), adjusted biennially to reflect changes in the cost of living, and + shall be reimbursed for expenses incurred in performance of their official + duties. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.30 + assessable: false + depth: 1 + ref_id: 1798.199.30 + - urn: urn:intuitem:risk:req_node:ccpa_act:node511 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.30 + description: 'The agency board shall appoint an executive director who shall + act in accordance with agency policies and regulations and with applicable + law. The agency shall appoint and discharge officers, counsel, and employees, + consistent with applicable civil service laws, and shall fix the compensation + of employees and prescribe their duties. The agency may contract for services + that cannot be provided by its employees. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.35 + assessable: false + depth: 1 + ref_id: 1798.199.35 + - urn: urn:intuitem:risk:req_node:ccpa_act:node513 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.35 + description: 'The agency board may delegate authority to the chairperson or + the executive director to act in the name of the agency between meetings of + the agency, except with respect to resolution of enforcement actions and rulemaking + authority. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40 + assessable: false + depth: 1 + ref_id: 1798.199.40 + - urn: urn:intuitem:risk:req_node:ccpa_act:node515 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40 + description: 'The agency shall perform the following functions: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-a + description: 'Administer, implement, and enforce through administrative actions + this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-b + description: 'On and after the later of July 1, 2021, or within six months of + the agency providing the Attorney General with notice that it is prepared + to assume rulemaking responsibilities under this title, adopt, amend, and + rescind regulations pursuant to Section 1798.185 to carry out the purposes + and provisions of the California Consumer Privacy Act of 2018, including regulations + specifying recordkeeping requirements for businesses to ensure compliance + with this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-c + description: 'Through the implementation of this title, protect the fundamental + privacy rights of natural persons with respect to the use of their personal + information. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-d + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-d + description: 'Promote public awareness and understanding of the risks, rules, + responsibilities, safeguards, and rights in relation to the collection, use, + sale, and disclosure of personal information, including the rights of minors + with respect to their own information, and provide a public report summarizing + the risk assessments filed with the agency pursuant to paragraph (15) of subdivision + (a) of Section 1798.185 while ensuring that data security is not compromised. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-e + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-e + description: 'Provide guidance to consumers regarding their rights under this + title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-f + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-f + description: 'Provide guidance to businesses regarding their duties and responsibilities + under this title and appoint a Chief Privacy Auditor to conduct audits of + businesses to ensure compliance with this title pursuant to regulations adopted + pursuant to paragraph (18) of subdivision (a) of Section 1798.185. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-g + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-g + description: 'Provide technical assistance and advice to the Legislature, upon + request, with respect to privacy-related legislation. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-h + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-h + description: 'Monitor relevant developments relating to the protection of personal + information and, in particular, the development of information and communication + technologies and commercial practices. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-i + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-i + description: 'Cooperate with other agencies with jurisdiction over privacy laws + and with data processing authorities in California, other states, territories, + and countries to ensure consistent application of privacy protections. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-j + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-j + description: 'Establish a mechanism pursuant to which persons doing business + in California that do not meet the definition of business set forth in paragraph + (1), (2), or (3) of subdivision (d) of Section 1798.140 may voluntarily certify + that they are in compliance with this title, as set forth in paragraph (4) + of subdivision (d) of Section 1798.140, and make a list of those entities + available to the public. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-k + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-k + description: 'Solicit, review, and approve applications for grants to the extent + funds are available pursuant to paragraph (2) of subdivision (b) of Section + 1798.160. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.40-l + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node515 + ref_id: 1798.199.40-l + description: 'Perform all other acts necessary or appropriate in the exercise + of its power, authority, and jurisdiction and seek to balance the goals of + strengthening consumer privacy while giving attention to the impact on businesses. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45 + assessable: false + depth: 1 + ref_id: 1798.199.45 + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45 + ref_id: 1798.199.45-a + description: 'Upon the sworn complaint of any person or on its own initiative, + the agency may investigate possible violations of this title relating to any + business, service provider, contractor, or person. The agency may decide not + to investigate a complaint or decide to provide a business with a time period + to cure the alleged violation. In making a decision not to investigate or + provide more time to cure, the agency may consider the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45-a.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45-a + ref_id: 1798.199.45-a.1 + description: 'Lack of intent to violate this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45-a.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45-a + ref_id: 1798.199.45-a.2 + description: 'Voluntary efforts undertaken by the business, service provider, + contractor, or person to cure the alleged violation prior to being notified + by the agency of the complaint. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.45 + ref_id: 1798.199.45-b + description: 'The agency shall notify in writing the person who made the complaint + of the action, if any, the agency has taken or plans to take on the complaint, + together with the reasons for that action or nonaction. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.50 + assessable: false + depth: 1 + ref_id: 1798.199.50 + - urn: urn:intuitem:risk:req_node:ccpa_act:node534 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.50 + description: "No finding of probable cause to believe this title has been violated\ + \ shall be made by the agency unless, at least 30 days prior to the agency\u2019\ + s consideration of the alleged violation, the business, service provider,\ + \ contractor, or person alleged to have violated this title is notified of\ + \ the violation by service of process or registered mail with return receipt\ + \ requested, provided with a summary of the evidence, and informed of their\ + \ right to be present in person and represented by counsel at any proceeding\ + \ of the agency held for the purpose of considering whether probable cause\ + \ exists for believing the person violated this title. Notice to the alleged\ + \ violator shall be deemed made on the date of service, the date the registered\ + \ mail receipt is signed, or if the registered mail receipt is not signed,\ + \ the date returned by the post office. A proceeding held for the purpose\ + \ of considering probable cause shall be private unless the alleged violator\ + \ files with the agency a written request that the proceeding be public. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55 + assessable: false + depth: 1 + ref_id: 1798.199.55 + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55 + ref_id: 1798.199.55-a + description: 'When the agency determines there is probable cause for believing + this title has been violated, it shall hold a hearing to determine if a violation + has or violations have occurred. Notice shall be given and the hearing conducted + in accordance with the Administrative Procedure Act (Chapter 5 (commencing + with Section 11500), Part 1, Division 3, Title 2, Government Code). The agency + shall have all the powers granted by that chapter. If the agency determines + on the basis of the hearing conducted pursuant to this subdivision that a + violation or violations have occurred, it shall issue an order that may require + the violator to do all or any of the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55-a.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55-a + ref_id: 1798.199.55-a.1 + description: 'Cease and desist violation of this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55-a.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55-a + ref_id: 1798.199.55-a.2 + description: 'Subject to Section 1798.155, pay an administrative fine of up + to two thousand five hundred dollars ($2,500) for each violation, or up to + seven thousand five hundred dollars ($7,500) for each intentional violation + and each violation involving the personal information of minor consumers to + the Consumer Privacy Fund within the General Fund of the state. When the agency + determines that no violation has occurred, it shall publish a declaration + so stating. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.55 + ref_id: 1798.199.55-b + description: 'If two or more persons are responsible for any violation or violations, + they shall be jointly and severally liable. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.60 + assessable: false + depth: 1 + ref_id: 1798.199.60 + - urn: urn:intuitem:risk:req_node:ccpa_act:node541 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.60 + description: 'Whenever the agency rejects the decision of an administrative + law judge made pursuant to Section 11517 of the Government Code, the agency + shall state the reasons in writing for rejecting the decision. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.65 + assessable: false + depth: 1 + ref_id: 1798.199.65 + - urn: urn:intuitem:risk:req_node:ccpa_act:node543 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.65 + description: "The agency may subpoena witnesses, compel their attendance and\ + \ testimony, administer oaths and affirmations, take evidence and require\ + \ by subpoena the production of any books, papers, records, or other items\ + \ material to the performance of the agency\u2019s duties or exercise of its\ + \ powers, including, but not limited to, its power to audit a business\u2019\ + \ compliance with this title. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.70 + assessable: false + depth: 1 + ref_id: 1798.199.70 + - urn: urn:intuitem:risk:req_node:ccpa_act:node545 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.70 + description: 'No administrative action brought pursuant to this title alleging + a violation of any of the provisions of this title shall be commenced more + than five years after the date on which the violation occurred. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.70-a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node545 + ref_id: 1798.199.70-a + description: 'The service of the probable cause hearing notice, as required + by Section 1798.199.50, upon the person alleged to have violated this title + shall constitute the commencement of the administrative action. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.70-b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node545 + ref_id: 1798.199.70-b + description: "If the person alleged to have violated this title engages in the\ + \ fraudulent concealment of the person\u2019s acts or identity, the five-year\ + \ period shall be tolled for the period of the concealment. For purposes of\ + \ this subdivision, \u201Cfraudulent concealment\u201D means the person knows\ + \ of material facts related to the person\u2019s duties under this title and\ + \ knowingly conceals them in performing or omitting to perform those duties\ + \ for the purpose of defrauding the public of information to which it is entitled\ + \ under this title. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.70-c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:node545 + ref_id: 1798.199.70-c + description: 'If, upon being ordered by a superior court to produce any documents + sought by a subpoena in any administrative proceeding under this title, the + person alleged to have violated this title fails to produce documents in response + to the order by the date ordered to comply therewith, the five-year period + shall be tolled for the period of the delay from the date of filing of the + motion to compel until the date the documents are produced. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75 + assessable: false + depth: 1 + ref_id: 1798.199.75 + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75 + ref_id: 1798.199.75-a + description: "In addition to any other available remedies, the agency may bring\ + \ a civil action and obtain a judgment in superior court for the purpose of\ + \ collecting any unpaid administrative fines imposed pursuant to this title\ + \ after exhaustion of judicial review of the agency\u2019s action. The action\ + \ may be filed as a small claims, limited civil, or unlimited civil case depending\ + \ on the jurisdictional amount. The venue for this action shall be in the\ + \ county where the administrative fines were imposed by the agency. In order\ + \ to obtain a judgment in a proceeding under this section, the agency shall\ + \ show, following the procedures and rules of evidence as applied in ordinary\ + \ civil actions, all of the following: " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75-a.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75-a + ref_id: 1798.199.75-a.1 + description: 'That the administrative fines were imposed following the procedures + set forth in this title and implementing regulations. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75-a.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75-a + ref_id: 1798.199.75-a.2 + description: 'That the defendant or defendants in the action were notified, + by actual or constructive notice, of the imposition of the administrative + fines. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75-a.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75-a + ref_id: 1798.199.75-a.3 + description: 'That a demand for payment has been made by the agency and full + payment has not been received. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.75 + ref_id: 1798.199.75-b + description: 'A civil action brought pursuant to subdivision (a) shall be commenced + within four years after the date on which the administrative fines were imposed. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80 + assessable: false + depth: 1 + ref_id: 1798.199.80 + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80.a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80 + ref_id: 1798.199.80.a + description: 'If the time for judicial review of a final agency order or decision + has lapsed, or if all means of judicial review of the order or decision have + been exhausted, the agency may apply to the clerk of the court for a judgment + to collect the administrative fines imposed by the order or decision, or the + order as modified in accordance with a decision on judicial review. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80.b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80 + ref_id: 1798.199.80.b + description: 'The application, which shall include a certified copy of the order + or decision, or the order as modified in accordance with a decision on judicial + review, and proof of service of the order or decision, constitutes a sufficient + showing to warrant issuance of the judgment to collect the administrative + fines. The clerk of the court shall enter the judgment immediately in conformity + with the application. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80.c + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80 + ref_id: 1798.199.80.c + description: 'An application made pursuant to this section shall be made to + the clerk of the superior court in the county where the administrative fines + were imposed by the agency. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80.d + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80 + ref_id: 1798.199.80.d + description: 'A judgment entered in accordance with this section has the same + force and effect as, and is subject to all the provisions of law relating + to, a judgment in a civil action and may be enforced in the same manner as + any other judgment of the court in which it is entered. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80.e + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80 + ref_id: 1798.199.80.e + description: 'The agency may bring an application pursuant to this section only + within four years after the date on which all means of judicial review of + the order or decision have been exhausted. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80.f + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.80 + ref_id: 1798.199.80.f + description: 'The remedy available under this section is in addition to those + available under any other law. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.85 + assessable: false + depth: 1 + ref_id: 1798.199.85 + - urn: urn:intuitem:risk:req_node:ccpa_act:node563 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.85 + description: 'Any decision of the agency with respect to a complaint or administrative + fine shall be subject to judicial review in an action brought by an interested + party to the complaint or administrative fine and shall be subject to an abuse + of discretion standard. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90 + assessable: false + depth: 1 + ref_id: 1798.199.90 + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90 + ref_id: 1798.199.90-a + description: 'Any business, service provider, contractor, or other person that + violates this title shall be subject to an injunction and liable for a civil + penalty of not more than two thousand five hundred dollars ($2,500) for each + violation or seven thousand five hundred dollars ($7,500) for each intentional + violation and each violation involving the personal information of minor consumers, + as adjusted pursuant to paragraph (5) of subdivision (a) of Section 1798.185, + which shall be assessed and recovered in a civil action brought in the name + of the people of the State of California by the Attorney General. The court + may consider the good faith cooperation of the business, service provider, + contractor, or other person in determining the amount of the civil penalty. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90 + ref_id: 1798.199.90-b + description: 'Any civil penalty recovered by an action brought by the Attorney + General for a violation of this title, and the proceeds of any settlement + of any said action, shall be deposited in the Consumer Privacy Fund. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90-c + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90 + ref_id: 1798.199.90-c + description: 'The agency shall, upon request by the Attorney General, stay an + administrative action or investigation under this title to permit the Attorney + General to proceed with an investigation or civil action and shall not pursue + an administrative action or investigation, unless the Attorney General subsequently + determines not to pursue an investigation or civil action. The agency may + not limit the authority of the Attorney General to enforce this title. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90-d + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90 + ref_id: 1798.199.90-d + description: 'No civil action may be filed by the Attorney General under this + section for any violation of this title after the agency has issued a decision + pursuant to Section 1798.199.85 or an order pursuant to Section 1798.199.55 + against that person for the same violation. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90-e + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.90 + ref_id: 1798.199.90-e + description: 'This section shall not affect the private right of action provided + for in Section 1798.150. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95 + assessable: false + depth: 1 + ref_id: 1798.199.95 + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95 + ref_id: 1798.199.95-a + description: "There is hereby appropriated from the General Fund of the state\ + \ to the agency the sum of five million dollars ($5,000,000) during the fiscal\ + \ year 2020\u20132021, and the sum of ten million dollars ($10,000,000) adjusted\ + \ for cost-of-living changes, during each fiscal year thereafter, for expenditure\ + \ to support the operations of the agency pursuant to this title. The expenditure\ + \ of funds under this appropriation shall be subject to the normal administrative\ + \ review given to other state appropriations. The Legislature shall appropriate\ + \ those additional amounts to the commission and other agencies as may be\ + \ necessary to carry out the provisions of this title. " + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95 + ref_id: 1798.199.95-b + description: 'The Department of Finance, in preparing the state budget and the + Budget Act bill submitted to the Legislature, shall include an item for the + support of this title that shall indicate all of the following: ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-b.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-b + ref_id: 1798.199.95-b.1 + description: 'The amounts to be appropriated to other agencies to carry out + their duties under this title, which amounts shall be in augmentation of the + support items of those agencies. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-b.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-b + ref_id: 1798.199.95-b.2 + description: 'The additional amounts required to be appropriated by the Legislature + to the agency to carry out the purposes of this title, as provided for in + this section. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-b.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-b + ref_id: 1798.199.95-b.3 + description: 'In parentheses, for informational purposes, the continuing appropriation + during each fiscal year of ten million dollars ($10,000,000), adjusted for + cost-of-living changes made pursuant to this section. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95-c + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.95 + ref_id: 1798.199.95-c + description: 'The Attorney General shall provide staff support to the agency + until the agency has hired its own staff. The Attorney General shall be reimbursed + by the agency for these services. ' + - urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.100 + assessable: false + depth: 1 + ref_id: 1798.199.100 + - urn: urn:intuitem:risk:req_node:ccpa_act:node578 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_act:1798.199.100 + description: 'The agency and any court, as applicable, shall consider the good + faith cooperation of the business, service provider, contractor, or other + person in determining the amount of any administrative fine or civil penalty + for a violation of this title. A business shall not be required by the agency, + a court, or otherwise to pay both an administrative fine and a civil penalty + for the same violation. ' diff --git a/backend/library/libraries/ccpa_regulations.yaml b/backend/library/libraries/ccpa_regulations.yaml new file mode 100644 index 000000000..447258948 --- /dev/null +++ b/backend/library/libraries/ccpa_regulations.yaml @@ -0,0 +1,5521 @@ +urn: urn:intuitem:risk:library:ccpa_regulations +locale: en +ref_id: CCPA Regulations +name: California Consumer Privacy Act Regulations (CCPA) +description: "The California Consumer Privacy Act of 2018 (CCPA) gives consumers more\ + \ control over the personal information that businesses collect about them and the\ + \ CCPA regulations provide guidance on how to implement the law. Effective 1/1/2024\ + \ \u2013 AB 947 and AB 1194 updates\nhttps://cppa.ca.gov/regulations/pdf/cppa_regs.pdf" +copyright: State of California +version: 1 +provider: State of California +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:ccpa_regulations + ref_id: CCPA Regulations + name: California Consumer Privacy Act Regulations (CCPA) + description: "The California Consumer Privacy Act of 2018 (CCPA) gives consumers\ + \ more control over the personal information that businesses collect about them\ + \ and the CCPA regulations provide guidance on how to implement the law. Effective\ + \ 1/1/2024 \u2013 AB 947 and AB 1194 updates\nhttps://cppa.ca.gov/regulations/pdf/cppa_regs.pdf" + requirement_nodes: + - urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + assessable: false + depth: 1 + ref_id: CHAPTER 1 + name: ' CALIFORNIA CONSUMER PRIVACY ACT REGULATIONS' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 1 + name: GENERAL PROVISIONS + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7000 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-1 + ref_id: '7000' + name: Title and Scope. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7000-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7000 + ref_id: 7000-a + description: "This Chapter shall be known as the California Consumer Privacy\ + \ Act Regulations. It may be cited as such and will be referred to in this\ + \ Chapter as \u201Cthese regulations.\u201D These regulations govern compliance\ + \ with the California Consumer Privacy Act and do not limit any other rights\ + \ that consumers may have." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7000-b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7000 + ref_id: 7000-b + description: A violation of these regulations shall constitute a violation of + the CCPA and be subject to the remedies provided for therein. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-1 + ref_id: '7001' + name: Definitions. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7001 + description: 'In addition to the definitions set forth in Civil Code section + 1798.140, for purposes of these regulations:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-a + description: " \u201CAgency\u201D means the California Privacy Protection Agency\ + \ established by Civil Code section 1798.199.10 et seq." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-b + description: "\u201CAlternative Opt-out Link\u201D means the alternative opt-out\ + \ link that a business may provide instead of posting the two separate \u201C\ + Do Not Sell or Share My Personal Information\u201D and \u201CLimit the Use\ + \ of My Sensitive Personal Information\u201D links as set forth in Civil Code\ + \ section 1798.135, subdivision (a)(3), and specified in section 7015." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-c + description: "\u201CAttorney General\u201D means the California Attorney General\ + \ or any officer or employee of the California Department of Justice acting\ + \ under the authority of the California Attorney General." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-d + description: "\u201CAuthorized agent\u201D means a natural person or a business\ + \ entity that a consumer has authorized to act on their behalf subject to\ + \ the requirements set forth in section 7063." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-e + description: "\u201CCategories of sources\u201D means types or groupings of\ + \ persons or entities from which a business collects personal information\ + \ about consumers, described with enough particularity to provide consumers\ + \ with a meaningful understanding of the type of person or entity. They may\ + \ include the consumer directly, advertising networks, internet service providers,\ + \ data analytics providers, government entities, operating systems and platforms,\ + \ social networks, and data brokers." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-f + description: "\u201CCategories of third parties\u201D means types or groupings\ + \ of third parties with whom the business shares personal information, described\ + \ with enough particularity to provide CPPA Page 4 of 67 consumers with\ + \ a meaningful understanding of the type of third party. They may include\ + \ advertising networks, internet service providers, data analytics providers,\ + \ government entities, operating systems and platforms, social networks,\ + \ and data brokers." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-g + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-g + description: "\u201CCCPA\u201D means the California Consumer Privacy Act of\ + \ 2018, Civil Code section 1798.100 et seq." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-h + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-h + description: "\u201CCOPPA\u201D means the Children\u2019s Online Privacy Protection\ + \ Act, 15 U.S.C. sections 6501 to 6506 and 16 Code of Federal Regulations\ + \ part 312." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-i + description: " \u201CDisproportionate effort\u201D within the context of a business,\ + \ service provider, contractor, or third party responding to a consumer request\ + \ means the time and/or resources expended by the business, service provider,\ + \ contractor, or third party to respond to the individualized request significantly\ + \ outweighs the reasonably foreseeable impact to the consumer by not responding,\ + \ taking into account applicable circumstances, such as the size of the business,\ + \ service provider, contractor, or third party, the nature of the request,\ + \ and the technical limitations impacting their ability to respond. For example,\ + \ responding to a consumer request to know may require disproportionate effort\ + \ when the personal information that is the subject of the request is not\ + \ in a searchable or readily-accessible format, is maintained only for legal\ + \ or compliance purposes, is not sold or used for any commercial purpose,\ + \ and there is no reasonably foreseeable material impact to the consumer\ + \ by not responding. By contrast, the impact to the consumer of denying a\ + \ request to correct inaccurate information that the business uses and/or\ + \ sells may outweigh the burden on the business, service provider, contractor,\ + \ or third party in honoring the request when the reasonably foreseeable\ + \ consequence of denying the request would be the denial of services or opportunities\ + \ to the consumer. A business, service provider, contractor, or third party\ + \ that has failed to put in place adequate processes and procedures to receive\ + \ and process consumer requests in accordance with the CCPA and these regulations\ + \ cannot claim that responding to a consumer\u2019s request requires disproportionate\ + \ effort." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-j + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-j + description: "\u201CEmployment benefits\u201D means retirement, health, and\ + \ other benefit programs, services, or products to which consumers and their\ + \ dependents or their beneficiaries receive access through the consumer\u2019\ + s employer." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-k + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-k + description: "\u201CEmployment-related information\u201D means personal information\ + \ that is collected by the business about a natural person for the reasons\ + \ identified in Civil Code section 1798.145, subdivision (m)(1). The collection\ + \ of employment-related information, including for the purpose of administering\ + \ employment benefits, shall be considered a business purpose." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-l + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-l + description: "\u201CFinancial incentive\u201D means a program, benefit, or other\ + \ offering, including payments to consumers, for the collection, retention,\ + \ sale, or sharing of personal information. Price or service differences\ + \ are types of financial incentives." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-m + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-m + description: "\u201CFirst party\u201D means a consumer-facing business with\ + \ which the consumer intends and expects to interact." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-n + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-n + description: "\u201CFrictionless manner\u201D means a business\u2019s processing\ + \ of an opt-out preference signal that complies with the requirements set\ + \ forth in section 7025, subsection (f)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-o + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-o + description: "\u201CInformation practices\u201D means practices regarding the\ + \ collection, use, disclosure, sale, sharing, and retention of personal information" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-p + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-p + description: "\u201CNonbusiness\u201D means a person or entity that does not\ + \ meet the definition of a \u201Cbusiness\u201D as defined in Civil Code\ + \ section 1798.140, subdivision (d). For example, non-profits and government\ + \ entities are nonbusinesses because \u201Cbusiness\u201D is defined, among\ + \ other things, to include only entities \u201Corganized or operated for\ + \ the profit or financial benefit of its shareholders or other owners.\u201D" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-q + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-q + description: "\u201CNotice at Collection\u201D means the notice given by a business\ + \ to a consumer at or before the point at which a business collects personal\ + \ information from the consumer as required by Civil Code section 1798.100,\ + \ subdivisions (a) and (b), and specified in these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-r + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-r + description: "\u201CNotice of Right to Limit\u201D means the notice given by\ + \ a business informing consumers of their right to limit the use or disclosure\ + \ of the consumer\u2019s sensitive personal information as required by Civil\ + \ Code sections 1798.121 and 1798.135 and specified in these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-s + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-s + description: " \u201CNotice of Right to Opt-out of Sale/Sharing\u201D means\ + \ the notice given by a business informing consumers of their right to opt-out\ + \ of the sale or sharing of their personal information as required by Civil\ + \ Code sections 1798.120 and 1798.135 and specified in these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-t + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-t + description: "\u201CNotice of Financial Incentive\u201D means the notice given\ + \ by a business explaining each financial incentive or price or service difference\ + \ as required by Civil Code section 1798.125, subdivision (b), and specified\ + \ in these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-u + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-u + description: "\u201COpt-out preference signal\u201D means a signal that is sent\ + \ by a platform, technology, or mechanism, on behalf of the consumer, that\ + \ communicates the consumer choice to opt- out of the sale and sharing of\ + \ personal information and that complies with the requirements set forth\ + \ in section 7025, subsection (b)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-v + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-v + description: "\u201CPrice or service difference\u201D means (1) any difference\ + \ in the price or rate charged for any goods or services to any consumer related\ + \ to the collection, retention, sale, or sharing of personal information,\ + \ or (2) any difference in the level or quality of any goods or services offered\ + \ to any consumer related to the collection, retention, sale, or sharing of\ + \ personal information, including the denial of goods or services to the consumer." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-w + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-w + description: "\u201CPrivacy policy,\u201D as referred to in Civil Code sections\ + \ 1798.130, subdivision (a)(5), and 1798.135, subdivision (c)(2), means the\ + \ statement that a business shall make available to consumers describing\ + \ the business\u2019s online and offline information practices, and the rights\ + \ of consumers regarding their own personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-x + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-x + description: "\u201CRequest to correct\u201D means a consumer request that a\ + \ business correct inaccurate personal information that it maintains about\ + \ the consumer, pursuant to Civil Code section 1798.106." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-y + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-y + description: "\u201CRequest to delete\u201D means a consumer request that a\ + \ business delete personal information about the consumer that the business\ + \ has collected from the consumer, pursuant to Civil Code section 1798.105." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-z + description: "\u201CRequest to know\u201D means a consumer request that a business\ + \ disclose personal information that it has collected about the consumer\ + \ pursuant to Civil Code sections 1798.110 or 1798.115. It includes a request\ + \ for any or all of the following:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z.1 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z + ref_id: 7001-z.1 + description: Specific pieces of personal information that a business has collected + about the consumer; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z.2 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z + ref_id: 7001-z.2 + description: Categories of personal information it has collected about the consumer; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z.3 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z + ref_id: 7001-z.3 + description: Categories of sources from which the personal information is collected; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z.4 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z + ref_id: 7001-z.4 + description: Categories of personal information that the business sold or disclosed + for a business purpose about the consumer; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z.5 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z + ref_id: 7001-z.5 + description: Categories of third parties to whom the personal information was + sold or disclosed for a business purpose; and + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z.6 + assessable: false + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-z + ref_id: 7001-z.6 + description: The business or commercial purpose for collecting or selling personal + information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-aa + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-aa + description: "\u201CRequest to limit\u201D means a consumer request that a business\ + \ limit the use and disclosure of the consumer\u2019s sensitive personal\ + \ information, pursuant to Civil Code section 1798.121, subdivision (a)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-bb + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-bb + description: "\u201CRequest to opt-in to sale/sharing\u201D means an action\ + \ demonstrating that the consumer has consented to the business\u2019s sale\ + \ or sharing of personal information about the consumer by a parent or guardian\ + \ of a consumer less than 13 years of age or by a consumer at least 13 years\ + \ of age." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-cc + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-cc + description: "\u201CRequest to opt-out of sale/sharing\u201D means a consumer\ + \ request that a business neither sell nor share the consumer\u2019s personal\ + \ information to third parties, pursuant to Civil Code section 1798.120,\ + \ subdivision (a)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-dd + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-dd + description: "\u201CRight to correct\u201D means the consumer\u2019s right to\ + \ request that a business correct inaccurate personal information that it\ + \ maintains about the consumer as set forth in Civil Code section 1798.106." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-ee + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-ee + description: "\u201CRight to delete\u201D means the consumer\u2019s right to\ + \ request that a business delete any personal information about the consumer\ + \ that the business has collected from the consumer as set forth in Civil\ + \ Code section 1798.105." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-ff + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-ff + description: "\u201CRight to know\u201D means the consumer\u2019s right to request\ + \ that a business disclose personal information that it has collected, sold,\ + \ or shared about the consumer as set forth in Civil Code sections 1798.110\ + \ and 1798.115." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-gg + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-gg + description: "\u201CRight to limit\u201D means the consumer\u2019s right to\ + \ request that a business limit the use and disclosure of a consumer\u2019\ + s sensitive personal information as set forth in Civil Code section 1798.121." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-hh + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-hh + description: "\u201CRight to opt-out of sale/sharing\u201D means the consumer\u2019\ + s right to direct a business that sells or shares personal information about\ + \ the consumer to third parties to stop doing so as set forth in Civil Code\ + \ section 1798.120." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-ii + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-ii + description: "\u201CSigned\u201D means that the written attestation, declaration,\ + \ or permission has either been physically signed or provided electronically\ + \ in accordance with the Uniform Electronic Transactions Act, Civil Code\ + \ section 1633.1 et seq." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-jj + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-jj + description: "\u201CThird-party identity verification service\u201D means a\ + \ security process offered by an independent third party that verifies the\ + \ identity of the consumer making a request to the business. Third-party\ + \ identity verification services are subject to the requirements set forth\ + \ in Article 5 regarding requests to delete, requests to correct, or requests\ + \ to know." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-kk + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-kk + description: "\u201CUnstructured\u201D as it relates to personal information\ + \ means personal information that is not organized in a pre-defined manner\ + \ and could not be retrieved or organized in a pre-defined manner without\ + \ disproportionate effort on behalf of the business, service provider, contractor,\ + \ or third party." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-ll + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-ll + description: "\u201CValue of the consumer\u2019s data\u201D means the value\ + \ provided to the business by the consumer\u2019s data as calculated under\ + \ section 7081." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7001-mm + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node8 + ref_id: 7001-mm + description: "\u201CVerify\u201D means to determine that the consumer making\ + \ a request to delete, request to correct, or request to know is the consumer\ + \ about whom the business has collected information, or if that consumer\ + \ is less than 13 years of age, the consumer\u2019s parent or legal guardian." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-1 + ref_id: '7002' + name: Restrictions on the Collection and Use of Personal Information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002 + ref_id: 7002-a + description: "In accordance with Civil Code section 1798.100, subdivision (c),\ + \ a business\u2019s collection, use, retention, and/or sharing of a consumer\u2019\ + s personal information shall be reasonably necessary and proportionate to\ + \ achieve:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-a + ref_id: 7002-a.1 + description: The purpose(s) for which the personal information was collected + or processed, which shall comply with the requirements set forth in subsection + (b); or + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-a + ref_id: 7002-a.2 + description: Another disclosed purpose that is compatible with the context in + which the personal information was collected, which shall comply with the + requirements set forth in subsection (c). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002 + ref_id: 7002-b + description: "The purpose(s) for which the personal information was collected\ + \ or processed shall be consistent with the reasonable expectations of the\ + \ consumer(s) whose personal information is collected or processed. The consumer\u2019\ + s (or consumers\u2019) reasonable expectations concerning the purpose for\ + \ which their personal information will be collected or processed shall be\ + \ based on the following:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b + ref_id: 7002-b.1 + description: "The relationship between the consumer(s) and the business. For\ + \ example, if the consumer is intentionally interacting with the business\ + \ on its website to purchase a good or service, the consumer likely expects\ + \ that the purpose for collecting or processing the personal information\ + \ is to provide that good or service. By contrast, for example, the consumer\ + \ of a business\u2019s mobile flashlight application would not expect the\ + \ business to collect the consumer\u2019s geolocation information to provide\ + \ the flashlight service." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b + ref_id: 7002-b.2 + description: "The type, nature, and amount of personal information that the\ + \ business seeks to collect or process. For example, if a business\u2019\ + s mobile communication application requests access to the consumer\u2019\ + s contact list in order to call a specific individual, the consumer who is\ + \ providing their contact list likely expects that the purpose of the business\u2019\ + s use of that contact list will be to connect the consumer with the specific\ + \ contact they selected. Similarly, if a business collects the consumer\u2019\ + s fingerprint in connection with setting up the security feature of unlocking\ + \ the device using the fingerprint, the consumer likely expects that the\ + \ business\u2019s use of the consumer\u2019s fingerprint is only for the\ + \ purpose of unlocking their mobile device." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b + ref_id: 7002-b.3 + description: "The source of the personal information and the business\u2019\ + s method for collecting or processing it. For example, if the consumer is\ + \ providing their personal information directly to the business while using\ + \ the business\u2019s product or service, the consumer likely expects that\ + \ the business will use the personal information to provide that product\ + \ or service. However, the consumer may not expect that the business will\ + \ use that same personal information for a different product or service offered\ + \ by the business or the business\u2019s subsidiary." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b + ref_id: 7002-b.4 + description: "The specificity, explicitness, prominence, and clarity of disclosures\ + \ to the consumer(s) about the purpose for collecting or processing their\ + \ personal information, such as in the Notice at Collection and in the marketing\ + \ materials to the consumer(s) about the business\u2019s good or service.\ + \ For example, the consumer who receives a pop-up notice that the business\ + \ wants to collect the consumer\u2019s phone number to verify their identity\ + \ when they log in likely expects that the business will use their phone number\ + \ for the purpose of verifying the consumer\u2019s identity and not for marketing\ + \ purposes. Similarly, the consumer may expect that a mobile application\ + \ that markets itself as a service that finds gas prices near the consumer\u2019\ + s location will collect and use the consumer\u2019s geolocation information\ + \ for that specific purpose when they are using the service" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-b + ref_id: 7002-b.5 + description: "The degree to which the involvement of service providers, contractors,\ + \ third parties, or other entities in the collecting or processing of personal\ + \ information is apparent to CPPA Page 9 of 67 the consumer(s). For example,\ + \ the consumer likely expects an online retailer\u2019s disclosure of the\ + \ consumer\u2019s name and address to a delivery service provider in order\ + \ for that service provider to deliver a purchased product, because that\ + \ service provider\u2019s involvement is apparent to the consumer. By contrast,\ + \ the consumer may not expect the disclosure of personal information to a\ + \ service provider if the consumer is not directly interacting with the service\ + \ provider or the service provider\u2019s role in the processing is not apparent\ + \ to the consumer." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002 + ref_id: 7002-c + description: 'Whether another disclosed purpose is compatible with the context + in which the personal information was collected shall be based on the following:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-c.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-c + ref_id: 7002-c.1 + description: At the time of collection of the personal information, the reasonable + expectations of the consumer(s) whose personal information is collected or + processed concerning the purpose for which their personal information will + be collected or processed, based on the factors set forth in subsection (b). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-c.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-c + ref_id: 7002-c.2 + description: "The other disclosed purpose for which the business seeks to further\ + \ collect or process the consumer\u2019s personal information, including\ + \ whether it is a business purpose listed in Civil Code section 1798.140,\ + \ subdivisions (e)(1) through (e)(8)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-c.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-c + ref_id: 7002-c.3 + description: "The strength of the link between subsection (c)(1) and subsection\ + \ (c)(2). For example, a strong link exists between the consumer\u2019s reasonable\ + \ expectations that the personal information will be used to provide them\ + \ with a requested service at the time of collection, and the use of the\ + \ information to repair errors that impair the intended functionality of\ + \ that requested service. This would weigh in favor of compatibility. By\ + \ contrast, for example, a weak link exists between the consumer\u2019s reasonable\ + \ expectations that the personal information will be collected to provide\ + \ a requested cloud storage service at the time of collection, and the use\ + \ of the information to research and develop an unrelated facial recognition\ + \ service." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002 + ref_id: 7002-d + description: "For each purpose identified in compliance with subsection (a)(1)\ + \ or (a)(2), the collection, use, retention, and/or sharing of a consumer\u2019\ + s personal information to achieve that purpose shall be reasonably necessary\ + \ and proportionate. The business\u2019s collection, use, retention, and/or\ + \ sharing of a consumer\u2019s personal information shall also be reasonably\ + \ necessary and proportionate to achieve any purpose for which the business\ + \ obtains the consumer\u2019s consent in compliance with subsection (e).\ + \ Whether a business\u2019s collection, use, retention, and/or sharing of\ + \ a consumer\u2019s personal information is reasonably necessary and proportionate\ + \ to achieve the purpose identified in compliance with subsection (a)(1)\ + \ or (a)(2), or any purpose for which the business obtains consent, shall\ + \ be based on the following:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-d.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-d + ref_id: 7002-d.1 + description: "The minimum personal information that is necessary to achieve\ + \ the purpose identified in compliance with subsection (a)(1) or (a)(2),\ + \ or any purpose for which the business obtains consent. For example, to\ + \ complete an online purchase and send an email confirmation of the purchase\ + \ to the consumer, an online retailer may need the consumer\u2019s order\ + \ information, payment and shipping information, and email address." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-d.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-d + ref_id: 7002-d.2 + description: "The possible negative impacts on consumers posed by the business\u2019\ + s collection or processing of the personal information. For example, a possible\ + \ negative impact of collecting precise geolocation information is that it\ + \ may reveal other sensitive personal information about the consumer, such\ + \ as health information based on visits to healthcare providers." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-d.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-d + ref_id: 7002-d.3 + description: The existence of additional safeguards for the personal information + to specifically address the possible negative impacts on consumers considered + by the business in subsection (d)(2). For example, a business may consider + encryption or automatic deletion of personal information within a specific + window of time as potential safeguards + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002 + ref_id: 7002-e + description: "A business shall obtain the consumer\u2019s consent in accordance\ + \ with section 7004 before collecting or processing personal information\ + \ for any purpose that does not meet the requirements set forth in subsection\ + \ (a)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7002-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7002 + ref_id: 7002-f + description: A business shall not collect categories of personal information + other than those disclosed in its Notice at Collection in accordance with + the CCPA and section 7012. If the business intends to collect additional + categories of personal information or intends to use the personal information + for additional purposes that are incompatible with the disclosed purpose + for which the personal information was collected, the business shall provide + a new Notice at Collection. However, any additional collecting or processing + of personal information shall comply with subsection (a). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7003 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-1 + ref_id: '7003' + name: Requirements for Disclosures and Communications to Consumers + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7003 + ref_id: 7003-a + description: Disclosures and communications to consumers shall be easy to read + and understandable to consumers. For example, they shall use plain, straightforward + language and avoid technical or legal jargon. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7003 + ref_id: 7003-b + description: 'Disclosures required under Article 2 shall also:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-b.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-b + ref_id: 7003-b.1 + description: Use a format that makes the disclosure readable, including on smaller + screens, if applicable. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-b.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-b + ref_id: 7003-b.2 + description: Be available in the languages in which the business in its ordinary + course provides contracts, disclaimers, sale announcements, and other information + to consumers in California. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-b.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-b + ref_id: 7003-b.3 + description: Be reasonably accessible to consumers with disabilities. For notices + provided online, the business shall follow generally recognized industry + standards, such as the Web Content Accessibility Guidelines, version 2.1 + of June 5, 2018, from the World Wide Web Consortium, incorporated herein + by reference. In other contexts, the business shall provide information on + how a consumer with a disability may access the policy in an alternative + format. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7003 + ref_id: 7003-c + description: For websites, a conspicuous link required under the CCPA or these + regulations shall appear in a similar manner as other similarly-posted links + used by the business on its homepage(s). For example, the business shall + use a font size and color that is at least the approximate size or color + as other links next to it that are used by the business on its homepage(s). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7003-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7003 + ref_id: 7003-d + description: "For mobile applications, a conspicuous link shall be included\ + \ in the business\u2019s privacy policy, which must be accessible through\ + \ the mobile application\u2019s platform page or download page. It may also\ + \ be accessible through a link within the application, such as through the\ + \ application\u2019s settings menu." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-1 + ref_id: '7004' + name: Requirements for Methods for Submitting CCPA Requests and Obtaining Consumer Consent + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004 + ref_id: 7004-a + description: Except as expressly allowed by the CCPA and these regulations, + businesses shall design and implement methods for submitting CCPA requests + and obtaining consumer consent that incorporate the following principles. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a + ref_id: 7004-a.1 + description: Easy to understand. The methods shall use language that is easy + for consumers to read and understand. When applicable, they shall comply + with the requirements for disclosures to consumers set forth in section 7003. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a + ref_id: 7004-a.2 + description: "Symmetry in choice. The path for a consumer to exercise a more\ + \ privacy-protective option shall not be longer or more difficult or time-consuming\ + \ than the path to exercise a less privacy-protective option because that\ + \ would impair or interfere with the consumer\u2019s ability to make a choice.\ + \ Illustrative examples follow." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.2.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.2 + ref_id: 7004-a.2.A + description: "It is not symmetrical when a business\u2019s process for submitting\ + \ a request to opt- out of sale/sharing requires more steps than that business\u2019\ + s process for a consumer to opt-in to the sale of personal information after\ + \ having previously opted out. The number of steps for submitting a request\ + \ to opt-out of sale/sharing is measured from when the consumer clicks on\ + \ the \u201CDo Not Sell or Share My Personal Information\u201D link to completion\ + \ of the request. The number of steps for submitting a request to opt-in\ + \ to the sale of personal information is measured from the first indication\ + \ by the consumer to the business of their interest to opt-in to completion\ + \ of the request." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.2.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.2 + ref_id: 7004-a.2.B + description: "A choice to opt-in to the sale of personal information that provides\ + \ only the two options, \u201CYes\u201D and \u201CAsk me later,\u201D is\ + \ not equal or symmetrical because there is no option to decline the opt-in.\ + \ \u201CAsk me later\u201D implies that the consumer has not declined but\ + \ delayed the decision and that the business will continue to ask the consumer\ + \ to opt-in. Framing the consumer\u2019s options in this manner impairs the\ + \ CPPA Page 12 of 67 consumer\u2019s ability to make a choice. An equal\ + \ or symmetrical choice could be between \u201CYes\u201D and \u201CNo.\u201D" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.2.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.2 + ref_id: 7004-a.2.C + description: "A website banner that provides only the two options, \u201CAccept\ + \ All\u201D and \u201CMore Information,\u201D or, \u201CAccept All\u201D\ + \ and \u201CPreferences,\u201D when seeking the consumer\u2019s consent to\ + \ use their personal information is not equal or symmetrical because the\ + \ method allows the consumer to \u201CAccept All\u201D in one step, but requires\ + \ the consumer to take additional steps to exercise their rights over their\ + \ personal information. Framing the consumer\u2019s options in this manner\ + \ impairs the consumer\u2019s ability to make a choice. An equal or symmetrical\ + \ choice could be between \u201CAccept All\u201D and \u201CDecline All.\u201D" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a + ref_id: 7004-a.3 + description: "Avoid language or interactive elements that are confusing to the\ + \ consumer. The methods should not use double negatives. Toggles or buttons\ + \ must clearly indicate the consumer\u2019s choice. Illustrative examples\ + \ follow." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.3.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.3 + ref_id: 7004-a.3.A + description: "Giving the choice of \u201CYes\u201D or \u201CNo\u201D next to\ + \ the statement \u201CDo Not Sell or Share My Personal Information\u201D\ + \ is a double negative and a confusing choice for a consumer." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.3.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.3 + ref_id: 7004-a.3.B + description: "Toggles or buttons that state \u201Con\u201D or \u201Coff\u201D\ + \ may be confusing to a consumer and may require further clarifying language." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.3.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.3 + ref_id: 7004-a.3.C + description: "Unintuitive placement of buttons to confirm a consumer\u2019s\ + \ choice may be confusing to the consumer. For example, it is confusing to\ + \ the consumer when a business at first consistently offers choices in the\ + \ order of \u201CYes,\u201D then \u201CNo,\u201D but then offers choices\ + \ in the opposite order\u2014 \u201CNo,\u201D then \u201CYes\u201D \u2014\ + when asking the consumer something that would contravene the consumer\u2019\ + s expectation." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a + ref_id: 7004-a.4 + description: "Avoid choice architecture that impairs or interferes with the\ + \ consumer\u2019s ability to make a choice. Businesses should also not design\ + \ their methods in a manner that would impair the consumer\u2019s ability\ + \ to exercise their choice because consent must be freely given, specific,\ + \ informed, and unambiguous. Illustrative examples follow." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.4.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.4 + ref_id: 7004-a.4.A + description: "Requiring the consumer to click through disruptive screens before\ + \ they are able to submit a request to opt-out of sale/sharing is a choice\ + \ architecture that impairs or interferes with the consumer\u2019s ability\ + \ to exercise their choice" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.4.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.4 + ref_id: 7004-a.4.B + description: "Bundling choices so that the consumer is only offered the option\ + \ to consent to using personal information for purposes that meet the requirements\ + \ set forth in section 7002, subsection (a), together with purposes that\ + \ are incompatible with the context in which the personal information was\ + \ collected is a choice architecture that impairs or interferes with the\ + \ consumer\u2019s ability to make a choice. For example, a business that\ + \ provides a location-based service, such as a mobile application that finds\ + \ gas prices near the consumer\u2019s location, shall not CPPA Page 13 of\ + \ 67 require the consumer to consent to incompatible uses (e.g., sale of\ + \ the consumer\u2019s geolocation to data brokers) together with a reasonably\ + \ necessary and proportionate use of geolocation information for providing\ + \ the location- based services, which does not require consent. This type\ + \ of choice architecture does not allow consent to be freely given, specific,\ + \ informed, or unambiguous because it requires the consumer to consent to\ + \ incompatible uses in order to obtain the expected service. The business\ + \ should provide the consumer a separate option to consent to the business\u2019\ + s use of personal information that does not meet the requirements set forth\ + \ in section 7002, subsection (a)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a + ref_id: 7004-a.5 + description: "Easy to execute. The business shall not add unnecessary burden\ + \ or friction to the process by which the consumer submits a CCPA request.\ + \ Methods should be tested to ensure that they are functional and do not\ + \ undermine the consumer\u2019s choice to submit the request. Illustrative\ + \ examples follow." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.5.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.5 + ref_id: 7004-a.5.A + description: "Upon clicking the \u201CDo Not Sell or Share My Personal Information\u201D\ + \ link, the business shall not require the consumer to search or scroll through\ + \ the text of a privacy policy or similar document or webpage to locate the\ + \ mechanism for submitting a request to opt-out of sale/sharing." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.5.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.5 + ref_id: 7004-a.5.B + description: A business that knows of, but does not remedy, circular or broken + links, or nonfunctional email addresses, such as inboxes that are not monitored + or have aggressive filters that screen emails from the public, may be in + violation of this regulation. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.5.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-a.5 + ref_id: 7004-a.5.C + description: Businesses that require the consumer to unnecessarily wait on a + webpage as the business processes the request may be in violation of this + regulation. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004 + ref_id: 7004-b + description: "A method that does not comply with subsection (a) may be considered\ + \ a dark pattern. Any agreement obtained through the use of dark patterns\ + \ shall not constitute consumer consent. For example, a business that uses\ + \ dark patterns to obtain consent from a consumer to sell their personal\ + \ information shall be in the position of never having obtained the consumer\u2019\ + s consent to do so." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7004-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7004 + ref_id: 7004-c + description: "A user interface is a dark pattern if the interface has the effect\ + \ of substantially subverting or impairing user autonomy, decisionmaking,\ + \ or choice. A business\u2019s intent in designing the interface is not determinative\ + \ in whether the user interface is a dark pattern, but a factor to be considered.\ + \ If a business did not intend to design the user interface to subvert or\ + \ impair user choice, but the business knows of and does not remedy a user\ + \ interface that has that effect, the user interface may still be a dark\ + \ pattern. Similarly, a business\u2019s deliberate ignorance of the effect\ + \ of its user interface may also weigh in favor of establishing a dark pattern." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 2 + name: REQUIRED DISCLOSURES TO CONSUMERS + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7010 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-2 + ref_id: '7010' + name: Overview of Required Disclosures. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7010-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7010 + ref_id: 7010-a + description: Every business that must comply with the CCPA and these regulations + shall provide a privacy policy in accordance with the CCPA and section 7011. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7010-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7010 + ref_id: 7010-b + description: "A business that controls the collection of a consumer\u2019s personal\ + \ information from a consumer shall provide a Notice at Collection in accordance\ + \ with the CCPA and section 7012." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7010-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7010 + ref_id: 7010-c + description: Except as set forth in section 7025, subsection (g), a business + that sells or shares personal information shall provide a Notice of Right + to Opt-out of Sale/Sharing or the Alternative Opt-out Link in accordance + with the CCPA and sections 7013 and 7015. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7010-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7010 + ref_id: 7010-d + description: "A business that uses or discloses a consumer\u2019s sensitive\ + \ personal information for purposes other than those specified in section\ + \ 7027, subsection (m), shall provide a Notice of Right to Limit or the Alternative\ + \ Opt-out Link in accordance with the CCPA and sections 7014 and 7015." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7010-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7010 + ref_id: 7010-e + description: A business that offers a financial incentive or price or service + difference shall provide a Notice of Financial Incentive in accordance with + the CCPA and section 7016. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-2 + ref_id: '7011' + name: Privacy Policy. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011 + ref_id: 7011-a + description: "The purpose of the privacy policy is to provide consumers with\ + \ a comprehensive description of a business\u2019s online and offline information\ + \ practices. It shall also inform consumers about the rights they have regarding\ + \ their personal information and provide any information necessary for them\ + \ to exercise those rights." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011 + ref_id: 7011-b + description: The privacy policy shall comply with section 7003, subsections + (a) and (b). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011 + ref_id: 7011-c + description: The privacy policy shall be available in a format that allows a + consumer to print it out as a document. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011 + ref_id: 7011-d + description: "The privacy policy shall be posted online and accessible through\ + \ a conspicuous link that complies with section 7003, subsections (c) and\ + \ (d), using the word \u201Cprivacy\u201D on the business\u2019s website\ + \ homepage(s) or on the download or landing page of a mobile application.\ + \ If the business has a California-specific description of consumers\u2019\ + \ privacy rights on its website, then the privacy policy shall be included\ + \ in that description. A business that CPPA Page 15 of 67 does not operate\ + \ a website shall make the privacy policy conspicuously available to consumers.\ + \ A mobile application may include a link to the privacy policy in the application\u2019\ + s settings menu." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011 + ref_id: 7011-e + description: 'The privacy policy shall include the following information:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e + ref_id: 7011-e.1 + description: "A comprehensive description of the business\u2019s online and\ + \ offline information practices, which includes the following:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.A + description: Identification of the categories of personal information the business + has collected about consumers in the preceding 12 months. The categories + shall be described using the specific terms set forth in Civil Code section + 1798.140, subdivisions (v)(1)(A) to (K) and (ae)(1) to (2). To the extent + that the business has discretion in its description, the business shall describe + the category in a manner that provides consumers a meaningful understanding + of the information being collected + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.B + description: Identification of the categories of sources from which the personal + information is collected. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.C + description: ' Identification of the specific business or commercial purpose + for collecting personal information from consumers. The purpose shall be + described in a manner that provides consumers a meaningful understanding + of why the information is collected.' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.D + description: "Identification of the categories of personal information, if any,\ + \ that the business has sold or shared to third parties in the preceding\ + \ 12 months. If the business has not sold or shared consumers\u2019 personal\ + \ information in the preceding 12 months, the business shall disclose that\ + \ fact." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.e + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.E + description: For each category of personal information identified in subsection + (e)(1)(D), the categories of third parties to whom the information was sold + or shared. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.f + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.F + description: "Identification of the specific business or commercial purpose\ + \ for selling or sharing consumers\u2019 personal information. The purpose\ + \ shall be described in a manner that provides consumers a meaningful understanding\ + \ of why the information is sold or shared." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.g + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.G + description: A statement regarding whether the business has actual knowledge + that it sells or shares the personal information of consumers under 16 years + of age. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.h + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.H + description: "Identification of the categories of personal information, if any,\ + \ that the business has disclosed for a business purpose to third parties\ + \ in the preceding 12 months. If the business has not disclosed consumers\u2019\ + \ personal information for a business purpose in the preceding 12 months,\ + \ the business shall disclose that fact." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.i + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.I + description: For each category of personal information identified in subsection + (e)(1)(H), the categories of third parties to whom the information was disclosed. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.j + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.J + description: "Identification of the specific business or commercial purpose\ + \ for disclosing the consumer\u2019s personal information. The purpose shall\ + \ be described in a manner that provides consumers a meaningful understanding\ + \ of why the information is disclosed." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1.k + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.1 + ref_id: 7011-e.1.K + description: A statement regarding whether the business uses or discloses sensitive + personal information for purposes other than those specified in section 7027, + subsection (m). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e + ref_id: 7011-e.2 + description: 'An explanation of the rights that the CCPA confers on consumers + regarding their personal information, which includes all of the following:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2 + ref_id: 7011-e.2.A + description: The right to know what personal information the business has collected + about the consumer, including the categories of personal information, the + categories of sources from which the personal information is collected, the + business or commercial purpose for collecting, selling, or sharing personal + information, the categories of third parties to whom the business discloses + personal information, and the specific pieces of personal information the + business has collected about the consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2 + ref_id: 7011-e.2.B + description: The right to delete personal information that the business has + collected from the consumer, subject to certain exceptions. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2 + ref_id: 7011-e.2.C + description: The right to correct inaccurate personal information that a business + maintains about a consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2 + ref_id: 7011-e.2.D + description: If the business sells or shares personal information, the right + to opt-out of the sale or sharing of their personal information by the business. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2.e + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2 + ref_id: 7011-e.2.E + description: If the business uses or discloses sensitive personal information + for reasons other than those set forth in section 7027, subsection (m), the + right to limit the use or disclosure of sensitive personal information by + the business. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2.f + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.2 + ref_id: 7011-e.2.F + description: "The right not to receive discriminatory treatment by the business\ + \ for the exercise of privacy rights conferred by the CCPA, including an\ + \ employee\u2019s, applicant\u2019s, or independent contractor\u2019s right\ + \ not to be retaliated against for the exercise of their CCPA rights." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e + ref_id: 7011-e.3 + description: 'An explanation of how consumers can exercise their CCPA rights + and what consumers can expect from that process, which includes all of the + following:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.A + description: An explanation of the methods by which the consumer can exercise + their CCPA rights. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.B + description: Instructions for submitting a request under the CCPA, including + any links to an online request form or portal for making such a request, + if offered by the business. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.C + description: If the business sells or shares personal information, and is required + to provide a Notice of Right to Opt-out of Sale/Sharing, the contents of + the Notice of Right to Opt-out of Sale/Sharing or a link to that notice in + accordance with section 7013, subsection (f). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.D + description: If the business uses or discloses sensitive personal information + for purposes other than those specified in section 7027, subsection (m), + and is required to provide a Notice of Right to Limit, the contents of the + Notice of Right to Limit or a link to that notice in accordance with section + 7014, subsection (f). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.e + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.E + description: A general description of the process the business uses to verify + a consumer request to know, request to delete, and request to correct, when + applicable, including any information the consumer must provide. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.f + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.F + description: Explanation of how an opt-out preference signal will be processed + for the consumer (i.e., whether the signal applies to the device, browser, + consumer account, and/or offline sales, and in what circumstances) and how + the consumer can use an opt-out preference signal. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.g + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.G + description: If the business processes opt-out preference signals in a frictionless + manner, information on how consumers can implement opt-out preference signals + for the business to process in a frictionless manner. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.h + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.H + description: "Instructions on how an authorized agent can make a request under\ + \ the CCPA on the consumer\u2019s behalf." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.i + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.I + description: If the business has actual knowledge that it sells the personal + information of consumers under 16 years of age, a description of the processes + required by sections 7070 and 7071. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3.j + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.3 + ref_id: 7011-e.3.J + description: "A contact for questions or concerns about the business\u2019s\ + \ privacy policies and information practices using a method reflecting the\ + \ manner in which the business primarily interacts with the consumer." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e + ref_id: 7011-e.4 + description: Date the privacy policy was last updated. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7011-e + ref_id: 7011-e.5 + description: ' If subject to the data reporting requirements set forth in section + 7102, the information required under section 7102, or a link to that information.' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-2 + ref_id: '7012' + name: Notice at Collection of Personal Information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-a + description: "The purpose of the Notice at Collection is to provide consumers\ + \ with timely notice, at or before the point of collection, about the categories\ + \ of personal information to be collected from them, the purposes for which\ + \ the personal information is collected or used, and whether that information\ + \ is sold or shared, so that consumers have a tool to exercise CPPA Page\ + \ 18 of 67 meaningful control over the business\u2019s use of their personal\ + \ information. For example, upon receiving the Notice at Collection, the\ + \ consumer can use the information in the notice as a tool to choose whether\ + \ to engage with the business, or to direct the business not to sell or share\ + \ their personal information and to limit the use and disclosure of their\ + \ sensitive personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-b + description: The Notice at Collection shall comply with section 7003, subsections + (a) and (b). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-c + description: The Notice at Collection shall be made readily available where + consumers will encounter it at or before the point of collection of any personal + information. Illustrative examples follow. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c + ref_id: 7012-c.1 + description: "When a business collects consumers\u2019 personal information\ + \ online, it may post a conspicuous link to the notice on the introductory\ + \ page of the business\u2019s website and on all webpages where personal\ + \ information is collected." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c + ref_id: 7012-c.2 + description: "When a business collects consumers\u2019 personal information\ + \ through a webform, it may post a conspicuous link to the notice in close\ + \ proximity to the fields in which the consumer inputs their personal information,\ + \ or in close proximity to the button by which the consumer submits their\ + \ personal information to the business." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c + ref_id: 7012-c.3 + description: "When a business collects personal information through a mobile\ + \ application, it may provide a link to the notice on the mobile application\u2019\ + s download page and within the application, such as through the application\u2019\ + s settings menu." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c + ref_id: 7012-c.4 + description: "When a business collects consumers\u2019 personal information\ + \ offline, it may include the notice on printed forms that collect personal\ + \ information, provide the consumer with a paper version of the notice, or\ + \ post prominent signage directing consumers to where the notice can be found\ + \ online." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-c + ref_id: 7012-c.5 + description: When a business collects personal information over the telephone + or in person, it may provide the notice orally. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-d + description: If a business does not give the Notice at Collection to the consumer + at or before the point of collection of their personal information, the business + shall not collect personal information from the consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-e + description: 'A business shall include the following in its Notice at Collection:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e + ref_id: 7012-e.1 + description: A list of the categories of personal information about consumers, + including categories of sensitive personal information, to be collected. + Each category of personal information shall be written in a manner that provides + consumers a meaningful understanding of the information being collected. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e + ref_id: 7012-e.2 + description: The purpose(s) for which the categories of personal information, + including categories of sensitive personal information, are collected and + used. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e + ref_id: 7012-e.3 + description: Whether each category of personal information identified in subsection + (e)(1) is sold or shared. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e + ref_id: 7012-e.4 + description: The length of time the business intends to retain each category + of personal information identified in subsection (e)(1), or if that is not + possible, the criteria used to determine the period of time it will be retained. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e + ref_id: 7012-e.5 + description: If the business sells or shares personal information, the link + to the Notice of Right to Opt-out of Sale/Sharing, or in the case of offline + notices, where the webpage can be found online. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e.6 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-e + ref_id: 7012-e.6 + description: "A link to the business\u2019s privacy policy, or in the case of\ + \ offline notices, where the privacy policy can be found online." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-f + description: "If a business collects personal information from a consumer online,\ + \ the Notice at Collection may be given to the consumer by providing a link\ + \ that takes the consumer directly to the specific section of the business\u2019\ + s privacy policy that contains the information required in subsection (e)(1)\ + \ through (6). Directing the consumer to the beginning of the privacy policy,\ + \ or to another section of the privacy policy that does not contain the required\ + \ information, so that the consumer is required to scroll through other information\ + \ in order to determine the categories of personal information to be collected\ + \ and/or whether the business sells or shares the personal information collected,\ + \ does not satisfy this standard." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-g + description: "Third Parties that Control the Collection of Personal Information.\ + \ This subsection shall not affect the first party\u2019s obligations under\ + \ the CCPA to comply with a consumer\u2019s request to opt-out of sale/sharing." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g + ref_id: 7012-g.1 + description: "For purposes of giving Notice at Collection, more than one business\ + \ may control the collection of a consumer\u2019s personal information, and\ + \ thus, have an obligation to provide a Notice at Collection in accordance\ + \ with the CCPA and these regulations. For example, a first party may allow\ + \ another business, acting as a third party, to control the collection of\ + \ personal information from consumers browsing the first party\u2019s website.\ + \ Both the first party that allows the third parties to collect personal \ + \ information via its website, as well as the third party controlling the\ + \ collection of personal information, shall provide a Notice at Collection.\ + \ The first party and third parties may provide a single Notice at Collection\ + \ that includes the required information about their collective information\ + \ practices." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g + ref_id: 7012-g.2 + description: "A business that, acting as a third party, controls the collection\ + \ of personal information on another business\u2019s physical premises, such\ + \ as in a retail store or in a vehicle, shall provide a Notice at Collection\ + \ in a conspicuous manner at the physical location(s) where it is collecting\ + \ the personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.3 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g + ref_id: 7012-g.3 + description: Illustrative examples follow. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.3.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.3 + ref_id: 7012-g.3.A + description: "Business F allows Business G, a third party ad network, to collect\ + \ consumers\u2019 personal information through Business F\u2019s website.\ + \ Business F may post a conspicuous link to its Notice at Collection on its\ + \ homepage(s). Business G shall provide a Notice at Collection on its homepage(s)\ + \ or include the required information about its information practices in\ + \ Business F\u2019s Notice at Collection." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.3.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.3 + ref_id: 7012-g.3.B + description: "Business H, a coffee shop, allows Business I, a business providing\ + \ Wi-Fi services, to collect personal information from consumers using Business\ + \ I\u2019s services on Business H\u2019s premises. Business H may post conspicuous\ + \ signage at the entrance of the store or at the point-of-sale directing\ + \ consumers to where the Notice at Collection for Business H can be found\ + \ online. In addition, Business I shall post its own Notice at Collection\ + \ on the first webpage or other interface consumers see before connecting\ + \ to the Wi-Fi services offered." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.3.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-g.3 + ref_id: 7012-g.3.C + description: "Business J, a car rental business, allows Business K to collect\ + \ personal information from consumers within the vehicles Business J rents\ + \ to consumers. Business J may give its Notice at Collection to the consumer\ + \ at the point of sale (i.e., at the rental counter) either in writing or\ + \ orally. Business K may provide its own Notice at Collection within the\ + \ vehicle, such as through signage on the vehicle\u2019s dashboard directing\ + \ consumers to where the notice can be found online." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-h + description: "A business that neither collects nor controls the collection of\ + \ personal information directly from the consumer does not need to provide\ + \ a Notice at Collection to the consumer if it neither sells nor shares the\ + \ consumer\u2019s personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7012-i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7012 + ref_id: 7012-i + description: A data broker registered with the Attorney General pursuant to + Civil Code section 1798.99.80 et seq. that collects personal information + from a source other than directly from the consumer does not need to provide + a Notice at Collection to the consumer if it has included in its registration + submission a link to its online privacy policy that includes instructions + on how a consumer can submit a request to opt-out of sale/sharing. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-2 + ref_id: '7013' + name: "Notice of Right to Opt-out of Sale/Sharing and the \u201CDo Not Sell\ + \ or Share My Personal Information\u201D Link." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + ref_id: 7013-a + description: "The purpose of the Notice of Right to Opt-out of Sale/Sharing\ + \ is to inform consumers of their right to direct a business that sells or\ + \ shares their personal information to stop selling or sharing their personal\ + \ information and to provide them with the opportunity to exercise that right.\ + \ The purpose of the \u201CDo Not Sell or Share My Personal Information\u201D\ + \ link is to immediately effectuate the consumer\u2019s right to opt-out\ + \ of sale/sharing, or in the alternative, direct the consumer to the Notice\ + \ of Right to Opt-out of Sale/Sharing. Accordingly, clicking the business\u2019\ + s \u201CDo Not Sell or Share My Personal Information\u201D link will either\ + \ have the immediate effect of opting the consumer out of the sale or sharing\ + \ of personal information or lead the consumer to a webpage where the consumer\ + \ can learn about and make that choice." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + ref_id: 7013-b + description: The Notice of Right to Opt-out of Sale/Sharing shall comply with + section 7003, subsections (a) and (b). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + ref_id: 7013-c + description: "The \u201CDo Not Sell or Share My Personal Information\u201D link\ + \ shall be a conspicuous link that complies with section 7003, subsections\ + \ (c) and (d) and is located at either the header or footer of the business\u2019\ + s internet homepage(s)" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + ref_id: 7013-d + description: "In lieu of posting the \u201CDo Not Sell or Share My Personal\ + \ Information\u201D link, a business may provide the Alternative Opt-out\ + \ Link in accordance with section 7015 or process opt-out preference signals\ + \ in a frictionless manner in accordance with section 7025, subsections (f)\ + \ and (g). The business must still post a Notice of Right to Opt-out of Sale/Sharing\ + \ in accordance with these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + ref_id: 7013-e + description: 'A business that sells or shares the personal information of consumers + shall provide the Notice of Right to Opt-out of Sale/Sharing to consumers + as follows:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e + ref_id: 7013-e.1 + description: "A business shall post the Notice of Right to Opt-out of Sale/Sharing\ + \ on the internet webpage to which the consumer is directed after clicking\ + \ on the \u201CDo Not Sell or Share My Personal Information\u201D link. The\ + \ notice shall include the information specified in subsection (f) or be\ + \ a link that takes the consumer directly to the specific section of the\ + \ business\u2019s privacy policy that contains the same information. If clicking\ + \ on the \u201CDo Not Sell or Share My Personal Information\u201D link immediately\ + \ effectuates the consumer\u2019s right to opt-out of sale/sharing or if\ + \ the business processes opt-out preference signals in a frictionless manner\ + \ and chooses not to post a link, the business shall provide the notice within\ + \ its privacy policy." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e + ref_id: 7013-e.2 + description: A business that does not operate a website shall establish, document, + and comply with another method by which it informs consumers of their right + to opt-out of sale/sharing. That method shall comply with the requirements + set forth in section 7003. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e + ref_id: 7013-e.3 + description: A business shall also provide the notice to opt-out of sale/sharing + in the same manner in which it collects the personal information that it + sells or shares. Illustrative examples follow + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e.3.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e.3 + ref_id: 7013-e.3.A + description: A business that sells or shares personal information that it collects + in the course of interacting with consumers offline, such as in a brick-and-mortar + store, shall provide notice through an offline method, e.g., on the paper + forms that collect the personal information or by posting signage in the + area where the personal information is collected directing consumers to where + the notice can be found online. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e.3.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-e.3 + ref_id: 7013-e.3.B + description: A business that sells or shares personal information that it collects + over the phone shall provide notice orally during the call when the information + is collected. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + ref_id: 7013-f + description: 'A business shall include the following in its Notice of Right + to Opt-out of Sale/Sharing:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-f.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-f + ref_id: 7013-f.1 + description: "A description of the consumer\u2019s right to opt-out of the sale\ + \ or sharing of their personal information by the business; and" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-f.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-f + ref_id: 7013-f.2 + description: Instructions on how the consumer can submit a request to opt-out + of sale/sharing. If notice is provided online, the notice shall include the + interactive form by which the consumer can submit their request to opt-out + of sale/sharing online, as required by section 7026, subsection (a)(1). If + the business does not operate a website, the notice shall explain the offline + method by which the consumer can submit their request to opt-out of sale/sharing. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + ref_id: 7013-g + description: "A business does not need to provide a Notice of Right to Opt-out\ + \ of Sale/Sharing or the \u201CDo Not Sell or Share My Personal Information\u201D\ + \ link if:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-g.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-g + ref_id: 7013-g.1 + description: It does not sell or share personal information; and + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-g.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-g + ref_id: 7013-g.2 + description: It states in its privacy policy that it does not sell or share + personal information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7013-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7013 + ref_id: 7013-h + description: A business shall not sell or share the personal information it + collected during the time the business did not have a Notice of Right to + Opt-out of Sale/Sharing posted unless it obtains the consent of the consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-2 + ref_id: '7014' + name: "Notice of Right to Limit and the \u201CLimit the Use of My Sensitive\ + \ Personal Information\u201D Link." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + ref_id: 7014-a + description: "The purpose of the Notice of Right to Limit is to inform consumers\ + \ of their right to limit a business\u2019s use and disclosure of their sensitive\ + \ personal information and to provide them with the opportunity to exercise\ + \ that right. The purpose of the \u201CLimit the Use of My Sensitive Personal\ + \ Information\u201D link is to immediately effectuate the consumer\u2019s\ + \ right to limit, or in the alternative, direct the consumer to the Notice\ + \ of Right to Limit. Accordingly, clicking the business\u2019s \u201CLimit\ + \ the Use of My Sensitive Personal Information\u201D link will either have\ + \ the immediate effect of limiting the use and disclosure of the consumer\u2019\ + s sensitive personal information or lead the consumer to a webpage where\ + \ the consumer can learn about and make that choice." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + ref_id: 7014-b + description: The Notice of Right to Limit shall comply with section 7003, subsections + (a) and (b). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + ref_id: 7014-c + description: "The \u201CLimit the Use of My Sensitive Personal Information\u201D\ + \ link shall be a conspicuous link that complies with section 7003, subsections\ + \ (c) and (d), and is located at either the header or footer of the business\u2019\ + s internet homepage(s)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + ref_id: 7014-d + description: "In lieu of posting the \u201CLimit the Use of My Sensitive Personal\ + \ Information\u201D link, a business may provide the Alternative Opt-out\ + \ Link in accordance with section 7015. The business shall still post a Notice\ + \ of Right to Limit in accordance with these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + ref_id: 7014-e + description: "A business that uses or discloses a consumer\u2019s sensitive\ + \ personal information for purposes other than those specified in section\ + \ 7027, subsection (m), shall provide the Notice of Right to Limit to consumers\ + \ as follows:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-e.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-e + ref_id: 7014-e.1 + description: "A business shall post the Notice of Right to Limit on the internet\ + \ webpage to which the consumer is directed after clicking on the \u201C\ + Limit the Use of My Sensitive Personal Information\u201D link. The notice\ + \ shall include the information specified in subsection (f) or be a link\ + \ that takes the consumer directly to the specific section of the business\u2019\ + s privacy policy that contains the same information. If clicking on the \u201C\ + Limit the Use of My Sensitive Personal Information\u201D link immediately\ + \ effectuates the consumer\u2019s right to limit, the business shall provide\ + \ the notice within its privacy policy." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-e.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-e + ref_id: 7014-e.2 + description: A business that does not operate a website shall establish, document, + and comply with another method by which it informs consumers of their right + to limit. That method shall comply with the requirements set forth in section + 7003. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-f + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + ref_id: 7014-f + description: 'A business shall include the following in its Notice of Right + to Limit:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-f.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-f + ref_id: 7014-f.1 + description: "A description of the consumer\u2019s right to limit; and" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-f.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-f + ref_id: 7014-f.2 + description: Instructions on how the consumer can submit a request to limit. + If notice is provided online, the notice shall include the interactive form + by which the consumer can submit their request to limit online, as required + by section 7027, subsection (b)(1). If the business does not operate a website, + the notice shall explain the offline method by which the consumer can submit + their request to limit. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + ref_id: 7014-g + description: "A business does not need to provide a Notice of Right to Limit\ + \ or the \u201CLimit the Use of My Sensitive Personal Information\u201D link\ + \ if:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-g.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-g + ref_id: 7014-g.1 + description: It only uses and discloses sensitive personal information that + it collected about the consumer for the purposes specified in section 7027, + subsection (m), and states so in its privacy policy; or + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-g.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-g + ref_id: 7014-g.2 + description: It only collects or processes sensitive personal information without + the purpose of inferring characteristics about a consumer, and states so + in its privacy policy. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7014-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7014 + ref_id: 7014-h + description: A business shall not use or disclose sensitive personal information + it collected during the time the business did not have a Notice of Right + to Limit posted for purposes other than those specified in section 7027, + subsection (m), unless it obtains the consent of the consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7015 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-2 + ref_id: '7015' + name: Alternative Opt-out Link. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7015-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7015 + ref_id: 7015-a + description: "The purpose of the Alternative Opt-out Link is to provide businesses\ + \ the option of providing consumers with a single, clearly-labeled link that\ + \ allows consumers to easily exercise both their right to opt-out of sale/sharing\ + \ and right to limit, instead of posting the two separate \u201CDo Not Sell\ + \ or Share My Personal Information\u201D and \u201CLimit the Use of My Sensitive\ + \ Personal Information\u201D links. The Alternative Opt-out Link shall direct\ + \ the CPPA Page 24 of 67 consumer to a webpage that informs them of both\ + \ their right to opt-out of sale/sharing and right to limit and provides\ + \ them with the opportunity to exercise both rights." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7015-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7015 + ref_id: 7015-b + description: "A business that chooses to use an Alternative Opt-out Link shall\ + \ title the link, \u201CYour Privacy Choices,\u201D or, \u201CYour California\ + \ Privacy Choices,\u201D and shall include the following opt-out icon adjacent\ + \ to the title. The link shall be a conspicuous link that complies with section\ + \ 7003, subsections (c) and (d), and is located at either the header or footer\ + \ of the business\u2019s internet homepage(s). The icon shall be approximately\ + \ the same size as other icons used by the business in the header or footer\ + \ of its webpage" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7015-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7015 + ref_id: 7015-c + description: 'The Alternative Opt-out Link shall direct the consumer to a webpage + that includes the following information:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7015-c.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7015-c + ref_id: 7015-c.1 + description: "A description of the consumer\u2019s right to opt-out of sale/sharing\ + \ and right to limit, which shall comply with section 7003, subsections (a)\ + \ and (b); and" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7015-c.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7015-c + ref_id: 7015-c.2 + description: The interactive form or mechanism by which the consumer can submit + their request to opt-out of sale/sharing and their right to limit online. + The method shall be easy for consumers to execute, shall require minimal + steps, and shall comply with section 7004. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-2 + ref_id: '7016' + name: Notice of Financial Incentive. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016 + ref_id: 7016-a + description: The purpose of the Notice of Financial Incentive is to explain + to the consumer the material terms of a financial incentive or price or service + difference the business is offering so that the consumer may make an informed + decision about whether to participate. A business that does not offer a financial + incentive or price or service difference is not required to provide a Notice + of Financial Incentive. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016 + ref_id: 7016-b + description: The Notice of Financial Incentive shall comply with section 7003, + subsections (a) and (b). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016 + ref_id: 7016-c + description: "The Notice of Financial Incentive shall be readily available where\ + \ consumers will encounter it before opting-in to the financial incentive\ + \ or price or service difference. If the business offers the financial incentive\ + \ or price or service difference online, the notice may be given by providing\ + \ a link that takes the consumer directly to the specific section of a business\u2019\ + s privacy policy that contains the information required in subsection (d)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016 + ref_id: 7016-d + description: 'A business shall include the following in its Notice of Financial + Incentive:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d + ref_id: 7016-d.1 + description: A succinct summary of the financial incentive or price or service + difference offered; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d + ref_id: 7016-d.2 + description: "A description of the material terms of the financial incentive\ + \ or price or service difference, including the categories of personal information\ + \ that are implicated by the financial incentive or price or service difference\ + \ and the value of the consumer\u2019s data;" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d + ref_id: 7016-d.3 + description: How the consumer can opt-in to the financial incentive or price + or service difference; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d + ref_id: 7016-d.4 + description: "A statement of the consumer\u2019s right to withdraw from the\ + \ financial incentive at any time and how the consumer may exercise that\ + \ right; and" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d + ref_id: 7016-d.5 + description: " An explanation of how the price or service difference is reasonably\ + \ related to the value of the consumer\u2019s data, including:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.5.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.5 + ref_id: 7016-d.5.A + description: "A good-faith estimate of the value of the consumer\u2019s data\ + \ that forms the basis for offering the price or service difference; and" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.5.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7016-d.5 + ref_id: 7016-d.5.B + description: " A description of the method(s) the business used to calculate\ + \ the value of the consumer\u2019s data." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 3 + name: BUSINESS PRACTICES FOR HANDLING CONSUMER REQUESTS + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7020 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7020' + name: Methods for Submitting Requests to Delete, Requests to Correct, and Requests + to Know + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7020 + ref_id: 7020-a + description: A business that operates exclusively online and has a direct relationship + with a consumer from whom it collects personal information shall only be + required to provide an email address for submitting requests to delete, requests + to correct, and requests to know. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7020 + ref_id: 7020-b + description: A business that does not fit the description in subsection (a) + shall provide two or more designated methods for submitting requests to delete, + requests to correct, and requests to know. One of those methods must be a + toll-free telephone number. If the business maintains an internet website, + one of the methods for submitting these requests shall be through its website, + such as through a webform. Other methods for submitting requests to delete, + requests to correct, and requests to know may include, but are not limited + to, a designated email address, a form submitted in person, and a form submitted + through the mail + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7020 + ref_id: 7020-c + description: "A business shall consider the methods by which it primarily interacts\ + \ with consumers when determining which methods to provide for submitting\ + \ requests to delete, requests to correct, and requests to know. If the business\ + \ interacts with consumers in person, the business shall consider providing\ + \ an in-person method such as a printed form the consumer can directly submit\ + \ or send by mail, a tablet or computer portal that allows the CPPA Page\ + \ 26 of 67 consumer to complete and submit an online form, or a telephone\ + \ with which the consumer can call the business\u2019s toll-free number" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7020 + ref_id: 7020-d + description: A business may use a two-step process for online requests to delete + where the consumer must first, submit the request to delete and then second, + separately confirm that they want their personal information deleted provided + that the business otherwise complies with section 7004 + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7020 + ref_id: 7020-e + description: 'If a consumer submits a request in a manner that is not one of + the designated methods of submission, or is deficient in some manner unrelated + to the verification process, the business shall either:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-e.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-e + ref_id: 7020-e.1 + description: "Treat the request as if it had been submitted in accordance with\ + \ the business\u2019s designated manner, or" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-e.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7020-e + ref_id: 7020-e.2 + description: Provide the consumer with information on how to submit the request + or remedy any deficiencies with the request, if applicable. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7021 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7021' + name: Timelines for Responding to Requests to Delete, Requests to Correct, and + Requests to Know. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7021-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7021 + ref_id: 7021-a + description: "No later than 10 business days after receiving a request to delete,\ + \ request to correct, or request to know, a business shall confirm receipt\ + \ of the request and provide information about how the business will process\ + \ the request. The information provided shall describe in general the business\u2019\ + s verification process and when the consumer should expect a response, except\ + \ in instances where the business has already granted or denied the request.\ + \ The confirmation may be given in the same manner in which the request was\ + \ received. For example, if the request is made over the phone, the confirmation\ + \ may be given orally during the phone call." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7021-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7021 + ref_id: 7021-b + description: "Businesses shall respond to a request to delete, request to correct,\ + \ and request to know no later than 45 calendar days after receipt of the\ + \ request. The 45-day period will begin on the day that the business receives\ + \ the request, regardless of time required to verify the request. If the\ + \ business cannot verify the consumer within the 45-day time period, the \ + \ business may deny the request. If necessary, businesses may take up to an\ + \ additional 45 calendar days to respond to the consumer\u2019s request,\ + \ for a maximum total of 90 calendar days from the day the request is received,\ + \ provided that the business provides the consumer with notice and an explanation\ + \ of the reason that the business will take more than 45 days to respond\ + \ to the request." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7022' + name: ' Requests to Delete' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + ref_id: 7022-a + description: For requests to delete, if a business cannot verify the identity + of the requestor pursuant to the regulations set forth in Article 5, the + business may deny the request to delete. The business shall inform the requestor + that their identity cannot be verified. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + ref_id: 7022-b + description: "A business shall comply with a consumer\u2019s request to delete\ + \ their personal information by:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-b.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-b + ref_id: 7022-b.1 + description: Permanently and completely erasing the personal information from + its existing systems except archived or backup systems, deidentifying the + personal information, or aggregating the consumer information; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-b.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-b + ref_id: 7022-b.2 + description: "Notifying the business\u2019s service providers or contractors\ + \ of the need to delete from their records the consumer\u2019s personal information\ + \ that they collected pursuant to their written contract with the business,\ + \ or if enabled to do so by the service provider or contractor, the business\ + \ shall delete the personal information that the service provider or contractor\ + \ collected pursuant to their written contract with the business; and" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-b.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-b + ref_id: 7022-b.3 + description: "Notifying all third parties to whom the business has sold or shared\ + \ the personal information of the need to delete the consumer\u2019s personal\ + \ information unless this proves impossible or involves disproportionate\ + \ effort. If a business claims that notifying some or all third parties would\ + \ be impossible or would involve disproportionate effort, the business shall\ + \ provide the consumer a detailed explanation that includes enough facts\ + \ to give a consumer a meaningful understanding as to why the business cannot\ + \ notify all third parties. The business shall not simply state that notifying\ + \ all third parties is impossible or would require disproportionate effort." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + ref_id: 7022-c + description: A service provider or contractor shall, with respect to personal + information that they collected pursuant to their written contract with the + business and upon notification by the business, cooperate with the business + in responding to a request to delete by doing all of the following + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c + ref_id: 7022-c.1 + description: Permanently and completely erasing the personal information from + its existing systems except archived or backup systems, deidentifying the + personal information, aggregating the consumer information, or enabling the + business to do so. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c + ref_id: 7022-c.2 + description: "To the extent that an exception applies to the deletion of personal\ + \ information, deleting or enabling the business to delete the consumer\u2019\ + s personal information that is not subject to the exception and refraining\ + \ from using the consumer\u2019s personal information retained for any purpose\ + \ other than the purpose provided for by that exception" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c + ref_id: 7022-c.3 + description: "Notifying any of its own service providers or contractors of the\ + \ need to delete from their records in the same manner the consumer\u2019\ + s personal information that they collected pursuant to their written contract\ + \ with the service provider or contractor." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-c + ref_id: 7022-c.4 + description: "Notifying any other service providers, contractors, or third parties\ + \ that may have accessed personal information from or through the service\ + \ provider or contractor, unless the information was accessed at the direction\ + \ of the business, of the need to delete the consumer\u2019s personal information\ + \ unless this proves impossible or involves disproportionate effort." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + ref_id: 7022-d + description: "If a business, service provider, or contractor stores any personal\ + \ information on archived or backup systems, it may delay compliance with\ + \ the consumer\u2019s request to delete, with respect to data stored on the\ + \ archived or backup system, until the archived or backup system relating\ + \ to that data is restored to an active system or is next accessed or used\ + \ for a sale, disclosure, or commercial purpose." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + ref_id: 7022-e + description: "In responding to a request to delete, a business shall inform\ + \ the consumer whether it has complied with the consumer\u2019s request.\ + \ The business shall also inform the consumer that it will maintain a record\ + \ of the request as required by section 7101, subsection (a). A business,\ + \ service provider, contractor, or third party may retain a record of the\ + \ request for the purpose of ensuring that the consumer\u2019s personal information\ + \ remains deleted from its records." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + ref_id: 7022-f + description: "In cases where a business denies a consumer\u2019s request to\ + \ delete in whole or in part, the business shall do all of the following:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f + ref_id: 7022-f.1 + description: Provide to the consumer a detailed explanation of the basis for + the denial, including any conflict with federal or state law, exception to + the CCPA, or factual basis for contending that compliance would be impossible + or involve disproportionate effort, unless prohibited from doing so by law. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f + ref_id: 7022-f.2 + description: "Delete the consumer\u2019s personal information that is not subject\ + \ to the exception." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f + ref_id: 7022-f.3 + description: "Not use the consumer\u2019s personal information retained for\ + \ any other purpose than provided for by that exception; and" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-f + ref_id: 7022-f.4 + description: "Instruct its service providers and contractors to delete the consumer\u2019\ + s personal information that is not subject to the exception and to not use\ + \ the consumer\u2019s personal information retained for any purpose other\ + \ than the purpose provided for by that exception." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + ref_id: 7022-g + description: "If a business that denies a consumer\u2019s request to delete\ + \ sells or shares personal information and the consumer has not already made\ + \ a request to opt-out of sale/sharing, the business shall ask the consumer\ + \ if they would like to opt-out of the sale or sharing of CPPA Page 29 of\ + \ 67 their personal information and shall include either the contents of,\ + \ or a link to, the Notice of Right to Opt-out of Sale/Sharing in accordance\ + \ with section 7013." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7022-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7022 + ref_id: 7022-h + description: " In responding to a request to delete, a business may present\ + \ the consumer with the choice to delete select portions of their personal\ + \ information as long as a single option to delete all personal information\ + \ is also offered. A business that provides consumers the ability to delete\ + \ select categories of personal information in other contexts (e.g., purchase\ + \ history, browsing history, voice recordings), however, must inform consumers\ + \ of their ability to do so and direct them to how they can do so. For example,\ + \ a business may provide the consumer with a link to a support page or other\ + \ resource that explains consumers\u2019 data deletion options." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7023' + name: Requests to Correct. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-a + description: For requests to correct, if a business cannot verify the identity + of the requestor pursuant to the regulations set forth in Article 5, the + business may deny the request to correct. The business shall inform the requestor + that their identity cannot be verified. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-b + description: "In determining the accuracy of the personal information that is\ + \ the subject of a consumer\u2019s request to correct, the business shall\ + \ consider the totality of the circumstances relating to the contested personal\ + \ information. A business may deny a consumer\u2019s request to correct if\ + \ it determines that the contested personal information is more likely than\ + \ not accurate based on the totality of the circumstances." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b + ref_id: 7023-b.1 + description: 'Considering the totality of the circumstances includes, but is + not limited to, considering:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b + ref_id: 7023-b.1.A + description: The nature of the personal information (e.g., whether it is objective, + subjective, unstructured, sensitive, etc.). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b + ref_id: 7023-b.1.B + description: How the business obtained the contested information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b + ref_id: 7023-b.1.C + description: Documentation relating to the accuracy of the information whether + provided by the consumer, the business, or another source. Requirements regarding documentation + are set forth in subsection (d). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-b + ref_id: 7023-b.2 + description: "If the business is not the source of the personal information\ + \ and has no documentation in support of the accuracy of the information,\ + \ the consumer\u2019s assertion of inaccuracy may be sufficient to establish\ + \ that the personal information is inaccurate." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-c + description: "A business that complies with a consumer\u2019s request to correct\ + \ shall correct the personal information at issue on its existing systems.\ + \ The business shall also instruct all service CPPA Page 30 of 67 providers\ + \ and contractors that maintain the personal information at issue pursuant\ + \ to their written contract with the business to make the necessary corrections\ + \ in their respective systems. Service providers and contractors shall comply\ + \ with the business\u2019s instructions to correct the personal information\ + \ or enable the business to make the corrections. If a business, service\ + \ provider, or contractor stores any personal information that is the subject\ + \ of the request to correct on archived or backup systems, it may delay compliance\ + \ with the consumer\u2019s request to correct, with respect to data stored\ + \ on the archived or backup system, until the archived or backup system relating\ + \ to that data is restored to an active system or is next accessed or used." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-d + description: Documentation + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d + ref_id: 7023-d.1 + description: A business shall accept, review, and consider any documentation + that the consumer provides in connection with their right to correct whether + provided voluntarily or as required by the business. Consumers should make + a good-faith effort to provide businesses with all necessary information + available at the time of the request. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d + ref_id: 7023-d.2 + description: 'A business may require the consumer to provide documentation if + necessary to rebut its own documentation that the personal information is + accurate. In determining the necessity of the documentation requested, the + business shall consider the following:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2 + ref_id: 7023-d.2.A + description: The nature of the personal information at issue (e.g., whether + it is objective, subjective, unstructured, sensitive, etc.). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2 + ref_id: 7023-d.2.B + description: The nature of the documentation upon which the business considers + the personal information to be accurate (e.g., whether the documentation + is from a trusted source, whether the documentation is verifiable, etc.) + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2 + ref_id: 7023-d.2.C + description: The purpose for which the business collects, maintains, or uses + the personal information. For example, if the personal information is essential + to the functioning of the business, the business may require more documentation. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.2 + ref_id: 7023-d.2.D + description: The impact on the consumer. For example, if the personal information + has a negative impact on the consumer, the business may require less documentation. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d + ref_id: 7023-d.3 + description: "Any documentation provided by the consumer in connection with\ + \ their request to correct shall only be used and/or maintained by the business\ + \ for the purpose of correcting the consumer\u2019s personal information\ + \ and to comply with the record- keeping obligations under section 7101." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-d + ref_id: 7023-d.4 + description: "The business shall implement and maintain reasonable security\ + \ procedures and practices in maintaining any documentation relating to the\ + \ consumer\u2019s request to correct." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-e + description: "A business may delete the contested personal information as an\ + \ alternative to correcting the information if the deletion of the personal\ + \ information does not negatively impact the consumer, or the consumer consents\ + \ to the deletion. For example, if deleting instead of correcting inaccurate\ + \ personal information would make it harder for the consumer to obtain a\ + \ job, housing, credit, education, or other type of opportunity, the business\ + \ shall process the request to correct or obtain the consumer\u2019s consent\ + \ to delete the information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-f + description: "In responding to a request to correct, a business shall inform\ + \ the consumer whether it has complied with the consumer\u2019s request.\ + \ If the business denies a consumer\u2019s request to correct in whole or\ + \ in part, the business shall do the following:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f + ref_id: 7023-f.1 + description: Explain the basis for the denial, including any conflict with federal + or state law, exception to the CCPA, inadequacy in the required documentation, + or contention that compliance proves impossible or involves disproportionate + effort. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f + ref_id: 7023-f.2 + description: "If a business claims that complying with the consumer\u2019s request\ + \ to correct would be impossible or would involve disproportionate effort,\ + \ the business shall provide the consumer a detailed explanation that includes\ + \ enough facts to give a consumer a meaningful understanding as to why the\ + \ business cannot comply with the request. The business shall not simply\ + \ state that it is impossible or would require disproportionate effort." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f + ref_id: 7023-f.3 + description: "If a business denies a consumer\u2019s request to correct personal\ + \ information collected and analyzed concerning a consumer\u2019s health,\ + \ the business shall also inform the consumer that they may provide a written\ + \ statement to the business to be made part of the consumer\u2019s record\ + \ pursuant to Civil Code section 1798.185, subdivision (a)(8)(D). The business\ + \ shall explain to the consumer that the written statement is limited to\ + \ 250 words per alleged inaccurate piece of personal information and shall\ + \ include that the consumer must request that the statement be made part\ + \ of the consumer\u2019s record. Upon receipt of such a statement, the business\ + \ shall include it with the consumer\u2019s record." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-f + ref_id: 7023-f.4 + description: If the personal information at issue can be deleted pursuant to + a request to delete, inform the consumer that they can make a request to + delete the personal information and provide instructions on how the consumer + can make a request to delete. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-g + description: "A business may deny a consumer\u2019s request to correct if the\ + \ business has denied the consumer\u2019s request to correct the same alleged\ + \ inaccuracy within the past six months of receiving the request. However,\ + \ the business must treat the request to correct as new if the consumer provides\ + \ new or additional documentation to prove that the information at issue\ + \ is inaccurate." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-h + description: A business may deny a request to correct if it has a good-faith, + reasonable, and documented belief that a request to correct is fraudulent + or abusive. The business shall CPPA Page 32 of 67 inform the requestor + that it will not comply with the request and shall provide an explanation + why it believes the request is fraudulent or abusive. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-i + description: "Where the business is not the source of the information that the\ + \ consumer contends is inaccurate, in addition to processing the consumer\u2019\ + s request, the business may provide the consumer with the name of the source\ + \ from which the business received the alleged inaccurate information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-j + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-j + description: "Upon request, a business shall disclose specific pieces of personal\ + \ information that the business maintains and has collected about the consumer\ + \ to allow the consumer to confirm that the business has corrected the inaccurate\ + \ information that was the subject of the consumer\u2019s request to correct.\ + \ This disclosure shall not be considered a response to a request to know\ + \ that is counted towards the limitation of two requests within a 12-month\ + \ period as set forth in Civil Code section 1798.130, subdivision (b). With\ + \ regard to a correction to a consumer\u2019s Social Security number, driver\u2019\ + s license number or other government-issued identification number, financial\ + \ account number, any health insurance or medical identification number,\ + \ an account password, security questions and answers, or unique biometric\ + \ data generated from measurements or technical analysis of human characteristics,\ + \ a business shall not disclose this information, but may provide a way to\ + \ confirm that the personal information it maintains is the same as what\ + \ the consumer has provided." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7023-k + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7023 + ref_id: 7023-k + description: "Whether a business, service provider, or contractor has implemented\ + \ measures to ensure that personal information that is the subject of a request\ + \ to correct remains corrected factors into whether that business, service\ + \ provider, or contractor has complied with a consumer\u2019s request to\ + \ correct in accordance with the CCPA and these regulations. For example,\ + \ a business, service provider, or contractor may supplement personal information\ + \ it maintains about consumers with information obtained from a data broker.\ + \ Failing to consider and address the possibility that corrected information\ + \ may be overridden by inaccurate information subsequently received from\ + \ a data broker may factor into whether that business, service provider,\ + \ or contractor has adequately complied with a consumer\u2019s request to\ + \ correct." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7024' + name: Requests to Know. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-a + description: " For requests that seek the disclosure of specific pieces of information\ + \ about the consumer, if a business cannot verify the identity of the person\ + \ making the request pursuant to the regulations set forth in Article 5,\ + \ the business shall not disclose any specific pieces of personal information\ + \ to the requestor and shall inform the requestor that it cannot verify their\ + \ identity. If the request is denied in whole or in part, the business shall\ + \ also evaluate the consumer\u2019s request as if it is seeking the disclosure\ + \ of categories of personal information about the consumer pursuant to subsection\ + \ (b)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-b + description: For requests that seek the disclosure of categories of personal + information about the consumer, if a business cannot verify the identity + of the person making the request pursuant to the regulations set forth in + Article 5, the business may deny the request to disclose the categories and + other information requested and shall inform the requestor that it cannot + verify their identity. If the request is denied in whole or in part, the business shall + provide or direct the consumer to its information practices set forth in its + privacy policy. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-c + description: 'In responding to a request to know, a business is not required + to search for personal information if all of the following conditions are + met:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c + ref_id: 7024-c.1 + description: The business does not maintain the personal information in a searchable + or reasonably accessible format. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c + ref_id: 7024-c.2 + description: The business maintains the personal information solely for legal + or compliance purposes. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c + ref_id: 7024-c.3 + description: The business does not sell the personal information and does not + use it for any commercial purpose. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-c + ref_id: 7024-c.4 + description: The business describes to the consumer the categories of records + that may contain personal information that it did not search because it meets + the conditions stated above. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-d + description: "A business shall not disclose in response to a request to know\ + \ a consumer\u2019s Social Security number, driver\u2019s license number\ + \ or other government-issued identification number, financial account number,\ + \ any health insurance or medical identification number, an account password,\ + \ security questions and answers, or unique biometric data generated from\ + \ measurements or technical analysis of human characteristics. The business\ + \ shall, however, inform the consumer with sufficient particularity that\ + \ it has collected the type of information. For example, a business shall\ + \ respond that it collects \u201Cunique biometric data including a fingerprint\ + \ scan\u201D without disclosing the actual fingerprint scan data." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-e + description: "If a business denies a consumer\u2019s verified request to know\ + \ specific pieces of personal information, in whole or in part, because of\ + \ a conflict with federal or state law, or an exception to the CCPA, the\ + \ business shall inform the requestor and explain the basis for the denial,\ + \ unless prohibited from doing so by law. If the request is denied only in\ + \ part, the business shall disclose the other information sought by the consumer." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-f + description: A business shall use reasonable security measures when transmitting + personal information to the consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-g + description: If a business maintains a password-protected account with the consumer, + it may comply with a request to know by using a secure self-service portal + for consumers to access, view, and receive a portable copy of their personal + information if the portal fully discloses the CPPA Page 34 of 67 personal + information that the consumer is entitled to under the CCPA and these regulations, + uses reasonable data security controls, and complies with the verification requirements + set forth in Article 5. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-h + description: "In response to a request to know, a business shall provide all\ + \ the personal information it has collected and maintains about the consumer\ + \ during the 12-month period preceding the business\u2019s receipt of the\ + \ consumer\u2019s request. A consumer may request that the business provide\ + \ personal information that the business collected beyond the 12-month period,\ + \ as long as it was collected on or after January 1, 2022, and the business\ + \ shall be required to provide that information unless doing so proves impossible\ + \ or would involve disproportionate effort. That information shall include\ + \ any personal information that the business\u2019s service providers or\ + \ contractors collected pursuant to their written contract with the business.\ + \ If a business claims that providing personal information beyond the 12-month\ + \ period preceding the business\u2019s receipt of the consumer\u2019s request\ + \ would be impossible or would involve disproportionate effort, the business\ + \ shall not be required to provide it as long as the business provides the\ + \ consumer a detailed explanation that includes enough facts to give a consumer\ + \ a meaningful understanding as to why the business cannot provide personal\ + \ information beyond the 12-month period. The business shall not simply state\ + \ that it is impossible or would require disproportionate effort." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-i + description: "A service provider or contractor shall provide assistance to the\ + \ business in responding to a verifiable consumer request to know, including\ + \ by providing the business the consumer\u2019s personal information it has\ + \ in its possession that it collected pursuant to their written contract\ + \ with the business, or by enabling the business to access that personal \ + \ information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-j + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-j + description: "In responding to a consumer\u2019s verified request to know categories\ + \ of personal information, categories of sources, and/or categories of third\ + \ parties, a business shall provide an individualized response to the consumer\ + \ as required by the CCPA. It shall not refer the consumer to the businesses\u2019\ + \ information practices outlined in its privacy policy unless its response\ + \ would be the same for all consumers and the privacy policy discloses all\ + \ the information that is otherwise required to be in a response to a request\ + \ to know such categories." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-k + description: 'In responding to a verified request to know categories of personal + information, the business shall provide all of the following:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k + ref_id: 7024-k.1 + description: The categories of personal information the business has collected + about the consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k + ref_id: 7024-k.2 + description: The categories of sources from which the personal information was + collected. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k + ref_id: 7024-k.3 + description: The business or commercial purpose for which it collected or sold + the personal information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k + ref_id: 7024-k.4 + description: The categories of third parties with whom the business shares personal + information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k + ref_id: 7024-k.5 + description: The categories of personal information that the business sold, + and for each category identified, the categories of third parties to whom + it sold that particular category of personal information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k.6 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-k + ref_id: 7024-k.6 + description: The categories of personal information that the business disclosed + for a business purpose, and for each category identified, the categories + of third parties to whom it disclosed that particular category of personal + information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7024-l + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7024 + ref_id: 7024-l + description: A business shall identify the categories of personal information, + categories of sources of personal information, and categories of third parties + to whom a business sold or disclosed personal information, in a manner that + provides consumers a meaningful understanding of the categories listed. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7025' + name: Opt-out Preference Signals + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025 + ref_id: 7025-a + description: The purpose of an opt-out preference signal is to provide consumers + with a simple and easy-to-use method by which consumers interacting with + businesses online can automatically exercise their right to opt-out of sale/sharing. + Through an opt-out preference signal, a consumer can opt-out of sale and + sharing of their personal information with all businesses they interact with + online without having to make individualized requests with each business. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025 + ref_id: 7025-b + description: 'A business that sells or shares personal information shall process + any opt-out preference signal that meets the following requirements as a + valid request to opt-out of sale/sharing:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-b.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-b + ref_id: 7025-b.1 + description: The signal shall be in a format commonly used and recognized by + businesses. An example would be an HTTP header field or JavaScript object. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-b.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-b + ref_id: 7025-b.2 + description: The platform, technology, or mechanism that sends the opt-out preference + signal shall make clear to the consumer, whether in its configuration or + in disclosures to the public, that the use of the signal is meant to have + the effect of opting the consumer out of the sale and sharing of their personal + information. The configuration or disclosure does not need to be tailored + only to California or to refer to California. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025 + ref_id: 7025-c + description: 'When a business that collects personal information from consumers + online receives or detects an opt-out preference signal that complies with + subsection (b):' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c + ref_id: 7025-c.1 + description: The business shall treat the opt-out preference signal as a valid + request to opt-out of sale/sharing submitted pursuant to Civil Code section + 1798.120 for that browser or device and any consumer profile associated with + that browser or device, including pseudonymous profiles. If known, the business + shall also treat the opt-out preference CPPA Page 36 of 67 signal as a + valid request to opt-out of sale/sharing for the consumer. This is not required + for a business that does not sell or share personal information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c + ref_id: 7025-c.2 + description: "The business shall not require a consumer to provide additional\ + \ information beyond what is necessary to send the signal. However, a business\ + \ may provide the consumer with an option to provide additional information\ + \ if it will help facilitate the consumer\u2019s request to opt-out of sale/sharing.\ + \ Any information provided by the consumer shall not be used, disclosed,\ + \ or retained for any purpose other than processing the request to opt-out\ + \ of sale/sharing. For example, a business may give the consumer the option\ + \ to provide information that identifies the consumer so that the request\ + \ to opt-out of sale/sharing can apply to offline sale or sharing of personal\ + \ information. However, if the consumer does not respond, the business shall\ + \ still process the opt-out preference signal as a valid request to opt-out\ + \ of sale/sharing for that browser or device and any consumer profile the\ + \ business associates with that browser or device, including pseudonymous\ + \ profiles." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c + ref_id: 7025-c.3 + description: "If the opt-out preference signal conflicts with a consumer\u2019\ + s business-specific privacy setting that allows the business to sell or share\ + \ their personal information, the business shall process the opt-out preference\ + \ signal as a valid request to opt-out of sale/sharing, but may notify the\ + \ consumer of the conflict and provide the consumer with an opportunity to\ + \ consent to the sale or sharing of their personal information. The business\ + \ shall comply with section 7004 in obtaining the consumer\u2019s consent\ + \ to the sale or sharing of their personal information. If the consumer consents\ + \ to the sale or sharing of their personal information, the business may\ + \ ignore the opt-out preference signal for as long as the consumer is known\ + \ to the business." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c + ref_id: 7025-c.4 + description: "If the opt-out preference signal conflicts with the consumer\u2019\ + s participation in a business\u2019s financial incentive program that requires\ + \ the consumer to consent to the sale or sharing of personal information,\ + \ the business may notify the consumer that processing the opt-out preference\ + \ signal as a valid request to opt-out of sale/sharing would withdraw the\ + \ consumer from the financial incentive program and ask the consumer to affirm\ + \ that they intend to withdraw from the financial incentive program. If the\ + \ consumer affirms that they intend to withdraw from the financial incentive\ + \ program, the business shall process the consumer\u2019s request to opt-out\ + \ of sale/sharing. If the business asks and the consumer does not affirm\ + \ their intent to withdraw, the business may ignore the opt-out preference\ + \ signal with respect to that consumer\u2019s participation in the financial\ + \ incentive program for as long as the consumer is known to the business.\ + \ If the business does not ask the consumer to affirm their intent with regard\ + \ to the financial incentive program, the business shall still process the\ + \ opt-out preference signal as a valid request to opt-out of sale/sharing\ + \ for that browser or device and any consumer profile the business associates\ + \ with that browser or device." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c + ref_id: 7025-c.5 + description: Where the consumer is known to the business, the business shall + not interpret the absence of an opt-out preference signal after the consumer + previously sent an opt-out preference signal as consent to opt-in to the + sale or sharing of personal information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.6 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c + ref_id: 7025-c.6 + description: "A business may display whether it has processed the consumer\u2019\ + s opt-out preference signal as a valid request to opt-out of sale/sharing\ + \ on its website. For example, the business may display on its website \u201C\ + Opt-Out Preference Signal Honored\u201D when a browser, device, or consumer\ + \ using an opt-out preference signal visits the website, or display through\ + \ a toggle or radio button that the consumer has opted out of the sale of\ + \ their personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c + ref_id: 7025-c.7 + description: Illustrative examples follow. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7 + ref_id: 7025-c.7.A + description: "Caleb visits Business N\u2019s website using a browser with an\ + \ opt-out preference signal enabled, but he is not otherwise logged into\ + \ his account and the business cannot otherwise associate Caleb\u2019s browser\ + \ with a consumer profile the business maintains. Business N collects and\ + \ shares Caleb\u2019s personal information tied to his browser identifier\ + \ for cross-context behavioral advertising. Upon receiving the opt-out preference\ + \ signal, Business N shall stop selling and sharing Caleb\u2019s information\ + \ linked to Caleb\u2019s browser identifier for cross-context behavioral \ + \ advertising, but it would not be able to apply the request to opt-out of\ + \ the sale/sharing to Caleb\u2019s account information because the connection\ + \ between Caleb\u2019s browser and Caleb\u2019s account is not known to the\ + \ business." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7 + ref_id: 7025-c.7.B + description: "Noelle has an account with Business O, an online retailer who\ + \ manages consumer\u2019s privacy choices through a settings menu. Noelle\u2019\ + s privacy settings default to allowing Business O to sell and share her personal\ + \ information with the business\u2019s marketing partners. Noelle enables\ + \ an opt-out preference signal on her browser and then visits Business O\u2019\ + s website. Business O recognizes that Noelle is visiting its website because\ + \ she is logged into her account. Upon receiving Noelle\u2019s opt-out preference\ + \ signal, Business O shall treat the signal as a valid request to opt-out\ + \ of sale/sharing and shall apply it to her device and/or browser and also\ + \ to her account and any offline sale or sharing of personal information.\ + \ Business O may inform Noelle that her opt-out preference signal differs\ + \ from her current privacy settings and provide her with an opportunity to\ + \ consent to the sale or sharing of her personal information, but it must\ + \ process the request to opt-out of sale/sharing unless Noelle instructs\ + \ otherwise. Business O must also wait at least 12 months before asking Noelle\ + \ to opt-in to the sale or sharing of her personal information in accordance\ + \ with section 7026, subsection (k). In addition, Business O\u2019s notification\ + \ would not allow it to fall within the exception set forth in Civil Code\ + \ section 1798.135, subdivision (b)(1), because it would not be complying\ + \ with the requirements set forth in subsection (f)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7 + ref_id: 7025-c.7.C + description: "Angela also has an account with Business O and has enabled an\ + \ opt-out preference signal on her browser while logged into her account.\ + \ Business O CPPA Page 38 of 67 applies the opt-out preference signal as\ + \ a valid request to opt-out of sale/sharing not only to Angela\u2019s current\ + \ browser, but also to Angela\u2019s account because she is known to the\ + \ business while making the request. Angela later logs into her account with\ + \ Business O using a different device that does not have the opt-out preference\ + \ signal enabled. Business O shall not interpret the absence of the opt- \ + \ out preference signal as consent to opt-in to the sale of personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7 + ref_id: 7025-c.7.D + description: "Ramona participates in Business P\u2019s financial incentive program\ + \ where she receives coupons in exchange for allowing the business to pseudonymously\ + \ track and share her online browsing habits with marketing partners. Ramona\ + \ enables an opt-out preference signal on her browser and then visits Business\ + \ P\u2019s website. Business P knows that it is Ramona through a cookie that\ + \ has been placed on her browser, but also detects the opt-out preference\ + \ signal. Business P may ignore the opt-out preference signal and notify\ + \ Ramona that her opt-out preference signal conflicts with her participation\ + \ in the financial incentive program and ask whether she intends to withdraw\ + \ from the financial incentive program. If Ramona does not affirm her intent\ + \ to withdraw, Business P may ignore the opt- out preference signal and place\ + \ Ramona on a whitelist so that Business P does not have to notify Ramona\ + \ of the conflict again." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7.e + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-c.7 + ref_id: 7025-c.7.E + description: "Ramona clears her cookies and revisits Business P\u2019s website\ + \ with the opt-out preference signal enabled. Business P no longer knows\ + \ that it is Ramona visiting its website. Business P shall honor Ramona\u2019\ + s opt-out preference signal as it pertains to her browser or device and any\ + \ consumer profile the business associates with that browser or device." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025 + ref_id: 7025-d + description: The business and the platform, technology, or mechanism that sends + the opt-out preference signal shall not use, disclose, or retain any personal + information collected from the consumer in connection with the sending or + processing the request to opt-out of sale/sharing for any purpose other than + sending or processing the opt-out preference signal. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025 + ref_id: 7025-e + description: "Civil Code section 1798.135, subdivisions (b)(1) and (3), provide\ + \ a business the choice between (1) processing opt-out preference signals\ + \ and providing the \u201CDo Not Sell or Share My Personal Information\u201D\ + \ and \u201CLimit the Use of My Sensitive Personal Information\u201D links\ + \ or the Alternative Opt-out Link; or (2) processing opt-out preference signals\ + \ in a frictionless manner in accordance with these regulations and not having\ + \ to provide the \u201CDo Not Sell or Share My Personal Information\u201D\ + \ and \u201CLimit the Use of My Sensitive Personal Information\u201D links\ + \ or the Alternative Opt-out Link. They do not give the business the choice\ + \ between posting the above-referenced links or honoring opt-out preference\ + \ signals. Even if the business posts the above-referenced links, the business\ + \ must still process opt-out preference signals, though it may do so in a\ + \ non-frictionless manner. If a business processes opt-out preference signals\ + \ in a frictionless manner in accordance with CPPA Page 39 of 67 subsections\ + \ (f) and (g), then it may, but is not required to, provide the above-referenced\ + \ links." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025 + ref_id: 7025-f + description: 'Except as allowed by these regulations, processing an opt-out + preference signal in a frictionless manner as required by Civil Code section + 1798.135, subdivision (b)(1), means that the business shall not:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-f.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-f + ref_id: 7025-f.1 + description: Charge a fee or require any valuable consideration if the consumer + uses an opt-out preference signal. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-f.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-f + ref_id: 7025-f.2 + description: "Change the consumer\u2019s experience with the product or service\ + \ offered by the business. For example, the consumer who uses an opt-out\ + \ preference signal shall have the same experience with regard to how the\ + \ business\u2019s product or service functions compared to a consumer who\ + \ does not use an opt-out preference signal." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-f.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-f + ref_id: 7025-f.3 + description: "Display a notification, pop-up, text, graphic, animation, sound,\ + \ video, or any interstitial content in response to the opt-out preference\ + \ signal. However, a business\u2019s display of whether the consumer visiting\ + \ their website has opted out of the sale or sharing their personal information\ + \ shall not be considered a violation of this regulation. The business may\ + \ also provide a link to a privacy settings page, menu, or similar interface\ + \ that enables the consumer to consent to the business ignoring the opt-out\ + \ preference signal with respect to the business\u2019s sale or sharing of\ + \ the consumer\u2019s personal information provided that it complies with\ + \ subsections (f)(1) through (3)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025 + ref_id: 7025-g + description: "A business meeting the requirements of Civil Code section 1798.135,\ + \ subdivision (b)(1) is not required to post the \u201CDo Not Sell or Share\ + \ My Personal Information\u201D link or the Alternative Opt-out Link if it\ + \ meets all of the following additional requirements:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g + ref_id: 7025-g.1 + description: "A business meeting the requirements of Civil Code section 1798.135,\ + \ subdivision (b)(1) is not required to post the \u201CDo Not Sell or Share\ + \ My Personal Information\u201D link or the Alternative Opt-out Link if it\ + \ meets all of the following additional requirements:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g + ref_id: 7025-g.2 + description: ' Includes in its privacy policy the following information:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2 + ref_id: 7025-g.2.A + description: "A description of the consumer\u2019s right to opt-out of the sale\ + \ or sharing of their personal information by the business;" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2 + ref_id: 7025-g.2.B + description: A statement that the business processes opt-out preference signals + in a frictionless manner; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2 + ref_id: 7025-g.2.C + description: Information on how consumers can implement opt-out preference signals + for the business to process in frictionless manner; and + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.2 + ref_id: 7025-g.2.D + description: ' Instructions for any other method by which the consumer may submit + a request to opt-out of sale/sharing.' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g + ref_id: 7025-g.3 + description: "Allows the opt-out preference signal to fully effectuate the consumer\u2019\ + s request to opt- out of sale/sharing. For example, if the business sells\ + \ or shares personal information offline and needs to request from the consumer\ + \ additional information that is not provided by the opt-out preference signal\ + \ in order to apply the request to opt-out of sale/sharing to offline sales\ + \ and sharing of personal information, then the business has not fully effectuated\ + \ the consumer\u2019s request to opt-out of sale/sharing. Illustrative examples\ + \ follow." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.3.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.3 + ref_id: 7025-g.3.A + description: "Business Q collects consumers\u2019 online browsing history and\ + \ shares it with third parties for cross-context behavioral advertising purposes.\ + \ Business Q also sells consumers\u2019 personal information offline to marketing\ + \ partners. Business Q cannot fall within the exception set forth in Civil\ + \ Code section 1798.135, subdivision (b)(1), because a consumer\u2019s opt-out\ + \ preference signal would only apply to Business Q\u2019s online sharing\ + \ of personal information about the consumer\u2019s browser or device; the\ + \ consumer\u2019s opt-out preference signal would not apply to Business Q\u2019\ + s offline selling of the consumer\u2019s information because Business Q could\ + \ not apply it to the offline selling without additional information provided\ + \ by the consumer, i.e., the logging into an account." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.3.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7025-g.3 + ref_id: 7025-g.3.B + description: "Business R only sells and shares personal information online for\ + \ cross-context behavioral advertising purposes. Business R may use the exception\ + \ set forth in Civil Code section 1798.135, subdivision (b)(1), and not post\ + \ the \u201CDo Not Sell or Share My Personal Information\u201D link because\ + \ a consumer using an opt-out preference signal would fully effectuate their\ + \ right to opt-out of the sale or sharing of their personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7026' + name: Requests to Opt-out of Sale/Sharing. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-a + description: A business that sells or shares personal information shall provide + two or more designated methods for submitting requests to opt-out of sale/sharing. + A business shall consider the methods by which it interacts with consumers, + the manner in which the business collects the personal information that it + makes available to third parties, available technology, and ease of use by + the consumer when determining which methods consumers may use to submit requests + to opt-out of sale/sharing. At least one method offered shall reflect the manner + in which the business primarily interacts with the consumer. Illustrative + examples follow. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a + ref_id: 7026-a.1 + description: "A business that collects personal information from consumers online\ + \ shall, at a minimum, allow consumers to submit requests to opt-out of sale/sharing\ + \ through an opt-out preference signal and at least one of the following\ + \ methods: an interactive form accessible via the \u201CDo Not Sell or Share\ + \ My Personal Information\u201D link, the CPPA Page 41 of 67 Alternative\ + \ Opt-out Link, or the business\u2019s privacy policy if the business processes\ + \ an opt-out preference signal in a frictionless manner." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a + ref_id: 7026-a.2 + description: A business that interacts with consumers in person and online may + provide an in- person method for submitting requests to opt-out of sale/sharing + in addition to the opt-out preference signal. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a + ref_id: 7026-a.3 + description: Other methods for submitting requests to opt-out of the sale/sharing + include, but are not limited to, a toll-free phone number, a designated email + address, a form submitted in person, and a form submitted through the mail. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-a + ref_id: 7026-a.4 + description: A notification or tool regarding cookies, such as a cookie banner + or cookie controls, is not by itself an acceptable method for submitting + requests to opt-out of sale/sharing because cookies concern the collection + of personal information and not the sale or sharing of personal information. + An acceptable method for submitting requests to opt-out of sale/sharing must + address the sale and sharing of personal information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-b + description: "A business\u2019s methods for submitting requests to opt-out of\ + \ sale/sharing shall be easy for consumers to execute, shall require minimal\ + \ steps, and shall comply with section 7004." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-c + description: "A business shall not require a consumer submitting a request to\ + \ opt-out of sale/sharing to create an account or provide additional information\ + \ beyond what is necessary to direct the business not to sell or share the\ + \ consumer\u2019s personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-d + description: A business shall not require a verifiable consumer request for + a request to opt-out of sale/sharing. A business may ask the consumer for + information necessary to complete the request, such as information necessary + to identify the consumer whose information shall cease to be sold or shared + by the business. However, to the extent that the business can comply with + a request to opt-out of sale/sharing without additional information, it shall + do so. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-e + description: ' If a business has a good-faith, reasonable, and documented belief + that a request to opt-out of sale/sharing is fraudulent, the business may + deny the request. The business shall inform the requestor that it will not + comply with the request and shall provide to the requestor an explanation + why it believes the request is fraudulent.' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-f + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-f + description: 'A business shall comply with a request to opt-out of sale/sharing + by:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-f.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-f + ref_id: 7026-f.1 + description: "Ceasing to sell to and/or share with third parties the consumer\u2019\ + s personal information as soon as feasibly possible, but no later than 15\ + \ business days from the date the business receives the request. Service\ + \ providers or contractors collecting personal information pursuant to the\ + \ written contract with the business required by the CCPA and these regulations\ + \ does not constitute a sale or sharing of personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-f.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-f + ref_id: 7026-f.2 + description: "Notifying all third parties to whom the business has sold or shared\ + \ the consumer\u2019s personal information, after the consumer submits the\ + \ request to opt-out of sale/sharing and before the business complies with\ + \ that request, that the consumer has made a request to opt-out of sale/sharing\ + \ and directing them to comply with the consumer\u2019s request and forward\ + \ the request to any other person to whom the third party has made the personal\ + \ information available during that time period." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-g + description: "A business may provide a means by which the consumer can confirm\ + \ that their request to opt-out of sale/sharing has been processed by the\ + \ business. For example, the business may display on its website \u201CConsumer\ + \ Opted Out of Sale/Sharing\u201D or display through a toggle or radio button\ + \ that the consumer has opted out of the sale/sharing of their personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-h + description: In responding to a request to opt-out of sale/sharing, a business + may present the consumer with the choice to opt-out of the sale or sharing + of personal information for certain uses as long as a single option to opt-out + of the sale or sharing of all personal information is also offered. However, + doing so in response to an opt-out preference signal will prevent the business + from using the exception set forth in Civil Code section 1798.135, subdivision + (b)(1) + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-i + description: A business that responds to a request to opt-out of sale/sharing + by informing the consumer of a charge for the use of any product or service + shall comply with Article 7 and shall provide the consumer with a Notice + of Financial Incentive that complies with section 7016 in its response. However, + doing so in response to an opt-out preference signal will prevent the business + from using the exception set forth in Civil Code section 1798.135, subdivision + (b)(1). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-j + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-j + description: "A consumer may use an authorized agent to submit a request to\ + \ opt-out of sale/sharing on the consumer\u2019s behalf if the consumer provides\ + \ the authorized agent written permission signed by the consumer. A business\ + \ may deny a request from an authorized agent if the agent does not provide\ + \ to the business the consumer\u2019s signed permission demonstrating that\ + \ they have been authorized by the consumer to act on the consumer\u2019s\ + \ behalf. The requirement to obtain and provide written permission from the\ + \ consumer does not apply to requests made by an opt-out preference signal." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7026-k + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7026 + ref_id: 7026-k + description: "Except as allowed by these regulations, a business shall wait\ + \ at least 12 months from the date of the consumer\u2019s request before\ + \ asking a consumer who has opted out of the sale or sharing of their personal\ + \ information to consent to the sale or sharing of their personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7027' + name: Requests to Limit Use and Disclosure of Sensitive Personal Information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-a + description: "The unauthorized use or disclosure of sensitive personal information\ + \ creates a heightened risk of harm for the consumer. The purpose of the\ + \ request to limit is to give consumers meaningful control over how their\ + \ sensitive personal information is collected, used, and disclosed. It gives\ + \ the consumer the ability to limit the business\u2019s use of sensitive personal\ + \ information to that which is necessary to perform the services or provide\ + \ the goods reasonably expected by an average consumer who requests those\ + \ goods or services, with some narrowly tailored exceptions, which are set\ + \ forth in subsection (m). Sensitive personal information that is collected\ + \ or processed without the purpose of inferring characteristics about a consumer\ + \ is not subject to requests to limit." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-b + description: A business that uses or discloses sensitive personal information + for purposes other than those set forth in subsection (m) shall provide two + or more designated methods for submitting requests to limit. A business shall + consider the methods by which it interacts with consumers, the manner in + which the business collects the sensitive personal information that it uses + for purposes other than those set forth in subsection (m), available technology, + and ease of use by the consumer when determining which methods consumers may + use to submit requests to limit. At least one method offered shall reflect + the manner in which the business primarily interacts with the consumer. Illustrative + examples follow. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b + ref_id: 7027-b.1 + description: "A business that collects sensitive personal information from consumers\ + \ online shall, at a minimum, allow consumers to submit requests to limit\ + \ through an interactive form accessible via the \u201CLimit the Use of My\ + \ Sensitive Personal Information\u201D link or the Alternative Opt-out Link." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b + ref_id: 7027-b.2 + description: A business that interacts with consumers in person and online may + provide an in- person method for submitting requests to limit in addition + to the online form. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b + ref_id: 7027-b.3 + description: Other methods for submitting requests to limit include, but are + not limited to, a toll- free phone number, a designated email address, a + form submitted in person, and a form submitted through the mail. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-b + ref_id: 7027-b.4 + description: A notification or tool regarding cookies, such as a cookie banner + or cookie controls, is not by itself an acceptable method for submitting + requests to limit because cookies concern the collection of personal information + and not necessarily the use and disclosure of sensitive personal information. + An acceptable method for submitting requests to limit must address the specific + right to limit. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-c + description: "A business\u2019s methods for submitting requests to limit shall\ + \ be easy for consumers to execute, shall require minimal steps, and shall\ + \ comply with section 7004." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-d + description: "A business shall not require a consumer submitting a request to\ + \ limit to create an account or provide additional information beyond what\ + \ is necessary to direct the business to limit the use or disclosure of the\ + \ consumer\u2019s sensitive personal information" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-e + description: A business shall not require a verifiable consumer request for + a request to limit. A business may ask the consumer for information necessary + to complete the request, such as information necessary to identify the consumer + to whom the request should be applied. However, to the extent that the business + can comply with a request to limit without additional information, it shall + do so. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-f + description: If a business has a good-faith, reasonable, and documented belief + that a request to limit is fraudulent, the business may deny the request. + The business shall inform the requestor that it will not comply with the + request and shall provide to the requestor an explanation why it believes + the request is fraudulent. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-g + description: 'A business shall comply with a request to limit by:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-g.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-g + ref_id: 7027-g.1 + description: "Ceasing to use and disclose the consumer\u2019s sensitive personal\ + \ information for purposes other than those set forth in subsection (m) as\ + \ soon as feasibly possible, but no later than 15 business days from the\ + \ date the business receives the request." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-g.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-g + ref_id: 7027-g.2 + description: "Notifying all the business\u2019s service providers or contractors\ + \ that use or disclose the consumer\u2019s sensitive personal information\ + \ for purposes other than those set forth in subsection (m) that the consumer\ + \ has made a request to limit and instructing them to comply with the consumer\u2019\ + s request to limit within the same time frame." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-g.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-g + ref_id: 7027-g.3 + description: "Notifying all third parties to whom the business has disclosed\ + \ or made available the consumer\u2019s sensitive personal information for\ + \ purposes other than those set forth in subsection (m), after the consumer\ + \ submitted their request and before the business complies with that request,\ + \ that the consumer has made a request to limit and direct them 1) to comply\ + \ with the consumer\u2019s request and 2) to forward the request to any other\ + \ person with whom the third party has disclosed or shared the sensitive personal\ + \ information during that time period." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-h + description: "A business may provide a means by which the consumer can confirm\ + \ that their request to limit has been processed by the business. For example,\ + \ the business may display through a toggle or radio button that the consumer\ + \ has limited the business\u2019s use and disclosure of their sensitive personal\ + \ information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-i + description: In responding to a request to limit, a business may present the + consumer with the choice to allow specific uses for the sensitive personal + information as long as a single option to limit the use of the personal information + is also offered. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-j + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-j + description: "A consumer may use an authorized agent to submit a request to\ + \ limit on the consumer\u2019s behalf if the consumer provides the authorized\ + \ agent written permission signed by the consumer. A business may deny a\ + \ request from an authorized agent if the agent does not provide to the business\ + \ the consumer\u2019s signed permission demonstrating that they have been\ + \ authorized by the consumer to act on the consumer\u2019s behalf." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-k + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-k + description: A business that responds to a request to limit by informing the + consumer of a charge for the use of any product or service shall comply with + Article 7 and shall provide the consumer with a Notice of Financial Incentive + that complies with section 7016 in its response. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-l + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-l + description: "Except as allowed by these regulations, a business shall wait\ + \ at least 12 months from the date the consumer\u2019s request to limit is\ + \ received before asking a consumer who has exercised their right to limit\ + \ to consent to the use or disclosure of their sensitive personal information\ + \ for purposes other than those set forth in subsection (m)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027 + ref_id: 7027-m + description: The purposes identified in Civil Code section 1798.121, subdivision + (a), for which a business may use or disclose sensitive personal information + without being required to offer consumers a right to limit are as follows. + A business that only uses or discloses sensitive personal information for + these purposes, provided that the use or disclosure is reasonably necessary + and proportionate for those purposes, is not required to post a Notice of + Right to Limit or provide a method for submitting a request to limit. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + ref_id: 7027-m.1 + description: "To perform the services or provide the goods reasonably expected\ + \ by an average consumer who requests those goods or services. For example,\ + \ a consumer\u2019s precise geolocation may be used by a mobile application\ + \ that is providing the consumer with directions on how to get to a specific\ + \ location. A consumer\u2019s precise geolocation may not, however, be used\ + \ by a gaming application where the average consumer would not expect the\ + \ application to need this piece of sensitive personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + ref_id: 7027-m.2 + description: "To prevent, detect, and investigate security incidents that compromise\ + \ the availability, authenticity, integrity, or confidentiality of stored\ + \ or transmitted personal information. For example, a business may disclose\ + \ a consumer\u2019s log-in information to a data security company that it\ + \ has hired to investigate and remediate a data breach that involved that\ + \ consumer\u2019s account." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + ref_id: 7027-m.3 + description: "To resist malicious, deceptive, fraudulent, or illegal actions\ + \ directed at the business and to prosecute those responsible for those actions.\ + \ For example, a business may use information about a consumer\u2019s ethnicity\ + \ and/or the contents of email and text messages to investigate claims of\ + \ racial discrimination or hate speech." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + ref_id: 7027-m.4 + description: "To ensure the physical safety of natural persons. For example,\ + \ a business may disclose a consumer\u2019s geolocation information to law\ + \ enforcement to investigate an alleged kidnapping." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + ref_id: 7027-m.5 + description: "For short-term, transient use, including, but not limited to,\ + \ nonpersonalized advertising shown as part of a consumer\u2019s current\ + \ interaction with the business, provided that the personal information is\ + \ not disclosed to another third party and is not used to build a profile\ + \ about the consumer or otherwise alter the consumer\u2019s experience outside\ + \ the current interaction with the business. For example, a business that\ + \ sells religious books can use information about its customers\u2019 interest\ + \ in its CPPA Page 46 of 67 religious content to serve contextual advertising\ + \ for other kinds of religious merchandise within its store or on its website,\ + \ so long as the business does not use sensitive personal information to\ + \ create a profile about an individual consumer or disclose personal information\ + \ that reveals consumers\u2019 religious beliefs to third parties." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m.6 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + ref_id: 7027-m.6 + description: To perform services on behalf of the business. For example, a business + may use information for maintaining or servicing accounts, providing customer + service, processing or fulfilling orders and transactions, verifying customer + information, processing payments, providing financing, providing analytic + services, providing storage, or providing similar services on behalf of the + business. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m.7 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + ref_id: 7027-m.7 + description: "To verify or maintain the quality or safety of a product, service,\ + \ or device that is owned, manufactured, manufactured for, or controlled\ + \ by the business, and to improve, upgrade, or enhance the service or device\ + \ that is owned, manufactured by, manufactured for, or controlled by the\ + \ business. For example, a car rental business may use a consumer\u2019s\ + \ driver\u2019s license for the purpose of testing that its internal text\ + \ recognition software accurately captures license information used in car\ + \ rental transactions." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m.8 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7027-m + ref_id: 7027-m.8 + description: To collect or process sensitive personal information where the + collection or processing is not for the purpose of inferring characteristics + about a consumer. For example, a business that includes a search box on their + website by which consumers can search for articles related to their health + condition may use the information provided by the consumer for the purpose + of providing the search feature without inferring characteristics about the + consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7028 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-3 + ref_id: '7028' + name: Requests to Opt-in After Opting-out of the Sale or Sharing of Personal + Information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7028-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7028 + ref_id: 7028-a + description: Requests to opt-in to sale or sharing of personal information shall + use a two-step opt-in process whereby the consumer shall first, clearly request + to opt-in and then second, separately confirm their choice to opt-in. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7028-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7028 + ref_id: 7028-b + description: "If a consumer who has opted-out of the sale or sharing of their\ + \ personal information initiates a transaction or attempts to use a product\ + \ or service that requires the sale or sharing of their personal information,\ + \ the business may inform the consumer that the transaction, product, or\ + \ service requires the sale or sharing of their personal information and\ + \ provide instructions on how the consumer can provide consent to opt-in to\ + \ the sale or CPPA Page 47 of 67 sharing of their personal information.\ + \ The business shall comply with section 7004 when obtaining the consumer\u2019\ + s consent." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 4 + name: SERVICE PROVIDERS, CONTRACTORS, AND THIRD PARTIES + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-4 + ref_id: '7050' + name: Service Providers and Contractors. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050 + ref_id: 7050-a + description: 'A service provider or contractor shall not retain, use, or disclose + personal information collected pursuant to its written contract with the + business except:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a + ref_id: 7050-a.1 + description: For the specific business purpose(s) set forth in the written contract + between the business and the service provider or contractor that is required + by the CCPA and these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a + ref_id: 7050-a.2 + description: To retain and employ another service provider or contractor as + a subcontractor, where the subcontractor meets the requirements for a service + provider or contractor under the CCPA and these regulations + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a + ref_id: 7050-a.3 + description: For internal use by the service provider or contractor to build + or improve the quality of the services it is providing to the business, even + if this business purpose is not specified in the written contract required + by the CCPA and these regulations, provided that the service provider or + contractor does not use the personal information to perform services on behalf + of another person. Illustrative examples follow + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.3.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.3 + ref_id: 7050-a.3.A + description: "An email marketing service provider can send emails on a business\u2019\ + s behalf using the business\u2019s customer email list. The service provider\ + \ could analyze those customers\u2019 interactions with the marketing emails\ + \ to improve its services and offer those improved services to everyone.\ + \ But the service provider cannot use the original email list to send marketing\ + \ emails on behalf of another business." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.3.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.3 + ref_id: 7050-a.3.B + description: "A shipping service provider that delivers businesses\u2019 products\ + \ to their customers may use the addresses received from their business clients\ + \ and their experience delivering to those addresses to identify faulty or\ + \ incomplete addresses, and thus, improve their delivery services. However,\ + \ the shipping service provider cannot compile the addresses received from\ + \ one business to send advertisements on behalf of another business, or compile\ + \ addresses received from businesses to sell to data brokers." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a + ref_id: 7050-a.4 + description: To prevent, detect, or investigate data security incidents or protect + against malicious, deceptive, fraudulent or illegal activity, even if this + business purpose is not specified in the written contract required by the + CCPA and these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a.5 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-a + ref_id: 7050-a.5 + description: For the purposes enumerated in Civil Code section 1798.145, subdivisions + (a)(1) through (a)(7). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050 + ref_id: 7050-b + description: A service provider or contractor cannot contract with a business + to provide cross-context behavioral advertising. Pursuant to Civil Code section + 1798.140, subdivision (e)(6), a service provider or contractor may contract + with a business to provide advertising and marketing services, but the service + provider or contractor shall not combine the personal information of consumers + who have opted-out of the sale/sharing that the service provider or contractor + receives from, or on behalf of, the business with personal information that + the service provider or contractor receives from, or on behalf of, another + person or collects from its own interaction with consumers. A person who + contracts with a business to provide cross-context behavioral advertising + is a third party and not a service provider or contractor with respect to + cross-context behavioral advertising services. Illustrative examples follow. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-b.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-b + ref_id: 7050-b.1 + description: "Business S, a clothing company, hires a social media company as\ + \ a service provider for the purpose of providing Business S\u2019s advertisements\ + \ on the social media company\u2019s platform. The social media company can\ + \ serve Business S by providing non-personalized advertising services on\ + \ its platform based on aggregated or demographic information (e.g., advertisements\ + \ to women, 18-30 years old, that live in Los Angeles). However, it cannot\ + \ use a list of customer email addresses provided by Business S to identify\ + \ users on the social media company\u2019s platform to serve advertisements\ + \ to them." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-b.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-b + ref_id: 7050-b.2 + description: "Business T, a company that sells cookware, hires an advertising\ + \ company as a service provider for the purpose of advertising its services.\ + \ The advertising agency can serve Business T by providing contextual advertising\ + \ services, such as placing advertisements for Business T\u2019s products\ + \ on websites that post recipes and other cooking tips." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050 + ref_id: 7050-c + description: "If a service provider or contractor receives a request made pursuant\ + \ to the CCPA directly from the consumer, the service provider or contractor\ + \ shall either act on behalf of the business in accordance with the business\u2019\ + s instructions for responding to the request or inform the consumer that\ + \ the request cannot be acted upon because the request has been sent to a\ + \ service provider or contractor." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050 + ref_id: 7050-d + description: A service provider or contractor that is a business shall comply + with the CCPA and these regulations with regard to any personal information + that it collects, maintains, or sells outside of its role as a service provider + or contractor. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050 + ref_id: 7050-e + description: "A person who does not have a contract that complies with section\ + \ 7051, subsection (a), is not a service provider or a contractor under the\ + \ CCPA. For example, a business\u2019s disclosure of personal information\ + \ to a person who does not have a contract that complies with section 7051,\ + \ subsection (a), may be considered a sale or sharing of personal information\ + \ CPPA Page 49 of 67 for which the business must provide the consumer with\ + \ the right to opt-out of sale/sharing." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050 + ref_id: 7050-f + description: A service provider or a contractor shall comply with the terms + of the contract required by the CCPA and these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7050-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7050 + ref_id: 7050-g + description: "Whether an entity that provides services to a nonbusiness must\ + \ comply with a consumer\u2019s CCPA request depends upon whether the entity\ + \ is a \u201Cbusiness, \u201D as defined by Civil Code section 1798.140,\ + \ subdivision (d)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-4 + ref_id: '7051' + name: Contract Requirements for Service Providers and Contractors. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051 + ref_id: 7051-a + description: 'The contract required by the CCPA for service providers and contractors + shall:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.1 + description: Prohibit the service provider or contractor from selling or sharing + personal information it collects pursuant to the written contract with the + business. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.2 + description: Identify the specific business purpose(s) for which the service + provider or contractor is processing personal information pursuant to the + written contract with the business, and specify that the business is disclosing + the personal information to the service provider or contractor only for the + limited and specified business purpose(s) set forth within the contract. + The business purpose(s) shall not be described in generic terms, such as + referencing the entire contract generally. The description shall be specific. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.3 + description: Prohibit the service provider or contractor from retaining, using, + or disclosing the personal information that it collected pursuant to the + written contract with the business for any purpose other than the business + purpose(s) specified in the contract or as otherwise permitted by the CCPA + and these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.4 + description: Prohibit the service provider or contractor from retaining, using, + or disclosing the personal information that it collected pursuant to the + written contract with the business for any commercial purpose other than + the business purpose(s) specified in the contract, unless expressly permitted + by the CCPA or these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.5 + description: Prohibit the service provider or contractor from retaining, using, + or disclosing the personal information that it collected pursuant to the + written contract with the business outside the direct business relationship + between the service provider or contractor and the business, unless expressly + permitted by the CCPA or these regulations. For example, a service provider + or contractor shall be prohibited from combining or updating personal information + that it collected pursuant to the written contract with the business with + personal information that it received from another CPPA Page 50 of 67 source + or collected from its own interaction with the consumer, unless expressly permitted + by the CCPA or these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.6 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.6 + description: "Require the service provider or contractor to comply with all\ + \ applicable sections of the CCPA and these regulations, including\u2014\ + with respect to the personal information that it collected pursuant to the\ + \ written contract with the business\u2014providing the same level of privacy\ + \ protection as required of businesses by the CCPA and these regulations.\ + \ For example, the contract may require the service provider or contractor\ + \ to cooperate with the business in responding to and complying with consumers\u2019\ + \ requests made pursuant to the CCPA, and to implement reasonable security\ + \ procedures and practices appropriate to the nature of the personal information\ + \ to protect the personal information from unauthorized or illegal access,\ + \ destruction, use, modification, or disclosure in accordance with Civil\ + \ Code section 1798.81.5." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.7 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.7 + description: "Grant the business the right to take reasonable and appropriate\ + \ steps to ensure that the service provider or contractor uses the personal\ + \ information that it collected pursuant to the written contract with the\ + \ business in a manner consistent with the business\u2019s obligations under\ + \ the CCPA and these regulations. Reasonable and appropriate steps may include\ + \ ongoing manual reviews and automated scans of the service provider\u2019\ + s system and regular internal or third-party assessments, audits, or other\ + \ technical and operational testing at least once every 12 months." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.8 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.8 + description: Require the service provider or contractor to notify the business + after it makes a determination that it can no longer meet its obligations + under the CCPA and these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.9 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.9 + description: "Grant the business the right, upon notice, to take reasonable\ + \ and appropriate steps to stop and remediate the service provider or contractor\u2019\ + s unauthorized use of personal information. For example, the business may\ + \ require the service provider or contractor to provide documentation that\ + \ verifies that they no longer retain or use the personal information of\ + \ consumers that have made a valid request to delete with the business." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a.10 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-a + ref_id: 7051-a.10 + description: ' Require the service provider or contractor to enable the business + to comply with consumer requests made pursuant to the CCPA or require the + business to inform the service provider or contractor of any consumer request + made pursuant to the CCPA that they must comply with and provide the information + necessary for the service provider or contractor to comply with the request.' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051 + ref_id: 7051-b + description: A service provider or contractor that subcontracts with another + person in providing services to the business for whom it is a service provider + or contractor shall have a contract with the subcontractor that complies + with the CCPA and these regulations, including subsection (a). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7051-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7051 + ref_id: 7051-c + description: "Whether a business conducts due diligence of its service providers\ + \ and contractors factors into whether the business has reason to believe\ + \ that a service provider or contractor is CPPA Page 51 of 67 using personal\ + \ information in violation of the CCPA and these regulations. For example,\ + \ depending on the circumstances, a business that never enforces the terms\ + \ of the contract nor exercises its rights to audit or test the service provider\u2019\ + s or contractor\u2019s systems might not be able to rely on the defense that\ + \ it did not have reason to believe that the service provider or contractor\ + \ intends to use the personal information in violation of the CCPA and these\ + \ regulations at the time the business disclosed the personal information\ + \ to the service provider or contractor." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7052 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-4 + ref_id: '7052' + name: Third Parties + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7052-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7052 + ref_id: 7052-a + description: A third party that does not have a contract that complies with + section 7053, subsection (a), shall not collect, use, process, retain, sell, + or share the personal information that the business made available to it. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7052-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7052 + ref_id: 7052-B + description: "A third party shall comply with the terms of the contract required\ + \ by the CCPA and these regulations, which include treating the personal\ + \ information that the business made available to it in a manner consistent\ + \ with the business\u2019s obligations under the CCPA and these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-4 + ref_id: '7053' + name: Contract Requirements for Third Parties. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7053 + ref_id: 7053-a + description: "A business that sells or shares a consumer\u2019s personal information\ + \ with a third party shall enter into an agreement with the third party that:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a + ref_id: 7053-a.1 + description: Identifies the limited and specified purpose(s) for which the personal + information is made available to the third party. The purpose(s) shall not + be described in generic terms, such as referencing the entire contract generally. + The description shall be specific. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a + ref_id: 7053-a.2 + description: Specifies that the business is making the personal information + available to the third party only for the limited and specified purpose(s) + set forth within the contract and requires the third party to use it only + for that limited and specified purpose(s). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a + ref_id: 7053-a.3 + description: "Requires the third party to comply with all applicable sections\ + \ of the CCPA and these regulations, including\u2014with respect to the personal\ + \ information that the business makes available to the third party\u2014\ + providing the same level of privacy protection as required of businesses\ + \ by the CCPA and these regulations. For example, the contract may require\ + \ the third party to comply with a consumer\u2019s request to opt-out of \ + \ CPPA Page 52 of 67 sale/sharing forwarded to it by a first-party business\ + \ and to implement reasonable security procedures and practices appropriate\ + \ to the nature of the personal information to protect the personal information\ + \ from unauthorized or illegal access, destruction, use, modification, or\ + \ disclosure in accordance with Civil Code section 1798.81.5." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a + ref_id: 7053-a.4 + description: "Grants the business the right\u2014with respect to the personal\ + \ information that the business makes available to the third party\u2014\ + to take reasonable and appropriate steps to ensure that the third party uses\ + \ it in a manner consistent with the business\u2019s obligations under the\ + \ CCPA and these regulations. For example, the business may require the third\ + \ party to attest that it treats the personal information the business made\ + \ available to it in the same manner that the business is obligated to treat\ + \ it under the CCPA and these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a + ref_id: 7053-a.5 + description: Grants the business the right, upon notice, to take reasonable + and appropriate steps to stop and remediate unauthorized use of personal + information made available to the third party. For example, the business + may require the third party to provide documentation that verifies that it + no longer retains or uses the personal information of consumers who have + had their requests to opt-out of sale/sharing forwarded to it by the first + party business. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a.6 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-a + ref_id: 7053-a.6 + description: Requires the third party to notify the business after it makes + a determination that it can no longer meet its obligations under the CCPA + and these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7053-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7053 + ref_id: 7053-b + description: Whether a business conducts due diligence of the third party factors + into whether the business has reason to believe that the third party is using + personal information in violation of the CCPA and these regulations. For + example, depending on the circumstances, a business that never enforces the + terms of the contract might not be able to rely on the defense that it did + not have reason to believe that the third party intends to use the personal + information in violation of the CCPA and these regulations at the time the business + disclosed the personal information to the third party. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 5 + name: VERIFICATION OF REQUESTS + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-5 + ref_id: '7060' + name: General Rules Regarding Verification. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + ref_id: 7060-a + description: A business shall establish, document, and comply with a reasonable + method for verifying that the person making a request to delete, request + to correct, or request to know is the consumer about whom the business has + collected information. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + ref_id: 7060-b + description: "A business shall not require a consumer to verify their identity\ + \ to make a request to opt- out of sale/sharing or to make a request to limit.\ + \ A business may ask the consumer for information necessary to complete the\ + \ request; however, it shall not be burdensome on the consumer. For example,\ + \ a business may ask the consumer for their name, but it shall not require\ + \ the consumer to take a picture of themselves with their driver\u2019s license." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + ref_id: 7060-c + description: "In determining the method by which the business will verify the\ + \ consumer\u2019s identity, the business shall:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c + ref_id: 7060-c.1 + description: Whenever feasible, match the identifying information provided by + the consumer to the personal information of the consumer already maintained + by the business, or use a third-party identity verification service that + complies with this section. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c + ref_id: 7060-c.2 + description: Avoid collecting the types of personal information identified in + Civil Code section 1798.81.5, subdivision (d), unless necessary for the purpose + of verifying the consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c + ref_id: 7060-c.3 + description: 'Consider the following factors:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3 + ref_id: 7060-c.3.A + description: The type, sensitivity, and value of the personal information collected + and maintained about the consumer. Sensitive personal information shall warrant + a more stringent verification process. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3 + ref_id: 7060-c.3.B + description: The risk of harm to the consumer posed by any unauthorized deletion, correction, + or access. A greater risk of harm to the consumer by unauthorized deletion, + correction, or access shall warrant a more stringent verification process. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3 + ref_id: 7060-c.3.C + description: The likelihood that fraudulent or malicious actors would seek the + personal information. The higher the likelihood, the more stringent the verification process + shall be. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3 + ref_id: 7060-c.3.D + description: Whether the personal information to be provided by the consumer + to verify their identity is sufficiently robust to protect against fraudulent + requests or being spoofed or fabricated. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3.e + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3 + ref_id: 7060-c.3.E + description: The manner in which the business interacts with the consumer. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3.f + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-c.3 + ref_id: 7060-c.3.F + description: Available technology for verification. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + ref_id: 7060-d + description: "A business shall generally avoid requesting additional information\ + \ from the consumer for purposes of verification. If, however, the business\ + \ cannot verify the identity of the consumer from the information already\ + \ maintained by the business, the business may request additional information\ + \ from the consumer, which shall only be used for the purposes of verifying\ + \ the identity of the consumer seeking to exercise their rights under the\ + \ CCPA, security, or fraud-prevention. The business shall delete any new personal\ + \ CPPA Page 54 of 67 information collected for the purposes of verification\ + \ as soon as practical after processing the consumer\u2019s request, except\ + \ as required to comply with section 7101." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + ref_id: 7060-e + description: "A business shall not require the consumer or the consumer\u2019\ + s authorized agent to pay a fee for the verification of their request to\ + \ delete, request to correct, or request to know. For example, a business\ + \ may not require a consumer to provide a notarized affidavit to verify their\ + \ identity unless the business compensates the consumer for the cost of notarization." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + ref_id: 7060-f + description: "A business shall implement reasonable security measures to detect\ + \ fraudulent identity- verification activity and prevent the unauthorized\ + \ deletion, correction, or access of a consumer\u2019s personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + ref_id: 7060-g + description: If a business maintains consumer information that is deidentified, + a business is not obligated to provide or delete this information in response + to a consumer request or to re- identify individual data to verify a consumer + request. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7060-h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7060 + ref_id: 7060-h + description: "For requests to correct, the business shall make an effort to\ + \ verify the consumer based on personal information that is not the subject\ + \ of the request to correct. For example, if the consumer is contending that\ + \ the business has the wrong address for the consumer, the business shall\ + \ not use address as a means of verifying the consumer\u2019s identity." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7061 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-5 + ref_id: '7061' + name: Verification for Password-Protected Accounts. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7061-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7061 + ref_id: 7061-a + description: "If a business maintains a password-protected account with the\ + \ consumer, the business may verify the consumer\u2019s identity through\ + \ the business\u2019s existing authentication practices for the consumer\u2019\ + s account, provided that the business follows the requirements in section\ + \ 7060. The business shall also require a consumer to re-authenticate themselves\ + \ before deleting, correcting, or disclosing the consumer\u2019s data." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7061-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7061 + ref_id: 7061-b + description: "If a business suspects fraudulent or malicious activity on or\ + \ from the password-protected account, the business shall not comply with\ + \ a consumer\u2019s request to delete, request to correct, or request to\ + \ know until further verification procedures determine that the consumer\ + \ request is authentic and the consumer making the request is the person about\ + \ whom the business has collected information. The business may use the procedures\ + \ set forth in section 7062 to further verify the identity of the consumer." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-5 + ref_id: '7062' + name: Verification for Non-Accountholders. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062 + ref_id: 7062-a + description: If a consumer does not have or cannot access a password-protected + account with a business, the business shall comply with this section, in + addition to section 7060. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062 + ref_id: 7062-b + description: "A business\u2019s compliance with a request to know categories\ + \ of personal information requires that the business verify the identity\ + \ of the consumer making the request to a reasonable degree of certainty.\ + \ A reasonable degree of certainty may include matching at least two data\ + \ points provided by the consumer with data points maintained by the business\ + \ that it has determined to be reliable for the purpose of verifying the consumer." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062 + ref_id: 7062-c + description: "A business\u2019s compliance with a request to know specific pieces\ + \ of personal information requires that the business verify the identity\ + \ of the consumer making the request to a reasonably high degree of certainty.\ + \ A reasonably high degree of certainty may include matching at least three\ + \ pieces of personal information provided by the consumer with personal information\ + \ maintained by the business that it has determined to be reliable for the\ + \ purpose of verifying the consumer together with a signed declaration under\ + \ penalty of perjury that the requestor is the consumer whose personal information\ + \ is the subject of the request. If a business uses this method for verification,\ + \ the business shall maintain all signed declarations as part of its record-keeping\ + \ obligations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062 + ref_id: 7062-d + description: "A business\u2019s compliance with a request to delete or a request\ + \ to correct may require that the business verify the identity of the consumer\ + \ to a reasonable or reasonably high degree of certainty depending on the\ + \ sensitivity of the personal information and the risk of harm to the consumer\ + \ posed by unauthorized deletion or correction. For example, the deletion\ + \ of family photographs or the correction of contact information may require\ + \ a reasonably high degree of certainty, while the deletion of browsing history\ + \ or correction of marital status may require only a reasonable degree of\ + \ certainty. A business shall act in good faith when determining the appropriate\ + \ standard to apply when verifying the consumer in accordance with these\ + \ regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062 + ref_id: 7062-e + description: 'Illustrative examples follow:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-e.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-e + ref_id: 7062-e.1 + description: 'Example 1: If a business maintains personal information in a manner + associated with a named actual person, the business may verify the consumer + by requiring the consumer to provide evidence that matches the personal information + maintained by the business. For example, if a retailer maintains a record + of purchases made by a consumer, the business may require the consumer to + identify items that they recently purchased from the store or the dollar + amount of their most recent purchase to verify their identity to a reasonable + degree of certainty.' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-e.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-e + ref_id: 7062-e.2 + description: ' Example 2: If a business maintains personal information in a + manner that is not associated with a named actual person, the business may + verify the consumer by requiring the consumer to demonstrate that they are + the sole consumer associated with the personal information. For example, + a business may have a mobile CPPA Page 56 of 67 application that collects + personal information about the consumer but does not require an account. + The business may determine whether, based on the facts and considering the + factors set forth in section 7060, subsection (b)(3), it may reasonably verify + a consumer by asking them to provide information that only the person who used + the mobile application may ' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062 + ref_id: 7062-f + description: A business shall deny a request to know specific pieces of personal + information if it cannot verify the identity of the requestor pursuant to + these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7062-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7062 + ref_id: 7062-g + description: If there is no reasonable method by which a business can verify + the identity of the consumer to the degree of certainty required by this + section, the business shall state so in response to any request and explain + why it has no reasonable method by which it can verify the identity of the + requestor. If the business has no reasonable method by which it can verify + any consumer, the business shall explain why it has no reasonable verification method + in its privacy policy. The business shall evaluate and document whether a reasonable + method can be established at least once every 12 months, in connection with the + requirement to update the privacy policy set forth in Civil Code section 1798.130, subdivision + (a)(5). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7063 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-5 + ref_id: '7063' + name: Authorized Agents. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7063-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7063 + ref_id: 7063-a + description: 'When a consumer uses an authorized agent to submit a request to + delete, request to correct, or a request to know, a business may require + the authorized agent to provide proof that the consumer gave the agent signed + permission to submit the request. The business may also require the consumer + to do either of the following:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7063-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7063-a + ref_id: 7063-a.1 + description: Verify their own identity directly with the business. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7063-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7063-a + ref_id: 7063-a.2 + description: Directly confirm with the business that they provided the authorized + agent permission to submit the request. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7063-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7063 + ref_id: 7063-b + description: Subsection (a) does not apply when a consumer has provided the + authorized agent with power of attorney pursuant to Probate Code sections + 4121 to 4130. A business shall not require power of attorney in order for + a consumer to use an authorized agent to act on their behalf. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7063-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7063 + ref_id: 7063-c + description: "An authorized agent shall implement and maintain reasonable security\ + \ procedures and practices to protect the consumer\u2019s information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7063-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7063 + ref_id: 7063-d + description: "An authorized agent shall not use a consumer\u2019s personal information,\ + \ or any information collected from or about the consumer, for any purposes\ + \ other than to fulfill the consumer\u2019s requests, verification, or fraud\ + \ prevention." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 6 + name: SPECIAL RULES REGARDING CONSUMERS UNDER 16 YEARS OF AGE + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-6 + ref_id: '7070' + name: Consumers Less Than 13 Years of Age + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070 + ref_id: 7070-a + description: Process for Opting-In to Sale or Sharing of Personal Information + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a + ref_id: 7070-a.1 + description: A business that has actual knowledge that it sells or shares the + personal information of a consumer less than the age of 13 shall establish, + document, and comply with a reasonable method for determining that the person + consenting to the sale or sharing of the personal information about the child + is the parent or guardian of that child. This consent to the sale or sharing + of personal information is in addition to any verifiable parental consent + required under COPPA. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a + ref_id: 7070-a.2 + description: "Methods that are reasonably calculated to ensure that the person\ + \ providing consent is the child\u2019s parent or guardian include, but are\ + \ not limited to:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2 + ref_id: 7070-a.2.A + description: Providing a consent form to be signed by the parent or guardian + under penalty of perjury and returned to the business by postal mail, facsimile, + or electronic scan; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2 + ref_id: 7070-a.2.B + description: Requiring a parent or guardian, in connection with a monetary transaction, + to use a credit card, debit card, or other online payment system that provides notification + of each discrete transaction to the primary account holder; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2 + ref_id: 7070-a.2.C + description: Having a parent or guardian call a toll-free telephone number staffed + by trained personnel; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2 + ref_id: 7070-a.2.D + description: Having a parent or guardian connect to trained personnel via video-conference; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2.e + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2 + ref_id: 7070-a.2.E + description: Having a parent or guardian communicate in person with trained + personnel; and + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2.f + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-a.2 + ref_id: 7070-a.2.F + description: "Verifying a parent or guardian\u2019s identity by checking a form\ + \ of government- issued identification against databases of such information,\ + \ as long as the parent or guardian\u2019s identification is deleted by the\ + \ business from its records promptly after such verification is complete." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070 + ref_id: 7070-b + description: When a business receives consent to the sale or sharing of personal + information pursuant to subsection (a), the business shall inform the parent + or guardian of the right to opt-out of sale/sharing and of the process for + doing so on behalf of their child pursuant to section 7026, subsections (a)-(f). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7070-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7070 + ref_id: 7070-c + description: ' A business shall establish, document, and comply with a reasonable + method, in accordance with the methods set forth in subsection (a)(2), for + determining that a person submitting a request to delete, request to correct, + or request to know the personal information of a child under the age of 13 + is the parent or guardian of that child.' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7071 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-6 + ref_id: '7071' + name: Consumers at Least 13 Years of Age and Less Than 16 Years of Age + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7071.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7071 + ref_id: 7071.a + description: A business that has actual knowledge that it sells or shares the + personal information of consumers at least 13 years of age and less than + 16 years of age shall establish, document, and comply with a reasonable process + for allowing such consumers to opt-in to the sale or sharing of their personal + information, pursuant to section 7028. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7071.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7071 + ref_id: 7071.b + description: When a business receives a request to opt-in to the sale or sharing + of personal information from a consumer at least 13 years of age and less + than 16 years of age, the business shall inform the consumer of their ongoing + right to opt-out of sale/sharing at any point in the future and of the process + for doing so pursuant to section 7026. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7072 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-6 + ref_id: '7072' + name: Notices to Consumers Less Than 16 Years of Age + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7072-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7072 + ref_id: 7072-a + description: A business subject to sections 7070 and/or 7071 shall include a + description of the processes set forth in those sections in its privacy policy. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7072-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7072 + ref_id: 7072-b + description: A business that exclusively targets offers of goods or services + directly to consumers under 16 years of age and does not sell or share the + personal information without the consent of consumers at least 13 years of + age and less than 16 years of age, or the consent of their parent or guardian + for consumers under 13 years of age, is not required to provide the Notice + of Right to Opt-out of Sale/Sharing. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-7 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 7 + name: NON-DISCRIMINATION + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-7 + ref_id: '7080' + name: Discriminatory Practices. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080 + ref_id: 7080-a + description: A price or service difference is discriminatory, and therefore + prohibited by Civil Code section 1798.125, if the business treats a consumer + differently because the consumer exercised a right conferred by the CCPA + or these regulations. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080 + ref_id: 7080-b + description: "A business may offer a price or service difference that is non-discriminatory.\ + \ A price or service difference is non-discriminatory if it is reasonably\ + \ related to the value of the consumer\u2019s data. If a business is unable\ + \ to calculate a good-faith estimate of the value of the consumer\u2019s\ + \ data or cannot show that the price or service difference is reasonably \ + \ related to the value of the consumer\u2019s data, that business shall not\ + \ offer the price or service difference." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080 + ref_id: 7080-c + description: "A business\u2019s denial of a consumer\u2019s request to delete,\ + \ request to correct, request to know, or request to opt-out of sale/sharing\ + \ for reasons permitted by the CCPA or these regulations shall not be considered\ + \ discriminatory." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080 + ref_id: 7080-d + description: 'Illustrative examples follow:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d + ref_id: 7080-d.1 + description: "Example 1: A music streaming business offers a free service as\ + \ well as a premium service that costs $5 per month. If only the consumers\ + \ who pay for the music streaming service are allowed to opt-out of the sale\ + \ or sharing of their personal information, then the practice is discriminatory,\ + \ unless the $5-per-month payment is reasonably related to the value of the\ + \ consumer\u2019s data to the business." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d + ref_id: 7080-d.2 + description: "Example 2: A clothing business offers a loyalty program whereby\ + \ customers receive a $5-off coupon by email after spending $100 with the\ + \ business. A consumer submits a request to delete all personal information\ + \ the business has collected about them but also informs the business that\ + \ they want to continue to participate in the loyalty program. The business\ + \ may deny their request to delete with regard to their email address and\ + \ the amount the consumer has spent with the business because that information\ + \ is necessary for the business to provide the loyalty program requested by\ + \ the consumer and is reasonably anticipated within the context of the business\u2019\ + s ongoing relationship with them pursuant to Civil Code section 1798.105,\ + \ subdivision (d)(1)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d + ref_id: 7080-d.3 + description: "Example 3: A grocery store offers a loyalty program whereby consumers\ + \ receive coupons and special discounts when they provide their phone numbers.\ + \ A consumer submits a request to opt-out of the sale/sharing of their personal\ + \ information. The retailer complies with their request but no longer allows\ + \ the consumer to participate in the loyalty program. This practice is discriminatory\ + \ unless the grocery store can demonstrate that the value of the coupons\ + \ and special discounts are reasonably related to the value of the consumer\u2019\ + s data to the business." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-d + ref_id: 7080-d.4 + description: "Example 4: An online bookseller collects information about consumers,\ + \ including their email addresses. It offers coupons to consumers through\ + \ browser pop-up windows while the consumer uses the bookseller\u2019s website.\ + \ A consumer submits a request to delete all personal information that the\ + \ bookseller has collected about them, including their email address and\ + \ their browsing and purchasing history. The bookseller complies with the\ + \ request but stops providing the periodic coupons to the consumer. The bookseller\u2019\ + s failure to provide coupons is discriminatory unless the CPPA Page 60 of\ + \ 67 value of the coupons is reasonably related to the value provided to\ + \ the business by the consumer\u2019s data. The bookseller may not deny the\ + \ consumer\u2019s request to delete with regard to the email address because\ + \ the email address is not necessary to provide the coupons or reasonably\ + \ aligned with the expectations of the consumer based on the consumer\u2019\ + s relationship with the business." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080 + ref_id: 7080-e + description: A business shall notify consumers of any financial incentive or + price or service difference subject to Civil Code section 1798.125 that it + offers in accordance with section 7016. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080 + ref_id: 7080-f + description: "A business\u2019s charging of a reasonable fee pursuant to Civil\ + \ Code section 1798.145, subdivision (h)(3), shall not be considered a financial\ + \ incentive subject to these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7080-g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7080 + ref_id: 7080-g + description: A price or service difference that is the direct result of compliance + with a state or federal law shall not be considered discriminatory. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-7 + ref_id: '7081' + name: Calculating the Value of Consumer Data + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081 + ref_id: 7081-a + description: "A business offering a price or service difference subject to Civil\ + \ Code section 1798.125 shall use and document a reasonable and good-faith\ + \ method for calculating the value of the consumer\u2019s data. The business\ + \ shall consider one or more of the following:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + ref_id: 7081-a.1 + description: "The marginal value to the business of the sale, collection, or\ + \ deletion of a consumer\u2019s data." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + ref_id: 7081-a.2 + description: "The average value to the business of the sale, collection, or\ + \ deletion of a consumer\u2019s data." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + ref_id: 7081-a.3 + description: "The aggregate value to the business of the sale, collection, or\ + \ deletion of consumers\u2019 data divided by the total number of consumers." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + ref_id: 7081-a.4 + description: " Revenue generated by the business from sale, collection, or retention\ + \ of consumers\u2019 personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + ref_id: 7081-a.5 + description: "Expenses related to the sale, collection, or retention of consumers\u2019\ + \ personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a.6 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + ref_id: 7081-a.6 + description: Expenses related to the offer, provision, or imposition of any + financial incentive or price or service difference. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a.7 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + ref_id: 7081-a.7 + description: "Profit generated by the business from sale, collection, or retention\ + \ of consumers\u2019 personal information." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a.8 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-a + ref_id: 7081-a.8 + description: Any other practical and reasonably reliable method of calculation + used in good faith. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7081-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7081 + ref_id: 7081-b + description: For the purpose of calculating the value of consumer data, a business + may consider the value to the business of the data of all natural persons + in the United States and not just consumers. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-8 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 8 + name: TRAINING AND RECORD-KEEPING + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7100 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-8 + ref_id: '7100' + name: Training + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7100-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7100 + ref_id: 7100-a + description: "All individuals responsible for handling consumer inquiries about\ + \ the business\u2019s information practices or the business\u2019s compliance\ + \ with the CCPA shall be informed of all of the requirements in the CCPA\ + \ and these regulations and how to direct consumers to exercise their rights\ + \ under the CCPA and these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7100-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7100 + ref_id: 7100-b + description: "A business that knows or reasonably should know that it, alone\ + \ or in combination, buys, receives for the business\u2019s commercial purposes,\ + \ sells, or shares for commercial purposes the personal information of 10,000,000\ + \ or more consumers in a calendar year shall establish, document, and comply\ + \ with a training policy to ensure that all individuals responsible for handling\ + \ consumer requests made under the CCPA or the business\u2019s compliance\ + \ with the CCPA are informed of all the requirements in these regulations\ + \ and the CCPA." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7101 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-8 + ref_id: '7101' + name: Record-Keeping + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7101-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7101 + ref_id: 7101-a + description: A business shall maintain records of consumer requests made pursuant + to the CCPA and how it responded to the requests for at least 24 months. + The business shall implement and maintain reasonable security procedures + and practices in maintaining these records. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7101-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7101 + ref_id: 7101-b + description: "The records may be maintained in a ticket or log format provided\ + \ that the ticket or log includes the date of request, nature of request,\ + \ manner in which the request was made, the date of the business\u2019s response,\ + \ the nature of the response, and the basis for the denial of the request\ + \ if the request is denied in whole or in part." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7101-c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7101 + ref_id: 7101-c + description: "A business\u2019s maintenance of the information required by this\ + \ section, where that information is not used for any other purpose, does\ + \ not taken alone violate the CCPA or these regulations." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7101-d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7101 + ref_id: 7101-d + description: Information maintained for record-keeping purposes shall not be + used for any other purpose except as reasonably necessary for the business + to review and modify its CPPA Page 62 of 67 processes for compliance with + the CCPA and these regulations. Information maintained for record-keeping + purposes shall not be shared with any third party except as necessary to comply + with a legal obligation. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7101-e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7101 + ref_id: 7101-e + description: Other than as required by subsection (b), a business is not required + to retain personal information solely for the purpose of fulfilling a consumer + request made under the CCPA. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-8 + ref_id: '7102' + name: Requirements for Businesses Collecting Large Amounts of Personal Information + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102 + ref_id: 7102-a + description: "A business that knows or reasonably should know that it, alone\ + \ or in combination, buys, receives for the business\u2019s commercial purposes,\ + \ sells, shares, or otherwise makes available for commercial purposes the\ + \ personal information of 10,000,000 or more consumers in a calendar year\ + \ shall:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a + ref_id: 7102-a.1 + description: 'Compile the following metrics for the previous calendar year:' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1.a + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1 + ref_id: 7102-a.1.A + description: The number of requests to delete that the business received, complied + with in whole or in part, and denied; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1.b + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1 + ref_id: 7102-a.1.B + description: The number of requests to correct that the business received, complied + with in whole or in part, and denied; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1.c + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1 + ref_id: 7102-a.1.C + description: The number of requests to know that the business received, complied + with in whole or in part, and denied; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1.d + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1 + ref_id: 7102-a.1.D + description: The number of requests to opt-out of sale/sharing that the business + received, complied with in whole or in part, and denied; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1.e + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1 + ref_id: 7102-a.1.E + description: The number of requests to limit that the business received, complied + with in whole or in part, and denied; and + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1.f + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.1 + ref_id: 7102-a.1.F + description: The median or mean number of days within which the business substantively responded + to requests to delete, requests to correct, requests to know, requests to + opt-out of sale/sharing, and requests to limit. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-a + ref_id: 7102-a.2 + description: Disclose, by July 1 of every calendar year, the information compiled + in subsection (a)(1) within their privacy policy or posted on their website + and accessible from a link included in their privacy policy. In its disclosure, + a business may choose to disclose the number of requests that it denied in + whole or in part because the request was not verifiable, was not made by + a consumer, called for information exempt from disclosure, or was denied + on other grounds. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7102-b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7102 + ref_id: 7102-b + description: A business may choose to compile and disclose the information required + by subsection (a)(1) for requests received from all individuals, rather than + requests received from consumers. The business shall state whether it has + done so in its disclosure and shall, upon request, compile and provide to + the Attorney General the information required by subsection (a)(1) for requests + received from consumers. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-9 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-1 + ref_id: ARTICLE 9 + name: ' INVESTIGATIONS AND ENFORCEMENT' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7300 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-9 + ref_id: '7300' + name: Sworn Complaints Filed with the Agency + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7300-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7300 + ref_id: 7300-a + description: "Requirements for filing a sworn complaint. Sworn complaints may\ + \ be filed with the Enforcement Division via the electronic complaint system\ + \ available on the Agency\u2019s website at https://cppa.ca.gov/ or submitted\ + \ in person or by mail to the headquarters office of the Agency." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node543 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7300 + description: A complaint must + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7300-a.1 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node543 + ref_id: 7300-a.1 + description: Identify the business, service provider, contractor, or person + who allegedly violated the CCPA; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7300-a.2 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node543 + ref_id: 7300-a.2 + description: State the facts that support each alleged violation and include + any documents or other evidence supporting this conclusion; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7300-a.3 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node543 + ref_id: 7300-a.3 + description: Authorize the alleged violator and the Agency to communicate regarding + the complaint, including disclosing the complaint and any information relating + to the complaint; + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7300-a.4 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node543 + ref_id: 7300-a.4 + description: Include the name and current contact information of the complainant; + and + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7300-a.5 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:node543 + ref_id: 7300-a.5 + description: Be signed and submitted under penalty of perjury. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7300-b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7300 + ref_id: 7300-b + description: The Enforcement Division will notify the complainant in writing + of the action, if any, the Agency has taken or plans to take on the complaint, + together with the reasons for that action or nonaction. Duplicate complaints + submitted by the same complainant may be rejected without notice. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7301 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-9 + ref_id: '7301' + name: ' Investigations' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7301-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7301 + ref_id: 7301-a + description: The Agency may open investigations upon the sworn complaint of + any person or on its own initiative. For example, the Agency may initiate + investigations based upon referrals from government agencies or private organizations, + and nonsworn or anonymous complaints. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7301-b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7301 + ref_id: 7301-b + description: "As part of the Agency\u2019s decision to pursue investigations\ + \ of possible or alleged violations of the CCPA, the Agency may consider\ + \ all facts it determines to be relevant, including the amount of time between\ + \ the effective date of the statutory or regulatory requirement(s) and the\ + \ possible or alleged violation(s) of those requirements, and good-faith efforts\ + \ to comply with those requirements." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-9 + ref_id: '7302' + name: Probable Cause Proceedings + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7302 + ref_id: 7302-a + description: Probable Cause. Under Civil Code section 1798.199.50, probable + cause exists when the evidence supports a reasonable belief that the CCPA + has been violated. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7302 + ref_id: 7302-b + description: Probable Cause Notice. The Enforcement Division will provide the + alleged violator with notice of the probable cause proceeding as required + by Civil Code section 1798.199.50. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7302 + ref_id: 7302-c + description: Probable Cause Proceeding. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-c.1 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-c + ref_id: 7302-c.1 + description: The proceeding shall be closed to the public unless the alleged + violator files, at least 10 business days before the proceeding, a written + request for a public proceeding. If the proceeding is not open to the public, + then the proceeding may be conducted in whole or in part by telephone or + videoconference. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-c.2 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-c + ref_id: 7302-c.2 + description: The Agency shall conduct the proceeding informally. Only the alleged + violator(s), their legal counsel, and the Enforcement Division shall have + the right to participate at the proceeding. The Agency shall determine whether + there is probable cause based on the probable cause notice and any information + or arguments presented at the probable cause proceeding by the parties. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-c.3 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-c + ref_id: 7302-c.3 + description: If the alleged violator(s) fails to participate or appear at the + probable cause proceeding, the alleged violator(s) waives the right to further + probable cause proceedings under Civil Code section 1798.199.50, and the + Agency shall determine whether there is probable cause based on the notice + and any information or arguments provided by the Enforcement Division. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7302 + ref_id: 7302-d + description: "Probable Cause Determination. The Agency shall issue a written\ + \ decision with its probable cause determination and serve it on the alleged\ + \ violator electronically or by mail. The Agency\u2019s probable cause determination\ + \ is final and not subject to appeal." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7302-e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7302 + ref_id: 7302-e + description: Notices of probable cause and probable cause determinations shall + not be open to the public nor admissible in evidence in any action or special + proceeding other than one enforcing the CCPA. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7303 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-9 + ref_id: '7303' + name: Stipulated Orders. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7303-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7303 + ref_id: 7303-a + description: At any time before or during an administrative hearing and in lieu + of such a hearing, the Head of Enforcement and the alleged violator may stipulate + to the entry of a final order. If a stipulation has been agreed upon and + the scheduled date of the hearing is set to occur before the next Board meeting, + the Enforcement Division will apply for a continuance of the hearing. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7303-b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7303 + ref_id: 7303-b + description: The final order must be approved by the Board, which may consider + the matter in closed session. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7303-c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7303 + ref_id: 7303-c + description: The stipulated final order shall be public and have the force of + an order of the Board. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7304 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-9 + ref_id: '7304' + name: Agency Audits + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7304-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7304 + ref_id: 7304-a + description: Scope. The Agency may audit a business, service provider, contractor, + or person to ensure compliance with any provision of the CCPA. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7304-b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7304 + ref_id: 7304-b + description: "Criteria for Selection. The Agency may conduct an audit to investigate\ + \ possible violations of the CCPA. Alternatively, the Agency may conduct\ + \ an audit if the subject\u2019s collection or processing of personal information\ + \ presents significant risk to consumer privacy or security, or if the subject\ + \ has a history of noncompliance with the CCPA or any other privacy protection\ + \ law." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7304-c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7304 + ref_id: 7304-c + description: Audits may be announced or unannounced as determined by the Agency. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7304-d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7304 + ref_id: 7304-d + description: "Failure to Cooperate. A subject\u2019s failure to cooperate during\ + \ the Agency\u2019s audit may result in the Agency issuing a subpoena, seeking\ + \ a warrant, or otherwise exercising its powers to ensure compliance with\ + \ the CCPA." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7304-e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7304 + ref_id: 7304-e + description: Protection of Personal Information. Consumer personal information + disclosed to the Agency during an audit shall be maintained in compliance + with the Information Practices Act of 1977, Civil Code section 1798, et seq. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-2 + assessable: false + depth: 1 + ref_id: CHAPTER 2 + name: CONFLICT OF INTEREST + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7500 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-2 + ref_id: '7500' + name: California Privacy Protection Agency -- Conflict-of-Interest Code. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node574 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7500 + description: "The Political Reform Act (Government Code Section 81000, et seq.)\ + \ requires state and local government agencies to adopt and promulgate conflict\ + \ of interest codes. The Fair Political Practices Commission has adopted\ + \ a regulation (2 California Code of Regulations Section 18730), that contains\ + \ the terms of a standard conflict of interest code which can be incorporated\ + \ by reference in an agency\u2019s code. After public notice and hearing,\ + \ the standard code may be amended by the Fair Political Practices Commission\ + \ to conform to amendments in the Political Reform Act. Therefore, the terms\ + \ of 2 California Code of Regulations Section 18730 and any amendments to\ + \ it duly adopted by the Fair Political Practices Commission are hereby incorporated\ + \ by reference into the Conflict of Interest Code for the California Privacy\ + \ Protection Agency. This regulation and the attached Appendices, designating\ + \ positions, and establishing disclosure requirement categories, shall constitute\ + \ the Conflict of Interest code of the California Privacy Protection Agency\ + \ (CPPA)." + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node575 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7500 + description: The statement of economic interests for the CPPA Board Members + and the Executive Director shall be filed electronically with the Fair Political + Practices Commission. All other individuals holding designated positions + shall file their statements with the CPPA. All statements must be made available + for public inspection and reproduction (Gov. Code Sec. 81008). + - urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-a + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-2 + ref_id: APPENDIX A + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node577 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-a + description: 'Designated Positions : California Privacy Protection Agency Board + Members Disclosure Category: 1' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node578 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-a + description: 'Designated Positions : Executive Director Disclosure Category: + 1' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node579 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-a + description: 'Designated Positions : Chief Privacy Auditor Disclosure Category: + 1' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node580 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-a + description: 'Designated Positions : Attorney (all levels) Disclosure Category: + 1' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node581 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-a + description: 'Designated Positions : Deputy Director of Administration Disclosure + Category: 2' + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node582 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-a + description: "Designated Positions : Consultants / New Positions Disclosure\ + \ Category: * \n* Consultants/new positions shall be included in the list\ + \ of designated positions and shall disclose pursuant to the broadest disclosure\ + \ category in the code subject to the following limitation:" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node583 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-a + description: "The Executive Director may determine in writing that a particular\ + \ consultant or new position, although a \u201Cdesignated position,\u201D\ + \ is hired to perform a range of duties that is limited in scope and thus\ + \ is not required to comply with the disclosure requirements described in\ + \ this section. Such determination shall include a description of the consultant\u2019\ + s or new position\u2019s duties and, CPPA Page 67 of 67 based upon that\ + \ description, a statement of the extent of disclosure requirements. The \ + \ Executive Director\u2019s determination is a public record and shall be\ + \ retained for public inspection in the same manner and location as this\ + \ conflict-of-interest code. (Gov. Code Sec. 81008.)" + - urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-b + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-2 + ref_id: APPENDIX B + - urn: urn:intuitem:risk:req_node:ccpa_regulations:node585 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-b + description: Disclosure Categories + - urn: 'urn:intuitem:risk:req_node:ccpa_regulations:category-1:' + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-b + ref_id: 'Category 1:' + description: Designated positions in this category shall disclose investments, + business positions in business entities and income, (including receipt of + gifts, loans and travel payments) and real property in the state of California. + - urn: 'urn:intuitem:risk:req_node:ccpa_regulations:category-2:' + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:appendix-b + ref_id: 'Category 2:' + description: Designated positions in this category shall disclose investments, + business positions in business entities and income (including receipt of + gifts, loans and travel payments), from sources that provide leased facilities, + goods, equipment, vehicles, machinery or services, including training or + consulting services of the type utilized by the California Privacy Protection + Agency. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-3. + assessable: false + depth: 1 + ref_id: CHAPTER 3. + name: DATA BROKER REGISTRATION + - urn: urn:intuitem:risk:req_node:ccpa_regulations:article-1. + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:chapter-3. + ref_id: ARTICLE 1. + name: ANNUAL REGISTRATION FEES + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7600 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:article-1. + ref_id: '7600' + name: Annual Registration Fee. + - urn: urn:intuitem:risk:req_node:ccpa_regulations:7600-a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ccpa_regulations:7600 + ref_id: 7600-a + description: The annual fee to register as a data broker is $400.00. diff --git a/backend/library/libraries/cra-resolution-annexes.yaml b/backend/library/libraries/cra-resolution-annexes.yaml new file mode 100644 index 000000000..05fa1c7d6 --- /dev/null +++ b/backend/library/libraries/cra-resolution-annexes.yaml @@ -0,0 +1,1585 @@ +urn: urn:intuitem:risk:library:cra-resolution-annexes +locale: en +ref_id: CRA-resolution-annexes +name: Cyber Resilience Act +description: "European Parliament legislative resolution of 12 March 2024 on the proposal\ + \ for a regulation of the European Parliament and of the Council on horizontal cybersecurity\ + \ requirements for products with digital elements and amending Regulation (EU) 2019/1020\ + \ (COM(2022)0454 \u2013 C9-0308/2022 \u2013 2022/0272(COD))\nhttps://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.pdf" +copyright: European Union law +version: 2 +provider: EU +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:cra-resolution-annexes + ref_id: CRA-resolution-annexes + name: Cyber Resilience Act + description: "European Parliament legislative resolution of 12 March 2024 on the\ + \ proposal for a regulation of the European Parliament and of the Council on\ + \ horizontal cybersecurity requirements for products with digital elements and\ + \ amending Regulation (EU) 2019/1020 (COM(2022)0454 \u2013 C9-0308/2022 \u2013\ + \ 2022/0272(COD))\nhttps://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.pdf" + requirement_nodes: + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1 + assessable: false + depth: 1 + ref_id: '1' + name: ANNEX I + description: ESSENTIAL REQUIREMENTS + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1 + ref_id: '1.1' + name: Part I + description: Cybersecurity requirements relating to the properties of products + with digital elements + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1 + ref_id: 1.1.1 + description: Products with digital elements shall be designed, developed and + produced in such a way that they ensure an appropriate level of cybersecurity + based on the risks; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1 + ref_id: 1.1.2 + description: 'On the basis of the cybersecurity risk assessment referred to + in Article 10(2) and where applicable, products with digital elements shall:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.a + description: be made available on the market without known exploitable vulnerabilities; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.b + description: be made available on the market with a secure by default configuration, + unless otherwise agreed between manufacturer and business user in relation + to a tailor-made product with digital elements, including the possibility + to reset the product to its original state; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.c + description: ensure that vulnerabilities can be addressed through security updates, + including, where applicable, through automatic security updates that are installed + within an appropriate timeframe enabled as a default setting, with a clear + and easy-to-use opt-out mechanism, through the notification of available updates + to users, and the option to temporarily postpone them; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.d + description: ensure protection from unauthorised access by appropriate control + mechanisms, including but not limited to authentication, identity or access + management systems, and report on possible unauthorised access; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.e + description: protect the confidentiality of stored, transmitted or otherwise + processed data, personal or other, such as by encrypting relevant data at + rest or in transit by state of the art mechanisms, and by using other technical + means; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.f + description: protect the integrity of stored, transmitted or otherwise processed + data, personal or other, commands, programs and configuration against any + manipulation or modification not authorised by the user, and report on corruptions; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.g + description: process only data, personal or other, that are adequate, relevant + and limited to what is necessary in relation to the intended purpose of the + product with digital elements (minimisation of data); + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.h + description: protect the availability of essential and basic functions, also + after an incident, including through resilience and mitigation measures against + denial-of-service attacks; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.i + description: minimise the negative impact by the products themselves or connected + devices on the availability of services provided by other devices or networks; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.j + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.j + description: be designed, developed and produced to limit attack surfaces, including + external interfaces; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.k + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.k + description: be designed, developed and produced to reduce the impact of an + incident using appropriate exploitation mitigation mechanisms and techniques; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.l + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.l + description: provide security related information by recording and monitoring + relevant internal activity, including the access to or modification of data, + services or functions, with an opt-out mechanism for the user; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2.m + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.1.2 + ref_id: 1.1.2.m + description: provide the possibility for users to securely and easily remove + on a permanent basis all data and settings and, where such data can be transferred + to other products or systems, ensure that this is done in a secure manner. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1 + ref_id: '1.2' + name: Part II + description: "Vulnerability\_handling\_requirements" + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2 + description: 'Manufacturers of the products with digital elements shall:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + ref_id: 1.2.1 + description: identify and document vulnerabilities and components contained + in products with digital elements, including by drawing up a software bill + of materials in a commonly used and machine-readable format covering at the + very least the top-level dependencies of the products; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + ref_id: 1.2.2 + description: in relation to the risks posed to products with digital elements, + address and remediate vulnerabilities without delay, including by providing + security updates; where technically feasible, new security updates shall be + provided separately from functionality updates; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + ref_id: 1.2.3 + description: apply effective and regular tests and reviews of the security of + the product with digital elements; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + ref_id: 1.2.4 + description: once a security update has been made available, share and publicly + disclose information about fixed vulnerabilities, including a description + of the vulnerabilities, information allowing users to identify the product + with digital elements affected, the impacts of the vulnerabilities, their + severity and clear and accessible information helping users to remediate the + vulnerabilities; in duly justified cases, where manufacturers consider the + security risks of publication to outweigh the security benefits, they may + delay making public information regarding a fixed vulnerability until after + users have been given the possibility to apply the relevant patch; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + ref_id: 1.2.5 + description: put in place and enforce a policy on coordinated vulnerability + disclosure; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + ref_id: 1.2.6 + description: take measures to facilitate the sharing of information about potential + vulnerabilities in their product with digital elements as well as in third + party components contained in that product, including by providing a contact + address for the reporting of the vulnerabilities discovered in the product + with digital elements; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + ref_id: 1.2.7 + description: provide for mechanisms to securely distribute updates for products + with digital elements to ensure that vulnerabilities are fixed or mitigated + in a timely manner and, where applicable for security updates, in an automatic + manner; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:1.2.8 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node20 + ref_id: 1.2.8 + description: ensure that, where security updates are available to address identified + security issues, they are disseminated without delay and, unless otherwise + agreed between a manufacturer and a business user in relation to a tailor- + made product with digital elements, free of charge, accompanied by advisory + messages providing users with the relevant information, including on potential + action to be taken. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2 + assessable: false + depth: 1 + ref_id: '2' + name: ANNEX II + description: INFORMATION AND INSTRUCTIONS TO THE USER + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2 + description: 'As a minimum, the product with digital elements shall be accompanied + by:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.1' + description: the name, registered trade name or registered trademark of the + manufacturer, and the postal address, the email address or other digital contact + as well as, where available, the website at which the manufacturer can be + contacted; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.2' + description: "the single point of contact where information about vulnerabilities\ + \ of the product with digital elements can be reported and received, and where\ + \ the manufacturer\u2019s policy on coordinated vulnerability disclosure can\ + \ be found;" + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.3' + description: name and type and any additional information enabling the unique + identification of the product with digital elements ; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.4' + description: "the intended purpose of the product with digital elements, including\ + \ the security environment provided by the manufacturer, as well as the product\u2019\ + s essential functionalities and information about the security properties;" + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.5' + description: 'any known or foreseeable circumstance, related to the use of the + product with digital elements in accordance with its intended purpose or under + conditions of reasonably foreseeable misuse, which may lead to significant + cybersecurity risks; ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.6' + description: 'where applicable, the internet address at which the EU declaration + of conformity can be accessed; ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.7' + description: the type of technical security support offered by the manufacturer + and the end-date of the support period during which users can expect vulnerabilities + to be handled and to receive security updates; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.8' + description: 'detailed instructions or an internet address referring to such + detailed instructions and information on:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8 + ref_id: 2.8.a + description: the necessary measures during initial commissioning and throughout + the lifetime of the product with digital elements to ensure its secure use; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8 + ref_id: 2.8.b + description: how changes to the product with digital elements can affect the + security of data; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8 + ref_id: 2.8.c + description: how security-relevant updates can be installed; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8 + ref_id: 2.8.d + description: the secure decommissioning of the product with digital elements, + including information on how user data can be securely removed; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8 + ref_id: 2.8.e + description: how the default setting enabling the automatic installation of + security updates, as required by Annex I, Part I, point (c), can be turned + off; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8.f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.8 + ref_id: 2.8.f + description: where the product with digital elements is intended for integration + into other products with digital elements, the information necessary for the + integrator to comply with the essential requirements set out in Annex I and + the documentation requirements set out in Annex VII. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:2.9 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node30 + ref_id: '2.9' + description: If the manufacturer decides to make available the software bill + of materials to the user, information on where the software bill of materials + can be accessed. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3 + assessable: false + depth: 1 + ref_id: '3' + name: ANNEX III + description: IMPORTANT PRODUCTS WITH DIGITAL ELEMENTS + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3 + ref_id: '3.1' + name: Class I + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.1 + description: Identity management systems and privileged access management software + and hardware, including authentication and access control readers, including + biometric readers; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.2 + description: Standalone and embedded browsers; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.3 + description: Password managers; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.4 + description: Software that searches for, removes, or quarantines malicious software; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.5 + description: Products with digital elements with the function of virtual private + network (VPN); + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.6 + description: Network management systems; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.7 + description: Security information and event management (SIEM) systems; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.8 + description: Boot managers; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.9 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.9 + description: Public key infrastructure and digital certificate issuance software; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.9' + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.9' + description: Physical and virtual network interfaces; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.10 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.10 + description: Operating systems ; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.11 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.11 + description: Routers, modems intended for the connection to the internet, and + switches ; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.12 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.12 + description: Microprocessors with security-related functionalities; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.13 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.13 + description: Microcontrollers with security-related functionalities; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.14 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.14 + description: Application specific integrated circuits (ASIC) and field-programmable + gate arrays (FPGA) with security-related functionalities; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.15 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.15 + description: Smart home general purpose virtual assistants; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.16 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.16 + description: Smart home products with security functionalities, including smart + door locks, security cameras, baby monitoring systems and alarm systems; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.17 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.17 + description: Internet connected toys covered by Directive 2009/48/EC of the + European Parliament and of the Council1 that have social interactive features + (e.g. speaking or filming) or that have location tracking features; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1.18 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.1 + ref_id: 3.1.18 + description: Personal wearable products to be worn or placed on a human body + that have a health monitoring (such as tracking) purpose and to which Regulation + (EU) 2017/745 or Regulation (EU) 2017/746 do not apply, or personal wearable + products that are intended for the use by and for children. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3 + ref_id: '3.2' + name: Class II + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2 + ref_id: 3.2.1 + description: Hypervisors and container runtime systems that support virtualised + execution of operating systems and similar environments; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2 + ref_id: 3.2.2 + description: Firewalls, intrusion detection and prevention systems ; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2 + ref_id: 3.2.3 + description: Tamper-resistant microprocessors; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:3.2 + ref_id: 3.2.4 + description: Tamper-resistant microcontrollers. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4 + assessable: false + depth: 1 + ref_id: '4' + name: ANNEX IV + description: CRITICAL PRODUCTS WITH DIGITAL ELEMENTS + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4 + ref_id: '4.1' + description: Hardware Devices with Security Boxes; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4 + ref_id: '4.2' + description: Smart meter gateways within smart metering systems as defined in + Article 2(23) of Directive (EU) 2019/944 of the European Parliament and of + the Council and other devices for advanced security purposes, including for + secure cryptoprocessing; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:4 + ref_id: '4.3' + description: Smartcards or similar devices, including secure elements. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5 + assessable: false + depth: 1 + ref_id: '5' + name: ANNEX V + description: EU DECLARATION OF CONFORMITY + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5 + description: 'The EU declaration of conformity referred to in Article 28, shall + contain all of the following information:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + ref_id: '5.1' + description: Name and type and any additional information enabling the unique + identification of the product with digital elements; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + ref_id: '5.2' + description: Name and address of the manufacturer or its authorised representative; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + ref_id: '5.3' + description: A statement that the EU declaration of conformity is issued under + the sole responsibility of the provider; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + ref_id: '5.4' + description: Object of the declaration (identification of the product with digital + elements allowing traceability, which may include a photograph, where appropriate); + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + ref_id: '5.5' + description: A statement that the object of the declaration described above + is in conformity with the relevant Union harmonisation legislation; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + ref_id: '5.6' + description: References to any relevant harmonised standards used or any other + common specification or cybersecurity certification in relation to which conformity + is declared; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + ref_id: '5.7' + description: Where applicable, the name and number of the notified body, a description + of the conformity assessment procedure performed and identification of the + certificate issued; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:5.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node77 + ref_id: '5.8' + description: 'Additional information: + + Signed for and on behalf of:....................................... (place + and date of issue): + + (name, function) (signature):' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:6 + assessable: false + depth: 1 + ref_id: '6' + name: ANNEX VI + description: SIMPLIFIED EU DECLARATION OF CONFORMITY + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node87 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:6 + description: 'The simplified EU declaration of conformity referred to in Article + 13(20) shall be provided as follows:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node88 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:6 + description: Hereby, [Name of manufacturer] declares that the product with digital + elements type [designation of type of product with digital element] is in + compliance with Regulation (EU) .../... of the European Parliament and of + the Council1. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node89 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:6 + description: 'The full text of the EU declaration of conformity is available + at the following internet address:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7 + assessable: false + depth: 1 + ref_id: '7' + name: ANNEX VII + description: CONTENTS OF THE TECHNICAL DOCUMENTATION + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7 + description: 'The technical documentation referred to in Article 31 shall contain + at least the following information, as applicable to the relevant product + with digital elements:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + ref_id: '7.1' + description: 'a general description of the product with digital elements, including:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1 + ref_id: 7.1.a + description: its intended purpose; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1 + ref_id: 7.1.b + description: versions of software affecting compliance with essential requirements; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1 + ref_id: 7.1.c + description: where the product with digital elements is a hardware product, + photographs or illustrations showing external features, marking and internal + layout; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.1 + ref_id: 7.1.d + description: user information and instructions as set out in Annex II; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + ref_id: '7.2' + description: 'a description of the design, development and production of the + product with digital + + elements and vulnerability handling processes, including:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2 + ref_id: 7.2.a + description: necessary information on the design and development of the product + with digital elements, including, where applicable, drawings and schemes and + a description of the system architecture explaining how software components + build on or feed into each other and integrate into the overall processing; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2 + ref_id: 7.2.b + description: necessary information and specifications of the vulnerability handling + processes put in place by the manufacturer, including the software bill of + materials, the coordinated vulnerability disclosure policy, evidence of the + provision of a contact address for the reporting of the vulnerabilities and + a description of the technical solutions chosen for the secure distribution + of updates; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.2 + ref_id: 7.2.c + description: necessary information and specifications of the production and + monitoring processes of the product with digital elements and the validation + of those processes; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + ref_id: '7.3' + description: an assessment of the cybersecurity risks against which the product + with digital elements is designed, developed, produced, delivered and maintained + as laid down in Article 13 of this Regulation, including how the essential + requirements set out in Annex I, Part I, are applicable; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + ref_id: '7.4' + description: relevant information that was taken into account to determine the + support period as referred to in Article 13(8) of the product with digital + elements; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + ref_id: '7.5' + description: a list of the harmonised standards applied in full or in part the + references of which have been published in the Official Journal of the European + Union, common specifications as set out in Article 27 of this Regulation or + European cybersecurity certification schemes adopted pursuant to Regulation + (EU) 2019/881 pursuant to Article 27(8) of this Regulation, and, where those + harmonised standards, common specifications or European cybersecurity certification + schemes have not been applied, descriptions of the solutions adopted to meet + the essential requirements set out in of Annex I, Parts I and II, including + a list of other relevant technical specifications applied. In the event of + partly applied harmonised standards, common specifications or European cybersecurity + certification schemes, the technical documentation shall specify the parts + which have been applied; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + ref_id: '7.6' + description: reports of the tests carried out to verify the conformity of the + product with digital elements and of the vulnerability handling processes + with the applicable essential requirements as set out in Annex I, Parts I + and II; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + ref_id: '7.7' + description: a copy of the EU declaration of conformity; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:7.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node91 + ref_id: '7.8' + description: 'where applicable, the software bill of materials, further to a + reasoned request from a market surveillance authority provided that it is + necessary in order for this authority to be able to check compliance with + the essential requirements set out in Annex I. ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8 + assessable: false + depth: 1 + ref_id: '8' + name: ANNEX VIII + description: CONFORMITY ASSESSMENT PROCEDURES + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8 + ref_id: '8.1' + name: Part I + description: Conformity Assessment procedure based on internal control (based + on Module A) + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1 + ref_id: 8.1.1 + description: Internal control is the conformity assessment procedure whereby + the manufacturer fulfils the obligations laid down in points 2, 3 and 4, and + ensures and declares on its sole responsibility that the products with digital + elements satisfy all the essential requirements set out in Annex I, Part I, + and the manufacturer meets the essential requirements set out in Annex I, + Part II. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1 + ref_id: 8.1.2 + description: 'The manufacturer shall draw up the technical documentation described + in Annex VII. ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1 + ref_id: 8.1.3 + description: "Design, development, production and vulnerability handling of\ + \ products with digital elements \nThe manufacturer shall take all measures\ + \ necessary so that the design, development, production and vulnerability\ + \ handling processes and their monitoring ensure compliance of the manufactured\ + \ or developed products with digital elements and of the processes put in\ + \ place by the manufacturer with the essential requirements set out in Annex\ + \ I, Parts I and II." + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1 + ref_id: 8.1.4 + name: Conformity marking and declaration of conformity + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4 + ref_id: 8.1.4.1 + description: The manufacturer shall affix the CE marking to each individual + product with digital elements that satisfies the applicable requirements of + this Regulation. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.4 + ref_id: 8.1.4.2 + description: The manufacturer shall draw up a written EU declaration of conformity + for each product with digital elements in accordance with Article 28 and keep + it together with the technical documentation at the disposal of the national + authorities for 10 years after the product with digital elements has been + placed on the market or for the support period, whichever is longer. The EU + declaration of conformity shall identify the product with digital elements + for which it has been drawn up. A copy of the EU declaration of conformity + shall be made available to the relevant authorities upon request. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1 + ref_id: 8.1.5 + description: Authorised representatives + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node116 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.1 + description: "The manufacturer\u2019s obligations set out in point 4 may be\ + \ fulfilled by its authorised representative, on its behalf and under its\ + \ responsibility, provided that they are specified in the mandate." + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8 + ref_id: '8.2' + name: Part II + description: 'EU-type examination (based on Module B) ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.1 + description: 'EU-type examination is the part of a conformity assessment procedure + in which a notified body examines the technical design and development of + a product with digital elements and the vulnerability handling processes put + in place by the manufacturer, and attests that a product with digital elements + meets the essential requirements set out in Annex I, Part I, and that the + manufacturer meets the essential requirements set out in Annex I, Part II. ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.2 + description: EU-type examination shall be carried out by assessment of the adequacy + of the technical design and development of the product with digital elements + through examination of the technical documentation and supporting evidence + referred to in point 3, plus examination of specimens of one or more critical + parts of the product (combination of production type and design type). + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.3 + description: 'The manufacturer shall lodge an application for EU-type examination + with a single notified body of its choice. ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + description: 'The application shall include: ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121 + ref_id: 8.2.3.1 + description: the name and address of the manufacturer and, if the application + is lodged by the authorised representative, its name and address as well; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121 + ref_id: 8.2.3.2 + description: a written declaration that the same application has not been lodged + with any other notified body; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121 + ref_id: 8.2.3.3 + description: the technical documentation, which shall make it possible to assess + the conformity of the product with digital elements with the applicable essential + requirements as set out in Annex I, Part I, and the manufacturer's vulnerability + handling processes set out in Annex I, Part II, and shall include an adequate + analysis and assessment of the risks. The technical documentation shall specify + the applicable requirements and cover, as far as relevant for the assessment, + the design, manufacture and operation of the product with digital elements. + The technical documentation shall contain, wherever applicable, at least the + elements set out in Annex VII; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.3.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node121 + ref_id: 8.2.3.4 + description: the supporting evidence for the adequacy of the technical design + and development solutions and vulnerability handling processes. This supporting + evidence shall mention any documents that have been used, in particular where + the relevant harmonised standards or technical specifications have not been + applied in full. The supporting evidence shall include, where necessary, the + results of tests carried out by the appropriate laboratory of the manufacturer, + or by another testing laboratory on its behalf and under its responsibility. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.4 + description: 'The notified body shall:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4 + ref_id: 8.2.4.1 + description: examine the technical documentation and supporting evidence to + assess the adequacy of the technical design and development of the product + with digital elements with the essential requirements set out in Annex I, + Part I, and of the vulnerability handling processes put in place by the manufacturer + with the essential requirements set out in Annex I, Part II; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4 + ref_id: 8.2.4.2 + description: verify that specimens have been developed or manufactured in conformity + with the technical documentation, and identify the elements which have been + designed and developed in accordance with the applicable provisions of the + relevant harmonised standards or technical specifications, as well as the + elements which have been designed and developed without applying the relevant + provisions of those standards; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4 + ref_id: 8.2.4.3 + description: carry out appropriate examinations and tests, or have them carried + out, to check that, where the manufacturer has chosen to apply the solutions + in the relevant harmonised standards or technical specifications for the requirements + set out in Annex I, they have been applied correctly; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4 + ref_id: 8.2.4.4 + description: carry out appropriate examinations and tests, or have them carried + out, to check that, where the solutions in the relevant harmonised standards + or technical specifications for the requirements set out in Annex I have not + been applied, the solutions adopted by the manufacturer meet the corresponding + essential requirements; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.4 + ref_id: 8.2.4.5 + description: agree with the manufacturer on a location where the examinations + and tests will be carried out. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.5 + description: "The notified body shall draw up an evaluation report that records\ + \ the activities undertaken in accordance with point 4 and their outcomes.\ + \ Without prejudice to its obligations vis-\xE0-vis the notifying authorities,\ + \ the notified body shall release the content of that report, in full or in\ + \ part, only with the agreement of the manufacturer." + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.6 + description: Where the type and the vulnerability handling processes meet the + essential requirements set out in Annex I, the notified body shall issue an + EU-type examination certificate to the manufacturer. The certificate shall + contain the name and address of the manufacturer, the conclusions of the examination, + the conditions (if any) for its validity and the necessary data for identification + of the approved type and vulnerability handling processes. The certificate + may have one or more annexes attached. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node134 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + description: The certificate and its annexes shall contain all relevant information + to allow the conformity of manufactured or developed products with digital + elements with the examined type and vulnerability handling processes to be + evaluated and to allow for in-service control. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node135 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + description: Where the type and the vulnerability handling processes do not + satisfy the applicable essential requirements set out in Annex I, the notified + body shall refuse to issue an EU-type examination certificate and shall inform + the applicant accordingly, giving detailed reasons for its refusal. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.7 + description: The notified body shall keep itself apprised of any changes in + the generally acknowledged state of the art which indicate that the approved + type and the vulnerability handling processes may no longer comply with the + applicable essential requirements set out in Annex I to this Regulation, and + shall determine whether such changes require further investigation. If so, + the notified body shall inform the manufacturer accordingly. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node137 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + description: The manufacturer shall inform the notified body that holds the + technical documentation relating to the EU-type examination certificate of + all modifications to the approved type and the vulnerability handling processes + that may affect the conformity with the essential requirements set out in + Annex I, or the conditions for validity of the certificate. Such modifications + shall require additional approval in the form of an addition to the original + EU-type examination certificate. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.8 + description: The notified body shall carry out periodic audits to ensure that + the vulnerability handling processes as set out in Annex I, Part II, are implemented + adequately. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.9 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.9 + description: Each notified body shall inform its notifying authorities concerning + the EU-type examination certificates and any additions thereto which it has + issued or withdrawn, and shall, periodically or upon request, make available + to its notifying authorities the list of certificates and any additions thereto + refused, suspended or otherwise restricted. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node140 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + description: Each notified body shall inform the other notified bodies concerning + the EU-type examination certificates and any additions thereto which it has + refused, withdrawn, suspended or otherwise restricted, and, upon request, + concerning the certificates and additions thereto which it has issued. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node141 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + description: The Commission, the Member States and the other notified bodies + may, on request, obtain a copy of the EU-type examination certificates and + any additions thereto. On request, the Commission and the Member States may + obtain a copy of the technical documentation and the results of the examinations + carried out by the notified body. The notified body shall keep a copy of the + EU-type examination certificate, its annexes and additions, as well as the + technical file including the documentation submitted by the manufacturer, + until the expiry of the validity of the certificate. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.10 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.10 + description: The manufacturer shall keep a copy of the EU-type examination certificate, + its annexes and additions together with the technical documentation at the + disposal of the national authorities for 10 years after the product with digital + elements has been placed on the market or for the support period, whichever + is longer. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2.11 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.2 + ref_id: 8.2.11 + description: The manufacturer's authorised representative may lodge the application + referred to in point 3 and fulfil the obligations set out in points 7 and + 10, provided that they are specified in the mandate. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8 + ref_id: '8.3' + name: Part III + description: ' Conformity to type based on internal production control (based + on Module C)' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3 + ref_id: 8.3.1 + description: Conformity to type based on internal production control is the + part of a conformity assessment procedure whereby the manufacturer fulfils + the obligations laid down in points 2 and 3, and ensures and declares that + the products with digital elements concerned are in conformity with the type + described in the EU-type examination certificate and satisfy the essential + requirements set out in Annex I, Part I, and that the manufacturer meets the + essential requirements set out in Annex I, Part II. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3 + ref_id: 8.3.2 + name: Production + description: The manufacturer shall take all measures necessary so that the + production and its monitoring ensure conformity of the manufactured products + with digital elements with the approved type described in the EU-type examination + certificate and with the essential requirements as set out in Annex I, Part + I, and ensures that the manufacturer meets the essential requirements set + out in Annex I, Part II. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3 + ref_id: 8.3.3 + name: Conformity marking and declaration of conformity + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3.3.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3.3 + ref_id: 8.3.3.1 + description: The manufacturer shall affix the CE marking to each individual + product with digital elements that is in conformity with the type described + in the EU-type examination certificate and satisfies the applicable requirements + of the legislative instrument. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3.3.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3.3 + ref_id: 8.3.3.2 + description: The manufacturer shall draw up a written declaration of conformity + for a product model and keep it at the disposal of the national authorities + for 10 years after the product with digital elements has been placed on the + market or for the support period, whichever is longer. The declaration of + conformity shall identify the product model for which it has been drawn up. + A copy of the declaration of conformity shall be made available to the relevant + authorities upon request. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.3 + ref_id: 8.3.4 + name: Authorised representative + description: The manufacturer's obligations set out in point 3 may be fulfilled + by its authorised representative, on its behalf and under its responsibility, + provided that they are specified in the mandate. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8 + ref_id: '8.4' + name: Part IV + description: Conformity based on full quality assurance (based on Module H) + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + ref_id: 8.4.1 + description: Conformity based on full quality assurance is the conformity assessment + procedure whereby the manufacturer fulfils the obligations laid down in points + 2 and 5, and ensures and declares on its sole responsibility that the products + with digital elements or product categories concerned satisfy the essential + requirements set out in Annex I, Part I, and that the vulnerability handling + processes put in place by the manufacturer meet the requirements set out in + Annex I, Part II. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + ref_id: 8.4.2 + description: 'Design, development, production and vulnerability handling of + products with digital elements + + The manufacturer shall operate an approved quality system as specified in + point 3 for the design, development and final product inspection and testing + of the products with digital elements concerned and for handling vulnerabilities, + maintain its effectiveness throughout the support period, and shall be subject + to surveillance as specified in point 4.' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + ref_id: 8.4.3 + name: Quality system + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + ref_id: 8.4.3.1 + description: The manufacturer shall lodge an application for assessment of its + quality system with the notified body of its choice, for the products with + digital elements concerned. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node156 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: 'The application shall include:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.1.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node156 + ref_id: 8.4.3.1.1 + description: the name and address of the manufacturer and, if the application + is lodged by the authorised representative, its name and address as well; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.1.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node156 + ref_id: 8.4.3.1.2 + description: the technical documentation for one model of each category of products + with digital elements intended to be manufactured or developed. The technical + documentation shall, wherever applicable, contain at least the elements as + set out in Annex VII; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.1.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node156 + ref_id: 8.4.3.1.3 + description: the documentation concerning the quality system; and + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.1.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node156 + ref_id: 8.4.3.1.4 + description: a written declaration that the same application has not been lodged + with any other notified body. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + ref_id: 8.4.3.2 + description: The quality system shall ensure compliance of the products with + digital elements with the essential requirements set out in Annex I, Part + I, and compliance of the vulnerability handling processes put in place by + the manufacturer with the requirements set out in Annex I, Part II. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node162 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: All the elements, requirements and provisions adopted by the manufacturer + shall be documented in a systematic and orderly manner in the form of written + policies, procedures and instructions. That quality system documentation shall + permit a consistent interpretation of the quality programmes, plans, manuals + and records. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: 'It shall, in particular, contain an adequate description of:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + ref_id: 8.4.3.2.1 + description: the quality objectives and the organisational structure, responsibilities + and powers of the management with regard to design, development, product quality + and vulnerability handling; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + ref_id: 8.4.3.2.2 + description: the technical design and development specifications, including + standards, that will be applied and, where the relevant harmonised standards + or technical specifications will not be applied in full, the means that will + be used to ensure that the essential requirements set out in Annex I, Part + I, that apply to the products with digital elements will be met; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + ref_id: 8.4.3.2.3 + description: the procedural specifications, including standards, that will be + applied and, where the relevant harmonised standards or technical specifications + will not be applied in full, the means that will be used to ensure that the + essential requirements set out in Annex I, Part II, that apply to the manufacturer + will be met; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2.4 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + ref_id: 8.4.3.2.4 + description: the design and development control, as well as design and development + verification techniques, processes and systematic actions that will be used + when designing and developing the products with digital elements pertaining + to the product category covered; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2.5 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + ref_id: 8.4.3.2.5 + description: the corresponding production, quality control and quality assurance + techniques, processes and systematic actions that will be used; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2.6 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + ref_id: 8.4.3.2.6 + description: the examinations and tests that will be carried out before, during + and after production, and the frequency with which they will be carried out; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2.7 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + ref_id: 8.4.3.2.7 + description: the quality records, such as inspection reports and test data, + calibration data and qualification reports on the personnel concerned; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.2.8 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node163 + ref_id: 8.4.3.2.8 + description: the means of monitoring the achievement of the required design + and product quality and the effective operation of the quality system. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + ref_id: 8.4.3.3 + description: The notified body shall assess the quality system to determine + whether it satisfies the requirements referred to in point 3.2. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node173 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: It shall presume conformity with those requirements in respect + of the elements of the quality system that comply with the corresponding specifications + of the national standard that implements the relevant harmonised standard + or technical specification. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node174 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: In addition to experience in quality management systems, the auditing + team shall have at least one member experienced as an assessor in the relevant + product field and product technology concerned, and shall have knowledge of + the applicable requirements of this Regulation. The audit shall include an + assessment visit to the manufacturer's premises, where such premises exist. + The auditing team shall review the technical documentation referred to in + point 3.1, second indent, to verify the manufacturer's ability to identify + the applicable requirements of this Regulation and to carry out the necessary + examinations with a view to ensuring compliance of the product with digital + elements with those requirements. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node175 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: The manufacturer or its authorised representative shall be notified + of the decision. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node176 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: The notification shall contain the conclusions of the audit and + the reasoned assessment decision. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + ref_id: 8.4.3.4 + description: The manufacturer shall undertake to fulfil the obligations arising + out of the quality system as approved and to maintain it so that it remains + adequate and efficient. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + ref_id: 8.4.3.5 + description: The manufacturer shall keep the notified body that has approved + the quality system informed of any intended change to the quality system. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node179 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: The notified body shall evaluate any proposed changes and decide + whether the modified quality system will continue to satisfy the requirements + referred to in point 3.2 or whether a reassessment is necessary. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node180 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.3 + description: It shall notify the manufacturer of its decision. The notification + shall contain the conclusions of the examination and the reasoned assessment + decision. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + ref_id: 8.4.4 + name: Surveillance under the responsibility of the notified body + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4 + ref_id: 8.4.4.1 + description: The purpose of surveillance is to make sure that the manufacturer + duly fulfils the obligations arising out of the approved quality system. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4 + ref_id: 8.4.4.2 + description: 'The manufacturer shall, for assessment purposes, allow the notified + body access to the design, development, production, inspection, testing and + storage sites, and shall provide it with all necessary information, in particular:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.2.1 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.2 + ref_id: 8.4.4.2.1 + description: 'the quality system documentation; ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.2.2 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.2 + ref_id: 8.4.4.2.2 + description: 'the quality records as provided for by the design part of the + quality system, such as results of analyses, calculations and tests; ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.2.3 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.2 + ref_id: 8.4.4.2.3 + description: 'the quality records as provided for by the manufacturing part + of the quality system, such as inspection reports and test data, calibration + data and qualification reports on the personnel concerned. ' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.4 + ref_id: 8.4.4.3 + description: The notified body shall carry out periodic audits to make sure + that the manufacturer maintains and applies the quality system and shall provide + the manufacturer with an audit report. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + ref_id: 8.4.5 + name: Conformity marking and declaration of conformity + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.5.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.5 + ref_id: 8.4.5.1 + description: The manufacturer shall affix the CE marking, and, under the responsibility + of the notified body referred to in point 3.1, the latter's identification + number to each individual product with digital elements that satisfies the + requirements set out in Annex I, Part I, to this Regulation. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.5.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.5 + ref_id: 8.4.5.2 + description: The manufacturer shall draw up a written declaration of conformity + for each product model and keep it at the disposal of the national authorities + for 10 years after the product with digital elements has been placed on the + market or for the support period, whichever is longer. The declaration of + conformity shall identify the product model for which it has been drawn up. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node191 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.5 + description: A copy of the declaration of conformity shall be made available + to the relevant authorities upon request. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + ref_id: 8.4.6 + description: 'The manufacturer shall, for a period ending at least 10 years + after the product with digital elements has been placed on the market or for + the support period, whichever is longer, keep at the disposal of the national + authorities:' + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6 + ref_id: 8.4.6.1 + description: the technical documentation referred to in point 3.1; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6 + ref_id: 8.4.6.2 + description: the documentation concerning the quality system referred to in + point 3.1; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6 + ref_id: 8.4.6.3 + description: the change referred to in point 3.5, as approved; + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.6 + ref_id: 8.4.6.4 + description: the decisions and reports of the notified body referred to in points + 3.5 and 4.3. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + ref_id: 8.4.7 + description: Each notified body shall inform its notifying authorities of quality + system approvals issued or withdrawn, and shall, periodically or upon request, + make available to its notifying authorities the list of quality system approvals + refused, suspended or otherwise restricted. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:node198 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + description: Each notified body shall inform the other notified bodies of quality + system approvals which it has refused, suspended or withdrawn, and, upon request, + of quality system approvals which it has issued. + - urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cra-resolution-annexes:8.4 + ref_id: 8.4.8 + name: Authorised representative + description: The manufacturer's obligations set out in points 3.1, 3.5, 5 and + 6 may be fulfilled by its authorised representative, on its behalf and under + its responsibility, provided that they are specified in the mandate. diff --git a/backend/library/libraries/cyber_essentials.yaml b/backend/library/libraries/cyber_essentials.yaml new file mode 100644 index 000000000..4a4523e87 --- /dev/null +++ b/backend/library/libraries/cyber_essentials.yaml @@ -0,0 +1,1811 @@ +urn: urn:intuitem:risk:library:cyber_essentials_requirements_for_it_infrastructure +locale: en +ref_id: ' Cyber Essentials: Requirements for IT infrastructure ' +name: ' Cyber Essentials: Requirements for IT infrastructure v3.1' +description: "Cyber Essentials is a set of baseline technical controls produced by\ + \ the UK Government and security industry to help organisations \u2013 large and\ + \ small \u2013 improve their cyber security defences and demonstrate a public commitment\ + \ to their network security and the standards to which they operate. \nhttps://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-Infrastructure-v3-1-January-2023.pdf" +copyright: 'Information + + Licence : https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/' +version: 1 +provider: NCSC +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:cyber_essentials_requirements_for_it_infrastructure + ref_id: ' Cyber Essentials: Requirements for IT infrastructure ' + name: ' Cyber Essentials: Requirements for IT infrastructure v3.1' + description: "Cyber Essentials is a set of baseline technical controls produced\ + \ by the UK Government and security industry to help organisations \u2013 large\ + \ and small \u2013 improve their cyber security defences and demonstrate a public\ + \ commitment to their network security and the standards to which they operate.\ + \ \nhttps://www.ncsc.gov.uk/files/Cyber-Essentials-Requirements-for-Infrastructure-v3-1-January-2023.pdf" + requirement_nodes: + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:a + assessable: false + depth: 1 + ref_id: A + name: Introducing the technical controls + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:a + description: 'We have organised the requirements under five technical controls:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node3 + description: 1. Firewalls + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node3 + description: 2. Secure configuration + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node3 + description: 3. Security update management + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node7 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node3 + description: 4. User access control + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node8 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node3 + description: 5. Malware protection + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node9 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:a + description: "As a Cyber Essentials scheme applicant organisation, it's your\ + \ responsibility to make sure that your organisation meets all the requirements.\ + \ You might also be required to supply evidence before your certification\ + \ body can award certification at the level for which you\u2019re applying." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node10 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:a + description: 'What you should do first:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node11 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node10 + description: Establish the boundary of scope for your organisation, and then + determine what is in scope within this boundary. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node12 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node10 + description: Review each of the five technical control themes and the controls + they embody as requirements. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node13 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node10 + description: Take the necessary steps to ensure that your organisation meets + every requirement it needs for the scope you have determined. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + assessable: false + depth: 1 + ref_id: B + name: Definitions + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node15 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: 'Software includes operating systems, commercial off-the-shelf + applications, plugins, interpreters, scripts, libraries, network software + and firewall and router firmware. ' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node16 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: "Devices includes all types of hosts, networking equipment, servers,\ + \ networks, and end user devices such as desktop computers, laptop computers,\ + \ thin clients, tablets and smartphones \u2014 whether physical or virtual." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node17 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: Applicant refers to your organisation which is seeking certification, + or sometimes the individual who is acting as the main point of contact, depending + on context. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node18 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: A corporate VPN is a virtual private network that connects back + to your office location, or to a virtual or cloud firewall. You must administer + the VPN so you can apply the firewall controls + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node19 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: Organisational data includes any electronic data belonging to your + organisation, for example, emails, documents, database data, financial data. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node20 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: 'Organisational service includes any software applications, cloud + applications, cloud services, user interactive desktops and mobile device + management (MDM) solutions that your organisation owns or subscribes to. For + example: web applications, Microsoft 365, Google Workspace, mobile device + management containers, Citrix Desktop, Virtual Desktop solutions or IP telephony.' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node21 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: 'A sub-set is part of the organisation whose network is segregated + from the rest of the organisation by a firewall or VLAN. ' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node22 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: "Servers are devices that provide organisational data or services\ + \ to other devices as part of your organisation\u2019s business." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node23 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:b + description: "Licensed and supported software is software that you have a legal\ + \ right to use and that a vendor has committed to support by providing regular\ + \ updates or patches. The vendor must provide the future date when they will\ + \ stop providing updates. (Note that the vendor doesn\u2019t need to have\ + \ created the software originally, but they must be able to now modify the\ + \ original software to create updates)." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + assessable: false + depth: 1 + ref_id: C + name: Scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node25 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + name: Scope overview + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node26 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node25 + description: "Your assessment and certification should cover the whole of the\ + \ IT infrastructure used to carry out your organisation\u2019s business, or\ + \ if necessary, a well-defined and separately managed sub-set. Either way,\ + \ you must clearly define the scope boundary, namely: the business unit managing\ + \ it, the network boundary and physical location. You must agree the scope\ + \ with the certification body before assessment begins." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node27 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node25 + description: A sub-set can be used to define what is in scope or what is out + of scope for your Cyber Essentials certification. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node28 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node25 + name: 'Please note: ' + description: Organisations that choose a scope which includes their whole IT + infrastructure achieve the best protection and maximise their customers' confidence. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node29 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node25 + description: 'The requirements apply to all devices and software in scope and + which meet any of these conditions:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node30 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node29 + description: "\u2022 can accept incoming network connections from untrusted\ + \ internet-connected hosts" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node31 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node29 + description: "\u2022 can establish user-initiated outbound connections to devices\ + \ via the internet" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node32 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node29 + description: "\u2022 control the flow of data between any of the above devices\ + \ and the internet." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node33 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node25 + description: "A scope that doesn\u2019t include end-user devices isn\u2019t\ + \ acceptable." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node34 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + name: Asset management and Cyber Essentials + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node35 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node34 + description: "Asset management isn\u2019t a specific Cyber Essentials control,\ + \ but effective asset management can help meet all five controls, so it should\ + \ be considered as a core security function." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node36 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node34 + description: "Most business operations depend on some aspect of asset management,\ + \ and cyber security shouldn\u2019t be considered in isolation, or as the\ + \ primary consumer of asset information. These functions include IT operations,\ + \ financial accounting, managing software licences, procurement and logistics.\ + \ They may not all need the same information, but there will be overlaps and\ + \ dependencies between the respective requirements. Integrating and coordinating\ + \ asset management across your organisation will help reduce or manage any\ + \ conflicts between these functions." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node37 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node34 + description: "Effective asset management doesn\u2019t mean making lists or databases\ + \ that are never used. It means creating, establishing and maintaining authoritative\ + \ and accurate information about your assets that enables both day-to-day\ + \ operations and efficient decision making when you need it. In particular,\ + \ it will help you track and control devices as they're introduced into your\ + \ business." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node38 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node34 + description: The NCSC has comprehensive guidance for organisations on asset + management. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.i + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + ref_id: C.i + name: Bring your own device (BYOD) + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node40 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.i + description: 'In addition to mobile or remote devices owned by the organisation, + user-owned devices which access organisational data or services (as defined + above) are in scope. However, all mobile or remote devices used only for the + purpose of:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node41 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node40 + description: "\u2022 native voice applications" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node42 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node40 + description: "\u2022 native text applications" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node43 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node40 + description: "\u2022 multi-factor authentication (MFA) applications" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node44 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.i + description: are out of scope. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node45 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.i + description: Traditionally, user devices were managed centrally, which ensured + consistency across the organisation. Certifying security controls in this + way is more straightforward as there is a standard build or reference. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node46 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.i + description: "BYOD complicates matters, as users are given more freedom to \u2018\ + customise\u2019 their experience making consistent implementation of the controls\ + \ more challenging. Using the organisational data and services definitions\ + \ to enforce strong access policies should remove some of this ambiguity." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node47 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.i + description: "For further information and advice on the use of BYOD please see\ + \ the NCSC\u2019s guidance." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.ii + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + ref_id: C.ii + name: Home working + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node49 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.ii + description: "Our default approach is that all corporate or BYOD home working\ + \ devices used for your organisation\u2019s business are in scope for Cyber\ + \ Essentials." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node50 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.ii + description: If your organisation gives the homeworker a router, that router + is then also in scope. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node51 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.ii + description: All other routers are out of scope which means you need to apply + Cyber Essentials firewall controls (such as a software firewall) on users' + devices. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node52 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.ii + description: If the home worker is using a corporate VPN, their internet boundary + is on the company firewall or virtual/cloud firewall. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.iii + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + ref_id: C.iii + name: Wireless devices + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node54 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.iii + description: 'Wireless devices (including wireless access points) are:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node55 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node54 + description: "\u2022 in scope if they can communicate with other devices via\ + \ the internet" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node56 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node54 + description: "\u2022 out of scope if it's not possible for an attacker to attack\ + \ directly via the internet (the Cyber Essentials scheme isn\u2019t concerned\ + \ with attacks that can only be launched within the signal range of the wireless\ + \ device)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node57 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node54 + description: "\u2022 out of scope if they are part of an ISP router at the home\ + \ location" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.iv + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + ref_id: C.iv + name: Cloud services + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node59 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.iv + description: "If your organisation\u2019s data or services are hosted on cloud\ + \ services, these services must be in scope." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node60 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.iv + description: 'For cloud services, the applicant organisation is always responsible + for ensuring all controls are implemented, but some of the controls can be + implemented by the cloud service provider. Who implements which control depends + on the type of cloud service. We consider three different types of cloud service:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node61 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node60 + description: "Infrastructure as a Service (IaaS) \u2013 the cloud provider delivers\ + \ virtual servers and network equipment that, much like physical equipment,\ + \ your organisation configures and manages. Examples of IaaS include Rackspace,\ + \ Google Compute Engine, or Amazon EC2." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node62 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node60 + description: "Platform as a Service (PaaS) \u2013 the cloud provider delivers\ + \ and manages the underlying infrastructure, and your organisation provides\ + \ and manages the applications. Examples of PaaS include Azure Web Apps and\ + \ Amazon Web Services Lambda." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node63 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node60 + description: "Software as a Service (SaaS) \u2013 the cloud provider delivers\ + \ applications, and your organisation then configures the services. You must\ + \ still make sure that the service is configured securely. Examples of SaaS\ + \ include Microsoft 365, Dropbox and Gmail." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node64 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.iv + description: 'Who implements the controls will vary, depending how the cloud + service is designed. The table below explains who might typically be expected + to implement each control:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node65 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node64 + name: Firewalls + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node66 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node65 + name: IaaS + description: Both your organisation and the cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node67 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node65 + name: PaaS + description: The cloud provider and sometimes also your organisation + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node68 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node65 + name: SaaS + description: The cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node69 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node64 + name: Secure configuration + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node70 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node69 + name: IaaS + description: Both your organisation and the cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node71 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node69 + name: PaaS + description: Both your organisation and the cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node72 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node69 + name: SaaS + description: Both your organisation and the cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node73 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node64 + name: Security update management + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node74 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node73 + name: IaaS + description: Both your organisation and the cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node75 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node73 + name: PaaS + description: Both your organisation and the cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node76 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node73 + name: SaaS + description: The cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node77 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node64 + name: User access control + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node78 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node77 + name: IaaS + description: Your organisation + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node79 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node77 + name: PaaS + description: Your organisation + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node80 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node77 + name: SaaS + description: Your organisation + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node81 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node64 + name: Malware protection + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node82 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node81 + name: IaaS + description: Both your organisation and the cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node83 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node81 + name: PaaS + description: The cloud provider and sometimes also your organisation + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node84 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node81 + name: SaaS + description: The cloud provider + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node85 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.iv + description: "In cases where the cloud provider implements one of the controls\ + \ on your behalf, you must make sure that the cloud provider has committed\ + \ to implementing this via contractual clauses or documents referenced by\ + \ contract, such as security statements or privacy statements. Cloud providers\ + \ will often explain how they implement security in documents published in\ + \ their trust centres, referencing a \u2018shared responsibility model.\u2019" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.v + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + ref_id: C.v + name: Accounts used by third parties and managed infrastructure + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node87 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.v + description: All accounts your organisation owns are in scope, even when those + accounts are used by a third party, such as a supplier, contractor or Managed + Service Provider (MSP) to manage or support your infrastructure. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node88 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.v + description: "If you\u2019re using externally managed services (such as remote\ + \ administration), you must be able to confirm that the Cyber Essentials technical\ + \ controls are being met, and be able to demonstrate this in your assessment\ + \ answers." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + ref_id: C.vi + name: Devices used by third parties + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node90 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + description: All end user devices your organisation owns that are loaned to + a third party must be included in then assessment scope. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node91 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + description: 'For devices not owned by your organisation, the table below explains + what is in and out of scope:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node92 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + name: Employee + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node93 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node92 + name: Owned by your organisation + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node94 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node92 + name: Owned by a third party + description: N/A + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node95 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node92 + name: BYOD + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node96 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + name: Volunteer + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node97 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node96 + name: Owned by your organisation + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node98 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node96 + name: Owned by a third party + description: N/A + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node99 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node96 + name: BYOD + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node100 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + name: Trustee + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node101 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node100 + name: Owned by your organisation + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node102 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node100 + name: Owned by a third party + description: N/A + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node103 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node100 + name: BYOD + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node104 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + name: University research assistant + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node105 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node104 + name: Owned by your organisation + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node106 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node104 + name: Owned by a third party + description: N/A + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node107 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node104 + name: BYOD + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node108 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + name: Student + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node109 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node108 + name: Owned by your organisation + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node110 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node108 + name: Owned by a third party + description: N/A + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node111 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node108 + name: BYOD + description: Out of scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node112 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + name: MSP administrator + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node113 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node112 + name: Owned by your organisation + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node114 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node112 + name: Owned by a third party + description: Out of scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node115 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node112 + name: BYOD + description: Out of scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node116 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + name: Third party contractor + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node117 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node116 + name: Owned by your organisation + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node118 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node116 + name: Owned by a thirdparty + description: Out of scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node119 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node116 + name: BYOD + description: Out of scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node120 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vi + name: Customer + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node121 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node120 + name: Owned by your organisation + description: In scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node122 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node120 + name: Owned by a third party + description: Out of scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node123 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node120 + name: BYOD + description: Out of scope + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vii + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c + ref_id: C.vii + name: Web applications + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node125 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:c.vii + description: Publicly available commercial web applications (rather than apps + developed in-house) are in scope by default. Bespoke and custom components + of web applications are out of scope. The best way to mitigate vulnerabilities + in applications is robust development and testing in line with commercial + best practice, such as the OWASP Application Security Verification Standard + | OWASP Foundation. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d + assessable: false + depth: 1 + ref_id: D + name: Requirements by technical control theme + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d + ref_id: D.1 + name: Firewalls + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node128 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.1 + description: 'Applies to: boundary firewalls, desktop computers, laptops, routers, + servers, IaaS, PaaS, SaaS' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node129 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.1 + name: Aim + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node130 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node129 + description: To make sure that only secure and necessary network services can + be accessed from the internet. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node131 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.1 + name: Introduction + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node132 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node131 + description: All devices run network services to allow them to communicate with + other devices and services. By restricting access to these services, you reduce + your exposure to attacks. You can do this using firewalls or network devices + with firewall functionality. For cloud services, you can achieve this using + data flow policies. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node133 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node131 + description: "A boundary firewall is a network device which can restrict the\ + \ inbound and outbound network traffic to services on its network of computers\ + \ and mobile devices. It can help protect against cyber attacks by implementing\ + \ restrictions, known as \u2018firewall rules,\u2019 which can allow or block\ + \ traffic depending on its source, destination and type of communication protocol." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node134 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node131 + description: "Alternatively, if your organisation doesn't control the network\ + \ to which a device connects, you must configure a software firewall on the\ + \ device. This works in the same way as a boundary firewall but only protects\ + \ the single device on which it\u2019s configured. This approach allows for\ + \ more tailored rules and means that the rules apply to the device wherever\ + \ it's used. But you should note that this creates a greater administrative\ + \ overhead when managing firewall rules." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node135 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.1 + name: Requirements + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node136 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node135 + description: You must protect every device in scope with a correctly configured + firewall (or network device with firewall functionality). + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node137 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node135 + name: 'Information:' + description: Most desktop and laptop operating systems now come with a software + firewall pre- installed, we advise that these are turned on in preference + to a third-party firewall application. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node138 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node135 + description: 'For all firewalls (or network devices with firewall functionality), + your organisation must:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node139 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node138 + description: "\u2022 change default administrative passwords to a strong and\ + \ unique password (see password- based authentication) \u2013 or disable remote\ + \ administrative access entirely" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node140 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node138 + description: "\u2022 prevent access to the administrative interface (used to\ + \ manage firewall configuration) from the internet, unless there is a clear\ + \ and documented business need, and the interface is protected by one of the\ + \ following controls:" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node141 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node140 + description: o multi-factor authentication (see MFA details below) + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node142 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node140 + description: o an IP allow list that limits access to a small range of trusted + addresses combined with a properly managed password authentication approach + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node143 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node138 + description: " \u2022 block unauthenticated inbound connections by default" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node144 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node138 + description: "\u2022 ensure inbound firewall rules are approved and documented\ + \ by an authorised person, and include the business need in the documentation" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node145 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node138 + description: "\u2022 remove or disable unnecessary firewall rules quickly, when\ + \ they are no longer needed" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node146 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node135 + description: Make sure you use a software firewall on devices which are used + on untrusted networks, such as public wifi hotspots. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d + ref_id: D.2 + name: Secure configuration + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node148 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.2 + description: 'Applies to: servers, desktop computers, laptops, tablets, mobile + phones, thin clients, IaaS, PaaS,SaaS' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node149 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.2 + name: Aim + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node150 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node149 + description: 'Ensure that computers and network devices are properly configured + to:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node151 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node150 + description: "\u2022 reduce vulnerabilities" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node152 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node150 + description: "\u2022 provide only the services required to fulfil their role" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node153 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.2 + name: Introduction + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node154 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node153 + description: "The default configurations of computers and network devices aren\u2019\ + t always secure. Standard out-of- the-box configurations often include one\ + \ or more weak points such as:" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node155 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node154 + description: "\u2022 an administrative account with a pre-set, publicly known\ + \ default password or without multi- factor authentication enabled" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node156 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node154 + description: "\u2022 pre-enabled but unnecessary user accounts (sometimes with\ + \ special access privileges)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node157 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node154 + description: "\u2022 pre-installed but unnecessary applications or services" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node158 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node153 + description: "These default installations can allow attackers to gain unauthorised\ + \ access to your organisation\u2019s sensitive information." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node159 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node153 + description: But by applying some simple technical controls when installing + computers and network devices, you can minimise vulnerabilities and protect + against common types of attack. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node160 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.2 + name: Requirements + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node161 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node160 + name: Computers and network devices + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node162 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node161 + description: 'Your organisation must proactively manage your computers and network + devices. You must regularly:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node163 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node162 + description: "\u2022 remove and disable unnecessary user accounts (such as guest\ + \ accounts and administrative accounts that won\u2019t be used)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node164 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node162 + description: "\u2022 change any default or guessable account passwords (see\ + \ password-based authentication)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node165 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node162 + description: "\u2022 remove or disable unnecessary software (including applications,\ + \ system utilities and network services)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node166 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node162 + description: "\u2022 disable any auto-run feature which allows file execution\ + \ without user authorisation (such as when they are downloaded)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node167 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node162 + description: "\u2022 ensure users are authenticated before allowing them access\ + \ to organisational data or services" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node168 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node162 + description: "\u2022 ensure appropriate device locking controls (see \u2018\ + device unlocking\u2019, below) for users that are physically present" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node169 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node160 + name: Device unlocking credentials + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node170 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node169 + description: "If a device requires a user\u2019s physical presence to access\ + \ a device\u2019s services (such as logging on to a laptop or unlocking a\ + \ mobile phone), a credential such as a biometric, password or PIN must be\ + \ in place before a user can gain access to the services." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node171 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node169 + description: 'You must protect your chosen authentication method (which can + be biometric authentication, password or PIN) against brute-force attacks. + When it''s possible to configure, you should apply one of the following:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node172 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node171 + description: "\u2022 \u2018throttling' the rate of attempts, so that the number\ + \ of times the user must wait between attempts increases with each unsuccessful\ + \ attempt you shouldn\u2019t allow more than 10 guesses in 5 minutes" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node173 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node171 + description: "\u2022 locking devices after more than 10 unsuccessful attempts." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node174 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node169 + description: "When the vendor doesn't allow you to configure the above, use\ + \ the vendor\u2019s default setting." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node175 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node169 + description: "Technical controls must be used to manage the quality of credentials.\ + \ If credentials are just to unlock a device, use a minimum password or PIN\ + \ length of at least 6 characters. When the device unlocking credentials are\ + \ also used for authentication, you must apply the full password requirements\ + \ to the credentials described in \u2018user access controls.\u2019" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d + ref_id: D.3 + name: ' Security update management' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node177 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.3 + description: 'Applies to: servers, desktop computers, laptops, tablets, mobile + phones, firewalls, routers, IaaS, PaaS, SaaS' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node178 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.3 + name: Aim + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node179 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node178 + description: Ensure that devices and software are not vulnerable to known security + issues for which fixes are available. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node180 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.3 + name: Introduction + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node181 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node180 + description: Any device that runs software can contain security flaws, known + as vulnerabilities. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node182 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node180 + description: "Vulnerabilities are regularly discovered in all sorts of software.\ + \ Once discovered, malicious individuals or groups move quickly to misuse\ + \ (or \u2018exploit\u2019) vulnerabilities to attack computers and networks." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node183 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node180 + name: 'Caution:' + description: "Product vendors provide fixes for vulnerabilities identified in\ + \ products that they still support, in the form of software updates known\ + \ as \u2018patches\u2019 or security updates. These may be made available\ + \ to customers immediately or on a regular release schedule (perhaps monthly)." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node184 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.3 + name: Requirements + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node185 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node184 + description: 'You must make sure that all software in scope is kept up to date. + All software on in-scope devices must:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node186 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node185 + description: "\u2022 be licensed and supported" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node187 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node185 + description: "\u2022 removed from devices when it becomes unsupported or removed\ + \ from scope by using a defined sub-set that prevents all traffic to / from\ + \ the internet" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node188 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node185 + description: "\u2022 have automatic updates enabled where possible" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node189 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node185 + description: "\u2022 be updated, including applying any manual configuration\ + \ changes required to make the update effective, within 14 days* of an update\ + \ being released, where:" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node190 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node189 + description: "o the update fixes vulnerabilities described by the vendor as\ + \ \u2018critical\u2019 or \u2018high risk\u2019" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node191 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node189 + description: o the update addresses vulnerabilities with a CVSS v3 base score + of 7 or above + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node192 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node189 + description: o there are no details of the level of vulnerabilities the update + fixes provided by the vendor + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node193 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node184 + name: 'Please note: ' + description: "For optimum security we strongly recommend (but it\u2019s not\ + \ mandatory) that all released updates are applied within 14 days of release." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node194 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node184 + description: '*It''s important that updates are applied as soon as possible. + 14 days is considered a reasonable + + period to be able to implement this requirement. Any longer would constitute + a serious security risk + + while a shorter period may not be practical.' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node195 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node184 + name: 'Information:' + description: "If the vendor uses different terms to describe the severity of\ + \ vulnerabilities, see the precise definition in the Common Vulnerability\ + \ Scoring System (CVSS). For the purposes of the Cyber Essentials scheme,\ + \ \u2018critical\u2019 or \u2018high risk\u2019 vulnerabilities are those\ + \ with a CVSS3 score of 7 or above or are identified by the vendor as 'critical\ + \ or high risk'." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node196 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node184 + name: 'Caution: ' + description: "Some vendors release security updates for multiple issues with\ + \ differing severity levels as a single update. If such an update covers any\ + \ \u2018critical\u2019 or \u2018high risk\u2019 issues then it must be installed\ + \ within 14 days." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d + ref_id: D.4 + name: ' User access control' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node198 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.4 + description: 'Applies to: servers, desktop computers, laptops, tablets, mobile + phones, IaaS, PaaS, SaaS' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node199 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.4 + name: Aim + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node200 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node199 + description: 'Ensure that user accounts:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node201 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node200 + description: "\u2022 are assigned to authorised individuals only" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node202 + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node200 + description: "\u2022 provide access to only those applications, computers and\ + \ networks the user needs to carry out their role" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node203 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.4 + name: Introduction + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node204 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node203 + description: Every active user account in your organisation facilitates access + to devices and applications, and to sensitive business information. By making + sure that only authorised individuals have user accounts, and that they're + only granted as much access as they need to carry out their role, you reduce + the risk of information being stolen or damaged. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node205 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node203 + description: Compared to normal user accounts, accounts with special access + privileges have enhanced access to devices, applications and information. + If these accounts are compromised, an attacker could take advantage of their + greater accesses to corrupt information on a large scale, disrupt business + processes or gain unauthorised access to other devices in the organisation. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node206 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node203 + description: 'Administrative accounts are especially highly privileged, for + example. These accounts typically allow the user to:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node207 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node206 + description: "\u2022 execute software that can make significant and security-related\ + \ changes to the operating system" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node208 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node206 + description: "\u2022 make changes to the operating system for some or all users" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node209 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node206 + description: "\u2022 create new accounts and allocate privileges" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node210 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node203 + description: All types of administrators will have this kind of account, including + domain administrators and local administrators. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node211 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node203 + description: "This is important because if a user opens a malicious URL or email\ + \ attachment, the malware would typically be executed with the same privilege\ + \ level of the user\u2019s account. This is why it\u2019s important to take\ + \ special care allocating and using privileged accounts." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node212 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node203 + name: 'Example: ' + description: "Jody is logged in with an administrative account. If Jody opens\ + \ a malicious URL or email attachment, any associated malware is likely to\ + \ acquire administrative privileges. Unfortunately, this is exactly what happens.\ + \ Using Jody\u2019s administrative privileges, a type of malware known as\ + \ ransomware encrypts all of the data on the network and then demands a ransom.\ + \ The ransomware was able to encrypt far more data than would have been possible\ + \ with standard user privileges, making the problem that much more serious." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node213 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.4 + name: Requirements + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node214 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node213 + description: "Your organisation must be in control of your user accounts and\ + \ the access privileges that allow access to your organisational data and\ + \ services. It\u2019s important to note that this also includes third party\ + \ accounts \u2013 for example accounts used by your support services. You\ + \ also need to understand how user accounts authenticate and manage the authentication\ + \ accordingly." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node215 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node213 + description: 'This means your organisation must:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node216 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node215 + description: "\u2022 have in place a process to create and approve user accounts" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node217 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node215 + description: "\u2022 authenticate users with unique credentials before granting\ + \ access to applications or devices (see password-based authentication)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node218 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node215 + description: "\u2022 remove or disable user accounts when they\u2019re no longer\ + \ required (for example, when a user leaves the organisation or after a defined\ + \ period of account inactivity)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node219 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node215 + description: "\u2022 implement MFA, where available \u2013 authentication to\ + \ cloud services must always use MFA" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node220 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node215 + description: "\u2022 use separate accounts to perform administrative activities\ + \ only (no emailing, web browsing or other standard user activities that may\ + \ expose administrative privileges to avoidable risks)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node221 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node215 + description: "\u2022 remove or disable special access privileges when no longer\ + \ required (when a member of staff changes role, for example)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node222 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.4 + name: Password-based authentication + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node223 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node222 + description: All user accounts require the user to authenticate. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node224 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node222 + description: 'Where this is carried out using a password, you should put in + place the following protective measures:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node225 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node224 + description: "\u2022 Passwords are protected against brute-force password guessing\ + \ by implementing at least one of:" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node226 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node225 + description: ' o multi-factor authentication (see below)' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node227 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node225 + description: "o \u2018throttling' the rate of attempts, so that the number of\ + \ times the user must wait between attempts increases with each unsuccessful\ + \ attempt \u2013 you shouldn\u2019t allow more than 10 guesses in 5 minutes" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node228 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node225 + description: o locking accounts after no more than 10 unsuccessful attempts + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node229 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node224 + description: "\u2022 Use technical controls to manage the quality of passwords.\ + \ This will include one of the following:" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node230 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node229 + description: o Using multi-factor authentication (see below) + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node231 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node229 + description: o A minimum password length of at least 12 characters, with no + maximum length restrictions + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node232 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node229 + description: o A minimum password length of at least 8 characters, with no maximum + length restrictions and use automatic blocking of common passwords using a + deny list. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node233 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node224 + description: "\u2022 Support users to choose unique passwords for their work\ + \ accounts by:" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node234 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node233 + description: o educating people about avoiding common passwords, such as a pet's + name, common keyboard patterns or passwords they have used elsewhere. This + could include teaching people to use the password generator feature built + into some password managers. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node235 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node233 + description: "o encouraging people to choose longer passwords by promoting the\ + \ use of multiple words (a minimum of three) to create a password (such as\ + \ the NCSC\u2019s guidance on using three random words)" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node236 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node233 + description: o providing usable secure storage for passwords (for example a + password manager or secure locked cabinet) with clear information about how + and when it can be used. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node237 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node233 + description: o not enforcing regular password expiry + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node238 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node233 + description: o not enforcing password complexity requirements + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node239 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node222 + description: You should also make sure there is an established process in place + to change passwords promptly if you know or suspect a password or account + has been compromised. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node240 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.4 + name: Multi-factor authentication (MFA) + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node241 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node240 + description: "As well as providing an extra layer of security for passwords\ + \ that aren\u2019t protected by the other technical controls, you should always\ + \ use multi-factor authentication to give administrative accounts extra security,\ + \ and accounts that are accessible from the internet." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node242 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node240 + description: The password element of the multi-factor authentication approach + must have a password length of at least 8 characters, with no maximum length + restrictions. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node243 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node240 + description: 'There are four types of additional factor to consider:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node244 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node243 + description: "\u2022 a managed/enterprise device" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node245 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node243 + description: "\u2022 an app on a trusted device" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node246 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node243 + description: "\u2022 a physically separate token" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node247 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node243 + description: "\u2022 a known or trusted account" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node248 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node240 + description: "Additional factors should be chosen so that they are usable and\ + \ accessible. You might need to carry out user testing to decide what is best\ + \ for your users. For more information see NCSC\u2019s guidance on MFA." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node249 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node240 + name: 'Information:' + description: SMS is not the most secure type of MFA, but still offers a huge + advantage over not using any MFA at all. Any multi-factor authentication is + better than not having it at all. However, if there are alternatives available + that will work for your situation, we recommend you use these instead of SMS. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d + ref_id: D.5 + name: Malware protection + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node251 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.5 + description: 'Applies to: Servers, desktop computers, laptops, tablets, mobile + phones, IaaS, PaaS, SaaS' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node252 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.5 + name: Aim + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node253 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node252 + description: To restrict execution of known malware and untrusted software, + from causing damage or accessing data. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node254 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.5 + name: Introduction + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node255 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node254 + description: 'Malware, such as computer viruses, worms and ransomware, is software + that has been written and distributed deliberately to perform malicious actions. + Potential sources include: malicious email attachments, downloads (including + those from application stores), and direct installation of unauthorised software.' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node256 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node254 + description: If a system is infected, your organisation is likely to suffer + from problems like malfunctioning systems, data loss, or onward infection + that goes unseen until it causes harm elsewhere. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node257 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node254 + description: 'You can largely avoid the potential for harm by:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node258 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node257 + description: "\u2022 preventing malware from being delivered to devices" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node259 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node257 + description: "\u2022 preventing malware from running on devices" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node260 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node254 + name: 'Example:' + description: Acme Corporation implements code signing alongside a rule that + allows only vetted applications from the device application store to execute + on devices. Unsigned and unapproved applications will not run on devices. + The fact that users can only install trusted (allow-listed) applications leads + to a reduced risk of malware infection. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node261 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:d.5 + name: Requirements + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node262 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node261 + description: 'You must make sure that a malware protection mechanism is active + on all devices in scope. For each device, you must use at least one of the + options listed below. In most modern products these options are built in to + the software supplied. Alternatively, you can purchase products from a third- + party provider. In all cases the software must be active, kept up to date + in accordance with the vendors instructions, and configured to work as detailed + below:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node263 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node261 + name: Anti-malware software + description: (option for in scope devices running Windows or MacOS including + servers,desktop computers, laptop computers) + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node264 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node263 + description: 'If you use anti-malware software to protect your device it must + be configured to:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node265 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node264 + description: "\u2022 prevent connections to malicious websites over the internet." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node266 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node264 + description: "\u2022 be updated in line with vendor recommendations" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node267 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node264 + description: "\u2022 prevent malware from running" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node268 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node264 + description: "\u2022 prevent the execution of malicious code" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node269 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node264 + description: "\u2022 prevent connections to malicious websites over the internet." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node270 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node261 + name: Application allow listing + description: (option for all in scope devices) + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node271 + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node270 + description: 'Only approved applications, restricted by code signing, are allowed + to execute on devices. You must:' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node272 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node271 + description: "\u2022 actively approve such applications before deploying them\ + \ to devices" + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node273 + assessable: true + depth: 6 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node271 + description: "\u2022 maintain a current list of approved applications, users\ + \ must not be able to install any application that is unsigned or has an invalid\ + \ signature." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:e + assessable: false + depth: 1 + ref_id: E + name: ' Further guidance' + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node275 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:e + name: Backing up your data + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node276 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node275 + description: Backing up means creating a copy of your information and saving + it to another device or to cloud storage (online). + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node277 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node275 + description: Backing up regularly means you will always have a recent version + of your information saved. This will help you recover quicker if your data + is lost or stolen. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node278 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node275 + description: You can also turn on automatic backup. This will regularly save + your information into cloud storage, without you having to remember. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node279 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node275 + description: "If you back up your information to a USB stick or an external\ + \ hard drive, disconnect it from your computer when a backup isn\u2019t being\ + \ done." + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node280 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node275 + description: Backing up your data is not a technical requirement of Cyber Essentials; + however we highly recommend implementing an appropriate backup solution. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node281 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:e + name: Zero trust and Cyber Essentials + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node282 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node281 + description: Network architecture is changing. More services are moving to the + cloud and use of Software as a Service (SaaS) continues to grow. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node283 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node281 + description: At the same time, many organisations are embracing flexible working, + which means lots of different device types may connect to your systems from + many locations. It's also increasingly common for organisations to share data + with their partners and guest users, which requires more granular access control + policies. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node284 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node281 + description: Zero trust architecture is designed to cope with these changing + conditions by enabling an improved user experience for remote access and data + sharing. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node285 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node281 + description: A zero trust architecture is an approach to system design where + inherent trust in the network is removed. Instead, the network is assumed + hostile and each access request is verified, based on an access policy. Confidence + in a request is achieved by building context, which relies on strong authentication, + authorisation, device health, and value of the data being accessed. + - urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node286 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:cyber_essentials_requirements_for_it_infrastructure:node281 + description: As organisations move towards zero trust architecture models, we + have considered it in this context, and are confident that implementing the + technical controls doesn't prevent you using a zero trust architecture as + defined by the NCSC guidance. diff --git a/backend/library/libraries/dnssi-2023-2.yaml b/backend/library/libraries/dnssi-2023-2.yaml new file mode 100644 index 000000000..8a58e4f4e --- /dev/null +++ b/backend/library/libraries/dnssi-2023-2.yaml @@ -0,0 +1,1558 @@ +urn: urn:intuitem:risk:library:dnssi-2023-2 +locale: fr +ref_id: dnssi-2023-2 +name: "Directive Nationale de la S\xE9curit\xE9 des Syst\xE8mes d'Information (MAROC)" +description: "Directive Nationale de la S\xE9curit\xE9 des Syst\xE8mes d'Information\ + \ (DNSSI MAROC)" +copyright: DGSSI Maroc +version: 1 +provider: DGSSI +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:dnssi-2023-2 + ref_id: dnssi-2023-2 + name: "Directive Nationale de la S\xE9curit\xE9 des Syst\xE8mes d'Information\ + \ (MAROC)" + description: "Directive Nationale de la S\xE9curit\xE9 des Syst\xE8mes d'Information\ + \ (DNSSI MAROC)" + min_score: 0 + max_score: 5 + scores_definition: + - score: 0 + name: Aucun + description: null + - score: 1 + name: Initial + description: null + - score: 2 + name: Reproductible + description: null + - score: 3 + name: "D\xE9fini" + description: null + - score: 4 + name: "Maitris\xE9" + description: null + - score: 5 + name: "Optimis\xE9" + description: null + requirement_nodes: + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node2 + assessable: false + depth: 1 + name: 1. POLITIQUE DE SECURITE DES SYSTEMES D'INFORMATION + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node2 + name: Objectif 1 + description: "Apporter \xE0 la s\xE9curit\xE9 des syst\xE8mes d\u2019information\ + \ (SI) une orientation et un soutien de la part de la direction de l\u2019\ + entit\xE9 ou de l\u2019IIV, conform\xE9ment aux exigences m\xE9tier et aux\ + \ lois, r\xE8glements, directives et r\xE9f\xE9rentiels en vigueur." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:pol-risque + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node3 + ref_id: POL-RISQUE + name: Analyse de risque + description: "Chaque entit\xE9 ou IIV doit identifier les besoins de s\xE9curit\xE9\ + \ en mati\xE8re de confidentialit\xE9, disponibilit\xE9 et int\xE9grit\xE9\ + \ pour chaque processus support\xE9 par le syst\xE8me d'information et proc\xE9\ + der \xE0 une analyse des risques de s\xE9curit\xE9 li\xE9s \xE0 ce syst\xE8\ + me d'information.\n" + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:pol-formel + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node3 + ref_id: POL-FORMEL + name: "Politique de s\xE9curit\xE9 des syst\xE8mes d'information" + description: "Chaque entit\xE9 ou IIV doit d\xE9finir une politique en mati\xE8\ + re de s\xE9curit\xE9 des SI qui soit approuv\xE9e par un niveau hi\xE9rarchique\ + \ \xE9lev\xE9 (ex. : secr\xE9tariat g\xE9n\xE9ral, direction g\xE9n\xE9rale,\ + \ ... ) et qui d\xE9crit les r\xE8gles qui doivent \xEAtre adopt\xE9es pour\ + \ g\xE9rer les besoins identifi\xE9s de s\xE9curit\xE9 des SI.\n\nCette politique\ + \ doit \xEAtre d\xE9clin\xE9e au besoin en politiques sp\xE9cifiques par domaine\ + \ ou par aspect de s\xE9curit\xE9.\n\nLa politique de s\xE9curit\xE9 des SI\ + \ doit \xEAtre \xE9labor\xE9e en se basant sur une analyse de risques, et\ + \ doit \xEAtre diffus\xE9e et communiqu\xE9e au personnel et aux tiers concern\xE9\ + s et mise \xE0 jour r\xE9guli\xE8rement.\n" + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:pol-pas + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node3 + ref_id: POL-PAS + name: "Plan d'actions de la s\xE9curit\xE9 des SI" + description: "Chaque entit\xE9 ou IIV doit d\xE9finir un plan d'actions pour\ + \ la mise en conformit\xE9 avec sa politique de s\xE9curit\xE9 des SI. Ce\ + \ plan d'actions tiendra compte des impacts sur les activit\xE9s, et des moyens\ + \ financiers et humains \xE0 mettre en \u0153uvre en indiquant les mesures\ + \ \xE0 court terme et les mesures atteignables \xE0 moyen terme." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:pol-tdb + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node3 + ref_id: POL-TDB + name: "Tableau de bord de la s\xE9curit\xE9 des SI" + description: "Chaque entit\xE9 ou IIV doit \xE9laborer et se servir d'un tableau\ + \ de bord de la s\xE9curit\xE9 des SI pour assurer le suivi de la bonne application\ + \ des r\xE8gles \xE9dict\xE9es dans sa politique de s\xE9curit\xE9.\n\nLe\ + \ tableau de bord doit se baser sur des indicateurs permettant le suivi de\ + \ la mise en \u0153uvre des r\xE8gles de s\xE9curit\xE9 des SI propres \xE0\ + \ l'entit\xE9 ou \xE0 l'IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node8 + assessable: false + depth: 1 + name: "2. ORGANISATION DE LA SECURITE DES SYSTEMES D\u2019INFORMATION" + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node9 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node8 + name: Objectif 2 + description: "\xC9tablir un cadre de gestion pour engager, puis v\xE9rifier\ + \ la mise en \u0153uvre et le fonctionnement de la s\xE9curit\xE9 du SI au\ + \ sein de l\u2019entit\xE9 ou de l\u2019IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:org-inter-gouv + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node9 + ref_id: ORG-INTER-GOUV + name: "Gouvernance de la s\xE9curit\xE9 des SI" + description: "Chaque entit\xE9 ou IIV doit mettre en place une gouvernance appropri\xE9\ + e de la s\xE9curit\xE9 des SI avec l'implication notamment d'un niveau hi\xE9\ + rarchique \xE9lev\xE9 (ex. : secr\xE9tariat g\xE9n\xE9ral, direction g\xE9\ + n\xE9rale, ... ) de l'entit\xE9 ou de l'IIV, et ce afin de d\xE9finir les\ + \ orientations strat\xE9giques en mati\xE8re de s\xE9curit\xE9 des SI et assurer\ + \ le suivi de l'avancement de l'ensemble des projets y aff\xE9rents." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:org-inter-rssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node9 + ref_id: ORG-INTER-RSSI + name: "D\xE9signation d'un responsable de la s\xE9curit\xE9 des SI (RSSI)" + description: "Les r\xE8gles applicables \xE0 la d\xE9signation et aux missions\ + \ du RSSI sont fix\xE9es par la loi n\xB0 05-20 relative \xE0 la cybers\xE9\ + curit\xE9 et son d\xE9cret d'application.\n\nTout changement de l'identit\xE9\ + \ et des coordonn\xE9es du RSSI doit \xEAtre port\xE9 \xE0 la connaissance\ + \ de la DGSSI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:org-inter-resp + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node9 + ref_id: ORG-INTER-RESP + name: "Attribution des r\xF4les et responsabilit\xE9s" + description: "Chaque entit\xE9 ou IIV doit d\xE9finir et attribuer les r\xF4\ + les et responsabilit\xE9s des diff\xE9rents acteurs en mati\xE8re de s\xE9\ + curit\xE9 des SI.\n\nCette attribution doit tenir compte de la s\xE9paration\ + \ entre les t\xE2ches et les domaines de responsabilit\xE9 incompatibles." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node13 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node8 + name: Objectif 3 + description: "Assurer la s\xE9curit\xE9 du syst\xE8me d\u2019information de\ + \ l\u2019entit\xE9 ou de l\u2019IIV en cas d\u2019adoption du t\xE9l\xE9travail." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:org-teletrav-sec + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node13 + ref_id: ORG-TELETRAV-SEC + name: "T\xE9l\xE9travail s\xE9curis\xE9" + description: "Chaque entit\xE9 ou IIV doit prendre les mesures ad\xE9quates,\ + \ en fonction du moyen d'acc\xE8s, pour prot\xE9ger les informations consult\xE9\ + es, trait\xE9es ou stock\xE9es sur des sites de t\xE9l\xE9travail.\n\nA cet\ + \ effet, une politique ou des proc\xE9dures claires pr\xE9cisant les syst\xE8\ + mes accessibles et les mesures de s\xE9curit\xE9 applicables, doivent \xEA\ + tre d\xE9finies, valid\xE9es par la hi\xE9rarchie, communiqu\xE9es et tenues\ + \ \xE0 jour pour une mise en \u0153uvre appropri\xE9e du t\xE9l\xE9travail." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node15 + assessable: false + depth: 1 + name: 3. SECURITE DES RESSOURCES HUMAINES + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node16 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node15 + name: Objectif 4 + description: "S\u2019assurer que le personnel et les contractuels comprennent\ + \ leurs responsabilit\xE9s et qu\u2019ils sont comp\xE9tents pour remplir\ + \ les fonctions que l\u2019entit\xE9 ou l\u2019IIV envisage de leur confier." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:rh-avt--person + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node16 + ref_id: RH-AVT- PERSON + name: Personnel de confiance + description: "A l'embauche, des v\xE9rifications des informations des candidats\ + \ appel\xE9s \xE0 travailler sur des t\xE2ches sensibles au sein de l'entit\xE9\ + \ ou de l'IIV doivent \xEAtre r\xE9alis\xE9es conform\xE9ment \xE0 la r\xE9\ + glementation, \xE0 l'\xE9thique, et proportionnellement aux exigences m\xE9\ + tier et \xE0 la classification des actifs informationnels accessibles." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:rh-avt--cond + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node16 + ref_id: RH-AVT- COND + name: Termes et conditions d'embauche + description: "Les accords contractuels avec les employ\xE9s et les sous-traitants\ + \ doivent pr\xE9ciser leurs responsabilit\xE9s et celles de l'entit\xE9 ou\ + \ de l'IIV en mati\xE8re de s\xE9curit\xE9 des SI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node19 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node15 + name: Objectif 5 + description: "S\u2019assurer que les employ\xE9s et les contractuels sont conscients\ + \ de leurs responsabilit\xE9s en mati\xE8re de s\xE9curit\xE9 des SI et qu\u2019\ + ils assument ces responsabilit\xE9s." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:rh-apres--form + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node19 + ref_id: RH-APRES- FORM + name: Formation et sensibilisation du personnel + description: "Chaque entit\xE9 ou IIV doit organiser r\xE9guli\xE8rement, selon\ + \ un programme pr\xE9\xE9tabli, des sessions de formation et de sensibilisation\ + \ au profit de son personnel en mati\xE8re de s\xE9curit\xE9 des SI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node21 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node15 + name: Objectif 6 + description: "Prot\xE9ger les int\xE9r\xEAts de l\u2019entit\xE9 ou de l\u2019\ + IIV dans le cadre du processus de modification, de rupture ou de terme d\u2019\ + un contrat de travail." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:rh-fin-gest + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node21 + ref_id: RH-FIN-GEST + name: "Gestion des mutations et d\xE9parts" + description: "Afin de pr\xE9server la confidentialit\xE9 et l'int\xE9grit\xE9\ + \ de l'information, chaque entit\xE9 ou IIV doit formaliser et mettre en place\ + \ une proc\xE9dure de gestion des mutations ou des d\xE9parts qui couvre notamment\ + \ :\n\n- La notification au service informatique par le service des ressources\ + \ humaines de tout mouvement du personnel ;\n\n- La passation des consignes\ + \ ;\n\n- La restitution des biens informatiques ;\n\n- Le retrait ou la modification\ + \ des acc\xE8s aux SI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node23 + assessable: false + depth: 1 + name: 4. GESTION DES ACTIFS INFORMATIONNELS + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node24 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node23 + name: Objectif 7 + description: "Identifier les actifs informationnels de l\u2019entit\xE9 ou de\ + \ l\u2019IIV et d\xE9finir les responsabilit\xE9s appropri\xE9es en mati\xE8\ + re de protection." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif-resp-inv + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node24 + ref_id: ACTIF-RESP-INV + name: Inventaire des actifs + description: "Un inventaire des actifs informationnels (mat\xE9riels et logiciels)\ + \ doit \xEAtre r\xE9alis\xE9 et mis \xE0 jour r\xE9guli\xE8rement, int\xE9\ + grant notamment :\n\n- la liste des composants mat\xE9riels (avec n\xBA de\ + \ s\xE9rie) et logiciels (avec n\xBA de licence);\n\n- la version du syst\xE8\ + me d'exploitation et les correctifs appliqu\xE9s ;\n\n- l'identification de\ + \ l'utilisateur final si applicable (poste de travail, t\xE9l\xE9phonie IP,\ + \ imprimante, ... )." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif-resp-prop + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node24 + ref_id: ACTIF-RESP-PROP + name: "Propri\xE9taires des actifs" + description: "Chaque actif informationnel doit \xEAtre attribu\xE9 formellement\ + \ \xE0 un propri\xE9taire qui a la responsabilit\xE9 de la gestion des actifs\ + \ informationnels qui lui sont attribu\xE9s (inventaire, classification, protection,\ + \ destruction, r\xE9forme ... ) tout au long de leurs cycles de vie." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif-resp-charte + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node24 + ref_id: ACTIF-RESP-CHARTE + name: Charte d'utilisation du SI + description: "Une charte d'utilisation du SI doit \xEAtre \xE9labor\xE9e en\ + \ conformit\xE9 avec la politique de s\xE9curit\xE9 des SI en vigueur. Elle\ + \ doit \xEAtre valid\xE9e par la hi\xE9rarchie, communiqu\xE9 et sign\xE9\ + e ou accept\xE9e par les utilisateurs.\n\nCette charte doit contenir, entre\ + \ autres :\n\n- Un rappel des exigences l\xE9gislatives et r\xE9glementaires\ + \ applicables dans le contexte de l'entit\xE9 ou de l'IIV;\n\n- Les r\xE8\ + gles g\xE9n\xE9rales d'utilisation des ressources informatiques ;\n\n- Les\ + \ \xE9l\xE9ments de sensibilisation des utilisateurs ;\n\n- Les clauses de\ + \ confidentialit\xE9 des informations manipul\xE9es ;\n\n- Les r\xE9flexes\ + \ \xE0 adopter en cas d'incident ou de suspicion d'incident de cybers\xE9\ + curit\xE9 et les r\xE8gles \xE0 respecter notamment l'obligation de d\xE9\ + clarer tout incident de cybers\xE9curit\xE9 \xE0 la DGSSI ;\n\n- La charte\ + \ d'utilisation du SI constitue un \xE9l\xE9ment opposable en cas de manquement\ + \ grave." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif--resp-carto + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node24 + ref_id: ACTIF- RESP-CARTO + name: Cartographie SI + description: "Chaque entit\xE9 ou IIV doit tenir et mettre \xE0 jour une cartographie\ + \ de son SI qui pr\xE9cise les composants mat\xE9riels et logiciels ainsi\ + \ que les architectures des r\xE9seaux sur lesquels sont identifi\xE9s les\ + \ centres de donn\xE9es et les diff\xE9rents sites desservis.\n\nLes documents\ + \ de cartographie doivent \xEAtre maintenus au fil des \xE9volutions apport\xE9\ + es aux SI et faire l'objet d'une protection adapt\xE9e." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node29 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node23 + name: Objectif 8 + description: "S\u2019assurer que les actifs informationnels b\xE9n\xE9ficient\ + \ d\u2019un niveau de protection appropri\xE9 conforme \xE0 leur importance\ + \ pour l\u2019entit\xE9 ou pour l\u2019IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif--classif-info + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node29 + ref_id: ACTIF- CLASSIF-INFO + name: Classification + description: "Chaque entit\xE9 ou IIV doit classifier ses actifs informationnels\ + \ selon leur niveau de sensibilit\xE9 en termes de confidentialit\xE9, d'int\xE9\ + grit\xE9 et de disponibilit\xE9, et ce sur la base d'une \xE9chelle d'impacts\ + \ fix\xE9e par l'entit\xE9 ou par l'IIV et qui tient compte notamment de sa\ + \ taille, de son importance, de ses missions, de son domaine d'activit\xE9\ + s, de ses exigences m\xE9tiers, de ses propres enjeux de s\xE9curit\xE9 et\ + \ des obligations l\xE9gales, r\xE8glementaires, contractuelles ou normatives\ + \ qui lui sont applicables. Le r\xE9sultat de cette classification traduit\ + \ la valeur des actifs informationnels en fonction de leur sensibilit\xE9\ + \ et de leur caract\xE8re critique pour l'entit\xE9 ou pour l'IIV.\n\nEn parall\xE8\ + le, l'entit\xE9 ou l'IIV doit proc\xE9der \xE0 la classification des m\xEA\ + mes actifs informationnels et SI selon le r\xE9f\xE9rentiel de la classification\ + \ des actifs informationnels et SI fix\xE9 par la loi n\xBA 05.20 et son d\xE9\ + cret d'application. L'objectif de cette classification est d'identifier les\ + \ SI sensibles et les donn\xE9es sensibles au sens de la loi pr\xE9cit\xE9\ + e." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif--classif-mes + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node29 + ref_id: ACTIF- CLASSIF-MES + name: Mesures de protection des informations + description: "Sur la base des r\xE9sultats de ces classifications, chaque entit\xE9\ + \ ou IIV doit mettre en place les mesures de s\xE9curit\xE9 proportionnelles\ + \ \xE0 la sensibilit\xE9 des actifs et les formaliser dans une proc\xE9dure\ + \ de classification des actifs informationnels.\n\nL'entit\xE9 ou l'IIV doit\ + \ \xE9galement se conformer aux dispositions pertinentes de la loi n\xBA 05-20\ + \ relative \xE0 la cybers\xE9curit\xE9 et son d\xE9cret d'application et appliquer\ + \ les mesures de protection d\xE9finies dans les r\xE9f\xE9rentiels \xE9labor\xE9\ + s par la DGSSI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif--classif--exam + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node29 + ref_id: ACTIF- CLASSIF- EXAM + name: Examen de la classification + description: "Chaque entit\xE9 ou IIV doit revoir la classification de ses actifs\ + \ informationnels et de ses SI au moins une fois tous les trois ans et \xE0\ + \ chaque fois que n\xE9cessaire. Les mesures de protection doivent \xE9voluer\ + \ en fonction de la nouvelle classification." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node33 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node23 + name: Objectif 9 + description: "Emp\xEAcher la divulgation, la modification, le retrait ou la\ + \ destruction non autoris\xE9(e) de l\u2019information de l\u2019entit\xE9\ + \ ou de l\u2019IIV stock\xE9e sur des supports et assurer la s\xE9curit\xE9\ + \ de l\u2019utilisation des appareils mobiles." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif-sup-amov + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node33 + ref_id: ACTIF-SUP-AMOV + name: Gestion des supports amovibles + description: "Chaque entit\xE9 ou IIV doit mettre en place des mesures appropri\xE9\ + es pour la gestion des supports amovibles notamment :\n\n- la d\xE9sactivation\ + \ de leur ex\xE9cution automatique, sauf dans des cas exceptionnels li\xE9\ + s \xE0 des imp\xE9ratifs de service ;\n\n- leur conservation dans des locaux\ + \ prot\xE9g\xE9s et l'adoption de mesures adapt\xE9es tel que le chiffrement,\ + \ le contr\xF4le anti-virus, etc. surtout lorsqu'ils contiennent des donn\xE9\ + es sensibles ;" + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif-sup-mobil + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node33 + ref_id: ACTIF-SUP-MOBIL + name: "Politique en mati\xE8re d'appareils mobiles" + description: "Les r\xE8gles de s\xE9curit\xE9 destin\xE9es \xE0 g\xE9rer les\ + \ risques d\xE9coulant de l'utilisation des appareils mobiles doivent faire\ + \ partie int\xE9grante de la politique de s\xE9curit\xE9 des SI de l'entit\xE9\ + \ ou de l'IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif-sup-nomad + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node33 + ref_id: ACTIF-SUP-NOMAD + name: Postes nomades + description: "Les postes nomades doivent \xEAtre tous soumis aux m\xEAmes mesures\ + \ de s\xE9curit\xE9 que les autres \xE9quipements du parc en termes de mise\ + \ \xE0 jour r\xE9guli\xE8re de l'antivirus, application des correctifs, contr\xF4\ + le de conformit\xE9 et interdiction des t\xE9l\xE9chargements \xE0 caract\xE8\ + re non conforme \xE0 la charte d'utilisation du SI.\n\nEn cas d'utilisation\ + \ de ces postes hors des locaux de travail (mission, conf\xE9rence, r\xE9\ + union, etc.), une proc\xE9dure formalis\xE9e doit \xEAtre pr\xE9vue pour leur\ + \ protection." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:actif-sup-reb + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node33 + ref_id: ACTIF-SUP-REB + name: Mise au rebut ou recyclage des supports + description: "Une proc\xE9dure de mise au rebut ou de recyclage des supports\ + \ doit \xEAtre mise en place afin d'effacer de mani\xE8re s\xE9curis\xE9e\ + \ les donn\xE9es pr\xE9sentes sur tous type de support (les disques durs,\ + \ les m\xE9moires int\xE9gr\xE9es, ... ).\n\nDans le cas de donn\xE9es sensibles,\ + \ la destruction du support ou sa d\xE9magn\xE9tisation si applicable, peut\ + \ s'av\xE9rer n\xE9cessaire de mani\xE8re \xE0 emp\xEAcher toute tentative\ + \ de r\xE9cup\xE9ration." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node38 + assessable: false + depth: 1 + name: "5. CONTROLE D\u2019ACCES" + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node39 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node38 + name: Objectif 10 + description: "Limiter l\u2019acc\xE8s \xE0 l\u2019information et aux moyens\ + \ de traitement de l\u2019information." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-exig-pol + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node39 + ref_id: ACC-EXIG-POL + name: "Politique de contr\xF4le d'acc\xE8s" + description: "Chaque entit\xE9 ou IIV est tenue d'\xE9tablir, de documenter\ + \ et de revoir une politique de contr\xF4le d'acc\xE8s aux syst\xE8mes, r\xE9\ + seaux et services sur la base des exigences m\xE9tier et de s\xE9curit\xE9\ + \ de l'information en respectant le principe du moindre privil\xE8ge." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node41 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node38 + name: Objectif 11 + description: "Ma\xEEtriser l\u2019acc\xE8s utilisateur par le biais d\u2019\ + autorisations et emp\xEAcher les acc\xE8s non autoris\xE9s aux syst\xE8mes\ + \ et services d\u2019information." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-utilis-enregis/desinscri + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node41 + ref_id: ACC-UTILIS-ENREGIS/DESINSCRI + name: "Enregistrement et d\xE9sinscription des utilisateurs" + description: "Chaque entit\xE9 ou IIV doit mettre en \u0153uvre une proc\xE9\ + dure formelle d'enregistrement et de d\xE9sinscription des utilisateurs destin\xE9\ + e \xE0 permettre l'attribution de droits d'acc\xE8s.\n\nCette proc\xE9dure\ + \ impose notamment :\n\n- la cr\xE9ation d'identifiants utilisateurs uniques\ + \ ;\n\n- la suppression ou le blocage imm\xE9diats des identifiants des utilisateurs\ + \ qui ont quitt\xE9 l'organisation ;\n\n- la d\xE9tection p\xE9riodique des\ + \ identifiants utilisateurs redondants, suivie de leur suppression ou de leur\ + \ blocage ;\n\n- l'assurance que des identifiants utilisateurs redondants\ + \ ne sont pas attribu\xE9s \xE0 d'autres utilisateurs." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-utilis-idf/auth + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node41 + ref_id: ACC-UTILIS-IDF/AUTH + name: Identification et authentification + description: "L'acc\xE8s des utilisateurs aux ressources (r\xE9seaux, syst\xE8\ + me d'exploitation ou applications informatiques) passe obligatoirement par\ + \ une identification et une authentification individuelle.\n\nLes droits particuliers\ + \ (super-utilisateur, Administrateur syst\xE8mes et r\xE9seaux, ... ) doivent\ + \ \xEAtre parfaitement identifi\xE9s, limit\xE9s (nombre et droits) et justifi\xE9\ + s." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-utilis-habilit + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node41 + ref_id: ACC-UTILIS-HABILIT + name: Gestion des habilitations + description: "Chaque entit\xE9 ou IIV est tenue de mettre en place une matrice\ + \ d'habilitations qui pr\xE9cise pour chaque utilisateur ses droits d'acc\xE8\ + s sur les diff\xE9rents syst\xE8mes et services du SI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-utilis-generiq + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node41 + ref_id: ACC-UTILIS-GENERIQ + name: "Gestion des comptes g\xE9n\xE9riques" + description: "Chaque entit\xE9 ou IIV est tenue de cr\xE9er des comptes nominatifs\ + \ pour les utilisateurs permettant de les relier \xE0 leurs actions et de\ + \ les leur imputer.\n\nLorsque les aspects op\xE9rationnels li\xE9s \xE0 l'activit\xE9\ + \ de l'entit\xE9 ou de l'IIV exigent l'utilisation de comptes g\xE9n\xE9riques,\ + \ ces comptes doivent \xEAtre approuv\xE9s, document\xE9s et inventori\xE9\ + s." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-utilis-revue + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node41 + ref_id: ACC-UTILIS-REVUE + name: "Revue des droits d'acc\xE8s" + description: "Une revue p\xE9riodique des droits attribu\xE9s est n\xE9cessaire,\ + \ au moins une fois par an, en s'appuyant sur l'inventaire des applications\ + \ et des ressources utilis\xE9es, ainsi que sur la matrice des habilitations.\n\ + \nSuite \xE0 cet examen, les corrections n\xE9cessaires doivent \xEAtre apport\xE9\ + es." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node47 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node38 + name: Objectif 12 + description: "Emp\xEAcher les acc\xE8s non autoris\xE9s aux syst\xE8mes et aux\ + \ applications." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-sys/app-acc + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node47 + ref_id: ACC-SYS/APP-ACC + name: "Acc\xE8s aux syst\xE8mes et applications" + description: "Les syst\xE8mes et applications doivent \xEAtre prot\xE9g\xE9\ + s par des m\xE9canismes adapt\xE9s de restriction des acc\xE8s (login/mot\ + \ de passe, authentification forte, r\xE8gles de filtrage et d'acc\xE8s, plages\ + \ horaires de connexions) conform\xE9ment \xE0 la politique de contr\xF4le\ + \ d'acc\xE8s de l'entit\xE9 ou de l'IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-sys/app-privil + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node47 + ref_id: ACC-SYS/APP-PRIVIL + name: "Gestion des acc\xE8s \xE0 privil\xE8ges" + description: "L'acc\xE8s aux outils et interfaces d'administration doit \xEA\ + tre strictement limit\xE9 aux personnes habilit\xE9es, selon une proc\xE9\ + dure formelle d'autorisation d'acc\xE8s.\n\nL'inventaire des comptes \xE0\ + \ privil\xE8ge doit \xEAtre tenu \xE0 jour." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:acc-sys/app-mdp + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node47 + ref_id: ACC-SYS/APP-MDP + name: Gestion des mots de passe + description: "Chaque entit\xE9 ou IIV est tenue de formaliser une politique\ + \ de gestion des mots de passe qui d\xE9finit les r\xE8gles applicables aux\ + \ mots de passe, en particulier :\n\n- la structure (complexit\xE9 minimale)\ + \ ;\n\n- le changement p\xE9riodique ;\n\n- la suppression en cas de suspicion\ + \ de compromission ;\n\n- la r\xE9initialisation ;\n\nUn processus de contr\xF4\ + le de l'application de ces r\xE8gles doit \xEAtre d\xE9ploy\xE9." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node51 + assessable: false + depth: 1 + name: 6. CRYPTOGRAPHIE + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node52 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node51 + name: Objectif 13 + description: "Garantir l\u2019utilisation correcte et efficace de la cryptographie\ + \ en vue de prot\xE9ger la confidentialit\xE9, l\u2019authenticit\xE9 et l\u2019\ + int\xE9grit\xE9 de l\u2019information." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:crypto-mes-pol + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node52 + ref_id: CRYPTO-MES-POL + name: Politique d'utilisation des mesures cryptographiques + description: "En cas de recours \xE0 la cryptographie, l'entit\xE9 ou l'IIV\ + \ doit \xE9laborer et mettre en \u0153uvre une politique d'utilisation de\ + \ mesures cryptographiques en vue de prot\xE9ger l'information.\n\nCette politique\ + \ doit sp\xE9cifier notamment les exigences en mati\xE8re de certificats de\ + \ signature ou de chiffrement (d\xE9lai maximum de validit\xE9, algorithme,\ + \ longueurs de cl\xE9s, etc .. ) ou en mati\xE8re de connexions chiffr\xE9\ + es (protocoles autoris\xE9s)." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:crypto-mes-gestcle + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node52 + ref_id: CRYPTO-MES-GESTCLE + name: "Gestion des cl\xE9s cryptographiques" + description: "Chaque entit\xE9 ou IIV utilisant des cl\xE9s cryptographiques\ + \ doit \xE9laborer et mettre en \u0153uvre une proc\xE9dure encadrant leur\ + \ utilisation et leur protection tout au long de leur cycle de vie (g\xE9\ + n\xE9ration, stockage, archivage, extraction, attribution, retrait et destruction)." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node55 + assessable: false + depth: 1 + name: 7. SECURITE PHYSIQUE ET ENVIRONNEMENTALE + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node56 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node55 + name: Objectif 14 + description: "Emp\xEAcher tout acc\xE8s physique non autoris\xE9, tout dommage\ + \ ou intrusion portant sur l\u2019information et les moyens de traitement\ + \ de l\u2019information de l\u2019entit\xE9 ou de l\u2019IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-zone-delimit + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node56 + ref_id: PHYS-ZONE-DELIMIT + name: "D\xE9limitation des zones" + description: "Des zones physiques de s\xE9curit\xE9 doivent \xEAtre d\xE9limit\xE9\ + es pour prot\xE9ger les SI et les moyens de traitement associ\xE9s. Cette\ + \ d\xE9limitation peut se faire selon la typologie suivante :\n\n- zones publiques\ + \ : autoris\xE9es \xE0 toute personne.\n\n- zones internes : autoris\xE9es\ + \ uniquement au personnel de l'entit\xE9 ou de l'IIV, aux tiers autoris\xE9\ + s ou aux visiteurs accompagn\xE9s.\n\n- zones restreintes : accessibles uniquement\ + \ aux personnes de l'entit\xE9 ou de l'IIV habilit\xE9es \xE0 consulter, \xE0\ + \ traiter et manipuler des informations ou des \xE9quipements classifi\xE9\ + s, et le cas \xE9ch\xE9ant aux tiers autoris\xE9s et accompagn\xE9s." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-zone-proc + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node56 + ref_id: PHYS-ZONE-PROC + name: "Proc\xE9dures de contr\xF4le d'acc\xE8s" + description: "Chaque entit\xE9 ou IIV doit formaliser les proc\xE9dures de contr\xF4\ + le d'acc\xE8s physique \xE0 ses locaux en mettant en place les m\xE9canismes\ + \ n\xE9cessaires pour leur application. Ces proc\xE9dures doivent \xEAtre\ + \ valid\xE9es par la hi\xE9rarchie et le personnel doit \xEAtre tenu au courant\ + \ de leurs contenus." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-zone-dispo + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node56 + ref_id: PHYS-ZONE-DISPO + name: "Dispositif de contr\xF4le d'acc\xE8s" + description: "Les entit\xE9s ou les IIV sont tenues de mettre en place un dispositif\ + \ de contr\xF4le d'acc\xE8s physique individualis\xE9 dans les zones restreintes.\n\ + \nCe dispositif doit assurer la tra\xE7abilit\xE9 des acc\xE8s du personnel\ + \ et des tiers autoris\xE9s et accompagn\xE9s aux zones restreintes, et conserver\ + \ les enregistrements pour une dur\xE9e d'au moins trois mois." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-zone--videoprot + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node56 + ref_id: PHYS-ZONE- VIDEOPROT + name: "Vid\xE9o protection" + description: "Les zones \xE0 s\xE9curiser doivent \xEAtre couvertes par une\ + \ vid\xE9o protection. Les enregistrements ne doivent \xEAtre manipul\xE9\ + s que par un nombre limit\xE9 de personnes habilit\xE9es \xE0 cet effet." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-zone-incen + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node56 + ref_id: PHYS-ZONE-INCEN + name: "S\xE9curit\xE9 incendie" + description: "Les zones abritant des syst\xE8mes de traitement de l'information\ + \ doivent \xEAtre \xE9quip\xE9es de syst\xE8mes adapt\xE9s pour la d\xE9tection\ + \ et l'extinction d'incendies." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-zone-eau + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node56 + ref_id: PHYS-ZONE-EAU + name: "D\xE9g\xE2ts des eaux" + description: "Les moyens de traitement de l'information doivent \xEAtre plac\xE9\ + s dans des locaux \xE0 l'abri des risques des d\xE9g\xE2ts des eaux." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node63 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node55 + name: Objectif 15 + description: "Emp\xEAcher la perte, l\u2019endommagement, le vol ou la compromission\ + \ des actifs informationnels et l\u2019interruption des activit\xE9s de l\u2019\ + entit\xE9 ou de l\u2019IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-mat--cabl + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node63 + ref_id: PHYS-MAT- CABL + name: "S\xE9curit\xE9 du c\xE2blage" + description: "Les c\xE2bles \xE9lectriques et de transmission de donn\xE9es\ + \ (courant fort et courant faible), connect\xE9s aux infrastructures de traitement\ + \ de l'information doivent \xEAtre identifi\xE9s (\xE9tiquet\xE9s), document\xE9\ + s et s\xE9par\xE9s. Les c\xE2bles doivent \xEAtre d\xE9roul\xE9s en faisceaux\ + \ clairs et non emm\xEAl\xE9s." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-mat-ond + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node63 + ref_id: PHYS-MAT-OND + name: Onduleurs + description: "Les \xE9quipements de traitement de l'information doivent \xEA\ + tre prot\xE9g\xE9s des variations et des microcoupures d'\xE9lectricit\xE9\ + \ par des onduleurs \xE0 capacit\xE9 adapt\xE9e." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-mat-electrog + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node63 + ref_id: PHYS-MAT-ELECTROG + name: "Groupe \xE9lectrog\xE8ne" + description: "En cas de besoins accrus de disponibilit\xE9 des SI, l'entit\xE9\ + \ ou l'IIV peut faire recours \xE0 un groupe \xE9lectrog\xE8ne pour pallier\ + \ les interruptions prolong\xE9es du courant \xE9lectrique." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-mat-clim + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node63 + ref_id: PHYS-MAT-CLIM + name: Climatisation + description: "Les zones abritant des moyens de traitement de l'information (salles\ + \ des machines, datacenter ... etc.) doivent \xEAtre \xE9quip\xE9es de syst\xE8\ + mes de climatisation pour r\xE9guler au besoin la temp\xE9rature et l'humidit\xE9\ + ." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-mat-equip + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node63 + ref_id: PHYS-MAT-EQUIP + name: "Entretien des \xE9quipements de s\xE9curit\xE9 environnementale" + description: "Les \xE9quipements de s\xE9curit\xE9 environnementale (extincteurs,\ + \ climatisations, d\xE9tecteurs d'incendie, onduleurs, groupes \xE9lectrog\xE8\ + nes, etc.) doivent \xEAtre correctement entretenus pour assurer leur bon fonctionnement.\n\ + \nUn d\xE9lai d'intervention adapt\xE9 en cas de d\xE9faillance doit \xEA\ + tre pr\xE9cis\xE9 dans les contrats de maintenance des \xE9quipements de s\xE9\ + curit\xE9 environnementale." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:phys-mat-horsloc + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node63 + ref_id: PHYS-MAT-HORSLOC + name: "S\xE9curit\xE9 du mat\xE9riel et des actifs hors les locaux" + description: "Chaque entit\xE9 ou IIV doit appliquer des mesures de s\xE9curit\xE9\ + \ \xE0 tous types d'\xE9quipements informatiques et supports destin\xE9s \xE0\ + \ \xEAtre transport\xE9s et utilis\xE9s hors des lieux de travail habituel,\ + \ afin de les prot\xE9ger notamment contre les risques de vol, d'endommagement\ + \ ou d'intrusion." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node70 + assessable: false + depth: 1 + name: "8. SECURITE LIEE A L\u2019EXPLOITATION" + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node71 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node70 + name: Objectif 16 + description: "S\u2019assurer de l\u2019exploitation correcte et s\xE9curis\xE9\ + e des moyens de traitement de l\u2019information." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-proc-chang + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node71 + ref_id: EXP-PROC-CHANG + name: Gestion des changements + description: "Tout changement apport\xE9 au SI doit suivre une proc\xE9dure\ + \ formelle respectant le cycle : demande, validation, application et contr\xF4\ + le \xE0 posteriori.\n\nEn effet, chaque entit\xE9 ou IIV doit contr\xF4ler\ + \ tout changement qui influe sur la s\xE9curit\xE9 du SI, en tenant compte\ + \ des \xE9l\xE9ments suivants :\n\n- L'identification et la planification\ + \ des changements significatifs ;\n\n- L'appr\xE9ciation des incidences potentielles\ + \ de ces changements sur la s\xE9curit\xE9 de l'information ;\n\n- L'autorisation\ + \ formelle des changements propos\xE9s ;\n\n- La transmission des informations\ + \ d\xE9taill\xE9es sur les changements apport\xE9s \xE0 toutes les personnes\ + \ concern\xE9es." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp--proc-cap + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node71 + ref_id: EXP- PROC-CAP + name: "Gestion des capacit\xE9s" + description: "Des analyses r\xE9guli\xE8res du bon dimensionnement des syst\xE8\ + mes et des r\xE9seaux (capacit\xE9 m\xE9moire, bande passante, temps de r\xE9\ + ponse, ... ) doivent \xEAtre r\xE9alis\xE9es dans le but de mener les actions\ + \ de redimensionnement \xE0 m\xEAme de garantir ou d'am\xE9liorer la disponibilit\xE9\ + \ du SI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-proc-envir + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node71 + ref_id: EXP-PROC-ENVIR + name: "S\xE9paration des environnements" + description: "Les environnements de d\xE9veloppement, de test et de production\ + \ doivent \xEAtre s\xE9par\xE9s pour r\xE9duire notamment les risques d'acc\xE8\ + s ou de changements non autoris\xE9s dans les trois environnements." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node75 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node70 + name: Objectif 17 + description: "Garantir que l\u2019information et les moyens de traitement de\ + \ l\u2019information sont prot\xE9g\xE9s contre les logiciels malveillants." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-protec-malveil + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node75 + ref_id: EXP-PROTEC-MALVEIL + name: Protection contre les logiciels malveillants + description: "Des solutions de protection contre les logiciels malveillants\ + \ doivent \xEAtre install\xE9es et mises \xE0 jour sur l'ensemble des serveurs,\ + \ postes de travail et appareils mobiles." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node77 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node70 + name: Objectif 18 + description: "Se prot\xE9ger de la perte de donn\xE9es." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-sauv-proc + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node77 + ref_id: EXP-SAUV-PROC + name: "Proc\xE9dures de sauvegarde" + description: "Chaque entit\xE9 ou IIV doit mettre en place des proc\xE9dures\ + \ de sauvegarde qui pr\xE9cisent pour chaque syst\xE8me d'information :\n\n\ + - la nature des sauvegardes (compl\xE8te, incr\xE9mentale, d\xE9duplication,\ + \ ... ) ;\n\n- la fr\xE9quence (journali\xE8re, hebdomadaire, mensuelle, ...\ + \ ) ;\n\n- le type de support (sur disque, sur bande) ;\n\n- Les donn\xE9\ + es sensibles devant \xEAtre sauvegard\xE9es de mani\xE8re chiffr\xE9e." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-sauv-restaur + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node77 + ref_id: EXP-SAUV-RESTAUR + name: Restauration + description: "Chaque entit\xE9 ou IIV doit tester r\xE9guli\xE8rement les supports\ + \ de sauvegarde en s'assurant que les donn\xE9es sauvegard\xE9es peuvent \xEA\ + tre restaur\xE9es en temps voulu conform\xE9ment \xE0 une proc\xE9dure de\ + \ restauration document\xE9e." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-sauv-sec + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node77 + ref_id: EXP-SAUV-SEC + name: "S\xE9curit\xE9 des sauvegardes" + description: "Chaque entit\xE9 ou IIV doit prot\xE9ger physiquement les supports\ + \ de sauvegarde en les pla\xE7ant \xE0 un endroit prot\xE9g\xE9 (Armoire ignifuge)\ + \ ou en les externalisant sur un site suffisamment distant du site principal." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node81 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node70 + name: Objectif 19 + description: "Enregistrer les \xE9v\xE9nements et g\xE9n\xE9rer des preuves." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp--journ/surv-journal + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node81 + ref_id: EXP- JOURN/SURV-JOURNAL + name: "Journalisation des \xE9v\xE9nements" + description: "Chaque entit\xE9 ou IIV doit mener une \xE9tude pour identifier\ + \ les journaux \xE0 collecter des diff\xE9rentes sources (serveurs, \xE9quipements\ + \ de s\xE9curit\xE9, \xE9quipements r\xE9seaux, applications, postes de travail,\ + \ etc.) en fonction des risques et incidents redout\xE9s par l'entit\xE9 ou\ + \ par l'IIV. Elle doit mettre en place un journal r\xE9pertoriant les \xE9\ + v\xE9nements de s\xE9curit\xE9 \xE0 collecter. Ces journaux doivent \xEAtre\ + \ analys\xE9s p\xE9riodiquement et les actions \xE0 mener doivent \xEAtre\ + \ bien d\xE9finies.\n\nCes journaux doivent \xEAtre centralis\xE9s et prot\xE9\ + g\xE9s contre les risques de falsification ou d'acc\xE8s non autoris\xE9.\ + \ Ils doivent \xEAtre conserv\xE9s pour une dur\xE9e minimale de six mois." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp--journ/surv-privil + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node81 + ref_id: EXP- JOURN/SURV-PRIVIL + name: "Tra\xE7abilit\xE9 des actions des comptes \xE0 privil\xE8ge" + description: "Les actions des administrateurs syst\xE8me et des op\xE9rateurs\ + \ syst\xE8me doivent \xEAtre trac\xE9es. Pour cela leurs comptes doivent \xEA\ + tre nominatifs pour assurer l'imputabilit\xE9 de leurs actions." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-journ/surv-maint + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node81 + ref_id: EXP-JOURN/SURV-MAINT + name: "Tra\xE7abilit\xE9 des actions de maintenance" + description: "Les interventions de maintenance sur les ressources informatiques\ + \ de l'entit\xE9 ou de l'IIV doivent \xEAtre trac\xE9es par le service informatique.\ + \ Ces traces sont \xE0 conserver pendant une dur\xE9e d'au moins trois mois\ + \ et ce tout en d\xE9ployant les mesures n\xE9cessaires pour assurer leur\ + \ int\xE9grit\xE9." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp--journ/surv-synchron + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node81 + ref_id: EXP- JOURN/SURV SYNCHRON + name: Synchronisation des horloges + description: "Pour assurer la pr\xE9cision des journaux d'\xE9v\xE9nements qui\ + \ peuvent \xEAtre utilis\xE9s lors des investigations, les actifs doivent\ + \ \xEAtre synchronis\xE9s sur la m\xEAme base de temps, \xE0 savoir : le service\ + \ NTP de confiance (Network Time Protocol)." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp--journ/surv--dist + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node81 + ref_id: EXP- JOURN/SURV -DIST + name: "Administration \xE0 distance" + description: "Les actions d'administration \xE0 distance sur les ressources\ + \ locales doivent s'appuyer sur des protocoles d'administration s\xE9curis\xE9\ + s. Des mesures de s\xE9curit\xE9 sp\xE9cifiques doivent \xEAtre d\xE9finies\ + \ et respect\xE9es." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp--journ/surv---centr + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node81 + ref_id: EXP- JOURN/SURV - CENTR + name: Centralisation + description: "L'entit\xE9 ou l'IIV doit mettre en place de mani\xE8re centralis\xE9\ + e les moyens appropri\xE9s de supervision et de d\xE9tection pour le traitement\ + \ continu des \xE9v\xE9nements de s\xE9curit\xE9 pr\xE9vus par la loi n\xBA\ + 05-20 relative \xE0 la cybers\xE9curit\xE9." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node88 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node70 + name: Objectif 20 + description: "Garantir l\u2019int\xE9grit\xE9 des syst\xE8mes en exploitation\ + \ et emp\xEAcher toute exploitation des vuln\xE9rabilit\xE9s techniques." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-sys-config + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node88 + ref_id: EXP-SYS-CONFIG + name: "Configuration syst\xE8me" + description: "Chaque entit\xE9 ou IIV doit documenter les proc\xE9dures d'administration\ + \ et de configuration s\xE9curis\xE9e des actifs du syst\xE8me d'information,\ + \ les rendre disponibles, les expliquer \xE0 toute personne ayant besoin de\ + \ les conna\xEEtre et les maintenir \xE0 jour.\n\nLes configurations doivent\ + \ \xEAtre sauvegard\xE9es en lieu s\xFBr apr\xE8s chaque changement." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-sys-durc + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node88 + ref_id: EXP-SYS-DURC + name: Durcissement des configurations + description: "Les configurations des \xE9quipements et syst\xE8mes doivent \xEA\ + tre durcies notamment par rapport aux versions natives des fournisseurs (le\ + \ changement des mots de passe par d\xE9faut et des certificats, la fermeture\ + \ des services et des ports non n\xE9cessaires, etc .. ).\n\nLes proc\xE9\ + dures et guides de durcissement pour les diff\xE9rents types d'actifs doivent\ + \ \xEAtre document\xE9s et tenus \xE0 jours." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-vuln-install + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node88 + ref_id: EXP-VULN-INSTALL + name: "Restrictions li\xE9es \xE0 l'installation de logiciels" + description: "Chaque entit\xE9 ou IIV doit d\xE9finir et mettre en place un\ + \ processus de contr\xF4le des logiciels que les utilisateurs peuvent installer\ + \ ainsi que des privil\xE8ges qui leurs sont accord\xE9s en tenant compte\ + \ de leurs fonctions." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-vuln-gest + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node88 + ref_id: EXP-VULN-GEST + name: "Gestion des vuln\xE9rabilit\xE9s techniques" + description: "Chaque entit\xE9 ou IIV doit \xEAtre tenue inform\xE9e en temps\ + \ voulu des vuln\xE9rabilit\xE9s techniques des syst\xE8mes d'information\ + \ en exploitation, d'\xE9valuer son exposition \xE0 ces vuln\xE9rabilit\xE9\ + s et de prendre les mesures appropri\xE9es pour traiter le risque associ\xE9\ + .\n\nUne proc\xE9dure de gestion des vuln\xE9rabilit\xE9s doit \xEAtre mise\ + \ en place en prenant en compte principalement les \xE9l\xE9ments suivants\ + \ :\n\n- L'inventaire des actifs informationnels en service ;\n\n- Les r\xF4\ + les et responsabilit\xE9s associ\xE9s \xE0 la gestion des vuln\xE9rabilit\xE9\ + s ;\n\n- Les d\xE9lais d'intervention ;\n\n- Les modalit\xE9s de corrections\ + \ (Application de correctifs, cloisonnement, ... ).\n\n- Les vuln\xE9rabilit\xE9\ + s jug\xE9es critiques doivent \xEAtre port\xE9es \xE0 la connaissance de la\ + \ DGSSI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-vuln-correct + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node88 + ref_id: EXP-VULN-CORRECT + name: Gestion des correctifs + description: "Chaque entit\xE9 ou IIV doit d\xE9finir et mettre en \u0153uvre\ + \ une politique de suivi et d'application des correctifs de s\xE9curit\xE9\ + .\n\nUn processus de gestion des correctifs propre \xE0 chaque syst\xE8me\ + \ ou applicatif doit \xEAtre d\xE9fini et adapt\xE9 suivant les contraintes\ + \ et le niveau d'exposition du syst\xE8me." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node94 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node70 + name: Objectif 21 + description: "R\xE9duire au minimum l\u2019incidence des activit\xE9s d\u2019\ + audit sur les syst\xE8mes en exploitation." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:exp-audit-mes + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node94 + ref_id: EXP-AUDIT-MES + name: "Mesures relatives \xE0 l'audit du syst\xE8me d'information" + description: "Les modalit\xE9s de d\xE9roulement des op\xE9rations d'audit d\xE9\ + ploy\xE9es par l'entit\xE9 ou par l'IIV doivent \xEAtre bien d\xE9finies (acc\xE8\ + s aux \xE9quipements, contr\xF4les et traitements admis, consultation des\ + \ donn\xE9es, habilitation des auditeurs, etc.).\n\nLes exigences et activit\xE9\ + s d'audit impliquant des v\xE9rifications sur des syst\xE8mes en exploitation\ + \ doivent \xEAtre pr\xE9vues avec soin et valid\xE9es afin de r\xE9duire au\ + \ minimum les perturbations qui pourraient \xEAtre subies par les processus\ + \ m\xE9tier.\n\nCertaines r\xE8gles applicables \xE0 l'audit des syst\xE8\ + mes d'information sensibles sont d\xE9finies par la loi n\xBA 05-20 et ses\ + \ textes d'application." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node96 + assessable: false + depth: 1 + name: 9. SECURITE DES COMMUNICATIONS + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node97 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node96 + name: Objectif 22 + description: "Garantir la protection des informations sur les r\xE9seaux et\ + \ des moyens de traitement de l\u2019information sur lesquels elle s\u2019\ + appuie." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-manag-cloison + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node97 + ref_id: COM-MANAG-CLOISON + name: "Cloisonnement du r\xE9seau" + description: "Chaque entit\xE9 ou IIV est tenue de cloisonner son r\xE9seau\ + \ en zones (zone publique, zone utilisateurs, zone serveurs, etc.) selon la\ + \ classification et les niveaux de sensibilit\xE9 des actifs informationnels\ + \ connect\xE9s." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-manag-filtrage + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node97 + ref_id: COM-MANAG-FILTRAGE + name: Filtrage des flux + description: "Le trafic entrant et sortant de chaque zone r\xE9seau doit \xEA\ + tre soumis \xE0 des r\xE8gles strictes de filtrage conform\xE9ment \xE0 la\ + \ politique de contr\xF4le d'acc\xE8s et \xE0 la classification des donn\xE9\ + es trait\xE9es.\n\nLa liste des r\xE8gles de filtrage doit \xEAtre document\xE9\ + e et tenue \xE0 jour." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-manag-sysaut + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node97 + ref_id: COM-MANAG-SYSAUT + name: "Syst\xE8mes autoris\xE9s sur le r\xE9seau" + description: "L'entit\xE9 ou l'IIV doit mettre en place les moyens et m\xE9\ + canismes n\xE9cessaires pour s'assurer que seuls les \xE9quipements autoris\xE9\ + s peuvent \xEAtre connect\xE9s au r\xE9seau interne de l'entit\xE9 ou de l'IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-manag-distant + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node97 + ref_id: COM-MANAG-DISTANT + name: "Acc\xE8s distants" + description: "L'acc\xE8s distant ne doit \xEAtre r\xE9alisable que par des personnes\ + \ autoris\xE9es et bien d\xE9finies et \xE0 partir de moyens maitris\xE9s.\n\ + \nDes mesures d'authentification adapt\xE9es et l'usage de protocoles s\xE9\ + curis\xE9s pour ce type de connexions sont n\xE9cessaires." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-manag-tunel + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node97 + ref_id: COM-MANAG-TUNEL + name: "Tunnelisation chiffr\xE9e" + description: "Chaque entit\xE9 ou IIV doit mettre en place des m\xE9canismes\ + \ de chiffrement pour la protection des tunnels de connexion \xE0 distance\ + \ lorsque l'acc\xE8s se fait \xE0 travers un r\xE9seau public." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-manag-rsf + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node97 + ref_id: COM-MANAG-RSF + name: "S\xE9curit\xE9 des r\xE9seaux sans fil" + description: "Le d\xE9ploiement du r\xE9seau sans fil doit faire l'objet d'une\ + \ \xE9tude de s\xE9curit\xE9 sp\xE9cifique.\n\nLe r\xE9seau sans fil doit\ + \ \xEAtre cloisonn\xE9 du reste du r\xE9seau : une passerelle ma\xEEtris\xE9\ + e doit \xEAtre mise en place permettant de tracer les acc\xE8s et de restreindre\ + \ les \xE9changes aux seuls flux n\xE9cessaires.\n\nDes moyens d'authentification\ + \ adapt\xE9s doivent \xEAtre mis en place pour limiter l'acc\xE8s aux r\xE9\ + seaux sans fil aux seules personnes autoris\xE9es." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node104 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node96 + name: Objectif 23 + description: "Maintenir la s\xE9curit\xE9 de l\u2019information transf\xE9r\xE9\ + e au sein de l\u2019entit\xE9 ou de l\u2019IIV et vers l\u2019ext\xE9rieur." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-trans-fichier + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node104 + ref_id: COM-TRANS-FICHIER + name: Usage des transferts par fichiers + description: "Des moyens adapt\xE9s doivent \xEAtre mis en place pour la protection\ + \ des informations qui transitent \xE0 travers tout type de moyens de communication\ + \ (serveurs de fichier, partage ou stockage Cloud, etc.) contre l'interception,\ + \ la reproduction, la modification, les erreurs d'acheminement ou la destruction." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-trans-mess + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node104 + ref_id: COM-TRANS-MESS + name: "Usage de la messagerie \xE9lectronique" + description: "Chaque entit\xE9 ou IIV doit formaliser et mettre en \u0153uvre\ + \ les r\xE8gles de bon usage n\xE9cessaires pour la s\xE9curit\xE9 de la messagerie\ + \ \xE9lectronique notamment :\n\n- le chiffrement et la signature des messages\ + \ sensibles par des moyens adapt\xE9s ;\n\n- l'acc\xE8s \xE0 distance \xE0\ + \ la messagerie professionnelle via un canal s\xE9curis\xE9 ;\n\n- la v\xE9\ + rification de la source des courriers \xE9lectroniques avant d'ouvrir les\ + \ pi\xE8ces jointes;\n\n- l'interdiction de l'usage de la messagerie professionnelle\ + \ \xE0 des fins personnelles ;\n\n- l'interdiction du renvoi automatique vers\ + \ une messagerie non ma\xEEtris\xE9e, sauf autorisation expresse pour des\ + \ raisons exceptionnelles." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:com-trans-filtr + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node104 + ref_id: COM-TRANS-FILTR + name: Filtrage des mails + description: "Chaque entit\xE9 ou IIV doit veiller \xE0 l'application des m\xE9\ + canismes de filtrage du courrier \xE9lectronique \xE9mis et re\xE7u notamment\ + \ par :\n\n- le contr\xF4le antiviral des pi\xE8ces jointes, leurs tailles\ + \ et natures ;\n\n- la protection anti-spam ;\n\n- le contr\xF4le des ent\xEA\ + tes SMTP." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node108 + assessable: false + depth: 1 + name: "10. ACQUISITION, DEVELOPPEMENT ET MAINTENANCE DES SYSTEMES D\u2019INFORMATION" + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node109 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node108 + name: Objectif 24 + description: "Veiller \xE0 ce que la s\xE9curit\xE9 fasse partie int\xE9grante\ + \ des SI tout au long de leur cycle de vie." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:dev-exig-projet + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node109 + ref_id: DEV-EXIG-PROJET + name: "S\xE9curit\xE9 de l'information dans la gestion de projet" + description: "Chaque entit\xE9 ou IIV doit traiter la s\xE9curit\xE9 de l'information\ + \ dans la gestion de tous types de projets SI. A ce titre, la s\xE9curit\xE9\ + \ doit \xEAtre int\xE9gr\xE9e \xE0 toutes les phases du cycle de vie du projet\ + \ de mani\xE8re \xE0 s'assurer notamment que :\n\n- une appr\xE9ciation du\ + \ risque, li\xE9e \xE0 la s\xE9curit\xE9 de l'information, soit effectu\xE9\ + e au commencement du projet pour identifier les exigences de s\xE9curit\xE9\ + \ ;\n\n- les objectifs en mati\xE8re de s\xE9curit\xE9 de l'information soient\ + \ int\xE9gr\xE9s aux objectifs du projet et pris en compte d\xE8s la conception\ + \ ;\n\n- la v\xE9rification de la s\xE9curit\xE9 soit int\xE9gr\xE9e dans\ + \ les tests d'acceptation." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:dev-exig-transac + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node109 + ref_id: DEV-EXIG-TRANSAC + name: "Protection des transactions li\xE9es aux services d'application" + description: "Chaque entit\xE9 ou IIV doit identifier les fichiers et les transactions\ + \ devant \xEAtre prot\xE9g\xE9s par des solutions de chiffrement et/ou de\ + \ signature \xE9lectronique au niveau de l'architecture applicative." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node112 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node108 + name: Objectif 25 + description: "S\u2019assurer que la s\xE9curit\xE9 de l\u2019information est\ + \ mise en \u0153uvre dans le cadre du cycle de d\xE9veloppement des SI conform\xE9\ + ment aux r\xE9f\xE9rentiels et guides en vigueur." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:dev-proc-pol + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node112 + ref_id: DEV-PROC-POL + name: "Politique de d\xE9veloppement s\xE9curis\xE9" + description: "Chaque entit\xE9 ou IIV doit \xE9laborer et mettre en place, conform\xE9\ + ment aux guides et r\xE9f\xE9rentiels \xE9labor\xE9s par la DGSSI, une politique\ + \ de d\xE9veloppement s\xE9curis\xE9 des logiciels et des syst\xE8mes, qui\ + \ d\xE9finit notamment :\n\n- les exigences de s\xE9curit\xE9 de l'environnement\ + \ de d\xE9veloppement ;\n\n- les exigences de s\xE9curit\xE9 dans la phase\ + \ de conception ;\n\n- les points de contr\xF4le de la s\xE9curit\xE9 aux\ + \ diff\xE9rentes \xE9tapes cl\xE9s du projet ;\n\n- les r\xE9f\xE9rentiels\ + \ de d\xE9veloppement s\xE9curis\xE9 \xE0 utiliser ;\n\n- les r\xE8gles de\ + \ protection du code source et le contr\xF4le des versions." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:dev-proc-chang + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node112 + ref_id: DEV-PROC-CHANG + name: "Contr\xF4le des changements apport\xE9s au syst\xE8me dans le cycle de\ + \ d\xE9veloppement" + description: "Les changements apport\xE9s au SI dans le cycle de d\xE9veloppement\ + \ doivent \xEAtre contr\xF4l\xE9s en utilisant des proc\xE9dures formelles.\n\ + \nA cet effet, chaque entit\xE9 ou IIV doit mener une appr\xE9ciation du risque\ + \ pour analyser les incidences des changements apport\xE9s au SI dans le cycle\ + \ de d\xE9veloppement et se limiter aux changements n\xE9cessaires.\n\nLorsque\ + \ les changements sont apport\xE9s, chaque entit\xE9 ou IIV doit revoir et\ + \ tester les applications m\xE9tiers critiques afin de v\xE9rifier tout impact\ + \ sur l'activit\xE9 ou sur la s\xE9curit\xE9." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:dev-proc-envir + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node112 + ref_id: DEV-PROC-ENVIR + name: "Environnement de d\xE9veloppement s\xE9curis\xE9" + description: "Chaque entit\xE9 ou IIV doit veiller \xE0 ce que les environnements\ + \ de d\xE9veloppement soient s\xE9curis\xE9s, de mani\xE8re \xE0 tenir compte\ + \ notamment de :\n\n- la sensibilit\xE9 des donn\xE9es trait\xE9es, stock\xE9\ + es et en transit ;\n\n- les exigences internes et externes d\xE9coulant des\ + \ politiques et r\xE9f\xE9rentiels en vigueur ;\n\n- le niveau de fiabilit\xE9\ + \ du personnel travaillant dans l'environnement ;\n\n- le contr\xF4le d'acc\xE8\ + s aux environnements ;\n\n- la s\xE9paration des diff\xE9rents environnements\ + \ de d\xE9veloppement ;\n\n- le degr\xE9 d'externalisation associ\xE9e \xE0\ + \ la t\xE2che de d\xE9veloppement." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:dev-proc-test + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node112 + ref_id: DEV-PROC-TEST + name: "Test de la s\xE9curit\xE9 du syst\xE8me" + description: "Chaque entit\xE9 ou IIV doit assurer la r\xE9alisation des tests\ + \ de la s\xE9curit\xE9 durant le cycle de d\xE9veloppement conform\xE9ment\ + \ \xE0 la politique de d\xE9veloppement s\xE9curis\xE9 de l'entit\xE9 ou de\ + \ l'IIV et aux guides et r\xE9f\xE9rentiels \xE9labor\xE9s par la DGSSI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:dev-proc-code + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node112 + ref_id: DEV-PROC-CODE + name: Protection du code source des programmes + description: "Un contr\xF4le strict de l'acc\xE8s au code source des programmes\ + \ et aux \xE9l\xE9ments associ\xE9s tels que les exigences de conception,\ + \ les sp\xE9cifications, les programmes de v\xE9rification et de validation,\ + \ doit \xEAtre mis en place." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:dev-proc-donnee + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node112 + ref_id: DEV-PROC-DONNEE + name: "Protection des donn\xE9es de test" + description: "Lorsque des donn\xE9es d'exploitation sont utilis\xE9es pour les\ + \ besoins d'un test, il est n\xE9cessaire notamment de :\n\n- respecter les\ + \ proc\xE9dures d'acc\xE8s qui s'appliquent aux syst\xE8mes d'applications\ + \ en exploitation ;\n\n- obtenir une autorisation pour copier des informations\ + \ d'exploitation dans un environnement de test ;\n\n- effacer les informations\ + \ d'exploitation d'un environnement de test imm\xE9diatement apr\xE8s la fin\ + \ des tests ;\n\n- journaliser toute reproduction et utilisation de l'information\ + \ d'exploitation.\n\nEn outre, lorsque les donn\xE9es d'exploitation sont\ + \ de nature sensible, elles ne doivent pas \xEAtre utilis\xE9es sans qu'il\ + \ ne soit proc\xE9d\xE9 \xE0 leur anonymisation." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node119 + assessable: false + depth: 1 + name: 11. RELATIONS AVEC LES FOURNISSEURS + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node120 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node119 + name: Objectif 26 + description: "Garantir la protection des actifs de l\u2019entit\xE9 ou de l\u2019\ + IIV accessibles aux fournisseurs." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:fournis-rel-risq + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node120 + ref_id: FOURNIS-REL-RISQ + name: "Risques \xE9manant des fournisseurs" + description: "Chaque entit\xE9 ou IIV doit identifier les risques de s\xE9curit\xE9\ + \ li\xE9s aux interventions des fournisseurs et des prestataires. FOURNIS-REL-POL\ + \ : Politique de s\xE9curit\xE9 de l'information dans les relations avec les\ + \ fournisseurs\n\nChaque entit\xE9 ou IIV doit mettre en place une politique\ + \ qui d\xE9finit les mesures de s\xE9curit\xE9 sp\xE9cifiques applicables\ + \ aux fournisseurs et aux prestataires." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:fournis-rel-pol + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node120 + ref_id: FOURNIS-REL-POL + name: "Politique de s\xE9curit\xE9 de l\u2019information dans les relations\ + \ avec les fournisseurs" + description: "Chaque entit\xE9 ou IIV doit mettre en place une politique qui\ + \ d\xE9finit les mesures de s\xE9curit\xE9 sp\xE9cifiques applicables\naux\ + \ fournisseurs et aux prestataires." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:fournis-rel-exig + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node120 + ref_id: FOURNIS-REL-EXIG + name: Exigences contractuelles + description: "Les contrats conclus doivent pr\xE9voir les exigences de l\u2019\ + entit\xE9 ou de l\u2019IIV en termes de s\xE9curit\xE9 et de niveaux de\n\ + service. Les fournisseurs et les prestataires sont tenus conform\xE9ment aux\ + \ contrats conclus de respecter la politique\nde s\xE9curit\xE9 des SI de\ + \ l\u2019entit\xE9 ou de l\u2019IIV.\nDes clauses d\u2019auditabilit\xE9 et\ + \ de r\xE9versibilit\xE9 sont \xE0 pr\xE9voir lorsqu\u2019il s\u2019agit de\ + \ contrats d\u2019externalisation, et ce\nconform\xE9ment aux dispositions\ + \ de la loi n\xB005-20 relative \xE0 la cybers\xE9curit\xE9." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node124 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node119 + name: Objectif 27 + description: "Maintenir un niveau convenu de s\xE9curit\xE9 de l\u2019information\ + \ et de prestation de services, conform\xE9ment aux accords conclus avec les\ + \ fournisseurs." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:fournis-gest-surveil + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node124 + ref_id: FOURNIS-GEST-SURVEIL + name: Surveillance et revue des services des fournisseurs + description: "Chaque entit\xE9 ou IIV doit surveiller, revoir et auditer \xE0\ + \ intervalles r\xE9guliers les prestations assur\xE9es par les\nfournisseurs,\ + \ afin de s\u2019assurer que les clauses portant sur la s\xE9curit\xE9 de\ + \ l\u2019information pr\xE9vues dans les contrats sont\nrespect\xE9es et que\ + \ les \xE9ventuels incidents sont correctement g\xE9r\xE9s." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node126 + assessable: false + depth: 1 + name: 12. GESTION DES INCIDENTS DE CYBERSECURITE + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node126 + name: Objectif 28 + description: "Garantir une m\xE9thode coh\xE9rente et efficace de d\xE9tection\ + \ et de traitement des incidents de cybers\xE9curit\xE9, incluant la communication\ + \ des \xE9v\xE9nements et des failles li\xE9s \xE0 la s\xE9curit\xE9." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:incid-gest--proc + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + ref_id: INCID-GEST- PROC + name: " Proc\xE9dures et responsabilit\xE9s en mati\xE8re de gestion des incidents" + description: "Les proc\xE9dures de gestion d'incidents doivent couvrir les diff\xE9\ + rents types d\u2019incidents affectant la s\xE9curit\xE9 ou le\nfonctionnement\ + \ du syst\xE8me (erreurs, dysfonctionnement, sinistres naturels, malveillances,\ + \ d\xE9nis de service,\ninfections virales, intrusion, sabotage, saturation,\ + \ etc.) et d\xE9finir les moyens de signalement et de suivi d\u2019incidents.\n\ + Les responsabilit\xE9s de gestion des incidents de cybers\xE9curit\xE9 doivent\ + \ \xEAtre d\xE9finies pour garantir que lesdites\nproc\xE9dures soient d\xE9\ + velopp\xE9es et communiqu\xE9es au sein de l\u2019entit\xE9 ou de l\u2019\ + IIV." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:incid-gest-cat + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + ref_id: INCID-GEST-CAT + name: "Cat\xE9gorisation et classification des incidents" + description: "Chaque entit\xE9 ou IIV doit d\xE9finir les diff\xE9rentes cat\xE9\ + gories d\u2019incidents susceptibles d\u2019affecter la s\xE9curit\xE9 du\ + \ SI ainsi\nque l\u2019\xE9chelle de classification de ces incidents selon\ + \ l\u2019impact induit." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:incid-gest-signal + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + ref_id: INCID-GEST-SIGNAL + name: "Signalement des \xE9v\xE9nements" + description: "L\u2019ensemble des personnes impliqu\xE9es dans la maintenance,\ + \ l\u2019exploitation, l\u2019administration ou l\u2019utilisation du\nsyst\xE8\ + me doivent \xEAtre en mesure de noter et signaler dans les meilleurs d\xE9\ + lais tout dysfonctionnement observ\xE9 ou\nsoup\xE7onn\xE9 dans l\u2019usage\ + \ normal du syst\xE8me et pouvant porter atteinte aux donn\xE9es ou au syst\xE8\ + me lui-m\xEAme.\nLa proc\xE9dure de gestion des incidents doit garantir que\ + \ le signalement soit remont\xE9 aux autorit\xE9s comp\xE9tentes\nselon les\ + \ exigences l\xE9gislatives et r\xE9glementaires en vigueur." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:incid-gest-qualif + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + ref_id: INCID-GEST-QUALIF + name: "Qualification des \xE9v\xE9nements" + description: "Chaque entit\xE9 ou IIV doit pouvoir \xE9valuer chaque \xE9v\xE8\ + nement afin de pouvoir d\xE9cider s\u2019il s\u2019agit d\u2019un incident\ + \ li\xE9 \xE0 la\ns\xE9curit\xE9 du SI et de d\xE9terminer sa cat\xE9gorie.\ + \ Dans ce cas, la criticit\xE9 de cet incident doit \xEAtre appr\xE9ci\xE9\ + e selon une\n\xE9chelle de classification des incidents de cybers\xE9curit\xE9\ + \ bas\xE9e sur la sensibilit\xE9 du service impact\xE9 et sur l\u2019impact\n\ + induit." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:incid-gest-reponse + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + ref_id: INCID-GEST-REPONSE + name: "R\xE9ponse aux incidents li\xE9s \xE0 la s\xE9curit\xE9 des SI" + description: "D\xE8s qu\u2019un incident de cybers\xE9curit\xE9 est confirm\xE9\ + , chaque entit\xE9 ou IIV doit attribuer les r\xF4les et responsabilit\xE9\ + s aux\ndiff\xE9rents membres de l\u2019\xE9quipe d\u2019intervention interne,\ + \ externe ou mixte, et s\u2019assurer que toutes les t\xE2ches\nconcernant\ + \ la r\xE9ponse sont correctement r\xE9alis\xE9es et journalis\xE9es conform\xE9\ + ment \xE0 une proc\xE9dure de r\xE9ponse\nformalis\xE9e." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:incid-gest-alert + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + ref_id: INCID-GEST-ALERT + name: "R\xE9action aux alertes li\xE9s \xE0 la s\xE9curit\xE9 des SI" + description: "Chaque entit\xE9 ou IIV doit mobiliser les ressources internes\ + \ et/ou externes pour r\xE9agir efficacement aux alertes li\xE9es\n\xE0 la\ + \ s\xE9curit\xE9 des SI.\nCes alertes peuvent provenir soit d\u2019un \xE9\ + diteur ou fournisseur, soit du centre de veille, de d\xE9tection et de r\xE9\ + ponses\naux attaques informatiques (ma-CERT) relevant de la DGSSI.\nDans ce\ + \ dernier cas, l\u2019entit\xE9 ou l\u2019IIV accuse r\xE9ception de l\u2019\ + alerte et transmet par la suite, si elle est impact\xE9e par\ncette alerte,\ + \ un compte rendu d\u2019ex\xE9cution \xE0 la DGSSI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:incid-gest-rep + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + ref_id: INCID-GEST-REP + name: "R\xE9pertoire d\u2019incidents" + description: "La typologie et la description des incidents de cybers\xE9curit\xE9\ + \ doivent \xEAtre localement enregistr\xE9es dans une base\npermettant un\ + \ enrichissement progressif ainsi qu'un acc\xE8s s\xE9lectif facile pour effectuer\ + \ le traitement et le suivi des\ndivers incidents futurs." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:incid-gest-preuv + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node127 + ref_id: INCID-GEST-PREUV + name: Recueil des preuves + description: "En cas d\u2019attaque suspect\xE9e, chaque entit\xE9 ou IIV doit\ + \ d\xE9finir et appliquer les proc\xE9dures relatives :\n- aux processus de\ + \ recherche, de reconnaissance et de documentation des preuves potentielles\ + \ ;\n- au recueil des \xE9l\xE9ments physiques pouvant contenir des preuves\ + \ potentielles ;\n- au processus de cr\xE9ation de copie de donn\xE9es ;\n\ + - \xE0 la protection et la sauvegarde de l\u2019int\xE9grit\xE9 et l\u2019\ + \xE9tat d\u2019origine des preuves potentielles." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node136 + assessable: false + depth: 1 + name: "13. GESTION DE LA CONTINUITE DE L\u2019ACTIVITE" + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node137 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node136 + name: Objectif 29 + description: "Neutraliser les interruptions des activit\xE9s de l\u2019entit\xE9\ + \ ou de l\u2019IIV, prot\xE9ger les processus m\xE9tier cruciaux des effets\ + \ caus\xE9s par les d\xE9faillances des syst\xE8mes d\u2019information ou\ + \ par des sinistres et garantir une reprise de ces processus dans les meilleurs\ + \ d\xE9lais." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:continu-bia + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node137 + ref_id: CONTINU-BIA + name: "Analyse d\u2019impact sur l\u2019activit\xE9" + description: "Chaque entit\xE9 ou IIV est tenue d\u2019\xE9tablir une analyse\ + \ d\u2019impacts sur son activit\xE9, qui consiste \xE0 :\n- identifier les\ + \ activit\xE9s et processus critiques ;\n- analyser les risques li\xE9s aux\ + \ activit\xE9s et processus ;\n- analyser les impacts qui r\xE9sulteraient\ + \ d\u2019un arr\xEAt de ces activit\xE9s et processus critiques ;\n- d\xE9\ + terminer comment ces impacts \xE9volueraient dans le temps en cas d\u2019\ + arr\xEAt prolong\xE9 ;\n- \xE9tablir le temps d\u2019arr\xEAt ou d\u2019indisponibilit\xE9\ + \ maximum supportable des activit\xE9s critiques ;\n- identifier et consid\xE9\ + rer toute activit\xE9 critique d\xE9pendant d\u2019autres entit\xE9s ou IIV,\ + \ des fournisseurs et\nd\u2019autres tiers ;\n- estimer le d\xE9lai cible\ + \ de r\xE9tablissement des activit\xE9s apr\xE8s un sinistre ;\n- estimer\ + \ les ressources humaines, techniques et logistiques que chaque activit\xE9\ + \ critique requiert pour sa\nreprise." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:continu-act + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node137 + ref_id: CONTINU-ACT + name: "Plan de Continuit\xE9 et de Reprise d\u2019Activit\xE9 (PCA/PRA)" + description: "Chaque entit\xE9 ou IIV doit pr\xE9parer un plan de continuit\xE9\ + \ et de reprise d\u2019activit\xE9s int\xE9grant l'ensemble des solutions\n\ + pour pallier les arr\xEAts des processus et applications critiques. Il doit\ + \ porter notamment sur des solutions de secours\ninformatique (sauvegarde,\ + \ site de secours, bascule, r\xE9silience des r\xE9seaux, redondance mat\xE9\ + rielle et logicielle,\netc.).\nLe PCA/PRA doit d\xE9crire de mani\xE8re pr\xE9\ + cise les r\xF4les et les responsabilit\xE9s de tous les intervenants en cas\ + \ de\nsinistre." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:continu-plan + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node137 + ref_id: CONTINU-PLAN + name: "Mise \xE0 l\u2019essai des PCA/PRA" + description: "Un plan de test technique (tests de restauration des syst\xE8\ + mes, des applications, des donn\xE9es ou des\ncommunications, etc.) doit \xEA\ + tre mis en \u0153uvre annuellement." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:continu-exercice + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node137 + ref_id: CONTINU-EXERCICE + name: Exercices et Scenarios + description: "Chaque entit\xE9 ou IIV est tenue d\u2019organiser de mani\xE8\ + re r\xE9guli\xE8re des exercices de crise afin de tester le PCA/PRA." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node142 + assessable: false + depth: 1 + name: 14. CONFORMITE + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node143 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node142 + name: Objectif 30 + description: "\xC9viter toute violation des obligations l\xE9gales, statutaires,\ + \ r\xE9glementaires ou contractuelles relatives \xE0 la s\xE9curit\xE9 des\ + \ SI." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:conf-oblig-idf + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node143 + ref_id: CONF-OBLIG-IDF + name: "Identification de la l\xE9gislation en vigueur" + description: "L\u2019arsenal l\xE9gal, r\xE9glementaire, normatif et contractuel\ + \ auquel l\u2019entit\xE9 ou l\u2019IIV est soumise doit \xEAtre clairement\n\ + identifi\xE9. La politique de s\xE9curit\xE9 des SI doit faire r\xE9f\xE9\ + rence \xE0 cet arsenal et mettre l\u2019accent sur l\u2019obligation de s\u2019\ + y\nconformer." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:conf-oblig-cybersec + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node143 + ref_id: CONF-OBLIG-CYBERSEC + name: "Conformit\xE9 \xE0 la r\xE9glementation li\xE9e \xE0 la cybers\xE9curit\xE9" + description: "Chaque entit\xE9 ou IIV doit veiller \xE0 ce que la gestion de\ + \ la s\xE9curit\xE9 ses SI soit conforme au cadre juridique applicable\nen\ + \ mati\xE8re de cybers\xE9curit\xE9 notamment la loi n\xB0 05-20 relative\ + \ \xE0 la cybers\xE9curit\xE9 et le d\xE9cret n\xB0 2-21-406 pris pour\nson\ + \ application." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:conf-oblig-intellect + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node143 + ref_id: CONF-OBLIG-INTELLECT + name: "Droits de propri\xE9t\xE9 intellectuelle" + description: "Chaque entit\xE9 ou IIV doit veiller au respect des droits de\ + \ propri\xE9t\xE9 intellectuelle notamment en interdisant\nl\u2019utilisation\ + \ de tout logiciel non dot\xE9 d'une licence d\u2019utilisation valide." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:conf-oblig-perso + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node143 + ref_id: CONF-OBLIG-PERSO + name: "Protection des donn\xE9es personnelles" + description: "Chaque entit\xE9 ou IIV doit veiller au respect de la l\xE9gislation\ + \ relative \xE0 la protection des donn\xE9es \xE0 caract\xE8re\npersonnel\ + \ notamment la loi n\xB0 09-08 relative \xE0 la protection des personnes physiques\ + \ \xE0 l'\xE9gard du traitement des\ndonn\xE9es \xE0 caract\xE8re personnel\ + \ et les textes pris pour son application." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:conf-oblig-crypto + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node143 + ref_id: CONF-OBLIG-CRYPTO + name: "R\xE9glementation relative aux mesures cryptographiques" + description: "Chaque entit\xE9 ou IIV doit veiller au respect des dispositions\ + \ l\xE9gales, r\xE9glementaires et normatives se rapportant au\nrecours \xE0\ + \ des mesures cryptographiques." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:node149 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node142 + name: Objectif 31 + description: "Garantir que la s\xE9curit\xE9 des SI est mise en \u0153uvre et\ + \ appliqu\xE9e conform\xE9ment aux politiques et proc\xE9dures organisationnelles." + - urn: urn:intuitem:risk:req_node:dnssi-2023-2:conf-revu-ssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:dnssi-2023-2:node149 + ref_id: CONF-REVU-SSI + name: "V\xE9rification de la conformit\xE9 de la s\xE9curit\xE9 des SI" + description: "Chaque entit\xE9 ou IIV doit auditer r\xE9guli\xE8rement la conformit\xE9\ + \ de la s\xE9curit\xE9 de ses syst\xE8mes d\u2019information.\nChaque op\xE9\ + ration d\u2019audit doit donner lieu \xE0 des recommandations. Celles-ci doivent\ + \ \xEAtre mises en \u0153uvre dans le\ncadre de plans d\u2019actions en concertation\ + \ avec les structures concern\xE9es.\nA sa demande, les rapports d\u2019audit\ + \ peuvent \xEAtre mis \xE0 la disposition de la DGSSI." diff --git a/backend/library/libraries/dora.yaml b/backend/library/libraries/dora.yaml index f55bde509..7101392a6 100644 --- a/backend/library/libraries/dora.yaml +++ b/backend/library/libraries/dora.yaml @@ -7,7 +7,7 @@ description: REGULATION (EU) 2022/2554 OF THE EUROPEAN PARLIAMENT AND OF THE COU amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 copyright: European Union law -version: 2 +version: 3 provider: EU packager: intuitem objects: @@ -4436,7 +4436,7 @@ objects: at least yearly, that appropriate tests are conducted on all ICT systems and applications supporting critical or important functions. - urn: urn:intuitem:risk:req_node:dora:node396 - assessable: true + assessable: false depth: 2 parent_urn: urn:intuitem:risk:req_node:dora:node388 name: Article 25 diff --git a/backend/library/libraries/gdpr.yaml b/backend/library/libraries/gdpr.yaml new file mode 100644 index 000000000..7b058489e --- /dev/null +++ b/backend/library/libraries/gdpr.yaml @@ -0,0 +1,10550 @@ +urn: urn:intuitem:risk:library:gdpr +locale: en +ref_id: GDPR +name: General Data Protection Regulation +description: 'REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL + of 27 April 2016 on the protection of natural persons with regard to the processing + of personal data and on the free movement of such data, and repealing Directive + 95/46/EC (General Data Protection Regulation) + + https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02016R0679-20160504' +copyright: European Union law +version: 1 +provider: EU +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:gdpr + ref_id: GDPR + name: General Data Protection Regulation + description: 'REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL + of 27 April 2016 on the protection of natural persons with regard to the processing + of personal data and on the free movement of such data, and repealing Directive + 95/46/EC (General Data Protection Regulation) + + https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:02016R0679-20160504' + requirement_nodes: + - urn: urn:intuitem:risk:req_node:gdpr:preambule + assessable: false + depth: 1 + ref_id: Preambule + - urn: urn:intuitem:risk:req_node:gdpr:recital-1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 1 + description: "The protection of natural persons in relation to the processing\ + \ of personal data is a fundamental right. Article 8(1) of the Charter of\ + \ Fundamental Rights of the European Union (the \u2018Charter\u2019) and Article\ + \ 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide\ + \ that everyone has the right to the protection of personal data concerning\ + \ him or her." + - urn: urn:intuitem:risk:req_node:gdpr:recital-2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 2 + description: The principles of, and rules on the protection of natural persons + with regard to the processing of their personal data should, whatever their + nationality or residence, respect their fundamental rights and freedoms, in + particular their right to the protection of personal data. This Regulation + is intended to contribute to the accomplishment of an area of freedom, security + and justice and of an economic union, to economic and social progress, to + the strengthening and the convergence of the economies within the internal + market, and to the well-being of natural persons. + - urn: urn:intuitem:risk:req_node:gdpr:recital-3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 3 + description: Directive 95/46/EC of the European Parliament and of the Council + (4) seeks to harmonise the protection of fundamental rights and freedoms of + natural persons in respect of processing activities and to ensure the free + flow of personal data between Member States. + - urn: urn:intuitem:risk:req_node:gdpr:recital-4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 4 + description: The processing of personal data should be designed to serve mankind. + The right to the protection of personal data is not an absolute right; it + must be considered in relation to its function in society and be balanced + against other fundamental rights, in accordance with the principle of proportionality. + This Regulation respects all fundamental rights and observes the freedoms + and principles recognised in the Charter as enshrined in the Treaties, in + particular the respect for private and family life, home and communications, + the protection of personal data, freedom of thought, conscience and religion, + freedom of expression and information, freedom to conduct a business, the + right to an effective remedy and to a fair trial, and cultural, religious + and linguistic diversity. + - urn: urn:intuitem:risk:req_node:gdpr:recital-5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 5 + description: The economic and social integration resulting from the functioning + of the internal market has led to a substantial increase in cross-border flows + of personal data. The exchange of personal data between public and private + actors, including natural persons, associations and undertakings across the + Union has increased. National authorities in the Member States are being called + upon by Union law to cooperate and exchange personal data so as to be able + to perform their duties or carry out tasks on behalf of an authority in another + Member State. + - urn: urn:intuitem:risk:req_node:gdpr:recital-6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 6 + description: Rapid technological developments and globalisation have brought + new challenges for the protection of personal data. The scale of the collection + and sharing of personal data has increased significantly. Technology allows + both private companies and public authorities to make use of personal data + on an unprecedented scale in order to pursue their activities. Natural persons + increasingly make personal information available publicly and globally. Technology + has transformed both the economy and social life, and should further facilitate + the free flow of personal data within the Union and the transfer to third + countries and international organisations, while ensuring a high level of + the protection of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:recital-7 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 7 + description: Those developments require a strong and more coherent data protection + framework in the Union, backed by strong enforcement, given the importance + of creating the trust that will allow the digital economy to develop across + the internal market. Natural persons should have control of their own personal + data. Legal and practical certainty for natural persons, economic operators + and public authorities should be enhanced + - urn: urn:intuitem:risk:req_node:gdpr:recital-8 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 8 + description: Where this Regulation provides for specifications or restrictions + of its rules by Member State law, Member States may, as far as necessary for + coherence and for making the national provisions comprehensible to the persons + to whom they apply, incorporate elements of this Regulation into their national + law. + - urn: urn:intuitem:risk:req_node:gdpr:recital-9 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 9 + description: The objectives and principles of Directive 95/46/EC remain sound, + but it has not prevented fragmentation in the implementation of data protection + across the Union, legal uncertainty or a widespread public perception that + there are significant risks to the protection of natural persons, in particular + with regard to online activity. Differences in the level of protection of + the rights and freedoms of natural persons, in particular the right to the + protection of personal data, with regard to the processing of personal data + in the Member States may prevent the free flow of personal data throughout + the Union. Those differences may therefore constitute an obstacle to the pursuit + of economic activities at the level of the Union, distort competition and + impede authorities in the discharge of their responsibilities under Union + law. Such a difference in levels of protection is due to the existence of + differences in the implementation and application of Directive 95/46/EC. + - urn: urn:intuitem:risk:req_node:gdpr:recital-10 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 10 + description: "In order to ensure a consistent and high level of protection of\ + \ natural persons and to remove the obstacles to flows of personal data within\ + \ the Union, the level of protection of the rights and freedoms of natural\ + \ persons with regard to the processing of such data should be equivalent\ + \ in all Member States. Consistent and homogenous application of the rules\ + \ for the protection of the fundamental rights and freedoms of natural persons\ + \ with regard to the processing of personal data should be ensured throughout\ + \ the Union. Regarding the processing of personal data for compliance with\ + \ a legal obligation, for the performance of a task carried out in the public\ + \ interest or in the exercise of official authority vested in the controller,\ + \ Member States should be allowed to maintain or introduce national provisions\ + \ to further specify the application of the rules of this Regulation. In conjunction\ + \ with the general and horizontal law on data protection implementing Directive\ + \ 95/46/EC, Member States have several sector-specific laws in areas that\ + \ need more specific provisions. This Regulation also provides a margin of\ + \ manoeuvre for Member States to specify its rules, including for the processing\ + \ of special categories of personal data (\u2018sensitive data\u2019). To\ + \ that extent, this Regulation does not exclude Member State law that sets\ + \ out the circumstances for specific processing situations, including determining\ + \ more precisely the conditions under which the processing of personal data\ + \ is lawful." + - urn: urn:intuitem:risk:req_node:gdpr:recital-11 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 11 + description: Effective protection of personal data throughout the Union requires + the strengthening and setting out in detail of the rights of data subjects + and the obligations of those who process and determine the processing of personal + data, as well as equivalent powers for monitoring and ensuring compliance + with the rules for the protection of personal data and equivalent sanctions + for infringements in the Member States. + - urn: urn:intuitem:risk:req_node:gdpr:recital-12 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 12 + description: Article 16(2) TFEU mandates the European Parliament and the Council + to lay down the rules relating to the protection of natural persons with regard + to the processing of personal data and the rules relating to the free movement + of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:recital-13 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 13 + description: In order to ensure a consistent level of protection for natural + persons throughout the Union and to prevent divergences hampering the free + movement of personal data within the internal market, a Regulation is necessary + to provide legal certainty and transparency for economic operators, including + micro, small and medium-sized enterprises, and to provide natural persons + in all Member States with the same level of legally enforceable rights and + obligations and responsibilities for controllers and processors, to ensure + consistent monitoring of the processing of personal data, and equivalent sanctions + in all Member States as well as effective cooperation between the supervisory + authorities of different Member States. The proper functioning of the internal + market requires that the free movement of personal data within the Union is + not restricted or prohibited for reasons connected with the protection of + natural persons with regard to the processing of personal data. To take account + of the specific situation of micro, small and medium-sized enterprises, this + Regulation includes a derogation for organisations with fewer than 250 employees + with regard to record-keeping. In addition, the Union institutions and bodies, + and Member States and their supervisory authorities, are encouraged to take + account of the specific needs of micro, small and medium-sized enterprises + in the application of this Regulation. The notion of micro, small and medium-sized + enterprises should draw from Article 2 of the Annex to Commission Recommendation + 2003/361/EC (1). + - urn: urn:intuitem:risk:req_node:gdpr:recital-14 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 14 + description: The protection afforded by this Regulation should apply to natural + persons, whatever their nationality or place of residence, in relation to + the processing of their personal data. This Regulation does not cover the + processing of personal data which concerns legal persons and in particular + undertakings established as legal persons, including the name and the form + of the legal person and the contact details of the legal person + - urn: urn:intuitem:risk:req_node:gdpr:recital-15 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 15 + description: In order to prevent creating a serious risk of circumvention, the + protection of natural persons should be technologically neutral and should + not depend on the techniques used. The protection of natural persons should + apply to the processing of personal data by automated means, as well as to + manual processing, if the personal data are contained or are intended to be + contained in a filing system. Files or sets of files, as well as their cover + pages, which are not structured according to specific criteria should not + fall within the scope of this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-16 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 16 + description: This Regulation does not apply to issues of protection of fundamental + rights and freedoms or the free flow of personal data related to activities + which fall outside the scope of Union law, such as activities concerning national + security. This Regulation does not apply to the processing of personal data + by the Member States when carrying out activities in relation to the common + foreign and security policy of the Union. + - urn: urn:intuitem:risk:req_node:gdpr:recital-17 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 17 + description: Regulation (EC) No 45/2001 of the European Parliament and of the + Council (2) applies to the processing of personal data by the Union institutions, + bodies, offices and agencies. Regulation (EC) No 45/2001 and other Union legal + acts applicable to such processing of personal data should be adapted to the + principles and rules established in this Regulation and applied in the light + of this Regulation. In order to provide a strong and coherent data protection + framework in the Union, the necessary adaptations of Regulation (EC) No 45/2001 + should follow after the adoption of this Regulation, in order to allow application + at the same time as this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-18 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 18 + description: This Regulation does not apply to the processing of personal data + by a natural person in the course of a purely personal or household activity + and thus with no connection to a professional or commercial activity. Personal + or household activities could include correspondence and the holding of addresses, + or social networking and online activity undertaken within the context of + such activities. However, this Regulation applies to controllers or processors + which provide the means for processing personal data for such personal or + household activities. + - urn: urn:intuitem:risk:req_node:gdpr:recital-19 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 19 + description: The protection of natural persons with regard to the processing + of personal data by competent authorities for the purposes of the prevention, + investigation, detection or prosecution of criminal offences or the execution + of criminal penalties, including the safeguarding against and the prevention + of threats to public security and the free movement of such data, is the subject + of a specific Union legal act. This Regulation should not, therefore, apply + to processing activities for those purposes. However, personal data processed + by public authorities under this Regulation should, when used for those purposes, + be governed by a more specific Union legal act, namely Directive (EU) 2016/680 + of the European Parliament and of the Council (1). Member States may entrust + competent authorities within the meaning of Directive (EU) 2016/680 with tasks + which are not necessarily carried out for the purposes of the prevention, + investigation, detection or prosecution of criminal offences or the execution + of criminal penalties, including the safeguarding against and prevention of + threats to public security, so that the processing of personal data for those + other purposes, in so far as it is within the scope of Union law, falls within + the scope of this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:node22 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + description: With regard to the processing of personal data by those competent + authorities for purposes falling within scope of this Regulation, Member States + should be able to maintain or introduce more specific provisions to adapt + the application of the rules of this Regulation. Such provisions may determine + more precisely specific requirements for the processing of personal data by + those competent authorities for those other purposes, taking into account + the constitutional, organisational and administrative structure of the respective + Member State. When the processing of personal data by private bodies falls + within the scope of this Regulation, this Regulation should provide for the + possibility for Member States under specific conditions to restrict by law + certain obligations and rights when such a restriction constitutes a necessary + and proportionate measure in a democratic society to safeguard specific important + interests including public security and the prevention, investigation, detection + or prosecution of criminal offences or the execution of criminal penalties, + including the safeguarding against and the prevention of threats to public + security. This is relevant for instance in the framework of anti-money laundering + or the activities of forensic laboratories. + - urn: urn:intuitem:risk:req_node:gdpr:recital-20 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 20 + description: While this Regulation applies, inter alia, to the activities of + courts and other judicial authorities, Union or Member State law could specify + the processing operations and processing procedures in relation to the processing + of personal data by courts and other judicial authorities. The competence + of the supervisory authorities should not cover the processing of personal + data when courts are acting in their judicial capacity, in order to safeguard + the independence of the judiciary in the performance of its judicial tasks, + including decision- making. It should be possible to entrust supervision of + such data processing operations to specific bodies within the judicial system + of the Member State, which should, in particular ensure compliance with the + rules of this Regulation, enhance awareness among members of the judiciary + of their obligations under this Regulation and handle complaints in relation + to such data processing operations. + - urn: urn:intuitem:risk:req_node:gdpr:recital-21 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 21 + description: This Regulation is without prejudice to the application of Directive + 2000/31/EC of the European Parliament and of the Council (2), in particular + of the liability rules of intermediary service providers in Articles 12 to + 15 of that Directive. That Directive seeks to contribute to the proper functioning + of the internal market by ensuring the free movement of information society + services between Member States. + - urn: urn:intuitem:risk:req_node:gdpr:recital-22 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 22 + description: Any processing of personal data in the context of the activities + of an establishment of a controller or a processor in the Union should be + carried out in accordance with this Regulation, regardless of whether the + processing itself takes place within the Union. Establishment implies the + effective and real exercise of activity through stable arrangements. The legal + form of such arrangements, whether through a branch or a subsidiary with a + legal personality, is not the determining factor in that respect. + - urn: urn:intuitem:risk:req_node:gdpr:recital-23 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 23 + description: ' In order to ensure that natural persons are not deprived of the + protection to which they are entitled under this Regulation, the processing + of personal data of data subjects who are in the Union by a controller or + a processor not established in the Union should be subject to this Regulation + where the processing activities are related to offering goods or services + to such data subjects irrespective of whether connected to a payment. In order + to determine whether such a controller or processor is offering goods or services + to data subjects who are in the Union, it should be ascertained whether it + is apparent that the controller or processor envisages offering services to + data subjects in one or more Member States in the Union. Whereas the mere + accessibility of the controller''s, processor''s or an intermediary''s website + in the Union, of an email address or of other contact details, or the use + of a language generally used in the third country where the controller is + established, is insufficient to ascertain such intention, factors such as + the use of a language or a currency generally used in one or more Member States + with the possibility of ordering goods and services in that other language, + or the mentioning of customers or users who are in the Union, may make it + apparent that the controller envisages offering goods or services to data + subjects in the Union.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-24 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 24 + description: The processing of personal data of data subjects who are in the + Union by a controller or processor not established in the Union should also + be subject to this Regulation when it is related to the monitoring of the + behaviour of such data subjects in so far as their behaviour takes place within + the Union. In order to determine whether a processing activity can be considered + to monitor the behaviour of data subjects, it should be ascertained whether + natural persons are tracked on the internet including potential subsequent + use of personal data processing techniques which consist of profiling a natural + person, particularly in order to take decisions concerning her or him or for + analysing or predicting her or his personal preferences, behaviours and attitudes. + - urn: urn:intuitem:risk:req_node:gdpr:recital-25 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 25 + description: Where Member State law applies by virtue of public international + law, this Regulation should also apply to a controller not established in + the Union, such as in a Member State's diplomatic mission or consular post. + - urn: urn:intuitem:risk:req_node:gdpr:recital-26 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 26 + description: The principles of data protection should apply to any information + concerning an identified or identifiable natural person. Personal data which + have undergone pseudonymisation, which could be attributed to a natural person + by the use of additional information should be considered to be information + on an identifiable natural person. To determine whether a natural person is + identifiable, account should be taken of all the means reasonably likely to + be used, such as singling out, either by the controller or by another person + to identify the natural person directly or indirectly. To ascertain whether + means are reasonably likely to be used to identify the natural person, account + should be taken of all objective factors, such as the costs of and the amount + of time required for identification, taking into consideration the available + technology at the time of the processing and technological developments. The + principles of data protection should therefore not apply to anonymous information, + namely information which does not relate to an identified or identifiable + natural person or to personal data rendered anonymous in such a manner that + the data subject is not or no longer identifiable. This Regulation does not + therefore concern the processing of such anonymous information, including + for statistical or research purposes. + - urn: urn:intuitem:risk:req_node:gdpr:recital-27 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 27 + description: This Regulation does not apply to the personal data of deceased + persons. Member States may provide for rules regarding the processing of personal + data of deceased persons. + - urn: urn:intuitem:risk:req_node:gdpr:recital-28 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 28 + description: "The application of pseudonymisation to personal data can reduce\ + \ the risks to the data subjects concerned and help controllers and processors\ + \ to meet their data-protection obligations. The explicit introduction of\ + \ \u2018pseudonymisation\u2019 in this Regulation is not intended to preclude\ + \ any other measures of data protection." + - urn: urn:intuitem:risk:req_node:gdpr:recital-29 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 29 + description: In order to create incentives to apply pseudonymisation when processing + personal data, measures of pseudonymisation should, whilst allowing general + analysis, be possible within the same controller when that controller has + taken technical and organisational measures necessary to ensure, for the processing + concerned, that this Regulation is implemented, and that additional information + for attributing the personal data to a specific data subject is kept separately. + The controller processing the personal data should indicate the authorised + persons within the same controller. + - urn: urn:intuitem:risk:req_node:gdpr:recital-30 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 30 + description: Natural persons may be associated with online identifiers provided + by their devices, applications, tools and protocols, such as internet protocol + addresses, cookie identifiers or other identifiers such as radio frequency + identification tags. This may leave traces which, in particular when combined + with unique identifiers and other information received by the servers, may + be used to create profiles of the natural persons and identify them. + - urn: urn:intuitem:risk:req_node:gdpr:recital-31 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 31 + description: Public authorities to which personal data are disclosed in accordance + with a legal obligation for the exercise of their official mission, such as + tax and customs authorities, financial investigation units, independent administrative + authorities, or financial market authorities responsible for the regulation + and supervision of securities markets should not be regarded as recipients + if they receive personal data which are necessary to carry out a particular + inquiry in the general interest, in accordance with Union or Member State + law. The requests for disclosure sent by the public authorities should always + be in writing, reasoned and occasional and should not concern the entirety + of a filing system or lead to the interconnection of filing systems. The processing + of personal data by those public authorities should comply with the applicable + data-protection rules according to the purposes of the processing. + - urn: urn:intuitem:risk:req_node:gdpr:recital-32 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 32 + description: Consent should be given by a clear affirmative act establishing + a freely given, specific, informed and unambiguous indication of the data + subject's agreement to the processing of personal data relating to him or + her, such as by a written statement, including by electronic means, or an + oral statement. This could include ticking a box when visiting an internet + website, choosing technical settings for information society services or another + statement or conduct which clearly indicates in this context the data subject's + acceptance of the proposed processing of his or her personal data. Silence, + pre-ticked boxes or inactivity should not therefore constitute consent. Consent + should cover all processing activities carried out for the same purpose or + purposes. When the processing has multiple purposes, consent should be given + for all of them. If the data subject's consent is to be given following a + request by electronic means, the request must be clear, concise and not unnecessarily + disruptive to the use of the service for which it is provided. + - urn: urn:intuitem:risk:req_node:gdpr:recital-33 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 33 + description: It is often not possible to fully identify the purpose of personal + data processing for scientific research purposes at the time of data collection. + Therefore, data subjects should be allowed to give their consent to certain + areas of scientific research when in keeping with recognised ethical standards + for scientific research. Data subjects should have the opportunity to give + their consent only to certain areas of research or parts of research projects + to the extent allowed by the intended purpose. + - urn: urn:intuitem:risk:req_node:gdpr:recital-34 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 34 + description: Genetic data should be defined as personal data relating to the + inherited or acquired genetic characteristics of a natural person which result + from the analysis of a biological sample from the natural person in question, + in particular chromosomal, deoxyribonucleic acid (DNA) or ribonucleic acid + (RNA) analysis, or from the analysis of another element enabling equivalent + information to be obtained. + - urn: urn:intuitem:risk:req_node:gdpr:recital-35 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 35 + description: ' Personal data concerning health should include all data pertaining + to the health status of a data subject which reveal information relating to + the past, current or future physical or mental health status of the data subject. + This includes information about the natural person collected in the course + of the registration for, or the provision of, health care services as referred + to in Directive 2011/24/EU of the European Parliament and of the Council (1) + to that natural person; a number, symbol or particular assigned to a natural + person to uniquely identify the natural person for health purposes; information + derived from the testing or examination of a body part or bodily substance, + including from genetic data and biological samples; and any information on, + for example, a disease, disability, disease risk, medical history, clinical + treatment or the physiological or biomedical state of the data subject independent + of its source, for example from a physician or other health professional, + a hospital, a medical device or an in vitro diagnostic test.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-36 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 36 + description: The main establishment of a controller in the Union should be the + place of its central administration in the Union, unless the decisions on + the purposes and means of the processing of personal data are taken in another + establishment of the controller in the Union, in which case that other establishment + should be considered to be the main establishment. The main establishment + of a controller in the Union should be determined according to objective criteria + and should imply the effective and real exercise of management activities + determining the main decisions as to the purposes and means of processing + through stable arrangements. That criterion should not depend on whether the + processing of personal data is carried out at that location. The presence + and use of technical means and technologies for processing personal data or + processing activities do not, in themselves, constitute a main establishment + and are therefore not determining criteria for a main establishment. The main + establishment of the processor should be the place of its central administration + in the Union or, if it has no central administration in the Union, the place + where the main processing activities take place in the Union. In cases involving + both the controller and the processor, the competent lead supervisory authority + should remain the supervisory authority of the Member State where the controller + has its main establishment, but the supervisory authority of the processor + should be considered to be a supervisory authority concerned and that supervisory + authority should participate in the cooperation procedure provided for by + this Regulation. In any case, the supervisory authorities of the Member State + or Member States where the processor has one or more establishments should + not be considered to be supervisory authorities concerned where the draft + decision concerns only the controller. Where the processing is carried out + by a group of undertakings, the main establishment of the controlling undertaking + should be considered to be the main establishment of the group of undertakings, + except where the purposes and means of processing are determined by another + undertaking. + - urn: urn:intuitem:risk:req_node:gdpr:recital-37 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 37 + description: A group of undertakings should cover a controlling undertaking + and its controlled undertakings, whereby the controlling undertaking should + be the undertaking which can exert a dominant influence over the other undertakings + by virtue, for example, of ownership, financial participation or the rules + which govern it or the power to have personal data protection rules implemented. + An undertaking which controls the processing of personal data in undertakings + affiliated to it should be regarded, together with those undertakings, as + a group of undertakings. + - urn: urn:intuitem:risk:req_node:gdpr:recital-38 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 38 + description: Children merit specific protection with regard to their personal + data, as they may be less aware of the risks, consequences and safeguards + concerned and their rights in relation to the processing of personal data. + Such specific protection should, in particular, apply to the use of personal + data of children for the purposes of marketing or creating personality or + user profiles and the collection of personal data with regard to children + when using services offered directly to a child. The consent of the holder + of parental responsibility should not be necessary in the context of preventive + or counselling services offered directly to a child. + - urn: urn:intuitem:risk:req_node:gdpr:recital-39 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 39 + description: Any processing of personal data should be lawful and fair. It should + be transparent to natural persons that personal data concerning them are collected, + used, consulted or otherwise processed and to what extent the personal data + are or will be processed. The principle of transparency requires that any + information and communication relating to the processing of those personal + data be easily accessible and easy to understand, and that clear and plain + language be used. That principle concerns, in particular, information to the + data subjects on the identity of the controller and the purposes of the processing + and further information to ensure fair and transparent processing in respect + of the natural persons concerned and their right to obtain confirmation and + communication of personal data concerning them which are being processed. + Natural persons should be made aware of risks, rules, safeguards and rights + in relation to the processing of personal data and how to exercise their rights + in relation to such processing. In particular, the specific purposes for which + personal data are processed should be explicit and legitimate and determined + at the time of the collection of the personal data. The personal data should + be adequate, relevant and limited to what is necessary for the purposes for + which they are processed. This requires, in particular, ensuring that the + period for which the personal data are stored is limited to a strict minimum. + Personal data should be processed only if the purpose of the processing could + not reasonably be fulfilled by other means. In order to ensure that the personal + data are not kept longer than necessary, time limits should be established + by the controller for erasure or for a periodic review. Every reasonable step + should be taken to ensure that personal data which are inaccurate are rectified + or deleted. Personal data should be processed in a manner that ensures appropriate + security and confidentiality of the personal data, including for preventing + unauthorised access to or use of personal data and the equipment used for + the processing. + - urn: urn:intuitem:risk:req_node:gdpr:recital-40 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 40 + description: In order for processing to be lawful, personal data should be processed + on the basis of the consent of the data subject concerned or some other legitimate + basis, laid down by law, either in this Regulation or in other Union or Member + State law as referred to in this Regulation, including the necessity for compliance + with the legal obligation to which the controller is subject or the necessity + for the performance of a contract to which the data subject is party or in + order to take steps at the request of the data subject prior to entering into + a contract. + - urn: urn:intuitem:risk:req_node:gdpr:recital-41 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 41 + description: "Where this Regulation refers to a legal basis or a legislative\ + \ measure, this does not necessarily require a legislative act adopted by\ + \ a parliament, without prejudice to requirements pursuant to the constitutional\ + \ order of the Member State concerned. However, such a legal basis or legislative\ + \ measure should be clear and precise and its application should be foreseeable\ + \ to persons subject to it, in accordance with the case-law of the Court of\ + \ Justice of the European Union (the \u2018Court of Justice\u2019) and the\ + \ European Court of Human Rights." + - urn: urn:intuitem:risk:req_node:gdpr:recital-42 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 42 + description: Where processing is based on the data subject's consent, the controller + should be able to demonstrate that the data subject has given consent to the + processing operation. In particular in the context of a written declaration + on another matter, safeguards should ensure that the data subject is aware + of the fact that and the extent to which consent is given. In accordance with + Council Directive 93/13/EEC (1) a declaration of consent pre- formulated by + the controller should be provided in an intelligible and easily accessible + form, using clear and plain language and it should not contain unfair terms. + For consent to be informed, the data subject should be aware at least of the + identity of the controller and the purposes of the processing for which the + personal data are intended. Consent should not be regarded as freely given + if the data subject has no genuine or free choice or is unable to refuse or + withdraw consent without detriment. + - urn: urn:intuitem:risk:req_node:gdpr:recital-43 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 43 + description: In order to ensure that consent is freely given, consent should + not provide a valid legal ground for the processing of personal data in a + specific case where there is a clear imbalance between the data subject and + the controller, in particular where the controller is a public authority and + it is therefore unlikely that consent was freely given in all the circumstances + of that specific situation. Consent is presumed not to be freely given if + it does not allow separate consent to be given to different personal data + processing operations despite it being appropriate in the individual case, + or if the performance of a contract, including the provision of a service, + is dependent on the consent despite such consent not being necessary for such + performance. + - urn: urn:intuitem:risk:req_node:gdpr:recital-44 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 44 + description: Processing should be lawful where it is necessary in the context + of a contract or the intention to enter into a contract. + - urn: urn:intuitem:risk:req_node:gdpr:recital-45 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 45 + description: Where processing is carried out in accordance with a legal obligation + to which the controller is subject or where processing is necessary for the + performance of a task carried out in the public interest or in the exercise + of official authority, the processing should have a basis in Union or Member + State law. This Regulation does not require a specific law for each individual + processing. A law as a basis for several processing operations based on a + legal obligation to which the controller is subject or where processing is + necessary for the performance of a task carried out in the public interest + or in the exercise of an official authority may be sufficient. It should also + be for Union or Member State law to determine the purpose of processing. Furthermore, + that law could specify the general conditions of this Regulation governing + the lawfulness of personal data processing, establish specifications for determining + the controller, the type of personal data which are subject to the processing, + the data subjects concerned, the entities to which the personal data may be + disclosed, the purpose limitations, the storage period and other measures + to ensure lawful and fair processing. It should also be for Union or Member + State law to determine whether the controller performing a task carried out + in the public interest or in the exercise of official authority should be + a public authority or another natural or legal person governed by public law, + or, where it is in the public interest to do so, including for health purposes + such as public health and social protection and the management of health care + services, by private law, such as a professional association. + - urn: urn:intuitem:risk:req_node:gdpr:recital-46 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 46 + description: The processing of personal data should also be regarded to be lawful + where it is necessary to protect an interest which is essential for the life + of the data subject or that of another natural person. Processing of personal + data based on the vital interest of another natural person should in principle + take place only where the processing cannot be manifestly based on another + legal basis. Some types of processing may serve both important grounds of + public interest and the vital interests of the data subject as for instance + when processing is necessary for humanitarian purposes, including for monitoring + epidemics and their spread or in situations of humanitarian emergencies, in + particular in situations of natural and man-made disasters. + - urn: urn:intuitem:risk:req_node:gdpr:recital-47 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 47 + description: The legitimate interests of a controller, including those of a + controller to which the personal data may be disclosed, or of a third party, + may provide a legal basis for processing, provided that the interests or the + fundamental rights and freedoms of the data subject are not overriding, taking + into consideration the reasonable expectations of data subjects based on their + relationship with the controller. Such legitimate interest could exist for + example where there is a relevant and appropriate relationship between the + data subject and the controller in situations such as where the data subject + is a client or in the service of the controller. At any rate the existence + of a legitimate interest would need careful assessment including whether a + data subject can reasonably expect at the time and in the context of the collection + of the personal data that processing for that purpose may take place. The + interests and fundamental rights of the data subject could in particular override + the interest of the data controller where personal data are processed in circumstances + where data subjects do not reasonably expect further processing. Given that + it is for the legislator to provide by law for the legal basis for public + authorities to process personal data, that legal basis should not apply to + the processing by public authorities in the performance of their tasks. The + processing of personal data strictly necessary for the purposes of preventing + fraud also constitutes a legitimate interest of the data controller concerned. + The processing of personal data for direct marketing purposes may be regarded + as carried out for a legitimate interest. + - urn: urn:intuitem:risk:req_node:gdpr:recital-48 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 48 + description: Controllers that are part of a group of undertakings or institutions + affiliated to a central body may have a legitimate interest in transmitting + personal data within the group of undertakings for internal administrative + purposes, including the processing of clients' or employees' personal data. + The general principles for the transfer of personal data, within a group of + undertakings, to an undertaking located in a third country remain unaffected. + - urn: urn:intuitem:risk:req_node:gdpr:recital-49 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 49 + description: "The processing of personal data to the extent strictly necessary\ + \ and proportionate for the purposes of ensuring network and information security,\ + \ i.e. the ability of a network or an information system to resist, at a given\ + \ level of confidence, accidental events or unlawful or malicious actions\ + \ that compromise the availability, authenticity, integrity and confidentiality\ + \ of stored or transmitted personal data, and the security of the related\ + \ services offered by, or accessible via, those networks and systems, by public\ + \ authorities, by computer emergency response teams (CERTs), computer security\ + \ incident response teams (CSIRTs), by providers of electronic communications\ + \ networks and services and by providers of security technologies and services,\ + \ constitutes a legitimate interest of the data controller concerned. This\ + \ could, for example, include preventing unauthorised access to electronic\ + \ communications networks and malicious code distribution and stopping \u2018\ + denial of service\u2019 attacks and damage to computer and electronic communication\ + \ systems." + - urn: urn:intuitem:risk:req_node:gdpr:recital-50 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 50 + description: 'The processing of personal data for purposes other than those + for which the personal data were initially collected should be allowed only + where the processing is compatible with the purposes for which the personal + data were initially collected. In such a case, no legal basis separate from + that which allowed the collection of the personal data is required. If the + processing is necessary for the performance of a task carried out in the public + interest or in the exercise of official authority vested in the controller, + Union or Member State law may determine and specify the tasks and purposes + for which the further processing should be regarded as compatible and lawful. + Further processing for archiving purposes in the public interest, scientific + or historical research purposes or statistical purposes should be considered + to be compatible lawful processing operations. The legal basis provided by + Union or Member State law for the processing of personal data may also provide + a legal basis for further processing. In order to ascertain whether a purpose + of further processing is compatible with the purpose for which the personal + data are initially collected, the controller, after having met all the requirements + for the lawfulness of the original processing, should take into account, inter + alia: any link between those purposes and the purposes of the intended further + processing; the context in which the personal data have been collected, in + particular the reasonable expectations of data subjects based on their relationship + with the controller as to their further use; the nature of the personal data; + the consequences of the intended further processing for data subjects; and + the existence of appropriate safeguards in both the original and intended + further processing operations.' + - urn: urn:intuitem:risk:req_node:gdpr:node54 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + description: Where the data subject has given consent or the processing is based + on Union or Member State law which constitutes a necessary and proportionate + measure in a democratic society to safeguard, in particular, important objectives + of general public interest, the controller should be allowed to further process + the personal data irrespective of the compatibility of the purposes. In any + case, the application of the principles set out in this Regulation and in + particular the information of the data subject on those other purposes and + on his or her rights including the right to object, should be ensured. Indicating + possible criminal acts or threats to public security by the controller and + transmitting the relevant personal data in individual cases or in several + cases relating to the same criminal act or threats to public security to a + competent authority should be regarded as being in the legitimate interest + pursued by the controller. However, such transmission in the legitimate interest + of the controller or further processing of personal data should be prohibited + if the processing is not compatible with a legal, professional or other binding + obligation of secrecy. + - urn: urn:intuitem:risk:req_node:gdpr:recital-51 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 51 + description: "Personal data which are, by their nature, particularly sensitive\ + \ in relation to fundamental rights and freedoms merit specific protection\ + \ as the context of their processing could create significant risks to the\ + \ fundamental rights and freedoms. Those personal data should include personal\ + \ data revealing racial or ethnic origin, whereby the use of the term \u2018\ + racial origin\u2019 in this Regulation does not imply an acceptance by the\ + \ Union of theories which attempt to determine the existence of separate human\ + \ races. The processing of photographs should not systematically be considered\ + \ to be processing of special categories of personal data as they are covered\ + \ by the definition of biometric data only when processed through a specific\ + \ technical means allowing the unique identification or authentication of\ + \ a natural person. Such personal data should not be processed, unless processing\ + \ is allowed in specific cases set out in this Regulation, taking into account\ + \ that Member States law may lay down specific provisions on data protection\ + \ in order to adapt the application of the rules of this Regulation for compliance\ + \ with a legal obligation or for the performance of a task carried out in\ + \ the public interest or in the exercise of official authority vested in the\ + \ controller. In addition to the specific requirements for such processing,\ + \ the general principles and other rules of this Regulation should apply,\ + \ in particular as regards the conditions for lawful processing. Derogations\ + \ from the general prohibition for processing such special categories of personal\ + \ data should be explicitly provided, inter alia, where the data subject gives\ + \ his or her explicit consent or in respect of specific needs in particular\ + \ where the processing is carried out in the course of legitimate activities\ + \ by certain associations or foundations the purpose of which is to permit\ + \ the exercise of fundamental freedoms." + - urn: urn:intuitem:risk:req_node:gdpr:recital-52 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 52 + description: Derogating from the prohibition on processing special categories + of personal data should also be allowed when provided for in Union or Member + State law and subject to suitable safeguards, so as to protect personal data + and other fundamental rights, where it is in the public interest to do so, + in particular processing personal data in the field of employment law, social + protection law including pensions and for health security, monitoring and + alert purposes, the prevention or control of communicable diseases and other + serious threats to health. Such a derogation may be made for health purposes, + including public health and the management of health-care services, especially + in order to ensure the quality and cost-effectiveness of the procedures used + for settling claims for benefits and services in the health insurance system, + or for archiving purposes in the public interest, scientific or historical + research purposes or statistical purposes. A derogation should also allow + the processing of such personal data where necessary for the establishment, + exercise or defence of legal claims, whether in court proceedings or in an + administrative or out-of-court procedure. + - urn: urn:intuitem:risk:req_node:gdpr:recital-53 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 53 + description: Special categories of personal data which merit higher protection + should be processed for health-related purposes only where necessary to achieve + those purposes for the benefit of natural persons and society as a whole, + in particular in the context of the management of health or social care services + and systems, including processing by the management and central national health + authorities of such data for the purpose of quality control, management information + and the general national and local supervision of the health or social care + system, and ensuring continuity of health or social care and cross-border + healthcare or health security, monitoring and alert purposes, or for archiving + purposes in the public interest, scientific or historical research purposes + or statistical purposes, based on Union or Member State law which has to meet + an objective of public interest, as well as for studies conducted in the public + interest in the area of public health. Therefore, this Regulation should provide + for harmonised conditions for the processing of special categories of personal + data concerning health, in respect of specific needs, in particular where + the processing of such data is carried out for certain health-related purposes + by persons subject to a legal obligation of professional secrecy. Union or + Member State law should provide for specific and suitable measures so as to + protect the fundamental rights and the personal data of natural persons. Member + States should be allowed to maintain or introduce further conditions, including + limitations, with regard to the processing of genetic data, biometric data + or data concerning health. However, this should not hamper the free flow of + personal data within the Union when those conditions apply to cross-border + processing of such data. + - urn: urn:intuitem:risk:req_node:gdpr:recital-54 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 54 + description: "The processing of special categories of personal data may be necessary\ + \ for reasons of public interest in the areas of public health without consent\ + \ of the data subject. Such processing should be subject to suitable and specific\ + \ measures so as to protect the rights and freedoms of natural persons. In\ + \ that context, \u2018public health\u2019 should be interpreted as defined\ + \ in Regulation (EC) No 1338/2008 of the European Parliament and of the Council\ + \ (1), namely all elements related to health, namely health status, including\ + \ morbidity and disability, the determinants having an effect on that health\ + \ status, health care needs, resources allocated to health care, the provision\ + \ of, and universal access to, health care as well as health care expenditure\ + \ and financing, and the causes of mortality. Such processing of data concerning\ + \ health for reasons of public interest should not result in personal data\ + \ being processed for other purposes by third parties such as employers or\ + \ insurance and banking companies." + - urn: urn:intuitem:risk:req_node:gdpr:recital-55 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 55 + description: Moreover, the processing of personal data by official authorities + for the purpose of achieving the aims, laid down by constitutional law or + by international public law, of officially recognised religious associations, + is carried out on grounds of public interest. + - urn: urn:intuitem:risk:req_node:gdpr:recital-56 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 56 + description: ' Where in the course of electoral activities, the operation of + the democratic system in a Member State requires that political parties compile + personal data on people''s political opinions, the processing of such data + may be permitted for reasons of public interest, provided that appropriate + safeguards are established.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-57 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 57 + description: If the personal data processed by a controller do not permit the + controller to identify a natural person, the data controller should not be + obliged to acquire additional information in order to identify the data subject + for the sole purpose of complying with any provision of this Regulation. However, + the controller should not refuse to take additional information provided by + the data subject in order to support the exercise of his or her rights. Identification + should include the digital identification of a data subject, for example through + authentication mechanism such as the same credentials, used by the data subject + to log-in to the on-line service offered by the data controller. + - urn: urn:intuitem:risk:req_node:gdpr:recital-58 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 58 + description: The principle of transparency requires that any information addressed + to the public or to the data subject be concise, easily accessible and easy + to understand, and that clear and plain language and, additionally, where + appropriate, visualisation be used. Such information could be provided in + electronic form, for example, when addressed to the public, through a website. + This is of particular relevance in situations where the proliferation of actors + and the technological complexity of practice make it difficult for the data + subject to know and understand whether, by whom and for what purpose personal + data relating to him or her are being collected, such as in the case of online + advertising. Given that children merit specific protection, any information + and communication, where processing is addressed to a child, should be in + such a clear and plain language that the child can easily understand. + - urn: urn:intuitem:risk:req_node:gdpr:recital-59 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 59 + description: Modalities should be provided for facilitating the exercise of + the data subject's rights under this Regulation, including mechanisms to request + and, if applicable, obtain, free of charge, in particular, access to and rectification + or erasure of personal data and the exercise of the right to object. The controller + should also provide means for requests to be made electronically, especially + where personal data are processed by electronic means. The controller should + be obliged to respond to requests from the data subject without undue delay + and at the latest within one month and to give reasons where the controller + does not intend to comply with any such requests. + - urn: urn:intuitem:risk:req_node:gdpr:recital-60 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 60 + description: The principles of fair and transparent processing require that + the data subject be informed of the existence of the processing operation + and its purposes. The controller should provide the data subject with any + further information necessary to ensure fair and transparent processing taking + into account the specific circumstances and context in which the personal + data are processed. Furthermore, the data subject should be informed of the + existence of profiling and the consequences of such profiling. Where the personal + data are collected from the data subject, the data subject should also be + informed whether he or she is obliged to provide the personal data and of + the consequences, where he or she does not provide such data. That information + may be provided in combination with standardised icons in order to give in + an easily visible, intelligible and clearly legible manner, a meaningful overview + of the intended processing. Where the icons are presented electronically, + they should be machine-readable. + - urn: urn:intuitem:risk:req_node:gdpr:recital-61 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 61 + description: The information in relation to the processing of personal data + relating to the data subject should be given to him or her at the time of + collection from the data subject, or, where the personal data are obtained + from another source, within a reasonable period, depending on the circumstances + of the case. Where personal data can be legitimately disclosed to another + recipient, the data subject should be informed when the personal data are + first disclosed to the recipient. Where the controller intends to process + the personal data for a purpose other than that for which they were collected, + the controller should provide the data subject prior to that further processing + with information on that other purpose and other necessary information. Where + the origin of the personal data cannot be provided to the data subject because + various sources have been used, general information should be provided. + - urn: urn:intuitem:risk:req_node:gdpr:recital-62 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 62 + description: However, it is not necessary to impose the obligation to provide + information where the data subject already possesses the information, where + the recording or disclosure of the personal data is expressly laid down by + law or where the provision of information to the data subject proves to be + impossible or would involve a disproportionate effort. The latter could in + particular be the case where processing is carried out for archiving purposes + in the public interest, scientific or historical research purposes or statistical + purposes. In that regard, the number of data subjects, the age of the data + and any appropriate safeguards adopted should be taken into consideration. + - urn: urn:intuitem:risk:req_node:gdpr:recital-63 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 63 + description: A data subject should have the right of access to personal data + which have been collected concerning him or her, and to exercise that right + easily and at reasonable intervals, in order to be aware of, and verify, the + lawfulness of the processing. This includes the right for data subjects to + have access to data concerning their health, for example the data in their + medical records containing information such as diagnoses, examination results, + assessments by treating physicians and any treatment or interventions provided. + Every data subject should therefore have the right to know and obtain communication + in particular with regard to the purposes for which the personal data are + processed, where possible the period for which the personal data are processed, + the recipients of the personal data, the logic involved in any automatic personal + data processing and, at least when based on profiling, the consequences of + such processing. Where possible, the controller should be able to provide + remote access to a secure system which would provide the data subject with + direct access to his or her personal data. That right should not adversely + affect the rights or freedoms of others, including trade secrets or intellectual + property and in particular the copyright protecting the software. However, + the result of those considerations should not be a refusal to provide all + information to the data subject. Where the controller processes a large quantity + of information concerning the data subject, the controller should be able + to request that, before the information is delivered, the data subject specify + the information or processing activities to which the request relates. + - urn: urn:intuitem:risk:req_node:gdpr:recital-64 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 64 + description: The controller should use all reasonable measures to verify the + identity of a data subject who requests access, in particular in the context + of online services and online identifiers. A controller should not retain + personal data for the sole purpose of being able to react to potential requests. + - urn: urn:intuitem:risk:req_node:gdpr:recital-65 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 65 + description: "A data subject should have the right to have personal data concerning\ + \ him or her rectified and a \u2018right to be forgotten\u2019 where the retention\ + \ of such data infringes this Regulation or Union or Member State law to which\ + \ the controller is subject. In particular, a data subject should have the\ + \ right to have his or her personal data erased and no longer processed where\ + \ the personal data are no longer necessary in relation to the purposes for\ + \ which they are collected or otherwise processed, where a data subject has\ + \ withdrawn his or her consent or objects to the processing of personal data\ + \ concerning him or her, or where the processing of his or her personal data\ + \ does not otherwise comply with this Regulation. That right is relevant in\ + \ particular where the data subject has given his or her consent as a child\ + \ and is not fully aware of the risks involved by the processing, and later\ + \ wants to remove such personal data, especially on the internet. The data\ + \ subject should be able to exercise that right notwithstanding the fact that\ + \ he or she is no longer a child. However, the further retention of the personal\ + \ data should be lawful where it is necessary, for exercising the right of\ + \ freedom of expression and information, for compliance with a legal obligation,\ + \ for the performance of a task carried out in the public interest or in the\ + \ exercise of official authority vested in the controller, on the grounds\ + \ of public interest in the area of public health, for archiving purposes\ + \ in the public interest, scientific or historical research purposes or statistical\ + \ purposes, or for the establishment, exercise or defence of legal claims." + - urn: urn:intuitem:risk:req_node:gdpr:recital-66 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 66 + description: To strengthen the right to be forgotten in the online environment, + the right to erasure should also be extended in such a way that a controller + who has made the personal data public should be obliged to inform the controllers + which are processing such personal data to erase any links to, or copies or + replications of those personal data. In doing so, that controller should take + reasonable steps, taking into account available technology and the means available + to the controller, including technical measures, to inform the controllers + which are processing the personal data of the data subject's request. + - urn: urn:intuitem:risk:req_node:gdpr:recital-67 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 67 + description: Methods by which to restrict the processing of personal data could + include, inter alia, temporarily moving the selected data to another processing + system, making the selected personal data unavailable to users, or temporarily + removing published data from a website. In automated filing systems, the restriction + of processing should in principle be ensured by technical means in such a + manner that the personal data are not subject to further processing operations + and cannot be changed. The fact that the processing of personal data is restricted + should be clearly indicated in the system. + - urn: urn:intuitem:risk:req_node:gdpr:recital-68 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 68 + description: To further strengthen the control over his or her own data, where + the processing of personal data is carried out by automated means, the data + subject should also be allowed to receive personal data concerning him or + her which he or she has provided to a controller in a structured, commonly + used, machine-readable and interoperable format, and to transmit it to another + controller. Data controllers should be encouraged to develop interoperable + formats that enable data portability. That right should apply where the data + subject provided the personal data on the basis of his or her consent or the + processing is necessary for the performance of a contract. It should not apply + where processing is based on a legal ground other than consent or contract. + By its very nature, that right should not be exercised against controllers + processing personal data in the exercise of their public duties. It should + therefore not apply where the processing of the personal data is necessary + for compliance with a legal obligation to which the controller is subject + or for the performance of a task carried out in the public interest or in + the exercise of an official authority vested in the controller. The data subject's + right to transmit or receive personal data concerning him or her should not + create an obligation for the controllers to adopt or maintain processing systems + which are technically compatible. Where, in a certain set of personal data, + more than one data subject is concerned, the right to receive the personal + data should be without prejudice to the rights and freedoms of other data + subjects in accordance with this Regulation. Furthermore, that right should + not prejudice the right of the data subject to obtain the erasure of personal + data and the limitations of that right as set out in this Regulation and should, + in particular, not imply the erasure of personal data concerning the data + subject which have been provided by him or her for the performance of a contract + to the extent that and for as long as the personal data are necessary for + the performance of that contract. Where technically feasible, the data subject + should have the right to have the personal data transmitted directly from + one controller to another. + - urn: urn:intuitem:risk:req_node:gdpr:recital-69 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 69 + description: Where personal data might lawfully be processed because processing + is necessary for the performance of a task carried out in the public interest + or in the exercise of official authority vested in the controller, or on grounds + of the legitimate interests of a controller or a third party, a data subject + should, nevertheless, be entitled to object to the processing of any personal + data relating to his or her particular situation. It should be for the controller + to demonstrate that its compelling legitimate interest overrides the interests + or the fundamental rights and freedoms of the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:recital-70 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 70 + description: Where personal data are processed for the purposes of direct marketing, + the data subject should have the right to object to such processing, including + profiling to the extent that it is related to such direct marketing, whether + with regard to initial or further processing, at any time and free of charge. + That right should be explicitly brought to the attention of the data subject + and presented clearly and separately from any other information. + - urn: urn:intuitem:risk:req_node:gdpr:recital-71 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 71 + description: "The data subject should have the right not to be subject to a\ + \ decision, which may include a measure, evaluating personal aspects relating\ + \ to him or her which is based solely on automated processing and which produces\ + \ legal effects concerning him or her or similarly significantly affects him\ + \ or her, such as automatic refusal of an online credit application or e-recruiting\ + \ practices without any human intervention. Such processing includes \u2018\ + profiling\u2019 that consists of any form of automated processing of personal\ + \ data evaluating the personal aspects relating to a natural person, in particular\ + \ to analyse or predict aspects concerning the data subject's performance\ + \ at work, economic situation, health, personal preferences or interests,\ + \ reliability or behaviour, location or movements, where it produces legal\ + \ effects concerning him or her or similarly significantly affects him or\ + \ her. However, decision-making based on such processing, including profiling,\ + \ should be allowed where expressly authorised by Union or Member State law\ + \ to which the controller is subject, including for fraud and tax-evasion\ + \ monitoring and prevention purposes conducted in accordance with the regulations,\ + \ standards and recommendations of Union institutions or national oversight\ + \ bodies and to ensure the security and reliability of a service provided\ + \ by the controller, or necessary for the entering or performance of a contract\ + \ between the data subject and a controller, or when the data subject has\ + \ given his or her explicit consent. In any case, such processing should be\ + \ subject to suitable safeguards, which should include specific information\ + \ to the data subject and the right to obtain human intervention, to express\ + \ his or her point of view, to obtain an explanation of the decision reached\ + \ after such assessment and to challenge the decision. Such measure should\ + \ not concern a child." + - urn: urn:intuitem:risk:req_node:gdpr:node76 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + description: In order to ensure fair and transparent processing in respect of + the data subject, taking into account the specific circumstances and context + in which the personal data are processed, the controller should use appropriate + mathematical or statistical procedures for the profiling, implement technical + and organisational measures appropriate to ensure, in particular, that factors + which result in inaccuracies in personal data are corrected and the risk of + errors is minimised, secure personal data in a manner that takes account of + the potential risks involved for the interests and rights of the data subject + and that prevents, inter alia, discriminatory effects on natural persons on + the basis of racial or ethnic origin, political opinion, religion or beliefs, + trade union membership, genetic or health status or sexual orientation, or + that result in measures having such an effect. Automated decision-making and + profiling based on special categories of personal data should be allowed only + under specific conditions. + - urn: urn:intuitem:risk:req_node:gdpr:recital-72 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 72 + description: "Profiling is subject to the rules of this Regulation governing\ + \ the processing of personal data, such as the legal grounds for processing\ + \ or data protection principles. The European Data Protection Board established\ + \ by this Regulation (the \u2018Board\u2019) should be able to issue guidance\ + \ in that context." + - urn: urn:intuitem:risk:req_node:gdpr:recital-73 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 73 + description: Restrictions concerning specific principles and the rights of information, + access to and rectification or erasure of personal data, the right to data + portability, the right to object, decisions based on profiling, as well as + the communication of a personal data breach to a data subject and certain + related obligations of the controllers may be imposed by Union or Member State + law, as far as necessary and proportionate in a democratic society to safeguard + public security, including the protection of human life especially in response + to natural or manmade disasters, the prevention, investigation and prosecution + of criminal offences or the execution of criminal penalties, including the + safeguarding against and the prevention of threats to public security, or + of breaches of ethics for regulated professions, other important objectives + of general public interest of the Union or of a Member State, in particular + an important economic or financial interest of the Union or of a Member State, + the keeping of public registers kept for reasons of general public interest, + further processing of archived personal data to provide specific information + related to the political behaviour under former totalitarian state regimes + or the protection of the data subject or the rights and freedoms of others, + including social protection, public health and humanitarian purposes. Those + restrictions should be in accordance with the requirements set out in the + Charter and in the European Convention for the Protection of Human Rights + and Fundamental Freedoms. + - urn: urn:intuitem:risk:req_node:gdpr:recital-74 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 74 + description: The responsibility and liability of the controller for any processing + of personal data carried out by the controller or on the controller's behalf + should be established. In particular, the controller should be obliged to + implement appropriate and effective measures and be able to demonstrate the + compliance of processing activities with this Regulation, including the effectiveness + of the measures. Those measures should take into account the nature, scope, + context and purposes of the processing and the risk to the rights and freedoms + of natural persons. + - urn: urn:intuitem:risk:req_node:gdpr:recital-75 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 75 + description: 'The risk to the rights and freedoms of natural persons, of varying + likelihood and severity, may result from personal data processing which could + lead to physical, material or non-material damage, in particular: where the + processing may give rise to discrimination, identity theft or fraud, financial + loss, damage to the reputation, loss of confidentiality of personal data protected + by professional secrecy, unauthorised reversal of pseudonymisation, or any + other significant economic or social disadvantage; where data subjects might + be deprived of their rights and freedoms or prevented from exercising control + over their personal data; where personal data are processed which reveal racial + or ethnic origin, political opinions, religion or philosophical beliefs, trade + union membership, and the processing of genetic data, data concerning health + or data concerning sex life or criminal convictions and offences or related + security measures; where personal aspects are evaluated, in particular analysing + or predicting aspects concerning performance at work, economic situation, + health, personal preferences or interests, reliability or behaviour, location + or movements, in order to create or use personal profiles; where personal + data of vulnerable natural persons, in particular of children, are processed; + or where processing involves a large amount of personal data and affects a + large number of data subjects.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-76 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 76 + description: The likelihood and severity of the risk to the rights and freedoms + of the data subject should be determined by reference to the nature, scope, + context and purposes of the processing. Risk should be evaluated on the basis + of an objective assessment, by which it is established whether data processing + operations involve a risk or a high risk. + - urn: urn:intuitem:risk:req_node:gdpr:recital-77 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 77 + description: Guidance on the implementation of appropriate measures and on the + demonstration of compliance by the controller or the processor, especially + as regards the identification of the risk related to the processing, their + assessment in terms of origin, nature, likelihood and severity, and the identification + of best practices to mitigate the risk, could be provided in particular by + means of approved codes of conduct, approved certifications, guidelines provided + by the Board or indications provided by a data protection officer. The Board + may also issue guidelines on processing operations that are considered to + be unlikely to result in a high risk to the rights and freedoms of natural + persons and indicate what measures may be sufficient in such cases to address + such risk. + - urn: urn:intuitem:risk:req_node:gdpr:recital-78 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 78 + description: The protection of the rights and freedoms of natural persons with + regard to the processing of personal data require that appropriate technical + and organisational measures be taken to ensure that the requirements of this + Regulation are met. In order to be able to demonstrate compliance with this + Regulation, the controller should adopt internal policies and implement measures + which meet in particular the principles of data protection by design and data + protection by default. Such measures could consist, inter alia, of minimising + the processing of personal data, pseudonymising personal data as soon as possible, + transparency with regard to the functions and processing of personal data, + enabling the data subject to monitor the data processing, enabling the controller + to create and improve security features. When developing, designing, selecting + and using applications, services and products that are based on the processing + of personal data or process personal data to fulfil their task, producers + of the products, services and applications should be encouraged to take into + account the right to data protection when developing and designing such products, + services and applications and, with due regard to the state of the art, to + make sure that controllers and processors are able to fulfil their data protection + obligations. The principles of data protection by design and by default should + also be taken into consideration in the context of public tenders. + - urn: urn:intuitem:risk:req_node:gdpr:recital-79 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 79 + description: The protection of the rights and freedoms of data subjects as well + as the responsibility and liability of controllers and processors, also in + relation to the monitoring by and measures of supervisory authorities, requires + a clear allocation of the responsibilities under this Regulation, including + where a controller determines the purposes and means of the processing jointly + with other controllers or where a processing operation is carried out on behalf + of a controller. + - urn: urn:intuitem:risk:req_node:gdpr:recital-80 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 80 + description: Where a controller or a processor not established in the Union + is processing personal data of data subjects who are in the Union whose processing + activities are related to the offering of goods or services, irrespective + of whether a payment of the data subject is required, to such data subjects + in the Union, or to the monitoring of their behaviour as far as their behaviour + takes place within the Union, the controller or the processor should designate + a representative, unless the processing is occasional, does not include processing, + on a large scale, of special categories of personal data or the processing + of personal data relating to criminal convictions and offences, and is unlikely + to result in a risk to the rights and freedoms of natural persons, taking + into account the nature, context, scope and purposes of the processing or + if the controller is a public authority or body. The representative should + act on behalf of the controller or the processor and may be addressed by any + supervisory authority. The representative should be explicitly designated + by a written mandate of the controller or of the processor to act on its behalf + with regard to its obligations under this Regulation. The designation of such + a representative does not affect the responsibility or liability of the controller + or of the processor under this Regulation. Such a representative should perform + its tasks according to the mandate received from the controller or processor, + including cooperating with the competent supervisory authorities with regard + to any action taken to ensure compliance with this Regulation. The designated + representative should be subject to enforcement proceedings in the event of + non-compliance by the controller or processor. + - urn: urn:intuitem:risk:req_node:gdpr:recital-81 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 81 + description: To ensure compliance with the requirements of this Regulation in + respect of the processing to be carried out by the processor on behalf of + the controller, when entrusting a processor with processing activities, the + controller should use only processors providing sufficient guarantees, in + particular in terms of expert knowledge, reliability and resources, to implement + technical and organisational measures which will meet the requirements of + this Regulation, including for the security of processing. The adherence of + the processor to an approved code of conduct or an approved certification + mechanism may be used as an element to demonstrate compliance with the obligations + of the controller. The carrying-out of processing by a processor should be + governed by a contract or other legal act under Union or Member State law, + binding the processor to the controller, setting out the subject- matter and + duration of the processing, the nature and purposes of the processing, the + type of personal data and categories of data subjects, taking into account + the specific tasks and responsibilities of the processor in the context of + the processing to be carried out and the risk to the rights and freedoms of + the data subject. The controller and processor may choose to use an individual + contract or standard contractual clauses which are adopted either directly + by the Commission or by a supervisory authority in accordance with the consistency + mechanism and then adopted by the Commission. After the completion of the + processing on behalf of the controller, the processor should, at the choice + of the controller, return or delete the personal data, unless there is a requirement + to store the personal data under Union or Member State law to which the processor + is subject. + - urn: urn:intuitem:risk:req_node:gdpr:recital-82 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 82 + description: In order to demonstrate compliance with this Regulation, the controller + or processor should maintain records of processing activities under its responsibility. + Each controller and processor should be obliged to cooperate with the supervisory + authority and make those records, on request, available to it, so that it + might serve for monitoring those processing operations. + - urn: urn:intuitem:risk:req_node:gdpr:recital-83 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 83 + description: In order to maintain security and to prevent processing in infringement + of this Regulation, the controller or processor should evaluate the risks + inherent in the processing and implement measures to mitigate those risks, + such as encryption. Those measures should ensure an appropriate level of security, + including confidentiality, taking into account the state of the art and the + costs of implementation in relation to the risks and the nature of the personal + data to be protected. In assessing data security risk, consideration should + be given to the risks that are presented by personal data processing, such + as accidental or unlawful destruction, loss, alteration, unauthorised disclosure + of, or access to, personal data transmitted, stored or otherwise processed + which may in particular lead to physical, material or non-material damage. + - urn: urn:intuitem:risk:req_node:gdpr:recital-84 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 84 + description: In order to enhance compliance with this Regulation where processing + operations are likely to result in a high risk to the rights and freedoms + of natural persons, the controller should be responsible for the carrying-out + of a data protection impact assessment to evaluate, in particular, the origin, + nature, particularity and severity of that risk. The outcome of the assessment + should be taken into account when determining the appropriate measures to + be taken in order to demonstrate that the processing of personal data complies + with this Regulation. Where a data-protection impact assessment indicates + that processing operations involve a high risk which the controller cannot + mitigate by appropriate measures in terms of available technology and costs + of implementation, a consultation of the supervisory authority should take + place prior to the processing. + - urn: urn:intuitem:risk:req_node:gdpr:recital-85 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 85 + description: A personal data breach may, if not addressed in an appropriate + and timely manner, result in physical, material or non-material damage to + natural persons such as loss of control over their personal data or limitation + of their rights, discrimination, identity theft or fraud, financial loss, + unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality + of personal data protected by professional secrecy or any other significant + economic or social disadvantage to the natural person concerned. Therefore, + as soon as the controller becomes aware that a personal data breach has occurred, + the controller should notify the personal data breach to the supervisory authority + without undue delay and, where feasible, not later than 72 hours after having + become aware of it, unless the controller is able to demonstrate, in accordance + with the accountability principle, that the personal data breach is unlikely + to result in a risk to the rights and freedoms of natural persons. Where such + notification cannot be achieved within 72 hours, the reasons for the delay + should accompany the notification and information may be provided in phases + without undue further delay. + - urn: urn:intuitem:risk:req_node:gdpr:recital-86 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 86 + description: The controller should communicate to the data subject a personal + data breach, without undue delay, where that personal data breach is likely + to result in a high risk to the rights and freedoms of the natural person + in order to allow him or her to take the necessary precautions. The communication + should describe the nature of the personal data breach as well as recommendations + for the natural person concerned to mitigate potential adverse effects. Such + communications to data subjects should be made as soon as reasonably feasible + and in close cooperation with the supervisory authority, respecting guidance + provided by it or by other relevant authorities such as law-enforcement authorities. + For example, the need to mitigate an immediate risk of damage would call for + prompt communication with data subjects whereas the need to implement appropriate + measures against continuing or similar personal data breaches may justify + more time for communication. + - urn: urn:intuitem:risk:req_node:gdpr:recital-87 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 87 + description: It should be ascertained whether all appropriate technological + protection and organisational measures have been implemented to establish + immediately whether a personal data breach has taken place and to inform promptly + the supervisory authority and the data subject. The fact that the notification + was made without undue delay should be established taking into account in + particular the nature and gravity of the personal data breach and its consequences + and adverse effects for the data subject. Such notification may result in + an intervention of the supervisory authority in accordance with its tasks + and powers laid down in this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-88 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 88 + description: In setting detailed rules concerning the format and procedures + applicable to the notification of personal data breaches, due consideration + should be given to the circumstances of that breach, including whether or + not personal data had been protected by appropriate technical protection measures, + effectively limiting the likelihood of identity fraud or other forms of misuse. + Moreover, such rules and procedures should take into account the legitimate + interests of law-enforcement authorities where early disclosure could unnecessarily + hamper the investigation of the circumstances of a personal data breach. + - urn: urn:intuitem:risk:req_node:gdpr:recital-89 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 89 + description: Directive 95/46/EC provided for a general obligation to notify + the processing of personal data to the supervisory authorities. While that + obligation produces administrative and financial burdens, it did not in all + cases contribute to improving the protection of personal data. Such indiscriminate + general notification obligations should therefore be abolished, and replaced + by effective procedures and mechanisms which focus instead on those types + of processing operations which are likely to result in a high risk to the + rights and freedoms of natural persons by virtue of their nature, scope, context + and purposes. Such types of processing operations may be those which in, particular, + involve using new technologies, or are of a new kind and where no data protection + impact assessment has been carried out before by the controller, or where + they become necessary in the light of the time that has elapsed since the + initial processing. + - urn: urn:intuitem:risk:req_node:gdpr:recital-90 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 90 + description: In such cases, a data protection impact assessment should be carried + out by the controller prior to the processing in order to assess the particular + likelihood and severity of the high risk, taking into account the nature, + scope, context and purposes of the processing and the sources of the risk. + That impact assessment should include, in particular, the measures, safeguards + and mechanisms envisaged for mitigating that risk, ensuring the protection + of personal data and demonstrating compliance with this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-91 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 91 + description: This should in particular apply to large-scale processing operations + which aim to process a considerable amount of personal data at regional, national + or supranational level and which could affect a large number of data subjects + and which are likely to result in a high risk, for example, on account of + their sensitivity, where in accordance with the achieved state of technological + knowledge a new technology is used on a large scale as well as to other processing + operations which result in a high risk to the rights and freedoms of data + subjects, in particular where those operations render it more difficult for + data subjects to exercise their rights. A data protection impact assessment + should also be made where personal data are processed for taking decisions + regarding specific natural persons following any systematic and extensive + evaluation of personal aspects relating to natural persons based on profiling + those data or following the processing of special categories of personal data, + biometric data, or data on criminal convictions and offences or related security + measures. A data protection impact assessment is equally required for monitoring + publicly accessible areas on a large scale, especially when using optic-electronic + devices or for any other operations where the competent supervisory authority + considers that the processing is likely to result in a high risk to the rights + and freedoms of data subjects, in particular because they prevent data subjects + from exercising a right or using a service or a contract, or because they + are carried out systematically on a large scale. The processing of personal + data should not be considered to be on a large scale if the processing concerns + personal data from patients or clients by an individual physician, other health + care professional or lawyer. In such cases, a data protection impact assessment + should not be mandatory. + - urn: urn:intuitem:risk:req_node:gdpr:recital-92 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 92 + description: There are circumstances under which it may be reasonable and economical + for the subject of a data protection impact assessment to be broader than + a single project, for example where public authorities or bodies intend to + establish a common application or processing platform or where several controllers + plan to introduce a common application or processing environment across an + industry sector or segment or for a widely used horizontal activity. + - urn: urn:intuitem:risk:req_node:gdpr:recital-93 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 93 + description: In the context of the adoption of the Member State law on which + the performance of the tasks of the public authority or public body is based + and which regulates the specific processing operation or set of operations + in question, Member States may deem it necessary to carry out such assessment + prior to the processing activities. + - urn: urn:intuitem:risk:req_node:gdpr:recital-94 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 94 + description: Where a data protection impact assessment indicates that the processing + would, in the absence of safeguards, security measures and mechanisms to mitigate + the risk, result in a high risk to the rights and freedoms of natural persons + and the controller is of the opinion that the risk cannot be mitigated by + reasonable means in terms of available technologies and costs of implementation, + the supervisory authority should be consulted prior to the start of processing + activities. Such high risk is likely to result from certain types of processing + and the extent and frequency of processing, which may result also in a realisation + of damage or interference with the rights and freedoms of the natural person. + The supervisory authority should respond to the request for consultation within + a specified period. However, the absence of a reaction of the supervisory + authority within that period should be without prejudice to any intervention + of the supervisory authority in accordance with its tasks and powers laid + down in this Regulation, including the power to prohibit processing operations. + As part of that consultation process, the outcome of a data protection impact + assessment carried out with regard to the processing at issue may be submitted + to the supervisory authority, in particular the measures envisaged to mitigate + the risk to the rights and freedoms of natural persons. + - urn: urn:intuitem:risk:req_node:gdpr:recital-95 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 95 + description: The processor should assist the controller, where necessary and + upon request, in ensuring compliance with the obligations deriving from the + carrying out of data protection impact assessments and from prior consultation + of the supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:recital-96 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 96 + description: A consultation of the supervisory authority should also take place + in the course of the preparation of a legislative or regulatory measure which + provides for the processing of personal data, in order to ensure compliance + of the intended processing with this Regulation and in particular to mitigate + the risk involved for the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:recital-97 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 97 + description: Where the processing is carried out by a public authority, except + for courts or independent judicial authorities when acting in their judicial + capacity, where, in the private sector, processing is carried out by a controller + whose core activities consist of processing operations that require regular + and systematic monitoring of the data subjects on a large scale, or where + the core activities of the controller or the processor consist of processing + on a large scale of special categories of personal data and data relating + to criminal convictions and offences, a person with expert knowledge of data + protection law and practices should assist the controller or processor to + monitor internal compliance with this Regulation. In the private sector, the + core activities of a controller relate to its primary activities and do not + relate to the processing of personal data as ancillary activities. The necessary + level of expert knowledge should be determined in particular according to + the data processing operations carried out and the protection required for + the personal data processed by the controller or the processor. Such data + protection officers, whether or not they are an employee of the controller, + should be in a position to perform their duties and tasks in an independent + manner. + - urn: urn:intuitem:risk:req_node:gdpr:recital-98 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 98 + description: Associations or other bodies representing categories of controllers + or processors should be encouraged to draw up codes of conduct, within the + limits of this Regulation, so as to facilitate the effective application of + this Regulation, taking account of the specific characteristics of the processing + carried out in certain sectors and the specific needs of micro, small and + medium enterprises. In particular, such codes of conduct could calibrate the + obligations of controllers and processors, taking into account the risk likely + to result from the processing for the rights and freedoms of natural persons. + - urn: urn:intuitem:risk:req_node:gdpr:recital-99 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 99 + description: When drawing up a code of conduct, or when amending or extending + such a code, associations and other bodies representing categories of controllers + or processors should consult relevant stakeholders, including data subjects + where feasible, and have regard to submissions received and views expressed + in response to such consultations. + - urn: urn:intuitem:risk:req_node:gdpr:recital-100 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 100 + description: ' In order to enhance transparency and compliance with this Regulation, + the establishment of certification mechanisms and data protection seals and + marks should be encouraged, allowing data subjects to quickly assess the level + of data protection of relevant products and services.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-101 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 101 + description: Flows of personal data to and from countries outside the Union + and international organisations are necessary for the expansion of international + trade and international cooperation. The increase in such flows has raised + new challenges and concerns with regard to the protection of personal data. + However, when personal data are transferred from the Union to controllers, + processors or other recipients in third countries or to international organisations, + the level of protection of natural persons ensured in the Union by this Regulation + should not be undermined, including in cases of onward transfers of personal + data from the third country or international organisation to controllers, + processors in the same or another third country or international organisation. + In any event, transfers to third countries and international organisations + may only be carried out in full compliance with this Regulation. A transfer + could take place only if, subject to the other provisions of this Regulation, + the conditions laid down in the provisions of this Regulation relating to + the transfer of personal data to third countries or international organisations + are complied with by the controller or processor. + - urn: urn:intuitem:risk:req_node:gdpr:recital-102 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 102 + description: This Regulation is without prejudice to international agreements + concluded between the Union and third countries regulating the transfer of + personal data including appropriate safeguards for the data subjects. Member + States may conclude international agreements which involve the transfer of + personal data to third countries or international organisations, as far as + such agreements do not affect this Regulation or any other provisions of Union + law and include an appropriate level of protection for the fundamental rights + of the data subjects. + - urn: urn:intuitem:risk:req_node:gdpr:recital-103 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 103 + description: The Commission may decide with effect for the entire Union that + a third country, a territory or specified sector within a third country, or + an international organisation, offers an adequate level of data protection, + thus providing legal certainty and uniformity throughout the Union as regards + the third country or international organisation which is considered to provide + such level of protection. In such cases, transfers of personal data to that + third country or international organisation may take place without the need + to obtain any further authorisation. The Commission may also decide, having + given notice and a full statement setting out the reasons to the third country + or international organisation, to revoke such a decision. + - urn: urn:intuitem:risk:req_node:gdpr:recital-104 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 104 + description: In line with the fundamental values on which the Union is founded, + in particular the protection of human rights, the Commission should, in its + assessment of the third country, or of a territory or specified sector within + a third country, take into account how a particular third country respects + the rule of law, access to justice as well as international human rights norms + and standards and its general and sectoral law, including legislation concerning + public security, defence and national security as well as public order and + criminal law. The adoption of an adequacy decision with regard to a territory + or a specified sector in a third country should take into account clear and + objective criteria, such as specific processing activities and the scope of + applicable legal standards and legislation in force in the third country. + The third country should offer guarantees ensuring an adequate level of protection + essentially equivalent to that ensured within the Union, in particular where + personal data are processed in one or several specific sectors. In particular, + the third country should ensure effective independent data protection supervision + and should provide for cooperation mechanisms with the Member States' data + protection authorities, and the data subjects should be provided with effective + and enforceable rights and effective administrative and judicial redress. + - urn: urn:intuitem:risk:req_node:gdpr:recital-105 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 105 + description: Apart from the international commitments the third country or international + organisation has entered into, the Commission should take account of obligations + arising from the third country's or international organisation's participation + in multilateral or regional systems in particular in relation to the protection + of personal data, as well as the implementation of such obligations. In particular, + the third country's accession to the Council of Europe Convention of 28 January + 1981 for the Protection of Individuals with regard to the Automatic Processing + of Personal Data and its Additional Protocol should be taken into account. + The Commission should consult the Board when assessing the level of protection + in third countries or international organisations. + - urn: urn:intuitem:risk:req_node:gdpr:recital-106 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 106 + description: The Commission should monitor the functioning of decisions on the + level of protection in a third country, a territory or specified sector within + a third country, or an international organisation, and monitor the functioning + of decisions adopted on the basis of Article 25(6) or Article 26(4) of Directive + 95/46/EC. In its adequacy decisions, the Commission should provide for a periodic + review mechanism of their functioning. That periodic review should be conducted + in consultation with the third country or international organisation in question + and take into account all relevant developments in the third country or international + organisation. For the purposes of monitoring and of carrying out the periodic + reviews, the Commission should take into consideration the views and findings + of the European Parliament and of the Council as well as of other relevant + bodies and sources. The Commission should evaluate, within a reasonable time, + the functioning of the latter decisions and report any relevant findings to + the Committee within the meaning of Regulation (EU) No 182/2011 of the European + Parliament and of the Council (1) as established under this Regulation, to + the European Parliament and to the Council. + - urn: urn:intuitem:risk:req_node:gdpr:recital-107 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 107 + description: The Commission may recognise that a third country, a territory + or a specified sector within a third country, or an international organisation + no longer ensures an adequate level of data protection. Consequently the transfer + of personal data to that third country or international organisation should + be prohibited, unless the requirements in this Regulation relating to transfers + subject to appropriate safeguards, including binding corporate rules, and + derogations for specific situations are fulfilled. In that case, provision + should be made for consultations between the Commission and such third countries + or international organisations. The Commission should, in a timely manner, + inform the third country or international organisation of the reasons and + enter into consultations with it in order to remedy the situation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-108 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 108 + description: ' In the absence of an adequacy decision, the controller or processor + should take measures to compensate for the lack of data protection in a third + country by way of appropriate safeguards for the data subject. Such appropriate + safeguards may consist of making use of binding corporate rules, standard + data protection clauses adopted by the Commission, standard data protection + clauses adopted by a supervisory authority or contractual clauses authorised + by a supervisory authority. Those safeguards should ensure compliance with + data protection requirements and the rights of the data subjects appropriate + to processing within the Union, including the availability of enforceable + data subject rights and of effective legal remedies, including to obtain effective + administrative or judicial redress and to claim compensation, in the Union + or in a third country. They should relate in particular to compliance with + the general principles relating to personal data processing, the principles + of data protection by design and by default. Transfers may also be carried + out by public authorities or bodies with public authorities or bodies in third + countries or with international organisations with corresponding duties or + functions, including on the basis of provisions to be inserted into administrative + arrangements, such as a memorandum of understanding, providing for enforceable + and effective rights for data subjects. Authorisation by the competent supervisory + authority should be obtained when the safeguards are provided for in administrative + arrangements that are not legally binding.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-109 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 109 + description: The possibility for the controller or processor to use standard + data-protection clauses adopted by the Commission or by a supervisory authority + should prevent controllers or processors neither from including the standard + data-protection clauses in a wider contract, such as a contract between the + processor and another processor, nor from adding other clauses or additional + safeguards provided that they do not contradict, directly or indirectly, the + standard contractual clauses adopted by the Commission or by a supervisory + authority or prejudice the fundamental rights or freedoms of the data subjects. + Controllers and processors should be encouraged to provide additional safeguards + via contractual commitments that supplement standard protection clauses. + - urn: urn:intuitem:risk:req_node:gdpr:recital-110 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 110 + description: A group of undertakings, or a group of enterprises engaged in a + joint economic activity, should be able to make use of approved binding corporate + rules for its international transfers from the Union to organisations within + the same group of undertakings, or group of enterprises engaged in a joint + economic activity, provided that such corporate rules include all essential + principles and enforceable rights to ensure appropriate safeguards for transfers + or categories of transfers of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:recital-111 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 111 + description: Provisions should be made for the possibility for transfers in + certain circumstances where the data subject has given his or her explicit + consent, where the transfer is occasional and necessary in relation to a contract + or a legal claim, regardless of whether in a judicial procedure or whether + in an administrative or any out-of-court procedure, including procedures before + regulatory bodies. Provision should also be made for the possibility for transfers + where important grounds of public interest laid down by Union or Member State + law so require or where the transfer is made from a register established by + law and intended for consultation by the public or persons having a legitimate + interest. In the latter case, such a transfer should not involve the entirety + of the personal data or entire categories of the data contained in the register + and, when the register is intended for consultation by persons having a legitimate + interest, the transfer should be made only at the request of those persons + or, if they are to be the recipients, taking into full account the interests + and fundamental rights of the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:recital-112 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 112 + description: Those derogations should in particular apply to data transfers + required and necessary for important reasons of public interest, for example + in cases of international data exchange between competition authorities, tax + or customs administrations, between financial supervisory authorities, between + services competent for social security matters, or for public health, for + example in the case of contact tracing for contagious diseases or in order + to reduce and/or eliminate doping in sport. A transfer of personal data should + also be regarded as lawful where it is necessary to protect an interest which + is essential for the data subject's or another person's vital interests, including + physical integrity or life, if the data subject is incapable of giving consent. + In the absence of an adequacy decision, Union or Member State law may, for + important reasons of public interest, expressly set limits to the transfer + of specific categories of data to a third country or an international organisation. + Member States should notify such provisions to the Commission. Any transfer + to an international humanitarian organisation of personal data of a data subject + who is physically or legally incapable of giving consent, with a view to accomplishing + a task incumbent under the Geneva Conventions or to complying with international + humanitarian law applicable in armed conflicts, could be considered to be + necessary for an important reason of public interest or because it is in the + vital interest of the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:recital-113 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 113 + description: Transfers which can be qualified as not repetitive and that only + concern a limited number of data subjects, could also be possible for the + purposes of the compelling legitimate interests pursued by the controller, + when those interests are not overridden by the interests or rights and freedoms + of the data subject and when the controller has assessed all the circumstances + surrounding the data transfer. The controller should give particular consideration + to the nature of the personal data, the purpose and duration of the proposed + processing operation or operations, as well as the situation in the country + of origin, the third country and the country of final destination, and should + provide suitable safeguards to protect fundamental rights and freedoms of + natural persons with regard to the processing of their personal data. Such + transfers should be possible only in residual cases where none of the other + grounds for transfer are applicable. For scientific or historical research + purposes or statistical purposes, the legitimate expectations of society for + an increase of knowledge should be taken into consideration. The controller + should inform the supervisory authority and the data subject about the transfer. + - urn: urn:intuitem:risk:req_node:gdpr:recital-114 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 114 + description: In any case, where the Commission has taken no decision on the + adequate level of data protection in a third country, the controller or processor + should make use of solutions that provide data subjects with enforceable and + effective rights as regards the processing of their data in the Union once + those data have been transferred so that that they will continue to benefit + from fundamental rights and safeguards. + - urn: urn:intuitem:risk:req_node:gdpr:recital-115 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 115 + description: Some third countries adopt laws, regulations and other legal acts + which purport to directly regulate the processing activities of natural and + legal persons under the jurisdiction of the Member States. This may include + judgments of courts or tribunals or decisions of administrative authorities + in third countries requiring a controller or processor to transfer or disclose + personal data, and which are not based on an international agreement, such + as a mutual legal assistance treaty, in force between the requesting third + country and the Union or a Member State. The extraterritorial application + of those laws, regulations and other legal acts may be in breach of international + law and may impede the attainment of the protection of natural persons ensured + in the Union by this Regulation. Transfers should only be allowed where the + conditions of this Regulation for a transfer to third countries are met. This + may be the case, inter alia, where disclosure is necessary for an important + ground of public interest recognised in Union or Member State law to which + the controller is subject. + - urn: urn:intuitem:risk:req_node:gdpr:recital-116 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 116 + description: When personal data moves across borders outside the Union it may + put at increased risk the ability of natural persons to exercise data protection + rights in particular to protect themselves from the unlawful use or disclosure + of that information. At the same time, supervisory authorities may find that + they are unable to pursue complaints or conduct investigations relating to + the activities outside their borders. Their efforts to work together in the + cross-border context may also be hampered by insufficient preventative or + remedial powers, inconsistent legal regimes, and practical obstacles like + resource constraints. Therefore, there is a need to promote closer cooperation + among data protection supervisory authorities to help them exchange information + and carry out investigations with their international counterparts. For the + purposes of developing international cooperation mechanisms to facilitate + and provide international mutual assistance for the enforcement of legislation + for the protection of personal data, the Commission and the supervisory authorities + should exchange information and cooperate in activities related to the exercise + of their powers with competent authorities in third countries, based on reciprocity + and in accordance with this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-117 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 117 + description: The establishment of supervisory authorities in Member States, + empowered to perform their tasks and exercise their powers with complete independence, + is an essential component of the protection of natural persons with regard + to the processing of their personal data. Member States should be able to + establish more than one supervisory authority, to reflect their constitutional, + organisational and administrative structure. + - urn: urn:intuitem:risk:req_node:gdpr:recital-118 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 118 + description: The independence of supervisory authorities should not mean that + the supervisory authorities cannot be subject to control or monitoring mechanisms + regarding their financial expenditure or to judicial review. + - urn: urn:intuitem:risk:req_node:gdpr:recital-119 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 119 + description: Where a Member State establishes several supervisory authorities, + it should establish by law mechanisms for ensuring the effective participation + of those supervisory authorities in the consistency mechanism. That Member + State should in particular designate the supervisory authority which functions + as a single contact point for the effective participation of those authorities + in the mechanism, to ensure swift and smooth cooperation with other supervisory + authorities, the Board and the Commission. + - urn: urn:intuitem:risk:req_node:gdpr:recital-120 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 120 + description: Each supervisory authority should be provided with the financial + and human resources, premises and infrastructure necessary for the effective + performance of their tasks, including those related to mutual assistance and + cooperation with other supervisory authorities throughout the Union. Each + supervisory authority should have a separate, public annual budget, which + may be part of the overall state or national budget. + - urn: urn:intuitem:risk:req_node:gdpr:node126 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + description: The general conditions for the member or members of the supervisory + authority should be laid down by law in each Member State and should in particular + provide that those members are to be appointed, by means of a transparent + procedure, either by the parliament, government or the head of State of the + Member State on the basis of a proposal from the government, a member of the + government, the parliament or a chamber of the parliament, or by an independent + body entrusted under Member State law. In order to ensure the independence + of the supervisory authority, the member or members should act with integrity, + refrain from any action that is incompatible with their duties and should + not, during their term of office, engage in any incompatible occupation, whether + gainful or not. The supervisory authority should have its own staff, chosen + by the supervisory authority or an independent body established by Member + State law, which should be subject to the exclusive direction of the member + or members of the supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:recital-121 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 121 + description: ' Each supervisory authority should be competent on the territory + of its own Member State to exercise the powers and to perform the tasks conferred + on it in accordance with this Regulation. This should cover in particular + the processing in the context of the activities of an establishment of the + controller or processor on the territory of its own Member State, the processing + of personal data carried out by public authorities or private bodies acting + in the public interest, processing affecting data subjects on its territory + or processing carried out by a controller or processor not established in + the Union when targeting data subjects residing on its territory. This should + include handling complaints lodged by a data subject, conducting investigations + on the application of this Regulation and promoting public awareness of the + risks, rules, safeguards and rights in relation to the processing of personal + data.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-122 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 122 + description: The supervisory authorities should monitor the application of the + provisions pursuant to this Regulation and contribute to its consistent application + throughout the Union, in order to protect natural persons in relation to the + processing of their personal data and to facilitate the free flow of personal + data within the internal market. For that purpose, the supervisory authorities + should cooperate with each other and with the Commission, without the need + for any agreement between Member States on the provision of mutual assistance + or on such cooperation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-123 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 123 + description: Where the processing of personal data takes place in the context + of the activities of an establishment of a controller or a processor in the + Union and the controller or processor is established in more than one Member + State, or where processing taking place in the context of the activities of + a single establishment of a controller or processor in the Union substantially + affects or is likely to substantially affect data subjects in more than one + Member State, the supervisory authority for the main establishment of the + controller or processor or for the single establishment of the controller + or processor should act as lead authority. It should cooperate with the other + authorities concerned, because the controller or processor has an establishment + on the territory of their Member State, because data subjects residing on + their territory are substantially affected, or because a complaint has been + lodged with them. Also where a data subject not residing in that Member State + has lodged a complaint, the supervisory authority with which such complaint + has been lodged should also be a supervisory authority concerned. Within its + tasks to issue guidelines on any question covering the application of this + Regulation, the Board should be able to issue guidelines in particular on + the criteria to be taken into account in order to ascertain whether the processing + in question substantially affects data subjects in more than one Member State + and on what constitutes a relevant and reasoned objection. + - urn: urn:intuitem:risk:req_node:gdpr:recital-124 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 124 + description: The lead authority should be competent to adopt binding decisions + regarding measures applying the powers conferred on it in accordance with + this Regulation. In its capacity as lead authority, the supervisory authority + should closely involve and coordinate the supervisory authorities concerned + in the decision-making process. Where the decision is to reject the complaint + by the data subject in whole or in part, that decision should be adopted by + the supervisory authority with which the complaint has been lodged. + - urn: urn:intuitem:risk:req_node:gdpr:recital-125 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 125 + description: The decision should be agreed jointly by the lead supervisory authority + and the supervisory authorities concerned and should be directed towards the + main or single establishment of the controller or processor and be binding + on the controller and processor. The controller or processor should take the + necessary measures to ensure compliance with this Regulation and the implementation + of the decision notified by the lead supervisory authority to the main establishment + of the controller or processor as regards the processing activities in the + Union. + - urn: urn:intuitem:risk:req_node:gdpr:recital-126 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 126 + description: "Each supervisory authority not acting as the lead supervisory\ + \ authority should be competent to handle local cases where the controller\ + \ or processor is established in more than one Member State, but the subject\ + \ matter of the specific processing concerns only processing carried out in\ + \ a single Member State and involves only data subjects in that single Member\ + \ State, for example, where the subject matter concerns the processing of\ + \ employees' personal data in the specific employment context of a Member\ + \ State. In such cases, the supervisory authority should inform the lead supervisory\ + \ authority without delay about the matter. After being informed, the lead\ + \ supervisory authority should decide, whether it will handle the case pursuant\ + \ to the provision on cooperation between the lead supervisory authority and\ + \ other supervisory authorities concerned (\u2018one-stop-shop mechanism\u2019\ + ), or whether the supervisory authority which informed it should handle the\ + \ case at local level. When deciding whether it will handle the case, the\ + \ lead supervisory authority should take into account whether there is an\ + \ establishment of the controller or processor in the Member State of the\ + \ supervisory authority which informed it in order to ensure effective enforcement\ + \ of a decision vis-\xE0-vis the controller or processor. Where the lead supervisory\ + \ authority decides to handle the case, the supervisory authority which informed\ + \ it should have the possibility to submit a draft for a decision, of which\ + \ the lead supervisory authority should take utmost account when preparing\ + \ its draft decision in that one-stop-shop mechanism." + - urn: urn:intuitem:risk:req_node:gdpr:recital-127 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 127 + description: The rules on the lead supervisory authority and the one-stop-shop + mechanism should not apply where the processing is carried out by public authorities + or private bodies in the public interest. In such cases the only supervisory + authority competent to exercise the powers conferred to it in accordance with + this Regulation should be the supervisory authority of the Member State where + the public authority or private body is established. + - urn: urn:intuitem:risk:req_node:gdpr:recital-128 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 128 + description: In order to ensure consistent monitoring and enforcement of this + Regulation throughout the Union, the supervisory authorities should have in + each Member State the same tasks and effective powers, including powers of + investigation, corrective powers and sanctions, and authorisation and advisory + powers, in particular in cases of complaints from natural persons, and without + prejudice to the powers of prosecutorial authorities under Member State law, + to bring infringements of this Regulation to the attention of the judicial + authorities and engage in legal proceedings. Such powers should also include + the power to impose a temporary or definitive limitation, including a ban, + on processing. Member States may specify other tasks related to the protection + of personal data under this Regulation. The powers of supervisory authorities + should be exercised in accordance with appropriate procedural safeguards set + out in Union and Member State law, impartially, fairly and within a reasonable + time. In particular each measure should be appropriate, necessary and proportionate + in view of ensuring compliance with this Regulation, taking into account the + circumstances of each individual case, respect the right of every person to + be heard before any individual measure which would affect him or her adversely + is taken and avoid superfluous costs and excessive inconveniences for the + persons concerned. Investigatory powers as regards access to premises should + be exercised in accordance with specific requirements in Member State procedural + law, such as the requirement to obtain a prior judicial authorisation. Each + legally binding measure of the supervisory authority should be in writing, + be clear and unambiguous, indicate the supervisory authority which has issued + the measure, the date of issue of the measure, bear the signature of the head, + or a member of the supervisory authority authorised by him or her, give the + reasons for the measure, and refer to the right of an effective remedy. This + should not preclude additional requirements pursuant to Member State procedural + law. The adoption of a legally binding decision implies that it may give rise + to judicial review in the Member State of the supervisory authority that adopted + the decision. + - urn: urn:intuitem:risk:req_node:gdpr:recital-129 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 129 + description: Where the supervisory authority with which the complaint has been + lodged is not the lead supervisory authority, the lead supervisory authority + should closely cooperate with the supervisory authority with which the complaint + has been lodged in accordance with the provisions on cooperation and consistency + laid down in this Regulation. In such cases, the lead supervisory authority + should, when taking measures intended to produce legal effects, including + the imposition of administrative fines, take utmost account of the view of + the supervisory authority with which the complaint has been lodged and which + should remain competent to carry out any investigation on the territory of + its own Member State in liaison with the competent supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:recital-130 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 130 + description: 'Where another supervisory authority should act as a lead supervisory + authority for the processing activities of the controller or processor but + the concrete subject matter of a complaint or the possible infringement concerns + only processing activities of the controller or processor in the Member State + where the complaint has been lodged or the possible infringement detected + and the matter does not substantially affect or is not likely to substantially + affect data subjects in other Member States, the supervisory authority receiving + a complaint or detecting or being informed otherwise of situations that entail + possible infringements of this Regulation should seek an amicable settlement + with the controller and, if this proves unsuccessful, exercise its full range + of powers. This should include: specific processing carried out in the territory + of the Member State of the supervisory authority or with regard to data subjects + on the territory of that Member State; processing that is carried out in the + context of an offer of goods or services specifically aimed at data subjects + in the territory of the Member State of the supervisory authority; or processing + that has to be assessed taking into account relevant legal obligations under + Member State law.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-131 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 131 + description: Awareness-raising activities by supervisory authorities addressed + to the public should include specific measures directed at controllers and + processors, including micro, small and medium-sized enterprises, as well as + natural persons in particular in the educational context. + - urn: urn:intuitem:risk:req_node:gdpr:recital-132 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 132 + description: The supervisory authorities should assist each other in performing + their tasks and provide mutual assistance, so as to ensure the consistent + application and enforcement of this Regulation in the internal market. A supervisory + authority requesting mutual assistance may adopt a provisional measure if + it receives no response to a request for mutual assistance within one month + of the receipt of that request by the other supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:recital-133 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 133 + description: The supervisory authorities should assist each other in performing + their tasks and provide mutual assistance, so as to ensure the consistent + application and enforcement of this Regulation in the internal market. A supervisory + authority requesting mutual assistance may adopt a provisional measure if + it receives no response to a request for mutual assistance within one month + of the receipt of that request by the other supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:recital-134 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 134 + description: Each supervisory authority should, where appropriate, participate + in joint operations with other supervisory authorities. The requested supervisory + authority should be obliged to respond to the request within a specified time + period. + - urn: urn:intuitem:risk:req_node:gdpr:recital-135 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 135 + description: In order to ensure the consistent application of this Regulation + throughout the Union, a consistency mechanism for cooperation between the + supervisory authorities should be established. That mechanism should in particular + apply where a supervisory authority intends to adopt a measure intended to + produce legal effects as regards processing operations which substantially + affect a significant number of data subjects in several Member States. It + should also apply where any supervisory authority concerned or the Commission + requests that such matter should be handled in the consistency mechanism. + That mechanism should be without prejudice to any measures that the Commission + may take in the exercise of its powers under the Treaties. + - urn: urn:intuitem:risk:req_node:gdpr:recital-136 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 136 + description: In applying the consistency mechanism, the Board should, within + a determined period of time, issue an opinion, if a majority of its members + so decides or if so requested by any supervisory authority concerned or the + Commission. The Board should also be empowered to adopt legally binding decisions + where there are disputes between supervisory authorities. For that purpose, + it should issue, in principle by a two-thirds majority of its members, legally + binding decisions in clearly specified cases where there are conflicting views + among supervisory authorities, in particular in the cooperation mechanism + between the lead supervisory authority and supervisory authorities concerned + on the merits of the case, in particular whether there is an infringement + of this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-137 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 137 + description: There may be an urgent need to act in order to protect the rights + and freedoms of data subjects, in particular when the danger exists that the + enforcement of a right of a data subject could be considerably impeded. A + supervisory authority should therefore be able to adopt duly justified provisional + measures on its territory with a specified period of validity which should + not exceed three months. + - urn: urn:intuitem:risk:req_node:gdpr:recital-138 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 138 + description: The application of such mechanism should be a condition for the + lawfulness of a measure intended to produce legal effects by a supervisory + authority in those cases where its application is mandatory. In other cases + of cross- border relevance, the cooperation mechanism between the lead supervisory + authority and supervisory authorities concerned should be applied and mutual + assistance and joint operations might be carried out between the supervisory + authorities concerned on a bilateral or multilateral basis without triggering + the consistency mechanism. + - urn: urn:intuitem:risk:req_node:gdpr:recital-139 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 139 + description: In order to promote the consistent application of this Regulation, + the Board should be set up as an independent body of the Union. To fulfil + its objectives, the Board should have legal personality. The Board should + be represented by its Chair. It should replace the Working Party on the Protection + of Individuals with Regard to the Processing of Personal Data established + by Directive 95/46/EC. It should consist of the head of a supervisory authority + of each Member State and the European Data Protection Supervisor or their + respective representatives. The Commission should participate in the Board's + activities without voting rights and the European Data Protection Supervisor + should have specific voting rights. The Board should contribute to the consistent + application of this Regulation throughout the Union, including by advising + the Commission, in particular on the level of protection in third countries + or international organisations, and promoting cooperation of the supervisory + authorities throughout the Union. The Board should act independently when + performing its tasks. + - urn: urn:intuitem:risk:req_node:gdpr:recital-140 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 140 + description: The Board should be assisted by a secretariat provided by the European + Data Protection Supervisor. The staff of the European Data Protection Supervisor + involved in carrying out the tasks conferred on the Board by this Regulation + should perform its tasks exclusively under the instructions of, and report + to, the Chair of the Board. + - urn: urn:intuitem:risk:req_node:gdpr:recital-141 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 141 + description: Every data subject should have the right to lodge a complaint with + a single supervisory authority, in particular in the Member State of his or + her habitual residence, and the right to an effective judicial remedy in accordance + with Article 47 of the Charter if the data subject considers that his or her + rights under this Regulation are infringed or where the supervisory authority + does not act on a complaint, partially or wholly rejects or dismisses a complaint + or does not act where such action is necessary to protect the rights of the + data subject. The investigation following a complaint should be carried out, + subject to judicial review, to the extent that is appropriate in the specific + case. The supervisory authority should inform the data subject of the progress + and the outcome of the complaint within a reasonable period. If the case requires + further investigation or coordination with another supervisory authority, + intermediate information should be given to the data subject. In order to + facilitate the submission of complaints, each supervisory authority should + take measures such as providing a complaint submission form which can also + be completed electronically, without excluding other means of communication. + - urn: urn:intuitem:risk:req_node:gdpr:recital-142 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 142 + description: Where a data subject considers that his or her rights under this + Regulation are infringed, he or she should have the right to mandate a not-for-profit + body, organisation or association which is constituted in accordance with + the law of a Member State, has statutory objectives which are in the public + interest and is active in the field of the protection of personal data to + lodge a complaint on his or her behalf with a supervisory authority, exercise + the right to a judicial remedy on behalf of data subjects or, if provided + for in Member State law, exercise the right to receive compensation on behalf + of data subjects. A Member State may provide for such a body, organisation + or association to have the right to lodge a complaint in that Member State, + independently of a data subject's mandate, and the right to an effective judicial + remedy where it has reasons to consider that the rights of a data subject + have been infringed as a result of the processing of personal data which infringes + this Regulation. That body, organisation or association may not be allowed + to claim compensation on a data subject's behalf independently of the data + subject's mandate. + - urn: urn:intuitem:risk:req_node:gdpr:recital-143 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 143 + description: Any natural or legal person has the right to bring an action for + annulment of decisions of the Board before the Court of Justice under the + conditions provided for in Article 263 TFEU. As addressees of such decisions, + the supervisory authorities concerned which wish to challenge them have to + bring action within two months of being notified of them, in accordance with + Article 263 TFEU. Where decisions of the Board are of direct and individual + concern to a controller, processor or complainant, the latter may bring an + action for annulment against those decisions within two months of their publication + on the website of the Board, in accordance with Article 263 TFEU. Without + prejudice to this right under Article 263 TFEU, each natural or legal person + should have an effective judicial remedy before the competent national court + against a decision of a supervisory authority which produces legal effects + concerning that person. Such a decision concerns in particular the exercise + of investigative, corrective and authorisation powers by the supervisory authority + or the dismissal or rejection of complaints. However, the right to an effective + judicial remedy does not encompass measures taken by supervisory authorities + which are not legally binding, such as opinions issued by or advice provided + by the supervisory authority. Proceedings against a supervisory authority + should be brought before the courts of the Member State where the supervisory + authority is established and should be conducted in accordance with that Member + State's procedural law. Those courts should exercise full jurisdiction, which + should include jurisdiction to examine all questions of fact and law relevant + to the dispute before them. + - urn: urn:intuitem:risk:req_node:gdpr:node150 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + description: Where a complaint has been rejected or dismissed by a supervisory + authority, the complainant may bring proceedings before the courts in the + same Member State. In the context of judicial remedies relating to the application + of this Regulation, national courts which consider a decision on the question + necessary to enable them to give judgment, may, or in the case provided for + in Article 267 TFEU, must, request the Court of Justice to give a preliminary + ruling on the interpretation of Union law, including this Regulation. Furthermore, + where a decision of a supervisory authority implementing a decision of the + Board is challenged before a national court and the validity of the decision + of the Board is at issue, that national court does not have the power to declare + the Board's decision invalid but must refer the question of validity to the + Court of Justice in accordance with Article 267 TFEU as interpreted by the + Court of Justice, where it considers the decision invalid. However, a national + court may not refer a question on the validity of the decision of the Board + at the request of a natural or legal person which had the opportunity to bring + an action for annulment of that decision, in particular if it was directly + and individually concerned by that decision, but had not done so within the + period laid down in Article 263 TFEU. + - urn: urn:intuitem:risk:req_node:gdpr:recital-144 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 144 + description: Where a court seized of proceedings against a decision by a supervisory + authority has reason to believe that proceedings concerning the same processing, + such as the same subject matter as regards processing by the same controller + or processor, or the same cause of action, are brought before a competent + court in another Member State, it should contact that court in order to confirm + the existence of such related proceedings. If related proceedings are pending + before a court in another Member State, any court other than the court first + seized may stay its proceedings or may, on request of one of the parties, + decline jurisdiction in favour of the court first seized if that court has + jurisdiction over the proceedings in question and its law permits the consolidation + of such related proceedings. Proceedings are deemed to be related where they + are so closely connected that it is expedient to hear and determine them together + in order to avoid the risk of irreconcilable judgments resulting from separate + proceedings. + - urn: urn:intuitem:risk:req_node:gdpr:recital-145 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 145 + description: For proceedings against a controller or processor, the plaintiff + should have the choice to bring the action before the courts of the Member + States where the controller or processor has an establishment or where the + data subject resides, unless the controller is a public authority of a Member + State acting in the exercise of its public powers. + - urn: urn:intuitem:risk:req_node:gdpr:recital-146 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 146 + description: The controller or processor should compensate any damage which + a person may suffer as a result of processing that infringes this Regulation. + The controller or processor should be exempt from liability if it proves that + it is not in any way responsible for the damage. The concept of damage should + be broadly interpreted in the light of the case-law of the Court of Justice + in a manner which fully reflects the objectives of this Regulation. This is + without prejudice to any claims for damage deriving from the violation of + other rules in Union or Member State law. Processing that infringes this Regulation + also includes processing that infringes delegated and implementing acts adopted + in accordance with this Regulation and Member State law specifying rules of + this Regulation. Data subjects should receive full and effective compensation + for the damage they have suffered. Where controllers or processors are involved + in the same processing, each controller or processor should be held liable + for the entire damage. However, where they are joined to the same judicial + proceedings, in accordance with Member State law, compensation may be apportioned + according to the responsibility of each controller or processor for the damage + caused by the processing, provided that full and effective compensation of + the data subject who suffered the damage is ensured. Any controller or processor + which has paid full compensation may subsequently institute recourse proceedings + against other controllers or processors involved in the same processing. + - urn: urn:intuitem:risk:req_node:gdpr:recital-147 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 147 + description: Where specific rules on jurisdiction are contained in this Regulation, + in particular as regards proceedings seeking a judicial remedy including compensation, + against a controller or processor, general jurisdiction rules such as those + of Regulation (EU) No 1215/2012 of the European Parliament and of the Council + (1) should not prejudice the application of such specific rules. + - urn: urn:intuitem:risk:req_node:gdpr:recital-148 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 148 + description: In order to strengthen the enforcement of the rules of this Regulation, + penalties including administrative fines should be imposed for any infringement + of this Regulation, in addition to, or instead of appropriate measures imposed + by the supervisory authority pursuant to this Regulation. In a case of a minor + infringement or if the fine likely to be imposed would constitute a disproportionate + burden to a natural person, a reprimand may be issued instead of a fine. Due + regard should however be given to the nature, gravity and duration of the + infringement, the intentional character of the infringement, actions taken + to mitigate the damage suffered, degree of responsibility or any relevant + previous infringements, the manner in which the infringement became known + to the supervisory authority, compliance with measures ordered against the + controller or processor, adherence to a code of conduct and any other aggravating + or mitigating factor. The imposition of penalties including administrative + fines should be subject to appropriate procedural safeguards in accordance + with the general principles of Union law and the Charter, including effective + judicial protection and due process. + - urn: urn:intuitem:risk:req_node:gdpr:recital-149 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 149 + description: Member States should be able to lay down the rules on criminal + penalties for infringements of this Regulation, including for infringements + of national rules adopted pursuant to and within the limits of this Regulation. + Those criminal penalties may also allow for the deprivation of the profits + obtained through infringements of this Regulation. However, the imposition + of criminal penalties for infringements of such national rules and of administrative + penalties should not lead to a breach of the principle of ne bis in idem, + as interpreted by the Court of Justice. + - urn: urn:intuitem:risk:req_node:gdpr:recital-150 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 150 + description: In order to strengthen and harmonise administrative penalties for + infringements of this Regulation, each supervisory authority should have the + power to impose administrative fines. This Regulation should indicate infringements + and the upper limit and criteria for setting the related administrative fines, + which should be determined by the competent supervisory authority in each + individual case, taking into account all relevant circumstances of the specific + situation, with due regard in particular to the nature, gravity and duration + of the infringement and of its consequences and the measures taken to ensure + compliance with the obligations under this Regulation and to prevent or mitigate + the consequences of the infringement. Where administrative fines are imposed + on an undertaking, an undertaking should be understood to be an undertaking + in accordance with Articles 101 and 102 TFEU for those purposes. Where administrative + fines are imposed on persons that are not an undertaking, the supervisory + authority should take account of the general level of income in the Member + State as well as the economic situation of the person in considering the appropriate + amount of the fine. The consistency mechanism may also be used to promote + a consistent application of administrative fines. It should be for the Member + States to determine whether and to which extent public authorities should + be subject to administrative fines. Imposing an administrative fine or giving + a warning does not affect the application of other powers of the supervisory + authorities or of other penalties under this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:recital-151 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 151 + description: The legal systems of Denmark and Estonia do not allow for administrative + fines as set out in this Regulation. The rules on administrative fines may + be applied in such a manner that in Denmark the fine is imposed by competent + national courts as a criminal penalty and in Estonia the fine is imposed by + the supervisory authority in the framework of a misdemeanour procedure, provided + that such an application of the rules in those Member States has an equivalent + effect to administrative fines imposed by supervisory authorities. Therefore + the competent national courts should take into account the recommendation + by the supervisory authority initiating the fine. In any event, the fines + imposed should be effective, proportionate and dissuasive. + - urn: urn:intuitem:risk:req_node:gdpr:recital-152 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 152 + description: Where this Regulation does not harmonise administrative penalties + or where necessary in other cases, for example in cases of serious infringements + of this Regulation, Member States should implement a system which provides + for effective, proportionate and dissuasive penalties. The nature of such + penalties, criminal or administrative, should be determined by Member State + law. + - urn: urn:intuitem:risk:req_node:gdpr:recital-153 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 153 + description: Member States law should reconcile the rules governing freedom + of expression and information, including journalistic, academic, artistic + and or literary expression with the right to the protection of personal data + pursuant to this Regulation. The processing of personal data solely for journalistic + purposes, or for the purposes of academic, artistic or literary expression + should be subject to derogations or exemptions from certain provisions of + this Regulation if necessary to reconcile the right to the protection of personal + data with the right to freedom of expression and information, as enshrined + in Article 11 of the Charter. This should apply in particular to the processing + of personal data in the audiovisual field and in news archives and press libraries. + Therefore, Member States should adopt legislative measures which lay down + the exemptions and derogations necessary for the purpose of balancing those + fundamental rights. Member States should adopt such exemptions and derogations + on general principles, the rights of the data subject, the controller and + the processor, the transfer of personal data to third countries or international + organisations, the independent supervisory authorities, cooperation and consistency, + and specific data-processing situations. Where such exemptions or derogations + differ from one Member State to another, the law of the Member State to which + the controller is subject should apply. In order to take account of the importance + of the right to freedom of expression in every democratic society, it is necessary + to interpret notions relating to that freedom, such as journalism, broadly. + - urn: urn:intuitem:risk:req_node:gdpr:recital-154 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 154 + description: This Regulation allows the principle of public access to official + documents to be taken into account when applying this Regulation. Public access + to official documents may be considered to be in the public interest. Personal + data in documents held by a public authority or a public body should be able + to be publicly disclosed by that authority or body if the disclosure is provided + for by Union or Member State law to which the public authority or public body + is subject. Such laws should reconcile public access to official documents + and the reuse of public sector information with the right to the protection + of personal data and may therefore provide for the necessary reconciliation + with the right to the protection of personal data pursuant to this Regulation. + The reference to public authorities and bodies should in that context include + all authorities or other bodies covered by Member State law on public access + to documents. Directive 2003/98/EC of the European Parliament and of the Council + (1) leaves intact and in no way affects the level of protection of natural + persons with regard to the processing of personal data under the provisions + of Union and Member State law, and in particular does not alter the obligations + and rights set out in this Regulation. In particular, that Directive should + not apply to documents to which access is excluded or restricted by virtue + of the access regimes on the grounds of protection of personal data, and parts + of documents accessible by virtue of those regimes which contain personal + data the re-use of which has been provided for by law as being incompatible + with the law concerning the protection of natural persons with regard to the + processing of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:recital-155 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 155 + description: "Member State law or collective agreements, including \u2018works\ + \ agreements\u2019, may provide for specific rules on the processing of employees'\ + \ personal data in the employment context, in particular for the conditions\ + \ under which personal data in the employment context may be processed on\ + \ the basis of the consent of the employee, the purposes of the recruitment,\ + \ the performance of the contract of employment, including discharge of obligations\ + \ laid down by law or by collective agreements, management, planning and organisation\ + \ of work, equality and diversity in the workplace, health and safety at work,\ + \ and for the purposes of the exercise and enjoyment, on an individual or\ + \ collective basis, of rights and benefits related to employment, and for\ + \ the purpose of the termination of the employment relationship." + - urn: urn:intuitem:risk:req_node:gdpr:recital-156 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 156 + description: The processing of personal data for archiving purposes in the public + interest, scientific or historical research purposes or statistical purposes + should be subject to appropriate safeguards for the rights and freedoms of + the data subject pursuant to this Regulation. Those safeguards should ensure + that technical and organisational measures are in place in order to ensure, + in particular, the principle of data minimisation. The further processing + of personal data for archiving purposes in the public interest, scientific + or historical research purposes or statistical purposes is to be carried out + when the controller has assessed the feasibility to fulfil those purposes + by processing data which do not permit or no longer permit the identification + of data subjects, provided that appropriate safeguards exist (such as, for + instance, pseudonymisation of the data). Member States should provide for + appropriate safeguards for the processing of personal data for archiving purposes + in the public interest, scientific or historical research purposes or statistical + purposes. Member States should be authorised to provide, under specific conditions + and subject to appropriate safeguards for data subjects, specifications and + derogations with regard to the information requirements and rights to rectification, + to erasure, to be forgotten, to restriction of processing, to data portability, + and to object when processing personal data for archiving purposes in the + public interest, scientific or historical research purposes or statistical + purposes. The conditions and safeguards in question may entail specific procedures + for data subjects to exercise those rights if this is appropriate in the light + of the purposes sought by the specific processing along with technical and + organisational measures aimed at minimising the processing of personal data + in pursuance of the proportionality and necessity principles. The processing + of personal data for scientific purposes should also comply with other relevant + legislation such as on clinical trials. + - urn: urn:intuitem:risk:req_node:gdpr:recital-157 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 157 + description: By coupling information from registries, researchers can obtain + new knowledge of great value with regard to widespread medical conditions + such as cardiovascular disease, cancer and depression. On the basis of registries, + research results can be enhanced, as they draw on a larger population. Within + social science, research on the basis of registries enables researchers to + obtain essential knowledge about the long-term correlation of a number of + social conditions such as unemployment and education with other life conditions. + Research results obtained through registries provide solid, high-quality knowledge + which can provide the basis for the formulation and implementation of knowledge-based + policy, improve the quality of life for a number of people and improve the + efficiency of social services. In order to facilitate scientific research, + personal data can be processed for scientific research purposes, subject to + appropriate conditions and safeguards set out in Union or Member State law. + - urn: urn:intuitem:risk:req_node:gdpr:recital-158 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 158 + description: Where personal data are processed for archiving purposes, this + Regulation should also apply to that processing, bearing in mind that this + Regulation should not apply to deceased persons. Public authorities or public + or private bodies that hold records of public interest should be services + which, pursuant to Union or Member State law, have a legal obligation to acquire, + preserve, appraise, arrange, describe, communicate, promote, disseminate and + provide access to records of enduring value for general public interest. Member + States should also be authorised to provide for the further processing of + personal data for archiving purposes, for example with a view to providing + specific information related to the political behaviour under former totalitarian + state regimes, genocide, crimes against humanity, in particular the Holocaust, + or war crimes. + - urn: urn:intuitem:risk:req_node:gdpr:recital-159 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 159 + description: Where personal data are processed for scientific research purposes, + this Regulation should also apply to that processing. For the purposes of + this Regulation, the processing of personal data for scientific research purposes + should be interpreted in a broad manner including for example technological + development and demonstration, fundamental research, applied research and + privately funded research. In addition, it should take into account the Union's + objective under Article 179(1) TFEU of achieving a European Research Area. + Scientific research purposes should also include studies conducted in the + public interest in the area of public health. To meet the specificities of + processing personal data for scientific research purposes, specific conditions + should apply in particular as regards the publication or otherwise disclosure + of personal data in the context of scientific research purposes. If the result + of scientific research in particular in the health context gives reason for + further measures in the interest of the data subject, the general rules of + this Regulation should apply in view of those measures. + - urn: urn:intuitem:risk:req_node:gdpr:recital-160 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 160 + description: Where personal data are processed for historical research purposes, + this Regulation should also apply to that processing. This should also include + historical research and research for genealogical purposes, bearing in mind + that this Regulation should not apply to deceased persons. + - urn: urn:intuitem:risk:req_node:gdpr:recital-161 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 161 + description: For the purpose of consenting to the participation in scientific + research activities in clinical trials, the relevant provisions of Regulation + (EU) No 536/2014 of the European Parliament and of the Council (1) should + apply. + - urn: urn:intuitem:risk:req_node:gdpr:recital-162 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 162 + description: Where personal data are processed for statistical purposes, this + Regulation should apply to that processing. Union or Member State law should, + within the limits of this Regulation, determine statistical content, control + of access, specifications for the processing of personal data for statistical + purposes and appropriate measures to safeguard the rights and freedoms of + the data subject and for ensuring statistical confidentiality. Statistical + purposes mean any operation of collection and the processing of personal data + necessary for statistical surveys or for the production of statistical results. + Those statistical results may further be used for different purposes, including + a scientific research purpose. The statistical purpose implies that the result + of processing for statistical purposes is not personal data, but aggregate + data, and that this result or the personal data are not used in support of + measures or decisions regarding any particular natural person. + - urn: urn:intuitem:risk:req_node:gdpr:recital-163 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 163 + description: The confidential information which the Union and national statistical + authorities collect for the production of official European and official national + statistics should be protected. European statistics should be developed, produced + and disseminated in accordance with the statistical principles as set out + in Article 338(2) TFEU, while national statistics should also comply with + Member State law. Regulation (EC) No 223/2009 of the European Parliament and + of the Council (2) provides further specifications on statistical confidentiality + for European statistics. + - urn: urn:intuitem:risk:req_node:gdpr:recital-164 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 164 + description: As regards the powers of the supervisory authorities to obtain + from the controller or processor access to personal data and access to their + premises, Member States may adopt by law, within the limits of this Regulation, + specific rules in order to safeguard the professional or other equivalent + secrecy obligations, in so far as necessary to reconcile the right to the + protection of personal data with an obligation of professional secrecy. This + is without prejudice to existing Member State obligations to adopt rules on + professional secrecy where required by Union law. + - urn: urn:intuitem:risk:req_node:gdpr:recital-165 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 165 + description: This Regulation respects and does not prejudice the status under + existing constitutional law of churches and religious associations or communities + in the Member States, as recognised in Article 17 TFEU. + - urn: urn:intuitem:risk:req_node:gdpr:recital-166 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 166 + description: ' In order to fulfil the objectives of this Regulation, namely + to protect the fundamental rights and freedoms of natural persons and in particular + their right to the protection of personal data and to ensure the free movement + of personal data within the Union, the power to adopt acts in accordance with + Article 290 TFEU should be delegated to the Commission. In particular, delegated + acts should be adopted in respect of criteria and requirements for certification + mechanisms, information to be presented by standardised icons and procedures + for providing such icons. It is of particular importance that the Commission + carry out appropriate consultations during its preparatory work, including + at expert level. The Commission, when preparing and drawing-up delegated acts, + should ensure a simultaneous, timely and appropriate transmission of relevant + documents to the European Parliament and to the Council.' + - urn: urn:intuitem:risk:req_node:gdpr:recital-167 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 167 + description: In order to ensure uniform conditions for the implementation of + this Regulation, implementing powers should be conferred on the Commission + when provided for by this Regulation. Those powers should be exercised in + accordance with Regulation (EU) No 182/2011. In that context, the Commission + should consider specific measures for micro, small and medium-sized enterprises. + - urn: urn:intuitem:risk:req_node:gdpr:recital-168 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 168 + description: The examination procedure should be used for the adoption of implementing + acts on standard contractual clauses between controllers and processors and + between processors; codes of conduct; technical standards and mechanisms for + certification; the adequate level of protection afforded by a third country, + a territory or a specified sector within that third country, or an international + organisation; standard protection clauses; formats and procedures for the + exchange of information by electronic means between controllers, processors + and supervisory authorities for binding corporate rules; mutual assistance; + and arrangements for the exchange of information by electronic means between + supervisory authorities, and between supervisory authorities and the Board. + - urn: urn:intuitem:risk:req_node:gdpr:recital-169 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 169 + description: The Commission should adopt immediately applicable implementing + acts where available evidence reveals that a third country, a territory or + a specified sector within that third country, or an international organisation + does not ensure an adequate level of protection, and imperative grounds of + urgency so require. + - urn: urn:intuitem:risk:req_node:gdpr:recital-170 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 170 + description: Since the objective of this Regulation, namely to ensure an equivalent + level of protection of natural persons and the free flow of personal data + throughout the Union, cannot be sufficiently achieved by the Member States + and can rather, by reason of the scale or effects of the action, be better + achieved at Union level, the Union may adopt measures, in accordance with + the principle of subsidiarity as set out in Article 5 of the Treaty on European + Union (TEU). In accordance with the principle of proportionality as set out + in that Article, this Regulation does not go beyond what is necessary in order + to achieve that objective. + - urn: urn:intuitem:risk:req_node:gdpr:recital-171 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 171 + description: Directive 95/46/EC should be repealed by this Regulation. Processing + already under way on the date of application of this Regulation should be + brought into conformity with this Regulation within the period of two years + after which this Regulation enters into force. Where processing is based on + consent pursuant to Directive 95/46/EC, it is not necessary for the data subject + to give his or her consent again if the manner in which the consent has been + given is in line with the conditions of this Regulation, so as to allow the + controller to continue such processing after the date of application of this + Regulation. Commission decisions adopted and authorisations by supervisory + authorities based on Directive 95/46/EC remain in force until amended, replaced + or repealed. + - urn: urn:intuitem:risk:req_node:gdpr:recital-172 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 172 + description: The European Data Protection Supervisor was consulted in accordance + with Article 28(2) of Regulation (EC) No 45/2001 and delivered an opinion + on 7 March 2012 (1). + - urn: urn:intuitem:risk:req_node:gdpr:recital-173 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:preambule + ref_id: Recital 173 + description: "This Regulation should apply to all matters concerning the protection\ + \ of fundamental rights and freedoms vis-\xE0- vis the processing of personal\ + \ data which are not subject to specific obligations with the same objective\ + \ set out in Directive 2002/58/EC of the European Parliament and of the Council\ + \ (2), including the obligations on the controller and the rights of natural\ + \ persons. In order to clarify the relationship between this Regulation and\ + \ Directive 2002/58/EC, that Directive should be amended accordingly. Once\ + \ this Regulation is adopted, Directive 2002/58/EC should be reviewed in particular\ + \ in order to ensure consistency with this Regulation," + - urn: urn:intuitem:risk:req_node:gdpr:chapter-i + assessable: false + depth: 1 + ref_id: CHAPTER I + description: General provisions + - urn: urn:intuitem:risk:req_node:gdpr:article-1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-i + ref_id: Article 1 + description: Subject-matter and objectives + - urn: urn:intuitem:risk:req_node:gdpr:1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-1 + ref_id: '1.1' + description: This Regulation lays down rules relating to the protection of natural + persons with regard to the processing of personal data and rules relating + to the free movement of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-1 + ref_id: '1.2' + description: This Regulation protects fundamental rights and freedoms of natural + persons and in particular their right to the protection of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:1.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-1 + ref_id: '1.3' + description: The free movement of personal data within the Union shall be neither + restricted nor prohibited for reasons connected with the protection of natural + persons with regard to the processing of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:article-2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-i + ref_id: Article 2 + description: Material scope + - urn: urn:intuitem:risk:req_node:gdpr:2.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-2 + ref_id: '2.1' + description: This Regulation applies to the processing of personal data wholly + or partly by automated means and to the processing other than by automated + means of personal data which form part of a filing system or are intended + to form part of a filing system. + - urn: urn:intuitem:risk:req_node:gdpr:2.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-2 + ref_id: '2.2' + description: 'This Regulation does not apply to the processing of personal data:' + - urn: urn:intuitem:risk:req_node:gdpr:2.2.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:2.2 + ref_id: 2.2.a + description: in the course of an activity which falls outside the scope of Union + law; + - urn: urn:intuitem:risk:req_node:gdpr:2.2.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:2.2 + ref_id: 2.2.b + description: by the Member States when carrying out activities which fall within + the scope of Chapter 2 of Title V of the TEU; + - urn: urn:intuitem:risk:req_node:gdpr:2.2.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:2.2 + ref_id: 2.2.c + description: by a natural person in the course of a purely personal or household + activity; + - urn: urn:intuitem:risk:req_node:gdpr:2.2.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:2.2 + ref_id: 2.2.d + description: by competent authorities for the purposes of the prevention, investigation, + detection or prosecution of criminal offences or the execution of criminal + penalties, including the safeguarding against and the prevention of threats + to public security. + - urn: urn:intuitem:risk:req_node:gdpr:2.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-2 + ref_id: '2.3' + description: For the processing of personal data by the Union institutions, + bodies, offices and agencies, Regulation (EC) No 45/2001 applies. Regulation + (EC) No 45/2001 and other Union legal acts applicable to such processing of + personal data shall be adapted to the principles and rules of this Regulation + in accordance with Article 98. + - urn: urn:intuitem:risk:req_node:gdpr:2.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-2 + ref_id: '2.4' + description: This Regulation shall be without prejudice to the application of + Directive 2000/31/EC, in particular of the liability rules of intermediary + service providers in Articles 12 to 15 of that Directive. + - urn: urn:intuitem:risk:req_node:gdpr:article-3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-i + ref_id: Article 3 + description: Territorial scope + - urn: urn:intuitem:risk:req_node:gdpr:3.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-3 + ref_id: '3.1' + description: This Regulation applies to the processing of personal data in the + context of the activities of an establishment of a controller or a processor + in the Union, regardless of whether the processing takes place in the Union + or not. + - urn: urn:intuitem:risk:req_node:gdpr:3.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-3 + ref_id: '3.2' + description: 'This Regulation applies to the processing of personal data of + data subjects who are in the Union by a controller or processor not established + in the Union, where the processing activities are related to:' + - urn: urn:intuitem:risk:req_node:gdpr:3.2.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:3.2 + ref_id: 3.2.a + description: the offering of goods or services, irrespective of whether a payment + of the data subject is required, to such data subjects in the Union; or + - urn: urn:intuitem:risk:req_node:gdpr:3.2.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:3.2 + ref_id: 3.2.b + description: the monitoring of their behaviour as far as their behaviour takes + place within the Union. + - urn: urn:intuitem:risk:req_node:gdpr:3.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-3 + ref_id: '3.3' + description: This Regulation applies to the processing of personal data by a + controller not established in the Union, but in a place where Member State + law applies by virtue of public international law. + - urn: urn:intuitem:risk:req_node:gdpr:article-4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-i + ref_id: Article 4 + description: Definitions + - urn: urn:intuitem:risk:req_node:gdpr:node202 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-4 + description: 'For the purposes of this Regulation:' + - urn: urn:intuitem:risk:req_node:gdpr:4.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.1' + description: " \u2018personal data\u2019 means any information relating to an\ + \ identified or identifiable natural person (\u2018data subject\u2019); an\ + \ identifiable natural person is one who can be identified, directly or indirectly,\ + \ in particular by reference to an identifier such as a name, an identification\ + \ number, location data, an online identifier or to one or more factors specific\ + \ to the physical, physiological, genetic, mental, economic, cultural or social\ + \ identity of that natural person;" + - urn: urn:intuitem:risk:req_node:gdpr:4.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.2' + description: "\u2018processing\u2019 means any operation or set of operations\ + \ which is performed on personal data or on sets of personal data, whether\ + \ or not by automated means, such as collection, recording, organisation,\ + \ structuring, storage, adaptation or alteration, retrieval, consultation,\ + \ use, disclosure by transmission, dissemination or otherwise making available,\ + \ alignment or combination, restriction, erasure or destruction;" + - urn: urn:intuitem:risk:req_node:gdpr:4.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.3' + description: "\u2018restriction of processing\u2019 means the marking of stored\ + \ personal data with the aim of limiting their processing in the future;" + - urn: urn:intuitem:risk:req_node:gdpr:4.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.4' + description: "\u2018profiling\u2019 means any form of automated processing of\ + \ personal data consisting of the use of personal data to evaluate certain\ + \ personal aspects relating to a natural person, in particular to analyse\ + \ or predict aspects concerning that natural person's performance at work,\ + \ economic situation, health, personal preferences, interests, reliability,\ + \ behaviour, location or movements;" + - urn: urn:intuitem:risk:req_node:gdpr:4.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.5' + description: "\u2018pseudonymisation\u2019 means the processing of personal\ + \ data in such a manner that the personal data can no longer be attributed\ + \ to a specific data subject without the use of additional information, provided\ + \ that such additional information is kept separately and is subject to technical\ + \ and organisational measures to ensure that the personal data are not attributed\ + \ to an identified or identifiable natural person;" + - urn: urn:intuitem:risk:req_node:gdpr:4.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.6' + description: "\u2018filing system\u2019 means any structured set of personal\ + \ data which are accessible according to specific criteria, whether centralised,\ + \ decentralised or dispersed on a functional or geographical basis;" + - urn: urn:intuitem:risk:req_node:gdpr:4.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.7' + description: "\u2018controller\u2019 means the natural or legal person, public\ + \ authority, agency or other body which, alone or jointly with others, determines\ + \ the purposes and means of the processing of personal data; where the purposes\ + \ and means of such processing are determined by Union or Member State law,\ + \ the controller or the specific criteria for its nomination may be provided\ + \ for by Union or Member State law;" + - urn: urn:intuitem:risk:req_node:gdpr:4.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.8' + description: "\u2018processor\u2019 means a natural or legal person, public\ + \ authority, agency or other body which processes personal data on behalf\ + \ of the controller;" + - urn: urn:intuitem:risk:req_node:gdpr:4.9 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.9' + description: "\u2018recipient\u2019 means a natural or legal person, public\ + \ authority, agency or another body, to which the personal data are disclosed,\ + \ whether a third party or not. However, public authorities which may receive\ + \ personal data in the framework of a particular inquiry in accordance with\ + \ Union or Member State law shall not be regarded as recipients; the processing\ + \ of those data by those public authorities shall be in compliance with the\ + \ applicable data protection rules according to the purposes of the processing;" + - urn: urn:intuitem:risk:req_node:gdpr:4.10 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.10' + description: "\u2018third party\u2019 means a natural or legal person, public\ + \ authority, agency or body other than the data subject, controller, processor\ + \ and persons who, under the direct authority of the controller or processor,\ + \ are authorised to process personal data;" + - urn: urn:intuitem:risk:req_node:gdpr:4.11 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.11' + description: "\u2018consent\u2019 of the data subject means any freely given,\ + \ specific, informed and unambiguous indication of the data subject's wishes\ + \ by which he or she, by a statement or by a clear affirmative action, signifies\ + \ agreement to the processing of personal data relating to him or her;" + - urn: urn:intuitem:risk:req_node:gdpr:4.12 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.12' + description: "\u2018personal data breach\u2019 means a breach of security leading\ + \ to the accidental or unlawful destruction, loss, alteration, unauthorised\ + \ disclosure of, or access to, personal data transmitted, stored or otherwise\ + \ processed;" + - urn: urn:intuitem:risk:req_node:gdpr:4.13 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.13' + description: "\u2018genetic data\u2019 means personal data relating to the inherited\ + \ or acquired genetic characteristics of a natural person which give unique\ + \ information about the physiology or the health of that natural person and\ + \ which result, in particular, from an analysis of a biological sample from\ + \ the natural person in question;" + - urn: urn:intuitem:risk:req_node:gdpr:4.14 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.14' + description: "\u2018biometric data\u2019 means personal data resulting from\ + \ specific technical processing relating to the physical, physiological or\ + \ behavioural characteristics of a natural person, which allow or confirm\ + \ the unique identification of that natural person, such as facial images\ + \ or dactyloscopic data;" + - urn: urn:intuitem:risk:req_node:gdpr:4.15 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.15' + description: "\u2018data concerning health\u2019 means personal data related\ + \ to the physical or mental health of a natural person, including the provision\ + \ of health care services, which reveal information about his or her health\ + \ status;" + - urn: urn:intuitem:risk:req_node:gdpr:4.16 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.16' + description: "\u2018main establishment\u2019 means:" + - urn: urn:intuitem:risk:req_node:gdpr:4.16.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:4.16 + ref_id: 4.16.a + description: as regards a controller with establishments in more than one Member + State, the place of its central administration in the Union, unless the decisions + on the purposes and means of the processing of personal data are taken in + another establishment of the controller in the Union and the latter establishment + has the power to have such decisions implemented, in which case the establishment + having taken such decisions is to be considered to be the main establishment; + - urn: urn:intuitem:risk:req_node:gdpr:4.16.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:4.16 + ref_id: 4.16.b + description: as regards a processor with establishments in more than one Member + State, the place of its central administration in the Union, or, if the processor + has no central administration in the Union, the establishment of the processor + in the Union where the main processing activities in the context of the activities + of an establishment of the processor take place to the extent that the processor + is subject to specific obligations under this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:4.17 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.17' + description: "\u2018representative\u2019 means a natural or legal person established\ + \ in the Union who, designated by the controller or processor in writing pursuant\ + \ to Article 27, represents the controller or processor with regard to their\ + \ respective obligations under this Regulation;" + - urn: urn:intuitem:risk:req_node:gdpr:4.18 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.18' + description: "\u2018enterprise\u2019 means a natural or legal person engaged\ + \ in an economic activity, irrespective of its legal form, including partnerships\ + \ or associations regularly engaged in an economic activity;" + - urn: urn:intuitem:risk:req_node:gdpr:4.19 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.19' + description: "\u2018group of undertakings\u2019 means a controlling undertaking\ + \ and its controlled undertakings;" + - urn: urn:intuitem:risk:req_node:gdpr:4.20 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.20' + description: "\u2018binding corporate rules\u2019 means personal data protection\ + \ policies which are adhered to by a controller or processor established on\ + \ the territory of a Member State for transfers or a set of transfers of personal\ + \ data to a controller or processor in one or more third countries within\ + \ a group of undertakings, or group of enterprises engaged in a joint economic\ + \ activity;" + - urn: urn:intuitem:risk:req_node:gdpr:4.21 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.21' + description: " \u2018supervisory authority\u2019 means an independent public\ + \ authority which is established by a Member State pursuant to Article 51;" + - urn: urn:intuitem:risk:req_node:gdpr:4.22 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.22' + description: "\u2018supervisory authority concerned\u2019 means a supervisory\ + \ authority which is concerned by the processing of personal data because:" + - urn: urn:intuitem:risk:req_node:gdpr:4.22.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:4.22 + ref_id: 4.22.a + description: the controller or processor is established on the territory of + the Member State of that supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:4.22.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:4.22 + ref_id: 4.22.b + description: data subjects residing in the Member State of that supervisory + authority are substantially affected or likely to be substantially affected + by the processing; or + - urn: urn:intuitem:risk:req_node:gdpr:4.22.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:4.22 + ref_id: 4.22.c + description: a complaint has been lodged with that supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:4.23 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.23' + description: "\u2018cross-border processing\u2019 means either:" + - urn: urn:intuitem:risk:req_node:gdpr:4.23.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:4.23 + ref_id: 4.23.a + description: processing of personal data which takes place in the context of + the activities of establishments in more than one Member State of a controller + or processor in the Union where the controller or processor is established + in more than one Member State; or + - urn: urn:intuitem:risk:req_node:gdpr:4.23.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:4.23 + ref_id: 4.23.b + description: processing of personal data which takes place in the context of + the activities of a single establishment of a controller or processor in the + Union but which substantially affects or is likely to substantially affect + data subjects in more than one Member State. + - urn: urn:intuitem:risk:req_node:gdpr:4.24 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.24' + description: "\u2018relevant and reasoned objection\u2019 means an objection\ + \ to a draft decision as to whether there is an infringement of this Regulation,\ + \ or whether envisaged action in relation to the controller or processor complies\ + \ with this Regulation, which clearly demonstrates the significance of the\ + \ risks posed by the draft decision as regards the fundamental rights and\ + \ freedoms of data subjects and, where applicable, the free flow of personal\ + \ data within the Union;" + - urn: urn:intuitem:risk:req_node:gdpr:4.25 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.25' + description: "\u2018information society service\u2019 means a service as defined\ + \ in point (b) of Article 1(1) of Directive (EU) 2015/1535 of the European\ + \ Parliament and of the Council (1);" + - urn: urn:intuitem:risk:req_node:gdpr:4.26 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node202 + ref_id: '4.26' + description: "\u2018international organisation\u2019 means an organisation and\ + \ its subordinate bodies governed by public international law, or any other\ + \ body which is set up by, or on the basis of, an agreement between two or\ + \ more countries." + - urn: urn:intuitem:risk:req_node:gdpr:chapter-ii + assessable: false + depth: 1 + ref_id: CHAPTER II + description: Principles + - urn: urn:intuitem:risk:req_node:gdpr:article-5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ii + ref_id: Article 5 + description: Principles relating to processing of personal data + - urn: urn:intuitem:risk:req_node:gdpr:5.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-5 + ref_id: '5.1' + description: 'Personal data shall be:' + - urn: urn:intuitem:risk:req_node:gdpr:5.1.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:5.1 + ref_id: 5.1.a + description: "processed lawfully, fairly and in a transparent manner in relation\ + \ to the data subject (\u2018lawfulness, fairness and transparency\u2019);" + - urn: urn:intuitem:risk:req_node:gdpr:5.1.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:5.1 + ref_id: 5.1.b + description: "collected for specified, explicit and legitimate purposes and\ + \ not further processed in a manner that is incompatible with those purposes;\ + \ further processing for archiving purposes in the public interest, scientific\ + \ or historical research purposes or statistical purposes shall, in accordance\ + \ with Article 89(1), not be considered to be incompatible with the initial\ + \ purposes (\u2018purpose limitation\u2019);" + annotation: The processing of data can be used subsequently if the new purpose + is compatible with the original one (Recital 50). This is particularly the + case for statistical studies, where the results are aggregated and non-personal + data (Recital 162). + - urn: urn:intuitem:risk:req_node:gdpr:5.1.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:5.1 + ref_id: 5.1.c + description: "adequate, relevant and limited to what is necessary in relation\ + \ to the purposes for which they are processed (\u2018data minimisation\u2019\ + );" + - urn: urn:intuitem:risk:req_node:gdpr:5.1.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:5.1 + ref_id: 5.1.d + description: "accurate and, where necessary, kept up to date; every reasonable\ + \ step must be taken to ensure that personal data that are inaccurate, having\ + \ regard to the purposes for which they are processed, are erased or rectified\ + \ without delay (\u2018accuracy\u2019);" + - urn: urn:intuitem:risk:req_node:gdpr:5.1.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:5.1 + ref_id: 5.1.e + description: "kept in a form which permits identification of data subjects for\ + \ no longer than is necessary for the purposes for which the personal data\ + \ are processed; personal data may be stored for longer periods insofar as\ + \ the personal data will be processed solely for archiving purposes in the\ + \ public interest, scientific or historical research purposes or statistical\ + \ purposes in accordance with Article 89(1) subject to implementation of the\ + \ appropriate technical and organisational measures required by this Regulation\ + \ in order to safeguard the rights and freedoms of the data subject (\u2018\ + storage limitation\u2019);" + - urn: urn:intuitem:risk:req_node:gdpr:5.1.f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:5.1 + ref_id: 5.1.f + description: "processed in a manner that ensures appropriate security of the\ + \ personal data, including protection against unauthorised or unlawful processing\ + \ and against accidental loss, destruction or damage, using appropriate technical\ + \ or organisational measures (\u2018integrity and confidentiality\u2019)." + - urn: urn:intuitem:risk:req_node:gdpr:5.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-5 + ref_id: '5.2' + description: " The controller shall be responsible for, and be able to demonstrate\ + \ compliance with, paragraph 1 (\u2018accountability\u2019)." + - urn: urn:intuitem:risk:req_node:gdpr:article-6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ii + ref_id: Article 6 + description: Lawfulness of processing + - urn: urn:intuitem:risk:req_node:gdpr:6.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-6 + ref_id: '6.1' + description: 'Processing shall be lawful only if and to the extent that at least + one of the following applies:' + - urn: urn:intuitem:risk:req_node:gdpr:6.1.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.1 + ref_id: 6.1.a + description: the data subject has given consent to the processing of his or + her personal data for one or more specific purposes; + - urn: urn:intuitem:risk:req_node:gdpr:6.1.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.1 + ref_id: 6.1.b + description: processing is necessary for the performance of a contract to which + the data subject is party or in order to take steps at the request of the + data subject prior to entering into a contract; + - urn: urn:intuitem:risk:req_node:gdpr:6.1.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.1 + ref_id: 6.1.c + description: processing is necessary for compliance with a legal obligation + to which the controller is subject; + - urn: urn:intuitem:risk:req_node:gdpr:6.1.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.1 + ref_id: 6.1.d + description: processing is necessary in order to protect the vital interests + of the data subject or of another natural person; + - urn: urn:intuitem:risk:req_node:gdpr:6.1.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.1 + ref_id: 6.1.e + description: processing is necessary for the performance of a task carried out + in the public interest or in the exercise of official authority vested in + the controller; + - urn: urn:intuitem:risk:req_node:gdpr:6.1.f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.1 + ref_id: 6.1.f + description: processing is necessary for the purposes of the legitimate interests + pursued by the controller or by a third party, except where such interests + are overridden by the interests or fundamental rights and freedoms of the + data subject which require protection of personal data, in particular where + the data subject is a child. + - urn: urn:intuitem:risk:req_node:gdpr:node254 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.1 + description: Point (f) of the first subparagraph shall not apply to processing + carried out by public authorities in the performance of their tasks. + - urn: urn:intuitem:risk:req_node:gdpr:6.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-6 + ref_id: '6.2' + description: Member States may maintain or introduce more specific provisions + to adapt the application of the rules of this Regulation with regard to processing + for compliance with points (c) and (e) of paragraph 1 by determining more + precisely specific requirements for the processing and other measures to ensure + lawful and fair processing including for other specific processing situations + as provided for in Chapter IX. + - urn: urn:intuitem:risk:req_node:gdpr:6.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-6 + ref_id: '6.3' + description: 'The basis for the processing referred to in point (c) and (e) + of paragraph 1 shall be laid down by:' + - urn: urn:intuitem:risk:req_node:gdpr:6.3.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.3 + ref_id: 6.3.a + description: Union law; or + - urn: urn:intuitem:risk:req_node:gdpr:6.3.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.3 + ref_id: 6.3.b + description: Member State law to which the controller is subject. + - urn: urn:intuitem:risk:req_node:gdpr:node259 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.3 + description: 'The purpose of the processing shall be determined in that legal + basis or, as regards the processing referred to in point (e) of paragraph + 1, shall be necessary for the performance of a task carried out in the public + interest or in the exercise of official authority vested in the controller. + That legal basis may contain specific provisions to adapt the application + of rules of this Regulation, inter alia: the general conditions governing + the lawfulness of processing by the controller; the types of data which are + subject to the processing; the data subjects concerned; the entities to, and + the purposes for which, the personal data may be disclosed; the purpose limitation; + storage periods; and processing operations and processing procedures, including + measures to ensure lawful and fair processing such as those for other specific + processing situations as provided for in Chapter IX. The Union or the Member + State law shall meet an objective of public interest and be proportionate + to the legitimate aim pursued.' + - urn: urn:intuitem:risk:req_node:gdpr:6.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.3 + ref_id: '6.4' + description: ' Where the processing for a purpose other than that for which + the personal data have been collected is not based on the data subject''s + consent or on a Union or Member State law which constitutes a necessary and + proportionate measure in a democratic society to safeguard the objectives + referred to in Article 23(1), the controller shall, in order to ascertain + whether processing for another purpose is compatible with the purpose for + which the personal data are initially collected, take into account, inter + alia:' + - urn: urn:intuitem:risk:req_node:gdpr:6.4.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.4 + ref_id: 6.4.a + description: any link between the purposes for which the personal data have + been collected and the purposes of the intended further processing; + - urn: urn:intuitem:risk:req_node:gdpr:6.4.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.4 + ref_id: 6.4.b + description: the context in which the personal data have been collected, in + particular regarding the relationship between data subjects and the controller; + - urn: urn:intuitem:risk:req_node:gdpr:6.4.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.4 + ref_id: 6.4.c + description: the nature of the personal data, in particular whether special + categories of personal data are processed, pursuant to Article 9, or whether + personal data related to criminal convictions and offences are processed, + pursuant to Article 10; + - urn: urn:intuitem:risk:req_node:gdpr:6.4.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.4 + ref_id: 6.4.d + description: the possible consequences of the intended further processing for + data subjects; + - urn: urn:intuitem:risk:req_node:gdpr:6.4.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:6.4 + ref_id: 6.4.e + description: the existence of appropriate safeguards, which may include encryption + or pseudonymisation. + - urn: urn:intuitem:risk:req_node:gdpr:article-7 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ii + ref_id: Article 7 + description: Conditions for consent + - urn: urn:intuitem:risk:req_node:gdpr:7.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-7 + ref_id: '7.1' + description: Where processing is based on consent, the controller shall be able + to demonstrate that the data subject has consented to processing of his or + her personal data. + - urn: urn:intuitem:risk:req_node:gdpr:7.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-7 + ref_id: '7.2' + description: If the data subject's consent is given in the context of a written + declaration which also concerns other matters, the request for consent shall + be presented in a manner which is clearly distinguishable from the other matters, + in an intelligible and easily accessible form, using clear and plain language. + Any part of such a declaration which constitutes an infringement of this Regulation + shall not be binding. + annotation: To maintain adequate records of obtained consents. + - urn: urn:intuitem:risk:req_node:gdpr:7.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-7 + ref_id: '7.3' + description: The data subject shall have the right to withdraw his or her consent + at any time. The withdrawal of consent shall not affect the lawfulness of + processing based on consent before its withdrawal. Prior to giving consent, + the data subject shall be informed thereof. It shall be as easy to withdraw + as to give consent. + annotation: To implement simple and accessible mechanisms to allow individuals + to withdraw their consent + - urn: urn:intuitem:risk:req_node:gdpr:7.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-7 + ref_id: '7.4' + description: ' When assessing whether consent is freely given, utmost account + shall be taken of whether, inter alia, the performance of a contract, including + the provision of a service, is conditional on consent to the processing of + personal data that is not necessary for the performance of that contract.' + annotation: To present each purpose separately and obtain specific consent for + each one + - urn: urn:intuitem:risk:req_node:gdpr:article-8 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ii + ref_id: Article 8 + description: Conditions applicable to child's consent in relation to information + society services + - urn: urn:intuitem:risk:req_node:gdpr:8.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-8 + ref_id: '8.1' + description: Where point (a) of Article 6(1) applies, in relation to the offer + of information society services directly to a child, the processing of the + personal data of a child shall be lawful where the child is at least 16 years + old. Where the child is below the age of 16 years, such processing shall be + lawful only if and to the extent that consent is given or authorised by the + holder of parental responsibility over the child. + - urn: urn:intuitem:risk:req_node:gdpr:node273 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-8 + description: Member States may provide by law for a lower age for those purposes + provided that such lower age is not below 13 years. + annotation: The age of consent is 13 years in Estonia, Denmark, Belgium, Ireland, + Finland, Poland, Latvia, Spain, Portugal, the United Kingdom, and Sweden, + 15 years in France, 16 years in Germany, and 14 years in Italy + - urn: urn:intuitem:risk:req_node:gdpr:8.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-8 + ref_id: '8.2' + description: The controller shall make reasonable efforts to verify in such + cases that consent is given or authorised by the holder of parental responsibility + over the child, taking into consideration available technology. + - urn: urn:intuitem:risk:req_node:gdpr:8.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-8 + ref_id: '8.3' + description: Paragraph 1 shall not affect the general contract law of Member + States such as the rules on the validity, formation or effect of a contract + in relation to a child. + - urn: urn:intuitem:risk:req_node:gdpr:article-9 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ii + ref_id: Article 9 + description: Processing of special categories of personal data + - urn: urn:intuitem:risk:req_node:gdpr:9.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-9 + ref_id: '9.1' + description: Processing of personal data revealing racial or ethnic origin, + political opinions, religious or philosophical beliefs, or trade union membership, + and the processing of genetic data, biometric data for the purpose of uniquely + identifying a natural person, data concerning health or data concerning a + natural person's sex life or sexual orientation shall be prohibited. + - urn: urn:intuitem:risk:req_node:gdpr:9.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-9 + ref_id: '9.2' + description: 'Paragraph 1 shall not apply if one of the following applies:' + - urn: urn:intuitem:risk:req_node:gdpr:9.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.a + description: the data subject has given explicit consent to the processing of + those personal data for one or more specified purposes, except where Union + or Member State law provide that the prohibition referred to in paragraph + 1 may not be lifted by the data subject; + - urn: urn:intuitem:risk:req_node:gdpr:9.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.b + description: processing is necessary for the purposes of carrying out the obligations + and exercising specific rights of the controller or of the data subject in + the field of employment and social security and social protection law in so + far as it is authorised by Union or Member State law or a collective agreement + pursuant to Member State law providing for appropriate safeguards for the + fundamental rights and the interests of the data subject; + - urn: urn:intuitem:risk:req_node:gdpr:9.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.c + description: ' processing is necessary to protect the vital interests of the + data subject or of another natural person where the data subject is physically + or legally incapable of giving consent;' + - urn: urn:intuitem:risk:req_node:gdpr:9.2.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.d + description: processing is carried out in the course of its legitimate activities + with appropriate safeguards by a foundation, association or any other not-for-profit + body with a political, philosophical, religious or trade union aim and on + condition that the processing relates solely to the members or to former members + of the body or to persons who have regular contact with it in connection with + its purposes and that the personal data are not disclosed outside that body + without the consent of the data subjects; + - urn: urn:intuitem:risk:req_node:gdpr:9.2.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.e + description: processing relates to personal data which are manifestly made public + by the data subject; + - urn: urn:intuitem:risk:req_node:gdpr:9.2.f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.f + description: processing is necessary for the establishment, exercise or defence + of legal claims or whenever courts are acting in their judicial capacity; + - urn: urn:intuitem:risk:req_node:gdpr:9.2.g + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.g + description: processing is necessary for reasons of substantial public interest, + on the basis of Union or Member State law which shall be proportionate to + the aim pursued, respect the essence of the right to data protection and provide + for suitable and specific measures to safeguard the fundamental rights and + the interests of the data subject; + - urn: urn:intuitem:risk:req_node:gdpr:9.2.h + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.h + description: processing is necessary for the purposes of preventive or occupational + medicine, for the assessment of the working capacity of the employee, medical + diagnosis, the provision of health or social care or treatment or the management + of health or social care systems and services on the basis of Union or Member + State law or pursuant to contract with a health professional and subject to + the conditions and safeguards referred to in paragraph 3; + - urn: urn:intuitem:risk:req_node:gdpr:9.2.i + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.i + description: processing is necessary for reasons of public interest in the area + of public health, such as protecting against serious cross-border threats + to health or ensuring high standards of quality and safety of health care + and of medicinal products or medical devices, on the basis of Union or Member + State law which provides for suitable and specific measures to safeguard the + rights and freedoms of the data subject, in particular professional secrecy; + - urn: urn:intuitem:risk:req_node:gdpr:9.2.j + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:9.2 + ref_id: 9.2.j + description: processing is necessary for archiving purposes in the public interest, + scientific or historical research purposes or statistical purposes in accordance + with Article 89(1) based on Union or Member State law which shall be proportionate + to the aim pursued, respect the essence of the right to data protection and + provide for suitable and specific measures to safeguard the fundamental rights + and the interests of the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:9.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-9 + ref_id: '9.3' + description: Personal data referred to in paragraph 1 may be processed for the + purposes referred to in point (h) of paragraph 2 when those data are processed + by or under the responsibility of a professional subject to the obligation + of professional secrecy under Union or Member State law or rules established + by national competent bodies or by another person also subject to an obligation + of secrecy under Union or Member State law or rules established by national + competent bodies. + - urn: urn:intuitem:risk:req_node:gdpr:9.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-9 + ref_id: '9.4' + description: Member States may maintain or introduce further conditions, including + limitations, with regard to the processing of genetic data, biometric data + or data concerning health. + annotation: to comply with additional legal obligations + - urn: urn:intuitem:risk:req_node:gdpr:article-10 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ii + ref_id: Article 10 + description: Processing of personal data relating to criminal convictions and + offences + - urn: urn:intuitem:risk:req_node:gdpr:node292 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-10 + description: Processing of personal data relating to criminal convictions and + offences or related security measures based on Article 6(1) shall be carried + out only under the control of official authority or when the processing is + authorised by Union or Member State law providing for appropriate safeguards + for the rights and freedoms of data subjects. Any comprehensive register of + criminal convictions shall be kept only under the control of official authority. + - urn: urn:intuitem:risk:req_node:gdpr:article-11 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ii + ref_id: Article 11 + description: Processing which does not require identification + - urn: urn:intuitem:risk:req_node:gdpr:11.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-11 + ref_id: '11.1' + description: ' If the purposes for which a controller processes personal data + do not or do no longer require the identification of a data subject by the + controller, the controller shall not be obliged to maintain, acquire or process + additional information in order to identify the data subject for the sole + purpose of complying with this Regulation.' + - urn: urn:intuitem:risk:req_node:gdpr:11.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-11 + ref_id: '11.2' + description: Where, in cases referred to in paragraph 1 of this Article, the + controller is able to demonstrate that it is not in a position to identify + the data subject, the controller shall inform the data subject accordingly, + if possible. In such cases, Articles 15 to 20 shall not apply except where + the data subject, for the purpose of exercising his or her rights under those + articles, provides additional information enabling his or her identification. + - urn: urn:intuitem:risk:req_node:gdpr:chapter-iii + assessable: false + depth: 1 + ref_id: CHAPTER III + description: Rights of the data subject + - urn: urn:intuitem:risk:req_node:gdpr:node297 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iii + name: Section 1 + description: Transparency and modalities + - urn: urn:intuitem:risk:req_node:gdpr:article-12 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node297 + ref_id: Article 12 + description: Transparent information, communication and modalities for the exercise + of the rights of the data subject + - urn: urn:intuitem:risk:req_node:gdpr:12.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + ref_id: '12.1' + description: The controller shall take appropriate measures to provide any information + referred to in Articles 13 and 14 and any communication under Articles 15 + to 22 and 34 relating to processing to the data subject in a concise, transparent, + intelligible and easily accessible form, using clear and plain language, in + particular for any information addressed specifically to a child. The information + shall be provided in writing, or by other means, including, where appropriate, + by electronic means. When requested by the data subject, the information may + be provided orally, provided that the identity of the data subject is proven + by other means. + - urn: urn:intuitem:risk:req_node:gdpr:12.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + ref_id: '12.2' + description: The controller shall facilitate the exercise of data subject rights + under Articles 15 to 22. In the cases referred to in Article 11(2), the controller + shall not refuse to act on the request of the data subject for exercising + his or her rights under Articles 15 to 22, unless the controller demonstrates + that it is not in a position to identify the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:12.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + ref_id: '12.3' + description: The controller shall provide information on action taken on a request + under Articles 15 to 22 to the data subject without undue delay and in any + event within one month of receipt of the request. That period may be extended + by two further months where necessary, taking into account the complexity + and number of the requests. The controller shall inform the data subject of + any such extension within one month of receipt of the request, together with + the reasons for the delay. Where the data subject makes the request by electronic + form means, the information shall be provided by electronic means where possible, + unless otherwise requested by the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:12.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + ref_id: '12.4' + description: ' If the controller does not take action on the request of the + data subject, the controller shall inform the data subject without delay and + at the latest within one month of receipt of the request of the reasons for + not taking action and on the possibility of lodging a complaint with a supervisory + authority and seeking a judicial remedy.' + - urn: urn:intuitem:risk:req_node:gdpr:12.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + ref_id: '12.5' + description: 'Information provided under Articles 13 and 14 and any communication + and any actions taken under Articles 15 to 22 and 34 shall be provided free + of charge. Where requests from a data subject are manifestly unfounded or + excessive, in particular because of their repetitive character, the controller + may either:' + - urn: urn:intuitem:risk:req_node:gdpr:12.5.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:12.5 + ref_id: 12.5.a + description: charge a reasonable fee taking into account the administrative + costs of providing the information or communication or taking the action requested; + or + - urn: urn:intuitem:risk:req_node:gdpr:12.5.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:12.5 + ref_id: 12.5.b + description: ' refuse to act on the request.' + - urn: urn:intuitem:risk:req_node:gdpr:node306 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + description: The controller shall bear the burden of demonstrating the manifestly + unfounded or excessive character of the request. + - urn: urn:intuitem:risk:req_node:gdpr:12.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + ref_id: '12.6' + description: Without prejudice to Article 11, where the controller has reasonable + doubts concerning the identity of the natural person making the request referred + to in Articles 15 to 21, the controller may request the provision of additional + information necessary to confirm the identity of the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:12.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + ref_id: '12.7' + description: ' The information to be provided to data subjects pursuant to Articles + 13 and 14 may be provided in combination with standardised icons in order + to give in an easily visible, intelligible and clearly legible manner a meaningful + overview of the intended processing. Where the icons are presented electronically + they shall be machine-readable.' + - urn: urn:intuitem:risk:req_node:gdpr:12.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-12 + ref_id: '12.8' + description: The Commission shall be empowered to adopt delegated acts in accordance + with Article 92 for the purpose of determining the information to be presented + by the icons and the procedures for providing standardised icons. + - urn: urn:intuitem:risk:req_node:gdpr:node310 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iii + name: Section 2 + description: Information and access to personal data + - urn: urn:intuitem:risk:req_node:gdpr:article-13 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node310 + ref_id: Article 13 + description: Information to be provided where personal data are collected from + the data subject + - urn: urn:intuitem:risk:req_node:gdpr:13.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-13 + ref_id: '13.1' + description: 'Where personal data relating to a data subject are collected from + the data subject, the controller shall, at the time when personal data are + obtained, provide the data subject with all of the following information:' + - urn: urn:intuitem:risk:req_node:gdpr:13.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.1 + ref_id: 13.1.a + description: the identity and the contact details of the controller and, where + applicable, of the controller's representative; + - urn: urn:intuitem:risk:req_node:gdpr:13.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.1 + ref_id: 13.1.b + description: ' the contact details of the data protection officer, where applicable;' + - urn: urn:intuitem:risk:req_node:gdpr:13.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.1 + ref_id: 13.1.c + description: the purposes of the processing for which the personal data are + intended as well as the legal basis for the processing; + - urn: urn:intuitem:risk:req_node:gdpr:13.1.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.1 + ref_id: 13.1.d + description: ' where the processing is based on point (f) of Article 6(1), the + legitimate interests pursued by the controller or by a third party;' + - urn: urn:intuitem:risk:req_node:gdpr:13.1.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.1 + ref_id: 13.1.e + description: the recipients or categories of recipients of the personal data, + if any; + - urn: urn:intuitem:risk:req_node:gdpr:13.1.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.1 + ref_id: 13.1.f + description: where applicable, the fact that the controller intends to transfer + personal data to a third country or international organisation and the existence + or absence of an adequacy decision by the Commission, or in the case of transfers + referred to in Article 46 or 47, or the second subparagraph of Article 49(1), + reference to the appropriate or suitable safeguards and the means by which + to obtain a copy of them or where they have been made available. + - urn: urn:intuitem:risk:req_node:gdpr:13.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-13 + ref_id: '13.2' + description: 'In addition to the information referred to in paragraph 1, the + controller shall, at the time when personal data are obtained, provide the + data subject with the following further information necessary to ensure fair + and transparent processing:' + - urn: urn:intuitem:risk:req_node:gdpr:13.2.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.2 + ref_id: 13.2.a + description: the period for which the personal data will be stored, or if that + is not possible, the criteria used to determine that period; + - urn: urn:intuitem:risk:req_node:gdpr:13.2.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.2 + ref_id: 13.2.b + description: the existence of the right to request from the controller access + to and rectification or erasure of personal data or restriction of processing + concerning the data subject or to object to processing as well as the right + to data portability; + - urn: urn:intuitem:risk:req_node:gdpr:13.2.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.2 + ref_id: 13.2.c + description: where the processing is based on point (a) of Article 6(1) or point + (a) of Article 9(2), the existence of the right to withdraw consent at any + time, without affecting the lawfulness of processing based on consent before + its withdrawal; + - urn: urn:intuitem:risk:req_node:gdpr:13.2.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.2 + ref_id: 13.2.d + description: the right to lodge a complaint with a supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:13.2.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.2 + ref_id: 13.2.e + description: whether the provision of personal data is a statutory or contractual + requirement, or a requirement necessary to enter into a contract, as well + as whether the data subject is obliged to provide the personal data and of + the possible consequences of failure to provide such data; + - urn: urn:intuitem:risk:req_node:gdpr:13.2.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:13.2 + ref_id: 13.2.f + description: the existence of automated decision-making, including profiling, + referred to in Article 22(1) and (4) and, at least in those cases, meaningful + information about the logic involved, as well as the significance and the + envisaged consequences of such processing for the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:13.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-13 + ref_id: '13.3' + description: ' Where the controller intends to further process the personal + data for a purpose other than that for which the personal data were collected, + the controller shall provide the data subject prior to that further processing + with information on that other purpose and with any relevant further information + as referred to in paragraph 2.' + - urn: urn:intuitem:risk:req_node:gdpr:13.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-13 + ref_id: '13.4' + description: Paragraphs 1, 2 and 3 shall not apply where and insofar as the + data subject already has the information. + - urn: urn:intuitem:risk:req_node:gdpr:article-14 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node310 + ref_id: Article 14 + description: Information to be provided where personal data have not been obtained + from the data subject + - urn: urn:intuitem:risk:req_node:gdpr:14.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-14 + ref_id: '14.1' + description: 'Where personal data have not been obtained from the data subject, + the controller shall provide the data subject with the following information:' + - urn: urn:intuitem:risk:req_node:gdpr:14.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.1 + ref_id: 14.1.a + description: the identity and the contact details of the controller and, where + applicable, of the controller's representative; + - urn: urn:intuitem:risk:req_node:gdpr:14.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.1 + ref_id: 14.1.b + description: the contact details of the data protection officer, where applicable; + - urn: urn:intuitem:risk:req_node:gdpr:14.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.1 + ref_id: 14.1.c + description: the purposes of the processing for which the personal data are + intended as well as the legal basis for the processing; + - urn: urn:intuitem:risk:req_node:gdpr:14.1.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.1 + ref_id: 14.1.d + description: the categories of personal data concerned; + - urn: urn:intuitem:risk:req_node:gdpr:14.1.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.1 + ref_id: 14.1.e + description: the recipients or categories of recipients of the personal data, + if any; + - urn: urn:intuitem:risk:req_node:gdpr:14.1.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.1 + ref_id: 14.1.f + description: where applicable, that the controller intends to transfer personal + data to a recipient in a third country or international organisation and the + existence or absence of an adequacy decision by the Commission, or in the + case of transfers referred to in Article 46 or 47, or the second subparagraph + of Article 49(1), reference to the appropriate or suitable safeguards and + the means to obtain a copy of them or where they have been made available. + - urn: urn:intuitem:risk:req_node:gdpr:14.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-14 + ref_id: '14.2' + description: 'In addition to the information referred to in paragraph 1, the + controller shall provide the data subject with the following information necessary + to ensure fair and transparent processing in respect of the data subject:' + - urn: urn:intuitem:risk:req_node:gdpr:14.2.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.2 + ref_id: 14.2.a + description: the period for which the personal data will be stored, or if that + is not possible, the criteria used to determine that period; + - urn: urn:intuitem:risk:req_node:gdpr:14.2.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.2 + ref_id: 14.2.b + description: where the processing is based on point (f) of Article 6(1), the + legitimate interests pursued by the controller or by a third party; + - urn: urn:intuitem:risk:req_node:gdpr:14.2.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.2 + ref_id: 14.2.c + description: the existence of the right to request from the controller access + to and rectification or erasure of personal data or restriction of processing + concerning the data subject and to object to processing as well as the right + to data portability; + - urn: urn:intuitem:risk:req_node:gdpr:14.2.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.2 + ref_id: 14.2.d + description: where processing is based on point (a) of Article 6(1) or point + (a) of Article 9(2), the existence of the right to withdraw consent at any + time, without affecting the lawfulness of processing based on consent before + its withdrawal; + - urn: urn:intuitem:risk:req_node:gdpr:14.2.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.2 + ref_id: 14.2.e + description: ' the right to lodge a complaint with a supervisory authority;' + - urn: urn:intuitem:risk:req_node:gdpr:14.2.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.2 + ref_id: 14.2.f + description: from which source the personal data originate, and if applicable, + whether it came from publicly accessible sources; + - urn: urn:intuitem:risk:req_node:gdpr:14.2.g + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.2 + ref_id: 14.2.g + description: ' the existence of automated decision-making, including profiling, + referred to in Article 22(1) and (4) and, at least in those cases, meaningful + information about the logic involved, as well as the significance and the + envisaged consequences of such processing for the data subject.' + - urn: urn:intuitem:risk:req_node:gdpr:14.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-14 + ref_id: '14.3' + description: ' The controller shall provide the information referred to in paragraphs + 1 and 2:' + - urn: urn:intuitem:risk:req_node:gdpr:14.3.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.3 + ref_id: 14.3.a + description: within a reasonable period after obtaining the personal data, but + at the latest within one month, having regard to the specific circumstances + in which the personal data are processed; + - urn: urn:intuitem:risk:req_node:gdpr:14.3.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.3 + ref_id: 14.3.b + description: if the personal data are to be used for communication with the + data subject, at the latest at the time of the first communication to that + data subject; or + - urn: urn:intuitem:risk:req_node:gdpr:14.3.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.3 + ref_id: 14.3.c + description: if a disclosure to another recipient is envisaged, at the latest + when the personal data are first disclosed. + - urn: urn:intuitem:risk:req_node:gdpr:14.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-14 + ref_id: '14.4' + description: Where the controller intends to further process the personal data + for a purpose other than that for which the personal data were obtained, the + controller shall provide the data subject prior to that further processing + with information on that other purpose and with any relevant further information + as referred to in paragraph 2. + - urn: urn:intuitem:risk:req_node:gdpr:14.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-14 + ref_id: '14.5' + description: 'Paragraphs 1 to 4 shall not apply where and insofar as:' + - urn: urn:intuitem:risk:req_node:gdpr:14.5.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.5 + ref_id: 14.5.a + description: the data subject already has the information; + - urn: urn:intuitem:risk:req_node:gdpr:14.5.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.5 + ref_id: 14.5.b + description: the provision of such information proves impossible or would involve + a disproportionate effort, in particular for processing for archiving purposes + in the public interest, scientific or historical research purposes or statistical + purposes, subject to the conditions and safeguards referred to in Article + 89(1) or in so far as the obligation referred to in paragraph 1 of this Article + is likely to render impossible or seriously impair the achievement of the + objectives of that processing. In such cases the controller shall take appropriate + measures to protect the data subject's rights and freedoms and legitimate + interests, including making the information publicly available; + - urn: urn:intuitem:risk:req_node:gdpr:14.5.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.5 + ref_id: 14.5.c + description: obtaining or disclosure is expressly laid down by Union or Member + State law to which the controller is subject and which provides appropriate + measures to protect the data subject's legitimate interests; or + - urn: urn:intuitem:risk:req_node:gdpr:14.5.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:14.5 + ref_id: 14.5.d + description: ' where the personal data must remain confidential subject to an + obligation of professional secrecy regulated by Union or Member State law, + including a statutory obligation of secrecy.' + - urn: urn:intuitem:risk:req_node:gdpr:article-15 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node310 + ref_id: Article 15 + description: Right of access by the data subject + - urn: urn:intuitem:risk:req_node:gdpr:15.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-15 + ref_id: '15.1' + description: 'The data subject shall have the right to obtain from the controller + confirmation as to whether or not personal data concerning him or her are + being processed, and, where that is the case, access to the personal data + and the following information:' + annotation: The data controller must confirm if personal data concerning the + data subject are being processed and, if so, provide access to the data and + the following information. + - urn: urn:intuitem:risk:req_node:gdpr:15.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:15.1 + ref_id: 15.1.a + description: the purposes of the processing; + - urn: urn:intuitem:risk:req_node:gdpr:15.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:15.1 + ref_id: 15.1.b + description: the categories of personal data concerned; + - urn: urn:intuitem:risk:req_node:gdpr:15.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:15.1 + ref_id: 15.1.c + description: the recipients or categories of recipient to whom the personal + data have been or will be disclosed, in particular recipients in third countries + or international organisations; + - urn: urn:intuitem:risk:req_node:gdpr:15.1.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:15.1 + ref_id: 15.1.d + description: ' where possible, the envisaged period for which the personal data + will be stored, or, if not possible, the criteria used to determine that period;' + - urn: urn:intuitem:risk:req_node:gdpr:15.1.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:15.1 + ref_id: 15.1.e + description: the existence of the right to request from the controller rectification + or erasure of personal data or restriction of processing of personal data + concerning the data subject or to object to such processing; + - urn: urn:intuitem:risk:req_node:gdpr:15.1.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:15.1 + ref_id: 15.1.f + description: the right to lodge a complaint with a supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:15.1.g + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:15.1 + ref_id: 15.1.g + description: where the personal data are not collected from the data subject, + any available information as to their source; + - urn: urn:intuitem:risk:req_node:gdpr:15.1.h + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:15.1 + ref_id: 15.1.h + description: the existence of automated decision-making, including profiling, + referred to in Article 22(1) and (4) and, at least in those cases, meaningful + information about the logic involved, as well as the significance and the + envisaged consequences of such processing for the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:15.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-15 + ref_id: '15.2' + description: Where personal data are transferred to a third country or to an + international organisation, the data subject shall have the right to be informed + of the appropriate safeguards pursuant to Article 46 relating to the transfer. + - urn: urn:intuitem:risk:req_node:gdpr:15.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-15 + ref_id: '15.3' + description: The controller shall provide a copy of the personal data undergoing + processing. For any further copies requested by the data subject, the controller + may charge a reasonable fee based on administrative costs. Where the data + subject makes the request by electronic means, and unless otherwise requested + by the data subject, the information shall be provided in a commonly used + electronic form. + - urn: urn:intuitem:risk:req_node:gdpr:15.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-15 + ref_id: '15.4' + description: The right to obtain a copy referred to in paragraph 3 shall not + adversely affect the rights and freedoms of others. + - urn: urn:intuitem:risk:req_node:gdpr:node367 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iii + name: Section 3 + description: Rectification and erasure + - urn: urn:intuitem:risk:req_node:gdpr:article-16 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node367 + ref_id: Article 16 + description: Right to rectification + - urn: urn:intuitem:risk:req_node:gdpr:node369 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-16 + description: The data subject shall have the right to obtain from the controller + without undue delay the rectification of inaccurate personal data concerning + him or her. Taking into account the purposes of the processing, the data subject + shall have the right to have incomplete personal data completed, including + by means of providing a supplementary statement. + - urn: urn:intuitem:risk:req_node:gdpr:article-17 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node367 + ref_id: Article 17 + description: "Right to erasure (\u2018right to be forgotten\u2019)" + - urn: urn:intuitem:risk:req_node:gdpr:17.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-17 + ref_id: '17.1' + description: 'The data subject shall have the right to obtain from the controller + the erasure of personal data concerning him or her without undue delay and + the controller shall have the obligation to erase personal data without undue + delay where one of the following grounds applies:' + annotation: Set up a follow-up procedure to inform other controllers processing + the data subject to the erasure request, as it is the duty of the data controller. + - urn: urn:intuitem:risk:req_node:gdpr:17.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.1 + ref_id: 17.1.a + description: the personal data are no longer necessary in relation to the purposes + for which they were collected or otherwise processed; + annotation: Set up a follow-up procedure to inform other controllers processing + the data subject to the erasure request, as it is the duty of the data controller. + - urn: urn:intuitem:risk:req_node:gdpr:17.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.1 + ref_id: 17.1.b + description: ' the data subject withdraws consent on which the processing is + based according to point (a) of Article 6(1), or point (a) of Article 9(2), + and where there is no other legal ground for the processing;' + annotation: Set up a follow-up procedure to inform other controllers processing + the data subject to the erasure request, as it is the duty of the data controller. + - urn: urn:intuitem:risk:req_node:gdpr:17.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.1 + ref_id: 17.1.c + description: the data subject objects to the processing pursuant to Article + 21(1) and there are no overriding legitimate grounds for the processing, or + the data subject objects to the processing pursuant to Article 21(2); + - urn: urn:intuitem:risk:req_node:gdpr:17.1.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.1 + ref_id: 17.1.d + description: the personal data have been unlawfully processed; + - urn: urn:intuitem:risk:req_node:gdpr:17.1.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.1 + ref_id: 17.1.e + description: the personal data have to be erased for compliance with a legal + obligation in Union or Member State law to which the controller is subject; + - urn: urn:intuitem:risk:req_node:gdpr:17.1.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.1 + ref_id: 17.1.f + description: the personal data have been collected in relation to the offer + of information society services referred to in Article 8(1). + - urn: urn:intuitem:risk:req_node:gdpr:17.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-17 + ref_id: '17.2' + description: Where the controller has made the personal data public and is obliged + pursuant to paragraph 1 to erase the personal data, the controller, taking + account of available technology and the cost of implementation, shall take + reasonable steps, including technical measures, to inform controllers which + are processing the personal data that the data subject has requested the erasure + by such controllers of any links to, or copy or replication of, those personal + data. + annotation: 'To implement measures to ensure that these links are not accessible + from within the EU, if necessary. + + + In the judgment of the Court of Justice of the European Union (CJEU) in the + case of Google v. CNIL (2019) C-507/17, it is stated that the judge or the + data protection authority may order the search engine operator to delist the + result on the national extensions of the search engine but also, if necessary, + on all the extensions of the digital territories of all EU member states.' + - urn: urn:intuitem:risk:req_node:gdpr:17.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-17 + ref_id: '17.3' + description: 'Paragraphs 1 and 2 shall not apply to the extent that processing + is necessary:' + - urn: urn:intuitem:risk:req_node:gdpr:17.3.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.3 + ref_id: 17.3.a + description: for exercising the right of freedom of expression and information; + - urn: urn:intuitem:risk:req_node:gdpr:17.3.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.3 + ref_id: 17.3.b + description: for compliance with a legal obligation which requires processing + by Union or Member State law to which the controller is subject or for the + performance of a task carried out in the public interest or in the exercise + of official authority vested in the controller; + - urn: urn:intuitem:risk:req_node:gdpr:17.3.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.3 + ref_id: 17.3.c + description: for reasons of public interest in the area of public health in + accordance with points (h) and (i) of Article 9(2) as well as Article 9(3); + - urn: urn:intuitem:risk:req_node:gdpr:17.3.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.3 + ref_id: 17.3.d + description: for archiving purposes in the public interest, scientific or historical + research purposes or statistical purposes in accordance with Article 89(1) + in so far as the right referred to in paragraph 1 is likely to render impossible + or seriously impair the achievement of the objectives of that processing; + or + - urn: urn:intuitem:risk:req_node:gdpr:17.3.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:17.3 + ref_id: 17.3.e + description: for the establishment, exercise or defence of legal claims. + - urn: urn:intuitem:risk:req_node:gdpr:article-18 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node367 + ref_id: Article 18 + description: Right to restriction of processing + - urn: urn:intuitem:risk:req_node:gdpr:18.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-18 + ref_id: '18.1' + description: ' The data subject shall have the right to obtain from the controller + restriction of processing where one of the following applies:' + annotation: The controller must comply with the data restriction request. + - urn: urn:intuitem:risk:req_node:gdpr:18.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:18.1 + ref_id: 18.1.a + description: the accuracy of the personal data is contested by the data subject, + for a period enabling the controller to verify the accuracy of the personal + data; + - urn: urn:intuitem:risk:req_node:gdpr:18.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:18.1 + ref_id: 18.1.b + description: the processing is unlawful and the data subject opposes the erasure + of the personal data and requests the restriction of their use instead; + - urn: urn:intuitem:risk:req_node:gdpr:18.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:18.1 + ref_id: 18.1.c + description: the controller no longer needs the personal data for the purposes + of the processing, but they are required by the data subject for the establishment, + exercise or defence of legal claims; + - urn: urn:intuitem:risk:req_node:gdpr:18.1.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:18.1 + ref_id: 18.1.d + description: the data subject has objected to processing pursuant to Article + 21(1) pending the verification whether the legitimate grounds of the controller + override those of the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:18.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-18 + ref_id: '18.2' + description: Where processing has been restricted under paragraph 1, such personal + data shall, with the exception of storage, only be processed with the data + subject's consent or for the establishment, exercise or defence of legal claims + or for the protection of the rights of another natural or legal person or + for reasons of important public interest of the Union or of a Member State. + - urn: urn:intuitem:risk:req_node:gdpr:18.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-18 + ref_id: '18.3' + description: ' A data subject who has obtained restriction of processing pursuant + to paragraph 1 shall be informed by the controller before the restriction + of processing is lifted.' + - urn: urn:intuitem:risk:req_node:gdpr:article-19 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node367 + ref_id: Article 19 + description: Notification obligation regarding rectification or erasure of personal + data or restriction of processing + - urn: urn:intuitem:risk:req_node:gdpr:node394 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-19 + description: The controller shall communicate any rectification or erasure of + personal data or restriction of processing carried out in accordance with + Article 16, Article 17(1) and Article 18 to each recipient to whom the personal + data have been disclosed, unless this proves impossible or involves disproportionate + effort. The controller shall inform the data subject about those recipients + if the data subject requests it. + - urn: urn:intuitem:risk:req_node:gdpr:article-20 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node367 + ref_id: Article 20 + description: Right to data portability + - urn: urn:intuitem:risk:req_node:gdpr:20.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-20 + ref_id: '20.1' + description: 'The data subject shall have the right to receive the personal + data concerning him or her, which he or she has provided to a controller, + in a structured, commonly used and machine-readable format and have the right + to transmit those data to another controller without hindrance from the controller + to which the personal data have been provided, where:' + - urn: urn:intuitem:risk:req_node:gdpr:20.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:20.1 + ref_id: 20.1.a + description: the processing is based on consent pursuant to point (a) of Article + 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of + Article 6(1); and + - urn: urn:intuitem:risk:req_node:gdpr:20.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:20.1 + ref_id: 20.1.b + description: the processing is carried out by automated means. + - urn: urn:intuitem:risk:req_node:gdpr:20.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-20 + ref_id: '20.2' + description: ' In exercising his or her right to data portability pursuant to + paragraph 1, the data subject shall have the right to have the personal data + transmitted directly from one controller to another, where technically feasible.' + - urn: urn:intuitem:risk:req_node:gdpr:20.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-20 + ref_id: '20.3' + description: The exercise of the right referred to in paragraph 1 of this Article + shall be without prejudice to Article 17. That right shall not apply to processing + necessary for the performance of a task carried out in the public interest + or in the exercise of official authority vested in the controller. + - urn: urn:intuitem:risk:req_node:gdpr:20.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-20 + ref_id: '20.4' + description: The right referred to in paragraph 1 shall not adversely affect + the rights and freedoms of others. + - urn: urn:intuitem:risk:req_node:gdpr:node402 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iii + name: Section 4 + description: Right to object and automated individual decision-making + - urn: urn:intuitem:risk:req_node:gdpr:article-21 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node402 + ref_id: Article 21 + description: Right to object + - urn: urn:intuitem:risk:req_node:gdpr:21.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-21 + ref_id: '21.1' + description: The data subject shall have the right to object, on grounds relating + to his or her particular situation, at any time to processing of personal + data concerning him or her which is based on point (e) or (f) of Article 6(1), + including profiling based on those provisions. The controller shall no longer + process the personal data unless the controller demonstrates compelling legitimate + grounds for the processing which override the interests, rights and freedoms + of the data subject or for the establishment, exercise or defence of legal + claims. + - urn: urn:intuitem:risk:req_node:gdpr:21.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-21 + ref_id: '21.2' + description: Where personal data are processed for direct marketing purposes, + the data subject shall have the right to object at any time to processing + of personal data concerning him or her for such marketing, which includes + profiling to the extent that it is related to such direct marketing. + - urn: urn:intuitem:risk:req_node:gdpr:21.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-21 + ref_id: '21.3' + description: Where the data subject objects to processing for direct marketing + purposes, the personal data shall no longer be processed for such purposes. + - urn: urn:intuitem:risk:req_node:gdpr:21.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-21 + ref_id: '21.4' + description: At the latest at the time of the first communication with the data + subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought + to the attention of the data subject and shall be presented clearly and separately + from any other information. + - urn: urn:intuitem:risk:req_node:gdpr:21.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-21 + ref_id: '21.5' + description: In the context of the use of information society services, and + notwithstanding Directive 2002/58/EC, the data subject may exercise his or + her right to object by automated means using technical specifications. + - urn: urn:intuitem:risk:req_node:gdpr:21.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-21 + ref_id: '21.6' + description: Where personal data are processed for scientific or historical + research purposes or statistical purposes pursuant to Article 89(1), the data + subject, on grounds relating to his or her particular situation, shall have + the right to object to processing of personal data concerning him or her, + unless the processing is necessary for the performance of a task carried out + for reasons of public interest. + - urn: urn:intuitem:risk:req_node:gdpr:article-22 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node402 + ref_id: Article 22 + description: Automated individual decision-making, including profiling + - urn: urn:intuitem:risk:req_node:gdpr:22.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-22 + ref_id: '22.1' + description: The data subject shall have the right not to be subject to a decision + based solely on automated processing, including profiling, which produces + legal effects concerning him or her or similarly significantly affects him + or her. + - urn: urn:intuitem:risk:req_node:gdpr:22.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-22 + ref_id: '22.2' + description: 'Paragraph 1 shall not apply if the decision:' + - urn: urn:intuitem:risk:req_node:gdpr:22.2.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:22.2 + ref_id: 22.2.a + description: is necessary for entering into, or performance of, a contract between + the data subject and a data controller; + - urn: urn:intuitem:risk:req_node:gdpr:22.2.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:22.2 + ref_id: 22.2.b + description: is authorised by Union or Member State law to which the controller + is subject and which also lays down suitable measures to safeguard the data + subject's rights and freedoms and legitimate interests; or + - urn: urn:intuitem:risk:req_node:gdpr:22.2.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:22.2 + ref_id: 22.2.c + description: is based on the data subject's explicit consent. + - urn: urn:intuitem:risk:req_node:gdpr:22.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-22 + ref_id: '22.3' + description: In the cases referred to in points (a) and (c) of paragraph 2, + the data controller shall implement suitable measures to safeguard the data + subject's rights and freedoms and legitimate interests, at least the right + to obtain human intervention on the part of the controller, to express his + or her point of view and to contest the decision. + annotation: To implement systems and technical processes that allow individuals + to exercise their right to object in an automated manner. + - urn: urn:intuitem:risk:req_node:gdpr:22.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-22 + ref_id: '22.4' + description: ' Decisions referred to in paragraph 2 shall not be based on special + categories of personal data referred to in Article 9(1), unless point (a) + or (g) of Article 9(2) applies and suitable measures to safeguard the data + subject''s rights and freedoms and legitimate interests are in place.' + - urn: urn:intuitem:risk:req_node:gdpr:node418 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iii + name: Section 5 + description: Restrictions + - urn: urn:intuitem:risk:req_node:gdpr:article-23 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node418 + ref_id: Article 23 + description: Restrictions + - urn: urn:intuitem:risk:req_node:gdpr:23.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-23 + ref_id: '23.1' + description: 'Union or Member State law to which the data controller or processor + is subject may restrict by way of a legislative measure the scope of the obligations + and rights provided for in Articles 12 to 22 and Article 34, as well as Article + 5 in so far as its provisions correspond to the rights and obligations provided + for in Articles 12 to 22, when such a restriction respects the essence of + the fundamental rights and freedoms and is a necessary and proportionate measure + in a democratic society to safeguard:' + - urn: urn:intuitem:risk:req_node:gdpr:23.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.a + description: national security; + - urn: urn:intuitem:risk:req_node:gdpr:23.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.b + description: defence; + - urn: urn:intuitem:risk:req_node:gdpr:23.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.c + description: public security; + - urn: urn:intuitem:risk:req_node:gdpr:23.1.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.d + description: the prevention, investigation, detection or prosecution of criminal + offences or the execution of criminal penalties, including the safeguarding + against and the prevention of threats to public security; + - urn: urn:intuitem:risk:req_node:gdpr:23.1.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.e + description: other important objectives of general public interest of the Union + or of a Member State, in particular an important economic or financial interest + of the Union or of a Member State, including monetary, budgetary and taxation + a matters, public health and social security; + - urn: urn:intuitem:risk:req_node:gdpr:23.1.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.f + description: the protection of judicial independence and judicial proceedings; + - urn: urn:intuitem:risk:req_node:gdpr:23.1.g + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.g + description: the prevention, investigation, detection and prosecution of breaches + of ethics for regulated professions; + - urn: urn:intuitem:risk:req_node:gdpr:23.1.h + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.h + description: a monitoring, inspection or regulatory function connected, even + occasionally, to the exercise of official authority in the cases referred + to in points (a) to (e) and (g); + - urn: urn:intuitem:risk:req_node:gdpr:23.1.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.i + description: the protection of the data subject or the rights and freedoms of + others; + - urn: urn:intuitem:risk:req_node:gdpr:23.1.j + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.1 + ref_id: 23.1.j + description: the enforcement of civil law claims. + - urn: urn:intuitem:risk:req_node:gdpr:23.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-23 + ref_id: '23.2' + description: 'In particular, any legislative measure referred to in paragraph + 1 shall contain specific provisions at least, where relevant, as to:' + - urn: urn:intuitem:risk:req_node:gdpr:23.2.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.2 + ref_id: 23.2.a + description: the purposes of the processing or categories of processing; + - urn: urn:intuitem:risk:req_node:gdpr:23.2.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.2 + ref_id: 23.2.b + description: the categories of personal data; + - urn: urn:intuitem:risk:req_node:gdpr:23.2.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.2 + ref_id: 23.2.c + description: the scope of the restrictions introduced; + - urn: urn:intuitem:risk:req_node:gdpr:23.2.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.2 + ref_id: 23.2.d + description: the safeguards to prevent abuse or unlawful access or transfer; + - urn: urn:intuitem:risk:req_node:gdpr:23.2.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.2 + ref_id: 23.2.e + description: ' the specification of the controller or categories of controllers;' + - urn: urn:intuitem:risk:req_node:gdpr:23.2.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.2 + ref_id: 23.2.f + description: ' the storage periods and the applicable safeguards taking into + account the nature, scope and purposes of the processing or categories of + processing;' + - urn: urn:intuitem:risk:req_node:gdpr:23.2.g + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.2 + ref_id: 23.2.g + description: the risks to the rights and freedoms of data subjects; and + - urn: urn:intuitem:risk:req_node:gdpr:23.2.h + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:23.2 + ref_id: 23.2.h + description: ' the right of data subjects to be informed about the restriction, + unless that may be prejudicial to the purpose of the restriction.' + - urn: urn:intuitem:risk:req_node:gdpr:chapter-iv + assessable: false + depth: 1 + ref_id: CHAPTER IV + description: Controller and processor + - urn: urn:intuitem:risk:req_node:gdpr:node441 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iv + name: Section 1 + description: General obligations + - urn: urn:intuitem:risk:req_node:gdpr:article-24 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node441 + ref_id: Article 24 + description: Responsibility of the controller + - urn: urn:intuitem:risk:req_node:gdpr:24.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-24 + ref_id: '24.1' + description: Taking into account the nature, scope, context and purposes of + processing as well as the risks of varying likelihood and severity for the + rights and freedoms of natural persons, the controller shall implement appropriate + technical and organisational measures to ensure and to be able to demonstrate + that processing is performed in accordance with this Regulation. Those measures + shall be reviewed and updated where necessary. + annotation: 'Here is the link for the Guidelines 07/2020 on the concepts of + controller and processor in the GDPR. + + Adopted on 07 July 2021 (Version 2.1) + + https://www.edpb.europa.eu/system/files/2023-10/EDPB_guidelines_202007_controllerprocessor_final_en.pdf' + - urn: urn:intuitem:risk:req_node:gdpr:24.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-24 + ref_id: '24.2' + description: Where proportionate in relation to processing activities, the measures + referred to in paragraph 1 shall include the implementation of appropriate + data protection policies by the controller. + - urn: urn:intuitem:risk:req_node:gdpr:24.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-24 + ref_id: '24.3' + description: Adherence to approved codes of conduct as referred to in Article + 40 or approved certification mechanisms as referred to in Article 42 may be + used as an element by which to demonstrate compliance with the obligations + of the controller. + - urn: urn:intuitem:risk:req_node:gdpr:article-25 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node441 + ref_id: Article 25 + description: Data protection by design and by default + - urn: urn:intuitem:risk:req_node:gdpr:25.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-25 + ref_id: '25.1' + description: Taking into account the state of the art, the cost of implementation + and the nature, scope, context and purposes of processing as well as the risks + of varying likelihood and severity for rights and freedoms of natural persons + posed by the processing, the controller shall, both at the time of the determination + of the means for processing and at the time of the processing itself, implement + appropriate technical and organisational measures, such as pseudonymisation, + which are designed to implement data-protection principles, such as data minimisation, + in an effective manner and to integrate the necessary safeguards into the + processing in order to meet the requirements of this Regulation and protect + the rights of data subjects. + - urn: urn:intuitem:risk:req_node:gdpr:25.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-25 + ref_id: '25.2' + description: The controller shall implement appropriate technical and organisational + measures for ensuring that, by default, only personal data which are necessary + for each specific purpose of the processing are processed. That obligation + applies to the amount of personal data collected, the extent of their processing, + the period of their storage and their accessibility. In particular, such measures + shall ensure that by default personal data are not made accessible without + the individual's intervention to an indefinite number of natural persons. + - urn: urn:intuitem:risk:req_node:gdpr:25.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-25 + ref_id: '25.3' + description: ' An approved certification mechanism pursuant to Article 42 may + be used as an element to demonstrate compliance with the requirements set + out in paragraphs 1 and 2 of this Article.' + - urn: urn:intuitem:risk:req_node:gdpr:article-26 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node441 + ref_id: Article 26 + description: Joint controllers + - urn: urn:intuitem:risk:req_node:gdpr:26.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-26 + ref_id: '26.1' + description: Where two or more controllers jointly determine the purposes and + means of processing, they shall be joint controllers. They shall in a transparent + manner determine their respective responsibilities for compliance with the + obligations under this Regulation, in particular as regards the exercising + of the rights of the data subject and their respective duties to provide the + information referred to in Articles 13 and 14, by means of an arrangement + between them unless, and in so far as, the respective responsibilities of + the controllers are determined by Union or Member State law to which the controllers + are subject. The arrangement may designate a contact point for data subjects. + annotation: The Controller is required to ensure that users are fully informed + and that the processing of personal data, especially when integrating social + media buttons such as Facebook's 'Like' button, strictly adheres to GDPR requirements. + ( CJEU Fashion ID case C-40/17) + - urn: urn:intuitem:risk:req_node:gdpr:26.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-26 + ref_id: '26.2' + description: "The arrangement referred to in paragraph 1 shall duly reflect\ + \ the respective roles and relationships of the joint controllers vis-\xE0\ + -vis the data subjects. The essence of the arrangement shall be made available\ + \ to the data subject." + annotation: The Controller is required to ensure that users are fully informed + and that the processing of personal data, especially when integrating social + media buttons such as Facebook's 'Like' button, strictly adheres to GDPR requirements. + ( CJEU Fashion ID case C-40/17) + - urn: urn:intuitem:risk:req_node:gdpr:26.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-26 + ref_id: '26.3' + description: Irrespective of the terms of the arrangement referred to in paragraph + 1, the data subject may exercise his or her rights under this Regulation in + respect of and against each of the controllers. + - urn: urn:intuitem:risk:req_node:gdpr:article-27 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node441 + ref_id: Article 27 + description: Representatives of controllers or processors not established in + the Union + - urn: urn:intuitem:risk:req_node:gdpr:27.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-27 + ref_id: '27.1' + description: Where Article 3(2) applies, the controller or the processor shall + designate in writing a representative in the Union. + - urn: urn:intuitem:risk:req_node:gdpr:27.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-27 + ref_id: '27.2' + description: 'The obligation laid down in paragraph 1 of this Article shall + not apply to:' + - urn: urn:intuitem:risk:req_node:gdpr:27.2.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:27.2 + ref_id: 27.2.a + description: processing which is occasional, does not include, on a large scale, + processing of special categories of data as referred to in Article 9(1) or + processing of personal data relating to criminal convictions and offences + referred to in Article 10, and is unlikely to result in a risk to the rights + and freedoms of natural persons, taking into account the nature, context, + scope and purposes of the processing; or + - urn: urn:intuitem:risk:req_node:gdpr:27.2.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:27.2 + ref_id: 27.2.b + description: a public authority or body. + - urn: urn:intuitem:risk:req_node:gdpr:27.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-27 + ref_id: '27.3' + description: The representative shall be established in one of the Member States + where the data subjects, whose personal data are processed in relation to + the offering of goods or services to them, or whose behaviour is monitored, + are. + - urn: urn:intuitem:risk:req_node:gdpr:27.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-27 + ref_id: '27.4' + description: The representative shall be mandated by the controller or processor + to be addressed in addition to or instead of the controller or the processor + by, in particular, supervisory authorities and data subjects, on all issues + related to processing, for the purposes of ensuring compliance with this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:27.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-27 + ref_id: '27.5' + description: The designation of a representative by the controller or processor + shall be without prejudice to legal actions which could be initiated against + the controller or the processor themselves. + - urn: urn:intuitem:risk:req_node:gdpr:article-28 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node441 + ref_id: Article 28 + description: Processor + - urn: urn:intuitem:risk:req_node:gdpr:28.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.1' + description: Where processing is to be carried out on behalf of a controller, + the controller shall use only processors providing sufficient guarantees to + implement appropriate technical and organisational measures in such a manner + that processing will meet the requirements of this Regulation and ensure the + protection of the rights of the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:28.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.2' + description: ' The processor shall not engage another processor without prior + specific or general written authorisation of the controller. In the case of + general written authorisation, the processor shall inform the controller of + any intended changes concerning the addition or replacement of other processors, + thereby giving the controller the opportunity to object to such changes.' + - urn: urn:intuitem:risk:req_node:gdpr:28.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.3' + description: 'Processing by a processor shall be governed by a contract or other + legal act under Union or Member State law, that is binding on the processor + with regard to the controller and that sets out the subject-matter and duration + of the processing, the nature and purpose of the processing, the type of personal + data and categories of data subjects and the obligations and rights of the + controller. That contract or other legal act shall stipulate, in particular, + that the processor:' + - urn: urn:intuitem:risk:req_node:gdpr:28.3.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:28.3 + ref_id: 28.3.a + description: processes the personal data only on documented instructions from + the controller, including with regard to transfers of personal data to a third + country or an international organisation, unless required to do so by Union + or Member State law to which the processor is subject; in such a case, the + processor shall inform the controller of that legal requirement before processing, + unless that law prohibits such information on important grounds of public + interest; + - urn: urn:intuitem:risk:req_node:gdpr:28.3.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:28.3 + ref_id: 28.3.b + description: ensures that persons authorised to process the personal data have + committed themselves to confidentiality or are under an appropriate statutory + obligation of confidentiality; + - urn: urn:intuitem:risk:req_node:gdpr:28.3.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:28.3 + ref_id: 28.3.c + description: takes all measures required pursuant to Article 32; + - urn: urn:intuitem:risk:req_node:gdpr:28.3.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:28.3 + ref_id: 28.3.d + description: respects the conditions referred to in paragraphs 2 and 4 for engaging + another processor; + - urn: urn:intuitem:risk:req_node:gdpr:28.3.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:28.3 + ref_id: 28.3.e + description: taking into account the nature of the processing, assists the controller + by appropriate technical and organisational measures, insofar as this is possible, + for the fulfilment of the controller's obligation to respond to requests for + exercising the data subject's rights laid down in Chapter III; + - urn: urn:intuitem:risk:req_node:gdpr:28.3.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:28.3 + ref_id: 28.3.f + description: assists the controller in ensuring compliance with the obligations + pursuant to Articles 32 to 36 taking into account the nature of processing + and the information available to the processor; + - urn: urn:intuitem:risk:req_node:gdpr:28.3.g + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:28.3 + ref_id: 28.3.g + description: at the choice of the controller, deletes or returns all the personal + data to the controller after the end of the provision of services relating + to processing, and deletes existing copies unless Union or Member State law + requires storage of the personal data; + - urn: urn:intuitem:risk:req_node:gdpr:28.3.h + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:28.3 + ref_id: 28.3.h + description: makes available to the controller all information necessary to + demonstrate compliance with the obligations laid down in this Article and + allow for and contribute to audits, including inspections, conducted by the + controller or another auditor mandated by the controller. + - urn: urn:intuitem:risk:req_node:gdpr:node474 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + description: With regard to point (h) of the first subparagraph, the processor + shall immediately inform the controller if, in its opinion, an instruction + infringes this Regulation or other Union or Member State data protection provisions. + - urn: urn:intuitem:risk:req_node:gdpr:28.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.4' + description: Where a processor engages another processor for carrying out specific + processing activities on behalf of the controller, the same data protection + obligations as set out in the contract or other legal act between the controller + and the processor as referred to in paragraph 3 shall be imposed on that other + processor by way of a contract or other legal act under Union or Member State + law, in particular providing sufficient guarantees to implement appropriate + technical and organisational measures in such a manner that the processing + will meet the requirements of this Regulation. Where that other processor + fails to fulfil its data protection obligations, the initial processor shall + remain fully liable to the controller for the performance of that other processor's + obligations. + - urn: urn:intuitem:risk:req_node:gdpr:28.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.5' + description: Adherence of a processor to an approved code of conduct as referred + to in Article 40 or an approved certification mechanism as referred to in + Article 42 may be used as an element by which to demonstrate sufficient guarantees + as referred to in paragraphs 1 and 4 of this Article. + - urn: urn:intuitem:risk:req_node:gdpr:28.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.6' + description: ' Without prejudice to an individual contract between the controller + and the processor, the contract or the other legal act referred to in paragraphs + 3 and 4 of this Article may be based, in whole or in part, on standard contractual + clauses referred to in paragraphs 7 and 8 of this Article, including when + they are part of a certification granted to the controller or processor pursuant + to Articles 42 and 43.' + - urn: urn:intuitem:risk:req_node:gdpr:28.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.7' + description: The Commission may lay down standard contractual clauses for the + matters referred to in paragraph 3 and 4 of this Article and in accordance + with the examination procedure referred to in Article 93(2). + - urn: urn:intuitem:risk:req_node:gdpr:28.8 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.8' + description: A supervisory authority may adopt standard contractual clauses + for the matters referred to in paragraph 3 and 4 of this Article and in accordance + with the consistency mechanism referred to in Article 63. + - urn: urn:intuitem:risk:req_node:gdpr:28.9 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.9' + description: The contract or the other legal act referred to in paragraphs 3 + and 4 shall be in writing, including in electronic form. + - urn: urn:intuitem:risk:req_node:gdpr:28.10 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-28 + ref_id: '28.10' + description: Without prejudice to Articles 82, 83 and 84, if a processor infringes + this Regulation by determining the purposes and means of processing, the processor + shall be considered to be a controller in respect of that processing. + - urn: urn:intuitem:risk:req_node:gdpr:article-29 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node441 + ref_id: Article 29 + description: Processing under the authority of the controller or processor + - urn: urn:intuitem:risk:req_node:gdpr:node483 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-29 + description: The processor and any person acting under the authority of the + controller or of the processor, who has access to personal data, shall not + process those data except on instructions from the controller, unless required + to do so by Union or Member State law. + - urn: urn:intuitem:risk:req_node:gdpr:article-30 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node441 + ref_id: Article 30 + description: Records of processing activities + - urn: urn:intuitem:risk:req_node:gdpr:30.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-30 + ref_id: '30.1' + description: 'Each controller and, where applicable, the controller''s representative, + shall maintain a record of processing activities under its responsibility. + That record shall contain all of the following information:' + - urn: urn:intuitem:risk:req_node:gdpr:30.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.1 + ref_id: 30.1.a + description: the name and contact details of the controller and, where applicable, + the joint controller, the controller's representative and the data protection + officer; + - urn: urn:intuitem:risk:req_node:gdpr:30.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.1 + ref_id: 30.1.b + description: the purposes of the processing; + - urn: urn:intuitem:risk:req_node:gdpr:30.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.1 + ref_id: 30.1.c + description: a description of the categories of data subjects and of the categories + of personal data; + - urn: urn:intuitem:risk:req_node:gdpr:30.1.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.1 + ref_id: 30.1.d + description: ' the categories of recipients to whom the personal data have been + or will be disclosed including recipients in third countries or international + organisations;' + - urn: urn:intuitem:risk:req_node:gdpr:30.1.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.1 + ref_id: 30.1.e + description: where applicable, transfers of personal data to a third country + or an international organisation, including the identification of that third + country or international organisation and, in the case of transfers referred + to in the second subparagraph of Article 49(1), the documentation of suitable + safeguards; + - urn: urn:intuitem:risk:req_node:gdpr:30.1.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.1 + ref_id: 30.1.f + description: where possible, the envisaged time limits for erasure of the different + categories of data; + - urn: urn:intuitem:risk:req_node:gdpr:30.1.g + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.1 + ref_id: 30.1.g + description: ' where possible, a general description of the technical and organisational + security measures referred to in Article 32(1).' + - urn: urn:intuitem:risk:req_node:gdpr:30.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-30 + ref_id: '30.2' + description: 'Each processor and, where applicable, the processor''s representative + shall maintain a record of all categories of processing activities carried + out on behalf of a controller, containing:' + - urn: urn:intuitem:risk:req_node:gdpr:30.2.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.2 + ref_id: 30.2.a + description: the name and contact details of the processor or processors and + of each controller on behalf of which the processor is acting, and, where + applicable, of the controller's or the processor's representative, and the + data protection officer; + - urn: urn:intuitem:risk:req_node:gdpr:30.2.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.2 + ref_id: 30.2.b + description: ' the categories of processing carried out on behalf of each controller;' + - urn: urn:intuitem:risk:req_node:gdpr:30.2.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.2 + ref_id: 30.2.c + description: where applicable, transfers of personal data to a third country + or an international organisation, including the identification of that third + country or international organisation and, in the case of transfers referred + to in the second subparagraph of Article 49(1), the documentation of suitable + safeguards; + - urn: urn:intuitem:risk:req_node:gdpr:30.2.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:30.2 + ref_id: 30.2.d + description: where possible, a general description of the technical and organisational + security measures referred to in Article 32(1). + - urn: urn:intuitem:risk:req_node:gdpr:30.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-30 + ref_id: '30.3' + description: The records referred to in paragraphs 1 and 2 shall be in writing, + including in electronic form. + - urn: urn:intuitem:risk:req_node:gdpr:30.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-30 + ref_id: '30.4' + description: The controller or the processor and, where applicable, the controller's + or the processor's representative, shall make the record available to the + supervisory authority on request. + - urn: urn:intuitem:risk:req_node:gdpr:30.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-30 + ref_id: '30.5' + description: The obligations referred to in paragraphs 1 and 2 shall not apply + to an enterprise or an organisation employing fewer than 250 persons unless + the processing it carries out is likely to result in a risk to the rights + and freedoms of data subjects, the processing is not occasional, or the processing + includes special categories of data as referred to in Article 9(1) or personal + data relating to criminal convictions and offences referred to in Article + 10. + - urn: urn:intuitem:risk:req_node:gdpr:article-31 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node441 + ref_id: Article 31 + description: Cooperation with the supervisory authority + - urn: urn:intuitem:risk:req_node:gdpr:node502 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-31 + description: The controller and the processor and, where applicable, their representatives, + shall cooperate, on request, with the supervisory authority in the performance + of its tasks. + - urn: urn:intuitem:risk:req_node:gdpr:node503 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iv + name: Section 2 + description: Security of personal data + - urn: urn:intuitem:risk:req_node:gdpr:article-32 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node503 + ref_id: Article 32 + description: Security of processing + - urn: urn:intuitem:risk:req_node:gdpr:32.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-32 + ref_id: '32.1' + description: 'Taking into account the state of the art, the costs of implementation + and the nature, scope, context and purposes of processing as well as the risk + of varying likelihood and severity for the rights and freedoms of natural + persons, the controller and the processor shall implement appropriate technical + and organisational measures to ensure a level of security appropriate to the + risk, including inter alia as appropriate:' + - urn: urn:intuitem:risk:req_node:gdpr:32.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:32.1 + ref_id: 32.1.a + description: the pseudonymisation and encryption of personal data; + - urn: urn:intuitem:risk:req_node:gdpr:32.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:32.1 + ref_id: 32.1.b + description: the ability to ensure the ongoing confidentiality, integrity, availability + and resilience of processing systems and services; + - urn: urn:intuitem:risk:req_node:gdpr:32.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:32.1 + ref_id: 32.1.c + description: the ability to restore the availability and access to personal + data in a timely manner in the event of a physical or technical incident; + - urn: urn:intuitem:risk:req_node:gdpr:32.1.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:32.1 + ref_id: 32.1.d + description: a process for regularly testing, assessing and evaluating the effectiveness + of technical and organisational measures for ensuring the security of the + processing. + - urn: urn:intuitem:risk:req_node:gdpr:32.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-32 + ref_id: '32.2' + description: In assessing the appropriate level of security account shall be + taken in particular of the risks that are presented by processing, in particular + from accidental or unlawful destruction, loss, alteration, unauthorised disclosure + of, or access to personal data transmitted, stored or otherwise processed. + - urn: urn:intuitem:risk:req_node:gdpr:32.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-32 + ref_id: '32.3' + description: Adherence to an approved code of conduct as referred to in Article + 40 or an approved certification mechanism as referred to in Article 42 may + be used as an element by which to demonstrate compliance with the requirements + set out in paragraph 1 of this Article. + - urn: urn:intuitem:risk:req_node:gdpr:32.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-32 + ref_id: '32.4' + description: The controller and processor shall take steps to ensure that any + natural person acting under the authority of the controller or the processor + who has access to personal data does not process them except on instructions + from the controller, unless he or she is required to do so by Union or Member + State law. + - urn: urn:intuitem:risk:req_node:gdpr:article-33 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node503 + ref_id: Article 33 + description: Notification of a personal data breach to the supervisory authority + - urn: urn:intuitem:risk:req_node:gdpr:33.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-33 + ref_id: '33.1' + description: In the case of a personal data breach, the controller shall without + undue delay and, where feasible, not later than 72 hours after having become + aware of it, notify the personal data breach to the supervisory authority + competent in accordance with Article 55, unless the personal data breach is + unlikely to result in a risk to the rights and freedoms of natural persons. + Where the notification to the supervisory authority is not made within 72 + hours, it shall be accompanied by reasons for the delay. + - urn: urn:intuitem:risk:req_node:gdpr:33.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-33 + ref_id: '33.2' + description: The processor shall notify the controller without undue delay after + becoming aware of a personal data breach. + - urn: urn:intuitem:risk:req_node:gdpr:33.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-33 + ref_id: '33.3' + description: 'The notification referred to in paragraph 1 shall at least:' + - urn: urn:intuitem:risk:req_node:gdpr:33.3.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:33.3 + ref_id: 33.3.a + description: describe the nature of the personal data breach including where + possible, the categories and approximate number of data subjects concerned + and the categories and approximate number of personal data records concerned; + - urn: urn:intuitem:risk:req_node:gdpr:33.3.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:33.3 + ref_id: 33.3.b + description: communicate the name and contact details of the data protection + officer or other contact point where more information can be obtained; + - urn: urn:intuitem:risk:req_node:gdpr:33.3.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:33.3 + ref_id: 33.3.c + description: ' describe the likely consequences of the personal data breach;' + - urn: urn:intuitem:risk:req_node:gdpr:33.3.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:33.3 + ref_id: 33.3.d + description: describe the measures taken or proposed to be taken by the controller + to address the personal data breach, including, where appropriate, measures + to mitigate its possible adverse effects. + - urn: urn:intuitem:risk:req_node:gdpr:33.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-33 + ref_id: '33.4' + description: Where, and in so far as, it is not possible to provide the information + at the same time, the information may be provided in phases without undue + further delay. + - urn: urn:intuitem:risk:req_node:gdpr:33.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-33 + ref_id: '33.5' + description: The controller shall document any personal data breaches, comprising + the facts relating to the personal data breach, its effects and the remedial + action taken. That documentation shall enable the supervisory authority to + verify compliance with this Article. + - urn: urn:intuitem:risk:req_node:gdpr:article-34 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node503 + ref_id: Article 34 + - urn: urn:intuitem:risk:req_node:gdpr:34.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-34 + ref_id: '34.1' + description: When the personal data breach is likely to result in a high risk + to the rights and freedoms of natural persons, the controller shall communicate + the personal data breach to the data subject without undue delay. + - urn: urn:intuitem:risk:req_node:gdpr:34.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-34 + ref_id: '34.2' + description: The communication to the data subject referred to in paragraph + 1 of this Article shall describe in clear and plain language the nature of + the personal data breach and contain at least the information and measures + referred to in points (b), (c) and (d) of Article 33(3). + - urn: urn:intuitem:risk:req_node:gdpr:34.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-34 + ref_id: '34.3' + description: 'The communication to the data subject referred to in paragraph + 1 shall not be required if any of the following conditions are met:' + - urn: urn:intuitem:risk:req_node:gdpr:34.3.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:34.3 + ref_id: 34.3.a + description: the controller has implemented appropriate technical and organisational + protection measures, and those measures were applied to the personal data + affected by the personal data breach, in particular those that render the + personal data unintelligible to any person who is not authorised to access + it, such as encryption; + - urn: urn:intuitem:risk:req_node:gdpr:34.3.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:34.3 + ref_id: 34.3.b + description: ' the controller has taken subsequent measures which ensure that + the high risk to the rights and freedoms of data subjects referred to in paragraph + 1 is no longer likely to materialise;' + - urn: urn:intuitem:risk:req_node:gdpr:34.3.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:34.3 + ref_id: 34.3.c + description: it would involve disproportionate effort. In such a case, there + shall instead be a public communication or similar measure whereby the data + subjects are informed in an equally effective manner. + - urn: urn:intuitem:risk:req_node:gdpr:34.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-34 + ref_id: '34.4' + description: If the controller has not already communicated the personal data + breach to the data subject, the supervisory authority, having considered the + likelihood of the personal data breach resulting in a high risk, may require + it to do so or may decide that any of the conditions referred to in paragraph + 3 are met. + - urn: urn:intuitem:risk:req_node:gdpr:node532 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iv + name: Section 3 + description: Data protection impact assessment and prior consultation + - urn: urn:intuitem:risk:req_node:gdpr:article-35 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node532 + ref_id: Article 35 + description: Data protection impact assessment + - urn: urn:intuitem:risk:req_node:gdpr:35.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.1' + description: Where a type of processing in particular using new technologies, + and taking into account the nature, scope, context and purposes of the processing, + is likely to result in a high risk to the rights and freedoms of natural persons, + the controller shall, prior to the processing, carry out an assessment of + the impact of the envisaged processing operations on the protection of personal + data. A single assessment may address a set of similar processing operations + that present similar high risks. + - urn: urn:intuitem:risk:req_node:gdpr:35.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.2' + description: The controller shall seek the advice of the data protection officer, + where designated, when carrying out a data protection impact assessment. + - urn: urn:intuitem:risk:req_node:gdpr:35.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.3' + description: 'A data protection impact assessment referred to in paragraph 1 + shall in particular be required in the case of:' + - urn: urn:intuitem:risk:req_node:gdpr:35.3.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:35.3 + ref_id: 35.3.a + description: a systematic and extensive evaluation of personal aspects relating + to natural persons which is based on automated processing, including profiling, + and on which decisions are based that produce legal effects concerning the + natural person or similarly significantly affect the natural person; + - urn: urn:intuitem:risk:req_node:gdpr:35.3.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:35.3 + ref_id: 35.3.b + description: processing on a large scale of special categories of data referred + to in Article 9(1), or of personal data relating to criminal convictions and + offences referred to in Article 10; or + - urn: urn:intuitem:risk:req_node:gdpr:35.3.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:35.3 + ref_id: 35.3.c + description: a systematic monitoring of a publicly accessible area on a large + scale. + - urn: urn:intuitem:risk:req_node:gdpr:35.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.4' + description: The supervisory authority shall establish and make public a list + of the kind of processing operations which are subject to the requirement + for a data protection impact assessment pursuant to paragraph 1. The supervisory + authority shall communicate those lists to the Board referred to in Article + 68. + - urn: urn:intuitem:risk:req_node:gdpr:35.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.5' + description: The supervisory authority may also establish and make public a + list of the kind of processing operations for which no data protection impact + assessment is required. The supervisory authority shall communicate those + lists to the Board. + - urn: urn:intuitem:risk:req_node:gdpr:35.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.6' + description: ' Prior to the adoption of the lists referred to in paragraphs + 4 and 5, the competent supervisory authority shall apply the consistency mechanism + referred to in Article 63 where such lists involve processing activities which + are related to the offering of goods or services to data subjects or to the + monitoring of their behaviour in several Member States, or may substantially + affect the free movement of personal data within the Union.' + - urn: urn:intuitem:risk:req_node:gdpr:35.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.7' + description: 'The assessment shall contain at least:' + - urn: urn:intuitem:risk:req_node:gdpr:35.7.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:35.7 + ref_id: 35.7.a + description: a systematic description of the envisaged processing operations + and the purposes of the processing, including, where applicable, the legitimate + interest pursued by the controller; + - urn: urn:intuitem:risk:req_node:gdpr:35.7.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:35.7 + ref_id: 35.7.b + description: ' an assessment of the necessity and proportionality of the processing + operations in relation to the purposes;' + - urn: urn:intuitem:risk:req_node:gdpr:35.7.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:35.7 + ref_id: 35.7.c + description: an assessment of the risks to the rights and freedoms of data subjects + referred to in paragraph 1; and + - urn: urn:intuitem:risk:req_node:gdpr:35.7.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:35.7 + ref_id: 35.7.d + description: ' the measures envisaged to address the risks, including safeguards, + security measures and mechanisms to ensure the protection of personal data + and to demonstrate compliance with this Regulation taking into account the + rights and legitimate interests of data subjects and other persons concerned.' + - urn: urn:intuitem:risk:req_node:gdpr:35.8 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.8' + description: Compliance with approved codes of conduct referred to in Article + 40 by the relevant controllers or processors shall be taken into due account + in assessing the impact of the processing operations performed by such controllers + or processors, in particular for the purposes of a data protection impact + assessment. + - urn: urn:intuitem:risk:req_node:gdpr:35.9 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.9' + description: Where appropriate, the controller shall seek the views of data + subjects or their representatives on the intended processing, without prejudice + to the protection of commercial or public interests or the security of processing + operations. + - urn: urn:intuitem:risk:req_node:gdpr:35.10 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.10' + description: Where processing pursuant to point (c) or (e) of Article 6(1) has + a legal basis in Union law or in the law of the Member State to which the + controller is subject, that law regulates the specific processing operation + or set of operations in question, and a data protection impact assessment + has already been carried out as part of a general impact assessment in the + context of the adoption of that legal basis, paragraphs 1 to 7 shall not apply + unless Member States deem it to be necessary to carry out such an assessment + prior to processing activities. + - urn: urn:intuitem:risk:req_node:gdpr:35.11 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-35 + ref_id: '35.11' + description: ' Where necessary, the controller shall carry out a review to assess + if processing is performed in accordance with the data protection impact assessment + at least when there is a change of the risk represented by processing operations.' + - urn: urn:intuitem:risk:req_node:gdpr:article-36 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node532 + ref_id: Article 36 + description: Prior consultation + - urn: urn:intuitem:risk:req_node:gdpr:36.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-36 + ref_id: '36.1' + description: The controller shall consult the supervisory authority prior to + processing where a data protection impact assessment under Article 35 indicates + that the processing would result in a high risk in the absence of measures + taken by the controller to mitigate the risk. + - urn: urn:intuitem:risk:req_node:gdpr:36.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-36 + ref_id: '36.2' + description: Where the supervisory authority is of the opinion that the intended + processing referred to in paragraph 1 would infringe this Regulation, in particular + where the controller has insufficiently identified or mitigated the risk, + the supervisory authority shall, within period of up to eight weeks of receipt + of the request for consultation, provide written advice to the controller + and, where applicable to the processor, and may use any of its powers referred + to in Article 58. That period may be extended by six weeks, taking into account + the complexity of the intended processing. The supervisory authority shall + inform the controller and, where applicable, the processor, of any such extension + within one month of receipt of the request for consultation together with + the reasons for the delay. Those periods may be suspended until the supervisory + authority has obtained information it has requested for the purposes of the + consultation. + - urn: urn:intuitem:risk:req_node:gdpr:36.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-36 + ref_id: '36.3' + description: 'When consulting the supervisory authority pursuant to paragraph + 1, the controller shall provide the supervisory authority with:' + - urn: urn:intuitem:risk:req_node:gdpr:36.3.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:36.3 + ref_id: 36.3.a + description: where applicable, the respective responsibilities of the controller, + joint controllers and processors involved in the processing, in particular + for processing within a group of undertakings; + - urn: urn:intuitem:risk:req_node:gdpr:36.3.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:36.3 + ref_id: 36.3.b + description: the purposes and means of the intended processing; + - urn: urn:intuitem:risk:req_node:gdpr:36.3.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:36.3 + ref_id: 36.3.c + description: ' the measures and safeguards provided to protect the rights and + freedoms of data subjects pursuant to this Regulation;' + - urn: urn:intuitem:risk:req_node:gdpr:36.3.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:36.3 + ref_id: 36.3.d + description: where applicable, the contact details of the data protection officer; + - urn: urn:intuitem:risk:req_node:gdpr:36.3.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:36.3 + ref_id: 36.3.e + description: ' the data protection impact assessment provided for in Article + 35; and' + - urn: urn:intuitem:risk:req_node:gdpr:36.3.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:36.3 + ref_id: 36.3.f + description: any other information requested by the supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:36.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-36 + ref_id: '36.4' + description: Member States shall consult the supervisory authority during the + preparation of a proposal for a legislative measure to be adopted by a national + parliament, or of a regulatory measure based on such a legislative measure, + which relates to processing. + - urn: urn:intuitem:risk:req_node:gdpr:36.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-36 + ref_id: '36.5' + description: Notwithstanding paragraph 1, Member State law may require controllers + to consult with, and obtain prior authorisation from, the supervisory authority + in relation to processing by a controller for the performance of a task carried + out by the controller in the public interest, including processing in relation + to social protection and public health. + annotation: Comply with national law + - urn: urn:intuitem:risk:req_node:gdpr:node564 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iv + name: Section 4 + description: Data protection officer + - urn: urn:intuitem:risk:req_node:gdpr:article-37 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node564 + ref_id: Article 37 + description: Designation of the data protection officer + - urn: urn:intuitem:risk:req_node:gdpr:37.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-37 + ref_id: '37.1' + description: 'The controller and the processor shall designate a data protection + officer in any case where:' + - urn: urn:intuitem:risk:req_node:gdpr:37.1.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:37.1 + ref_id: 37.1.a + description: the processing is carried out by a public authority or body, except + for courts acting in their judicial capacity; + - urn: urn:intuitem:risk:req_node:gdpr:37.1.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:37.1 + ref_id: 37.1.b + description: ' the core activities of the controller or the processor consist + of processing operations which, by virtue of their nature, their scope and/or + their purposes, require regular and systematic monitoring of data subjects + on a large scale; or' + - urn: urn:intuitem:risk:req_node:gdpr:37.1.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:37.1 + ref_id: 37.1.c + description: the core activities of the controller or the processor consist + of processing on a large scale of special categories of data pursuant to Article + 9 or personal data relating to criminal convictions and offences referred + to in Article 10. + - urn: urn:intuitem:risk:req_node:gdpr:37.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-37 + ref_id: '37.2' + description: A group of undertakings may appoint a single data protection officer + provided that a data protection officer is easily accessible from each establishment. + - urn: urn:intuitem:risk:req_node:gdpr:37.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-37 + ref_id: '37.3' + description: ' Where the controller or the processor is a public authority or + body, a single data protection officer may be designated for several such + authorities or bodies, taking account of their organisational structure and + size.' + - urn: urn:intuitem:risk:req_node:gdpr:37.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-37 + ref_id: '37.4' + description: In cases other than those referred to in paragraph 1, the controller + or processor or associations and other bodies representing categories of controllers + or processors may or, where required by Union or Member State law shall, designate + a data protection officer. The data protection officer may act for such associations + and other bodies representing controllers or processors. + - urn: urn:intuitem:risk:req_node:gdpr:37.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-37 + ref_id: '37.5' + description: The data protection officer shall be designated on the basis of + professional qualities and, in particular, expert knowledge of data protection + law and practices and the ability to fulfil the tasks referred to in Article + 39. + - urn: urn:intuitem:risk:req_node:gdpr:37.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-37 + ref_id: '37.6' + description: The data protection officer may be a staff member of the controller + or processor, or fulfil the tasks on the basis of a service contract. + - urn: urn:intuitem:risk:req_node:gdpr:37.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-37 + ref_id: '37.7' + description: The controller or the processor shall publish the contact details + of the data protection officer and communicate them to the supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:article-38 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node564 + ref_id: Article 38 + description: Position of the data protection officer + - urn: urn:intuitem:risk:req_node:gdpr:38.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-38 + ref_id: '38.1' + description: The controller and the processor shall ensure that the data protection + officer is involved, properly and in a timely manner, in all issues which + relate to the protection of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:38.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-38 + ref_id: '38.2' + description: The controller and processor shall support the data protection + officer in performing the tasks referred to in Article 39 by providing resources + necessary to carry out those tasks and access to personal data and processing + operations, and to maintain his or her expert knowledge. + - urn: urn:intuitem:risk:req_node:gdpr:38.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-38 + ref_id: '38.3' + description: The controller and processor shall ensure that the data protection + officer does not receive any instructions regarding the exercise of those + tasks. He or she shall not be dismissed or penalised by the controller or + the processor for performing his tasks. The data protection officer shall + directly report to the highest management level of the controller or the processor. + - urn: urn:intuitem:risk:req_node:gdpr:38.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-38 + ref_id: '38.4' + description: ' Data subjects may contact the data protection officer with regard + to all issues related to processing of their personal data and to the exercise + of their rights under this Regulation.' + - urn: urn:intuitem:risk:req_node:gdpr:38.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-38 + ref_id: '38.5' + description: The data protection officer shall be bound by secrecy or confidentiality + concerning the performance of his or her tasks, in accordance with Union or + Member State law. + - urn: urn:intuitem:risk:req_node:gdpr:38.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-38 + ref_id: '38.6' + description: The data protection officer may fulfil other tasks and duties. + The controller or processor shall ensure that any such tasks and duties do + not result in a conflict of interests. + - urn: urn:intuitem:risk:req_node:gdpr:article-39 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iv + ref_id: Article 39 + description: Tasks of the data protection officer + - urn: urn:intuitem:risk:req_node:gdpr:39.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-39 + ref_id: '39.1' + description: 'The data protection officer shall have at least the following + tasks:' + - urn: urn:intuitem:risk:req_node:gdpr:39.1.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:39.1 + ref_id: 39.1.a + description: to inform and advise the controller or the processor and the employees + who carry out processing of their obligations pursuant to this Regulation + and to other Union or Member State data protection provisions; + - urn: urn:intuitem:risk:req_node:gdpr:39.1.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:39.1 + ref_id: 39.1.b + description: to monitor compliance with this Regulation, with other Union or + Member State data protection provisions and with the policies of the controller + or processor in relation to the protection of personal data, including the + assignment of responsibilities, awareness-raising and training of staff involved + in processing operations, and the related audits; + - urn: urn:intuitem:risk:req_node:gdpr:39.1.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:39.1 + ref_id: 39.1.c + description: to provide advice where requested as regards the data protection + impact assessment and monitor its performance pursuant to Article 35; + - urn: urn:intuitem:risk:req_node:gdpr:39.1.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:39.1 + ref_id: 39.1.d + description: to cooperate with the supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:39.1.e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:39.1 + ref_id: 39.1.e + description: to act as the contact point for the supervisory authority on issues + relating to processing, including the prior consultation referred to in Article + 36, and to consult, where appropriate, with regard to any other matter. + - urn: urn:intuitem:risk:req_node:gdpr:39.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-39 + ref_id: '39.2' + description: The data protection officer shall in the performance of his or + her tasks have due regard to the risk associated with processing operations, + taking into account the nature, scope, context and purposes of processing. + - urn: urn:intuitem:risk:req_node:gdpr:node591 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-iv + name: Section 5 + description: Codes of conduct and certification + - urn: urn:intuitem:risk:req_node:gdpr:article-40 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node591 + ref_id: Article 40 + description: Codes of conduct + - urn: urn:intuitem:risk:req_node:gdpr:40.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.1' + description: The Member States, the supervisory authorities, the Board and the + Commission shall encourage the drawing up of codes of conduct intended to + contribute to the proper application of this Regulation, taking account of + the specific features of the various processing sectors and the specific needs + of micro, small and medium-sized enterprises. + - urn: urn:intuitem:risk:req_node:gdpr:40.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.2' + description: 'Associations and other bodies representing categories of controllers + or processors may prepare codes of conduct, or amend or extend such codes, + for the purpose of specifying the application of this Regulation, such as + with regard to:' + - urn: urn:intuitem:risk:req_node:gdpr:40.2.a + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.a + description: ' fair and transparent processing;' + - urn: urn:intuitem:risk:req_node:gdpr:40.2.b + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.b + description: the legitimate interests pursued by controllers in specific contexts; + - urn: urn:intuitem:risk:req_node:gdpr:40.2.c + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.c + description: the collection of personal data; + - urn: urn:intuitem:risk:req_node:gdpr:40.2.d + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.d + description: the pseudonymisation of personal data; + - urn: urn:intuitem:risk:req_node:gdpr:40.2.e + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.e + description: ' the information provided to the public and to data subjects;' + - urn: urn:intuitem:risk:req_node:gdpr:40.2.f + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.f + description: the exercise of the rights of data subjects; + - urn: urn:intuitem:risk:req_node:gdpr:40.2.g + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.g + description: the information provided to, and the protection of, children, and + the manner in which the consent of the holders of parental responsibility + over children is to be obtained; + - urn: urn:intuitem:risk:req_node:gdpr:40.2.h + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.h + description: the measures and procedures referred to in Articles 24 and 25 and + the measures to ensure security of processing referred to in Article 32; + - urn: urn:intuitem:risk:req_node:gdpr:40.2.i + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.i + description: the notification of personal data breaches to supervisory authorities + and the communication of such personal data breaches to data subjects; + - urn: urn:intuitem:risk:req_node:gdpr:40.2.j + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.j + description: ' the transfer of personal data to third countries or international + organisations; or' + - urn: urn:intuitem:risk:req_node:gdpr:40.2.k + assessable: true + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:40.2 + ref_id: 40.2.k + description: out-of-court proceedings and other dispute resolution procedures + for resolving disputes between controllers and data subjects with regard to + processing, without prejudice to the rights of data subjects pursuant to Articles + 77 and 79. + - urn: urn:intuitem:risk:req_node:gdpr:40.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.3' + description: In addition to adherence by controllers or processors subject to + this Regulation, codes of conduct approved pursuant to paragraph 5 of this + Article and having general validity pursuant to paragraph 9 of this Article + may also be adhered to by controllers or processors that are not subject to + this Regulation pursuant to Article 3 in order to provide appropriate safeguards + within the framework of personal data transfers to third countries or international + organisations under the terms referred to in point (e) of Article 46(2). Such + controllers or processors shall make binding and enforceable commitments, + via contractual or other legally binding instruments, to apply those appropriate + safeguards including with regard to the rights of data subjects. + - urn: urn:intuitem:risk:req_node:gdpr:40.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.4' + description: A code of conduct referred to in paragraph 2 of this Article shall + contain mechanisms which enable the body referred to in Article 41(1) to carry + out the mandatory monitoring of compliance with its provisions by the controllers + or processors which undertake to apply it, without prejudice to the tasks + and powers of supervisory authorities competent pursuant to Article 55 or + 56. + - urn: urn:intuitem:risk:req_node:gdpr:40.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.5' + description: Associations and other bodies referred to in paragraph 2 of this + Article which intend to prepare a code of conduct or to amend or extend an + existing code shall submit the draft code, amendment or extension to the supervisory + authority which is competent pursuant to Article 55. The supervisory authority + shall provide an opinion on whether the draft code, amendment or extension + complies with this Regulation and shall approve that draft code, amendment + or extension if it finds that it provides sufficient appropriate safeguards. + - urn: urn:intuitem:risk:req_node:gdpr:40.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.6' + description: Where the draft code, or amendment or extension is approved in + accordance with paragraph 5, and where the code of conduct concerned does + not relate to processing activities in several Member States, the supervisory + authority shall register and publish the code. + - urn: urn:intuitem:risk:req_node:gdpr:40.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.7' + description: Where a draft code of conduct relates to processing activities + in several Member States, the supervisory authority which is competent pursuant + to Article 55 shall, before approving the draft code, amendment or extension, + submit it in the procedure referred to in Article 63 to the Board which shall + provide an opinion on whether the draft code, amendment or extension complies + with this Regulation or, in the situation referred to in paragraph 3 of this + Article, provides appropriate safeguards. + - urn: urn:intuitem:risk:req_node:gdpr:40.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.8' + description: Where the opinion referred to in paragraph 7 confirms that the + draft code, amendment or extension complies with this Regulation, or, in the + situation referred to in paragraph 3, provides appropriate safeguards, the + Board shall submit its opinion to the Commission. + - urn: urn:intuitem:risk:req_node:gdpr:40.9 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.9' + description: The Commission may, by way of implementing acts, decide that the + approved code of conduct, amendment or extension submitted to it pursuant + to paragraph 8 of this Article have general validity within the Union. Those + implementing acts shall be adopted in accordance with the examination procedure + set out in Article 93(2). + - urn: urn:intuitem:risk:req_node:gdpr:40.10 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.10' + description: The Commission shall ensure appropriate publicity for the approved + codes which have been decided as having general validity in accordance with + paragraph 9. + - urn: urn:intuitem:risk:req_node:gdpr:40.11 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-40 + ref_id: '40.11' + description: The Board shall collate all approved codes of conduct, amendments + and extensions in a register and shall make them publicly available by way + of appropriate means. + - urn: urn:intuitem:risk:req_node:gdpr:article-41 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node591 + ref_id: Article 41 + description: Monitoring of approved codes of conduct + - urn: urn:intuitem:risk:req_node:gdpr:41.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-41 + ref_id: '41.1' + description: Without prejudice to the tasks and powers of the competent supervisory + authority under Articles 57 and 58, the monitoring of compliance with a code + of conduct pursuant to Article 40 may be carried out by a body which has an + appropriate level of expertise in relation to the subject-matter of the code + and is accredited for that purpose by the competent supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:41.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-41 + ref_id: '41.2' + description: 'A body as referred to in paragraph 1 may be accredited to monitor + compliance with a code of conduct where that body has:' + - urn: urn:intuitem:risk:req_node:gdpr:41.2.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:41.2 + ref_id: 41.2.a + description: demonstrated its independence and expertise in relation to the + subject-matter of the code to the satisfaction of the competent supervisory + authority; + - urn: urn:intuitem:risk:req_node:gdpr:41.2.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:41.2 + ref_id: 41.2.b + description: established procedures which allow it to assess the eligibility + of controllers and processors concerned to apply the code, to monitor their + compliance with its provisions and to periodically review its operation; + - urn: urn:intuitem:risk:req_node:gdpr:41.2.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:41.2 + ref_id: 41.2.c + description: established procedures and structures to handle complaints about + infringements of the code or the manner in which the code has been, or is + being, implemented by a controller or processor, and to make those procedures + and structures transparent to data subjects and the public; and + - urn: urn:intuitem:risk:req_node:gdpr:41.2.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:41.2 + ref_id: 41.2.d + description: demonstrated to the satisfaction of the competent supervisory authority + that its tasks and duties do not result in a conflict of interests. + - urn: urn:intuitem:risk:req_node:gdpr:41.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-41 + ref_id: '41.3' + description: ' The competent supervisory authority shall submit the draft requirements + for accreditation of a body as referred to in paragraph 1 of this Article + to the Board pursuant to the consistency mechanism referred to in Article + 63.' + - urn: urn:intuitem:risk:req_node:gdpr:41.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-41 + ref_id: '41.4' + description: Without prejudice to the tasks and powers of the competent supervisory + authority and the provisions of Chapter VIII, a body as referred to in paragraph + 1 of this Article shall, subject to appropriate safeguards, take appropriate + action in cases of infringement of the code by a controller or processor, + including suspension or exclusion of the controller or processor concerned + from the code. It shall inform the competent supervisory authority of such + actions and the reasons for taking them. + - urn: urn:intuitem:risk:req_node:gdpr:41.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-41 + ref_id: '41.5' + description: The competent supervisory authority shall revoke the accreditation + of a body as referred to in paragraph 1 if the requirements for accreditation + are not, or are no longer, met or where actions taken by the body infringe + this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:41.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-41 + ref_id: '41.6' + description: This Article shall not apply to processing carried out by public + authorities and bodies. + - urn: urn:intuitem:risk:req_node:gdpr:article-42 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node591 + ref_id: Article 42 + description: Certification + - urn: urn:intuitem:risk:req_node:gdpr:42.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-42 + ref_id: '42.1' + description: The Member States, the supervisory authorities, the Board and the + Commission shall encourage, in particular at Union level, the establishment + of data protection certification mechanisms and of data protection seals and + marks, for the purpose of demonstrating compliance with this Regulation of + processing operations by controllers and processors. The specific needs of + micro, small and medium-sized enterprises shall be taken into account. + - urn: urn:intuitem:risk:req_node:gdpr:42.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-42 + ref_id: '42.2' + description: In addition to adherence by controllers or processors subject to + this Regulation, data protection certification mechanisms, seals or marks + approved pursuant to paragraph 5 of this Article may be established for the + purpose of demonstrating the existence of appropriate safeguards provided + by controllers or processors that are not subject to this Regulation pursuant + to Article 3 within the framework of personal data transfers to third countries + or international organisations under the terms referred to in point (f) of + Article 46(2). Such controllers or processors shall make binding and enforceable + commitments, via contractual or other legally binding instruments, to apply + those appropriate safeguards, including with regard to the rights of data + subjects. + - urn: urn:intuitem:risk:req_node:gdpr:42.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-42 + ref_id: '42.3' + description: The certification shall be voluntary and available via a process + that is transparent. + - urn: urn:intuitem:risk:req_node:gdpr:42.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-42 + ref_id: '42.4' + description: A certification pursuant to this Article does not reduce the responsibility + of the controller or the processor for compliance with this Regulation and + is without prejudice to the tasks and powers of the supervisory authorities + which are competent pursuant to Article 55 or 56. + - urn: urn:intuitem:risk:req_node:gdpr:42.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-42 + ref_id: '42.5' + description: A certification pursuant to this Article shall be issued by the + certification bodies referred to in Article 43 or by the competent supervisory + authority, on the basis of criteria approved by that competent supervisory + authority pursuant to Article 58(3) or by the Board pursuant to Article 63. + Where the criteria are approved by the Board, this may result in a common + certification, the European Data Protection Seal. + - urn: urn:intuitem:risk:req_node:gdpr:42.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-42 + ref_id: '42.6' + description: The controller or processor which submits its processing to the + certification mechanism shall provide the certification body referred to in + Article 43, or where applicable, the competent supervisory authority, with + all information and access to its processing activities which are necessary + to conduct the certification procedure. + - urn: urn:intuitem:risk:req_node:gdpr:42.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-42 + ref_id: '42.7' + description: Certification shall be issued to a controller or processor for + a maximum period of three years and may be renewed, under the same conditions, + provided that the relevant criteria continue to be met. Certification shall + be withdrawn, as applicable, by the certification bodies referred to in Article + 43 or by the competent supervisory authority where the criteria for the certification + are not or are no longer met. + - urn: urn:intuitem:risk:req_node:gdpr:42.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-42 + ref_id: '42.8' + description: ' The Board shall collate all certification mechanisms and data + protection seals and marks in a register and shall make them publicly available + by any appropriate means.' + - urn: urn:intuitem:risk:req_node:gdpr:article-43 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node591 + ref_id: Article 43 + description: Certification bodies + - urn: urn:intuitem:risk:req_node:gdpr:43.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.1' + description: 'Without prejudice to the tasks and powers of the competent supervisory + authority under Articles 57 and 58, certification bodies which have an appropriate + level of expertise in relation to data protection shall, after informing the + supervisory authority in order to allow it to exercise its powers pursuant + to point (h) of Article 58(2) where necessary, issue and renew certification. + Member States shall ensure that those certification bodies are accredited + by one or both of the following:' + - urn: urn:intuitem:risk:req_node:gdpr:43.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:43.1 + ref_id: 43.1.a + description: the supervisory authority which is competent pursuant to Article + 55 or 56; + - urn: urn:intuitem:risk:req_node:gdpr:43.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:43.1 + ref_id: 43.1.b + description: the national accreditation body named in accordance with Regulation + (EC) No 765/2008 of the European Parliament and of the Council ( 1 ) in accordance + with EN-ISO/IEC 17065/2012 and with the additional requirements established + by the supervisory authority which is competent pursuant to Article 55 or + 56. + - urn: urn:intuitem:risk:req_node:gdpr:43.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.2' + description: 'Certification bodies referred to in paragraph 1 shall be accredited + in accordance with that paragraph only where they have:' + - urn: urn:intuitem:risk:req_node:gdpr:43.2.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:43.2 + ref_id: 43.2.a + description: demonstrated their independence and expertise in relation to the + subject-matter of the certification to the satisfaction of the competent supervisory + authority; + - urn: urn:intuitem:risk:req_node:gdpr:43.2.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:43.2 + ref_id: 43.2.b + description: undertaken to respect the criteria referred to in Article 42(5) + and approved by the supervisory authority which is competent pursuant to Article + 55 or 56 or by the Board pursuant to Article 63; + - urn: urn:intuitem:risk:req_node:gdpr:43.2.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:43.2 + ref_id: 43.2.c + description: established procedures for the issuing, periodic review and withdrawal + of data protection certification, seals and marks; + - urn: urn:intuitem:risk:req_node:gdpr:43.2.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:43.2 + ref_id: 43.2.d + description: ' established procedures and structures to handle complaints about + infringements of the certification or the manner in which the certification + has been, or is being, implemented by the controller or processor, and to + make those procedures and structures transparent to data subjects and the + public; and' + - urn: urn:intuitem:risk:req_node:gdpr:43.2.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:43.2 + ref_id: 43.2.e + description: demonstrated, to the satisfaction of the competent supervisory + authority, that their tasks and duties do not result in a conflict of interests. + - urn: urn:intuitem:risk:req_node:gdpr:43.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.3' + description: The accreditation of certification bodies as referred to in paragraphs + 1 and 2 of this Article shall take place on the basis of requirements approved + by the supervisory authority which is competent pursuant to Article 55 or + 56 or by the Board pursuant to Article 63. In the case of accreditation pursuant + to point (b) of paragraph 1 of this Article, those requirements shall complement + those envisaged in Regulation (EC) No 765/2008 and the technical rules that + describe the methods and procedures of the certification bodies. + - urn: urn:intuitem:risk:req_node:gdpr:43.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.4' + description: The certification bodies referred to in paragraph 1 shall be responsible + for the proper assessment leading to the certification or the withdrawal of + such certification without prejudice to the responsibility of the controller + or processor for compliance with this Regulation. The accreditation shall + be issued for a maximum period of five years and may be renewed on the same + conditions provided that the certification body meets the requirements set + out in this Article. + - urn: urn:intuitem:risk:req_node:gdpr:43.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.5' + description: The certification bodies referred to in paragraph 1 shall provide + the competent supervisory authorities with the reasons for granting or withdrawing + the requested certification. + - urn: urn:intuitem:risk:req_node:gdpr:43.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.6' + description: The requirements referred to in paragraph 3 of this Article and + the criteria referred to in Article 42(5) shall be made public by the supervisory + authority in an easily accessible form. The supervisory authorities shall + also transmit those requirements and criteria to the Board. + - urn: urn:intuitem:risk:req_node:gdpr:43.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.7' + description: Without prejudice to Chapter VIII, the competent supervisory authority + or the national accreditation body shall revoke an accreditation of a certification + body pursuant to paragraph 1 of this Article where the conditions for the + accreditation are not, or are no longer, met or where actions taken by a certification + body infringe this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:43.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.8' + description: The Commission shall be empowered to adopt delegated acts in accordance + with Article 92 for the purpose of specifying the requirements to be taken + into account for the data protection certification mechanisms referred to + in Article 42(1). + - urn: urn:intuitem:risk:req_node:gdpr:43.9 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-43 + ref_id: '43.9' + description: The Commission may adopt implementing acts laying down technical + standards for certification mechanisms and data protection seals and marks, + and mechanisms to promote and recognise those certification mechanisms, seals + and marks. Those implementing acts shall be adopted in accordance with the + examination procedure referred to in Article 93(2). + - urn: urn:intuitem:risk:req_node:gdpr:chapter-v + assessable: false + depth: 1 + ref_id: CHAPTER V + description: Transfers of personal data to third countries or international + organisations + - urn: urn:intuitem:risk:req_node:gdpr:article-44 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-v + ref_id: Article 44 + description: General principle for transfers + - urn: urn:intuitem:risk:req_node:gdpr:node654 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-44 + description: Any transfer of personal data which are undergoing processing or + are intended for processing after transfer to a third country or to an international + organisation shall take place only if, subject to the other provisions of + this Regulation, the conditions laid down in this Chapter are complied with + by the controller and processor, including for onward transfers of personal + data from the third country or an international organisation to another third + country or to another international organisation. All provisions in this Chapter + shall be applied in order to ensure that the level of protection of natural + persons guaranteed by this Regulation is not undermined. + - urn: urn:intuitem:risk:req_node:gdpr:article-45 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-v + ref_id: Article 45 + description: Transfers on the basis of an adequacy decision + - urn: urn:intuitem:risk:req_node:gdpr:45.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.1' + description: A transfer of personal data to a third country or an international + organisation may take place where the Commission has decided that the third + country, a territory or one or more specified sectors within that third country, + or the international organisation in question ensures an adequate level of + protection. Such a transfer shall not require any specific authorisation. + annotation: "The European Commission has the power to determine, whether a country\ + \ outside the EU offers an adequate level of data protection.\nEuropean Commission\ + \ has so far recognised Andorra, Argentina, Canada (commercial organisations),\ + \ Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand,\ + \ Republic of Korea, Switzerland , the United Kingdom under the GDPR and the\ + \ LED, the United States (commercial organisations participating in the EU-US\ + \ Data Privacy Framework) and Uruguay as providing adequate protection.\n\ + https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en\ + \ \nHere is the link to the implementing act : https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914\n\ + The Court of Justice of the European Union in the case Schrems II, stated\ + \ that standard contractual clauses (SCCs) can generally be used for transferring\ + \ data to third countries. However, the CJEU emphasized that data exporters\ + \ and importers must assess whether the third country's legislation ensures\ + \ the required level of protection according to EU law and the SCCs' guarantees." + - urn: urn:intuitem:risk:req_node:gdpr:45.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.2' + description: 'When assessing the adequacy of the level of protection, the Commission + shall, in particular, take account of the following elements:' + - urn: urn:intuitem:risk:req_node:gdpr:45.2.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:45.2 + ref_id: 45.2.a + description: the rule of law, respect for human rights and fundamental freedoms, + relevant legislation, both general and sectoral, including concerning public + security, defence, national security and criminal law and the access of public + authorities to personal data, as well as the implementation of such legislation, + data protection rules, professional rules and security measures, including + rules for the onward transfer of personal data to another third country or + international organisation which are complied with in that country or international + organisation, case-law, as well as effective and enforceable data subject + rights and effective administrative and judicial redress for the data subjects + whose personal data are being transferred; + - urn: urn:intuitem:risk:req_node:gdpr:45.2.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:45.2 + ref_id: 45.2.b + description: the existence and effective functioning of one or more independent + supervisory authorities in the third country or to which an international + organisation is subject, with responsibility for ensuring and enforcing compliance + with the data protection rules, including adequate enforcement powers, for + assisting and advising the data subjects in exercising their rights and for + cooperation with the supervisory authorities of the Member States; and + - urn: urn:intuitem:risk:req_node:gdpr:45.2.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:45.2 + ref_id: 45.2.c + description: the international commitments the third country or international + organisation concerned has entered into, or other obligations arising from + legally binding conventions or instruments as well as from its participation + in multilateral or regional systems, in particular in relation to the protection + of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:45.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.3' + description: ' The Commission, after assessing the adequacy of the level of + protection, may decide, by means of implementing act, that a third country, + a territory or one or more specified sectors within a third country, or an + international organisation ensures an adequate level of protection within + the meaning of paragraph 2 of this Article. The implementing act shall provide + for a mechanism for a periodic review, at least every four years, which shall + take into account all relevant developments in the third country or international + organisation. The implementing act shall specify its territorial and sectoral + application and, where applicable, identify the supervisory authority or authorities + referred to in point (b) of paragraph 2 of this Article. The implementing + act shall be adopted in accordance with the examination procedure referred + to in Article 93(2).' + - urn: urn:intuitem:risk:req_node:gdpr:45.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.4' + description: The Commission shall, on an ongoing basis, monitor developments + in third countries and international organisations that could affect the functioning + of decisions adopted pursuant to paragraph 3 of this Article and decisions + adopted on the basis of Article 25(6) of Directive 95/46/EC. + - urn: urn:intuitem:risk:req_node:gdpr:45.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.5' + description: The Commission shall, where available information reveals, in particular + following the review referred to in paragraph 3 of this Article, that a third + country, a territory or one or more specified sectors within a third country, + or an international organisation no longer ensures an adequate level of protection + within the meaning of paragraph 2 of this Article, to the extent necessary, + repeal, amend or suspend the decision referred to in paragraph 3 of this Article + by means of implementing acts without retro-active effect. Those implementing + acts shall be adopted in accordance with the examination procedure referred + to in Article 93(2). + - urn: urn:intuitem:risk:req_node:gdpr:node664 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + description: On duly justified imperative grounds of urgency, the Commission + shall adopt immediately applicable implementing acts in accordance with the + procedure referred to in Article 93(3). + - urn: urn:intuitem:risk:req_node:gdpr:45.6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.6' + description: The Commission shall enter into consultations with the third country + or international organisation with a view to remedying the situation giving + rise to the decision made pursuant to paragraph 5. + - urn: urn:intuitem:risk:req_node:gdpr:45.7 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.7' + description: A decision pursuant to paragraph 5 of this Article is without prejudice + to transfers of personal data to the third country, a territory or one or + more specified sectors within that third country, or the international organisation + in question pursuant to Articles 46 to 49. + - urn: urn:intuitem:risk:req_node:gdpr:45.8 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.8' + description: The Commission shall publish in the Official Journal of the European + Union and on its website a list of the third countries, territories and specified + sectors within a third country and international organisations for which it + has decided that an adequate level of protection is or is no longer ensured. + - urn: urn:intuitem:risk:req_node:gdpr:45.9 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-45 + ref_id: '45.9' + description: Decisions adopted by the Commission on the basis of Article 25(6) + of Directive 95/46/EC shall remain in force until amended, replaced or repealed + by a Commission Decision adopted in accordance with paragraph 3 or 5 of this + Article. + - urn: urn:intuitem:risk:req_node:gdpr:article-46 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-v + ref_id: Article 46 + description: Transfers subject to appropriate safeguards + - urn: urn:intuitem:risk:req_node:gdpr:46.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-46 + ref_id: '46.1' + description: In the absence of a decision pursuant to Article 45(3), a controller + or processor may transfer personal data to a third country or an international + organisation only if the controller or processor has provided appropriate + safeguards, and on condition that enforceable data subject rights and effective + legal remedies for data subjects are available. + annotation: The Court of Justice of the European Union in the case Schrems II, + stated that standard contractual clauses (SCCs) can generally be used for + transferring data to third countries. However, the CJEU emphasized that data + exporters and importers must assess whether the third country's legislation + ensures the required level of protection according to EU law and the SCCs' + guarantees. + - urn: urn:intuitem:risk:req_node:gdpr:46.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-46 + ref_id: '46.2' + description: ' The appropriate safeguards referred to in paragraph 1 may be + provided for, without requiring any specific authorisation from a supervisory + authority, by:' + - urn: urn:intuitem:risk:req_node:gdpr:46.2.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:46.2 + ref_id: 46.2.a + description: ' a legally binding and enforceable instrument between public authorities + or bodies;' + - urn: urn:intuitem:risk:req_node:gdpr:46.2.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:46.2 + ref_id: 46.2.b + description: ' binding corporate rules in accordance with Article 47;' + - urn: urn:intuitem:risk:req_node:gdpr:46.2.c + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:46.2 + ref_id: 46.2.c + description: standard data protection clauses adopted by the Commission in accordance + with the examination procedure referred to in Article 93(2); + - urn: urn:intuitem:risk:req_node:gdpr:46.2.d + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:46.2 + ref_id: 46.2.d + description: standard data protection clauses adopted by a supervisory authority + and approved by the Commission pursuant to the examination procedure referred + to in Article 93(2); + - urn: urn:intuitem:risk:req_node:gdpr:46.2.e + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:46.2 + ref_id: 46.2.e + description: an approved code of conduct pursuant to Article 40 together with + binding and enforceable commitments of the controller or processor in the + third country to apply the appropriate safeguards, including as regards data + subjects' rights; or + - urn: urn:intuitem:risk:req_node:gdpr:46.2.f + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:46.2 + ref_id: 46.2.f + description: ' an approved certification mechanism pursuant to Article 42 together + with binding and enforceable commitments of the controller or processor in + the third country to apply the appropriate safeguards, including as regards + data subjects'' rights.' + - urn: urn:intuitem:risk:req_node:gdpr:46.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-46 + ref_id: '46.3' + description: 'Subject to the authorisation from the competent supervisory authority, + the appropriate safeguards referred to in paragraph 1 may also be provided + for, in particular, by:' + - urn: urn:intuitem:risk:req_node:gdpr:46.3.a + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:46.3 + ref_id: 46.3.a + description: contractual clauses between the controller or processor and the + controller, processor or the recipient of the personal data in the third country + or international organisation; or + - urn: urn:intuitem:risk:req_node:gdpr:46.3.b + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:46.3 + ref_id: 46.3.b + description: provisions to be inserted into administrative arrangements between + public authorities or bodies which include enforceable and effective data + subject rights. + - urn: urn:intuitem:risk:req_node:gdpr:46.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-46 + ref_id: '46.4' + description: The supervisory authority shall apply the consistency mechanism + referred to in Article 63 in the cases referred to in paragraph 3 of this + Article. + - urn: urn:intuitem:risk:req_node:gdpr:46.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-46 + ref_id: '46.5' + description: Authorisations by a Member State or supervisory authority on the + basis of Article 26(2) of Directive 95/46/EC shall remain valid until amended, + replaced or repealed, if necessary, by that supervisory authority. Decisions + adopted by the Commission on the basis of Article 26(4) of Directive 95/46/EC + shall remain in force until amended, replaced or repealed, if necessary, by + a Commission Decision adopted in accordance with paragraph 2 of this Article. + - urn: urn:intuitem:risk:req_node:gdpr:article-47 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-v + ref_id: Article 47 + description: Binding corporate rules + - urn: urn:intuitem:risk:req_node:gdpr:47.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-47 + ref_id: '47.1' + description: 'The competent supervisory authority shall approve binding corporate + rules in accordance with the consistency mechanism set out in Article 63, + provided that they:' + - urn: urn:intuitem:risk:req_node:gdpr:47.1.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.1 + ref_id: 47.1.a + description: are legally binding and apply to and are enforced by every member + concerned of the group of undertakings, or group of enterprises engaged in + a joint economic activity, including their employees; + - urn: urn:intuitem:risk:req_node:gdpr:47.1.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.1 + ref_id: 47.1.b + description: expressly confer enforceable rights on data subjects with regard + to the processing of their personal data; and + - urn: urn:intuitem:risk:req_node:gdpr:47.1.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.1 + ref_id: 47.1.c + description: fulfil the requirements laid down in paragraph 2. + - urn: urn:intuitem:risk:req_node:gdpr:47.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-47 + ref_id: '47.2' + description: 'The binding corporate rules referred to in paragraph 1 shall specify + at least:' + - urn: urn:intuitem:risk:req_node:gdpr:47.2.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.a + description: the structure and contact details of the group of undertakings, + or group of enterprises engaged in a joint economic activity and of each of + its members; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.b + description: the data transfers or set of transfers, including the categories + of personal data, the type of processing and its purposes, the type of data + subjects affected and the identification of the third country or countries + in question; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.c + description: their legally binding nature, both internally and externally; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.d + description: the application of the general data protection principles, in particular + purpose limitation, data minimisation, limited storage periods, data quality, + data protection by design and by default, legal basis for processing, processing + of special categories of personal data, measures to ensure data security, + and the requirements in respect of onward transfers to bodies not bound by + the binding corporate rules; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.e + description: the rights of data subjects in regard to processing and the means + to exercise those rights, including the right not to be subject to decisions + based solely on automated processing, including profiling in accordance with + Article 22, the right to lodge a complaint with the competent supervisory + authority and before the competent courts of the Member States in accordance + with Article 79, and to obtain redress and, where appropriate, compensation + for a breach of the binding corporate rules; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.f + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.f + description: the acceptance by the controller or processor established on the + territory of a Member State of liability for any breaches of the binding corporate + rules by any member concerned not established in the Union; the controller + or the processor shall be exempt from that liability, in whole or in part, + only if it proves that that member is not responsible for the event giving + rise to the damage; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.g + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.g + description: how the information on the binding corporate rules, in particular + on the provisions referred to in points (d), (e) and (f) of this paragraph + is provided to the data subjects in addition to Articles 13 and 14; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.h + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.h + description: ' the tasks of any data protection officer designated in accordance + with Article 37 or any other person or entity in charge of the monitoring + compliance with the binding corporate rules within the group of undertakings, + or group of enterprises engaged in a joint economic activity, as well as monitoring + training and complaint-handling;' + - urn: urn:intuitem:risk:req_node:gdpr:47.2.i + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.i + description: the complaint procedures; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.j + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.j + description: the mechanisms within the group of undertakings, or group of enterprises + engaged in a joint economic activity for ensuring the verification of compliance + with the binding corporate rules. Such mechanisms shall include data protection + audits and methods for ensuring corrective actions to protect the rights of + the data subject. Results of such verification should be communicated to the + person or entity referred to in point (h) and to the board of the controlling + undertaking of a group of undertakings, or of the group of enterprises engaged + in a joint economic activity, and should be available upon request to the + competent supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.k + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.k + description: the mechanisms for reporting and recording changes to the rules + and reporting those changes to the supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:47.2.l + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.l + description: ' the cooperation mechanism with the supervisory authority to ensure + compliance by any member of the group of undertakings, or group of enterprises + engaged in a joint economic activity, in particular by making available to + the supervisory authority the results of verifications of the measures referred + to in point (j);' + - urn: urn:intuitem:risk:req_node:gdpr:47.2.m + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.m + description: the mechanisms for reporting to the competent supervisory authority + any legal requirements to which a member of the group of undertakings, or + group of enterprises engaged in a joint economic activity is subject in a + third country which are likely to have a substantial adverse effect on the + guarantees provided by the binding corporate rules; and + - urn: urn:intuitem:risk:req_node:gdpr:47.2.n + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:47.2 + ref_id: 47.2.n + description: he appropriate data protection training to personnel having permanent + or regular access to personal data. + - urn: urn:intuitem:risk:req_node:gdpr:47.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-47 + ref_id: '47.3' + description: The Commission may specify the format and procedures for the exchange + of information between controllers, processors and supervisory authorities + for binding corporate rules within the meaning of this Article. Those implementing + acts shall be adopted in accordance with the examination procedure set out + in Article 93(2). + - urn: urn:intuitem:risk:req_node:gdpr:article-48 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-v + ref_id: Article 48 + description: Transfers or disclosures not authorised by Union law + - urn: urn:intuitem:risk:req_node:gdpr:node705 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-48 + description: Any judgment of a court or tribunal and any decision of an administrative + authority of a third country requiring a controller or processor to transfer + or disclose personal data may only be recognised or enforceable in any manner + if based on an international agreement, such as a mutual legal assistance + treaty, in force between the requesting third country and the Union or a Member + State, without prejudice to other grounds for transfer pursuant to this Chapter. + - urn: urn:intuitem:risk:req_node:gdpr:article-49 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-v + ref_id: Article 49 + description: Derogations for specific situations + - urn: urn:intuitem:risk:req_node:gdpr:49.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-49 + ref_id: '49.1' + description: ' In the absence of an adequacy decision pursuant to Article 45(3), + or of appropriate safeguards pursuant to Article 46, including binding corporate + rules, a transfer or a set of transfers of personal data to a third country + or an international organisation shall take place only on one of the following + conditions:' + - urn: urn:intuitem:risk:req_node:gdpr:49.1.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:49.1 + ref_id: 49.1.a + description: the data subject has explicitly consented to the proposed transfer, + after having been informed of the possible risks of such transfers for the + data subject due to the absence of an adequacy decision and appropriate safeguards; + - urn: urn:intuitem:risk:req_node:gdpr:49.1.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:49.1 + ref_id: 49.1.b + description: the transfer is necessary for the performance of a contract between + the data subject and the controller or the implementation of pre-contractual + measures taken at the data subject's request; + - urn: urn:intuitem:risk:req_node:gdpr:49.1.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:49.1 + ref_id: 49.1.c + description: the transfer is necessary for the conclusion or performance of + a contract concluded in the interest of the data subject between the controller + and another natural or legal person; + - urn: urn:intuitem:risk:req_node:gdpr:49.1.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:49.1 + ref_id: 49.1.d + description: the transfer is necessary for important reasons of public interest; + - urn: urn:intuitem:risk:req_node:gdpr:49.1.e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:49.1 + ref_id: 49.1.e + description: the transfer is necessary for the establishment, exercise or defence + of legal claims; + - urn: urn:intuitem:risk:req_node:gdpr:49.1.f + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:49.1 + ref_id: 49.1.f + description: the transfer is necessary in order to protect the vital interests + of the data subject or of other persons, where the data subject is physically + or legally incapable of giving consent; + - urn: urn:intuitem:risk:req_node:gdpr:49.1.g + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:49.1 + ref_id: 49.1.g + description: the transfer is made from a register which according to Union or + Member State law is intended to provide information to the public and which + is open to consultation either by the public in general or by any person who + can demonstrate a legitimate interest, but only to the extent that the conditions + laid down by Union or Member State law for consultation are fulfilled in the + particular case. + - urn: urn:intuitem:risk:req_node:gdpr:node715 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-49 + description: Where a transfer could not be based on a provision in Article 45 + or 46, including the provisions on binding corporate rules, and none of the + derogations for a specific situation referred to in the first subparagraph + of this paragraph is applicable, a transfer to a third country or an international + organisation may take place only if the transfer is not repetitive, concerns + only a limited number of data subjects, is necessary for the purposes of compelling + legitimate interests pursued by the controller which are not overridden by + the interests or rights and freedoms of the data subject, and the controller + has assessed all the circumstances surrounding the data transfer and has on + the basis of that assessment provided suitable safeguards with regard to the + protection of personal data. The controller shall inform the supervisory authority + of the transfer. The controller shall, in addition to providing the information + referred to in Articles 13 and 14, inform the data subject of the transfer + and on the compelling legitimate interests pursued. + - urn: urn:intuitem:risk:req_node:gdpr:49.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-49 + ref_id: '49.2' + description: A transfer pursuant to point (g) of the first subparagraph of paragraph + 1 shall not involve the entirety of the personal data or entire categories + of the personal data contained in the register. Where the register is intended + for consultation by persons having a legitimate interest, the transfer shall + be made only at the request of those persons or if they are to be the recipients. + - urn: urn:intuitem:risk:req_node:gdpr:49.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-49 + ref_id: '49.3' + description: Points (a), (b) and (c) of the first subparagraph of paragraph + 1 and the second subparagraph thereof shall not apply to activities carried + out by public authorities in the exercise of their public powers. + - urn: urn:intuitem:risk:req_node:gdpr:49.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-49 + ref_id: '49.4' + description: The public interest referred to in point (d) of the first subparagraph + of paragraph 1 shall be recognised in Union law or in the law of the Member + State to which the controller is subject. + - urn: urn:intuitem:risk:req_node:gdpr:49.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-49 + ref_id: '49.5' + description: In the absence of an adequacy decision, Union or Member State law + may, for important reasons of public interest, expressly set limits to the + transfer of specific categories of personal data to a third country or an + international organisation. Member States shall notify such provisions to + the Commission. + - urn: urn:intuitem:risk:req_node:gdpr:49.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-49 + ref_id: '49.6' + description: The controller or processor shall document the assessment as well + as the suitable safeguards referred to in the second subparagraph of paragraph + 1 of this Article in the records referred to in Article 30. + - urn: urn:intuitem:risk:req_node:gdpr:article-50 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-v + ref_id: Article 50 + description: International cooperation for the protection of personal data + - urn: urn:intuitem:risk:req_node:gdpr:node722 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-50 + description: 'In relation to third countries and international organisations, + the Commission and supervisory authorities shall take appropriate steps to:' + - urn: urn:intuitem:risk:req_node:gdpr:50.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node722 + ref_id: 50.a + description: develop international cooperation mechanisms to facilitate the + effective enforcement of legislation for the protection of personal data; + - urn: urn:intuitem:risk:req_node:gdpr:50.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node722 + ref_id: 50.b + description: provide international mutual assistance in the enforcement of legislation + for the protection of personal data, including through notification, complaint + referral, investigative assistance and information exchange, subject to appropriate + safeguards for the protection of personal data and other fundamental rights + and freedoms; + - urn: urn:intuitem:risk:req_node:gdpr:50.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node722 + ref_id: 50.c + description: engage relevant stakeholders in discussion and activities aimed + at furthering international cooperation in the enforcement of legislation + for the protection of personal data; + - urn: urn:intuitem:risk:req_node:gdpr:50.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:node722 + ref_id: 50.d + description: promote the exchange and documentation of personal data protection + legislation and practice, including on jurisdictional conflicts with third + countries. + - urn: urn:intuitem:risk:req_node:gdpr:chapter-vi + assessable: false + depth: 1 + ref_id: CHAPTER VI + description: Independent supervisory authorities + - urn: urn:intuitem:risk:req_node:gdpr:node728 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-vi + name: Section 1 + description: Independent status + - urn: urn:intuitem:risk:req_node:gdpr:article-51 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node728 + ref_id: Article 51 + description: Supervisory authority + - urn: urn:intuitem:risk:req_node:gdpr:51.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-51 + ref_id: '51.1' + description: "Each Member State shall provide for one or more independent public\ + \ authorities to be responsible for monitoring the application of this Regulation,\ + \ in order to protect the fundamental rights and freedoms of natural persons\ + \ in relation to processing and to facilitate the free flow of personal data\ + \ within the Union (\u2018supervisory authority\u2019)." + - urn: urn:intuitem:risk:req_node:gdpr:51.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-51 + ref_id: '51.2' + description: Each supervisory authority shall contribute to the consistent application + of this Regulation throughout the Union. For that purpose, the supervisory + authorities shall cooperate with each other and the Commission in accordance + with Chapter VII. + - urn: urn:intuitem:risk:req_node:gdpr:51.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-51 + ref_id: '51.3' + description: Where more than one supervisory authority is established in a Member + State, that Member State shall designate the supervisory authority which is + to represent those authorities in the Board and shall set out the mechanism + to ensure compliance by the other authorities with the rules relating to the + consistency mechanism referred to in Article 63. + - urn: urn:intuitem:risk:req_node:gdpr:51.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-51 + ref_id: '51.4' + description: Each Member State shall notify to the Commission the provisions + of its law which it adopts pursuant to this Chapter, by 25 May 2018 and, without + delay, any subsequent amendment affecting them. + - urn: urn:intuitem:risk:req_node:gdpr:article-52 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node728 + ref_id: Article 52 + description: Independence + - urn: urn:intuitem:risk:req_node:gdpr:52.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-52 + ref_id: '52.1' + description: Each supervisory authority shall act with complete independence + in performing its tasks and exercising its powers in accordance with this + Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:52.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-52 + ref_id: '52.2' + description: The member or members of each supervisory authority shall, in the + performance of their tasks and exercise of their powers in accordance with + this Regulation, remain free from external influence, whether direct or indirect, + and shall neither seek nor take instructions from anybody. + - urn: urn:intuitem:risk:req_node:gdpr:52.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-52 + ref_id: '52.3' + description: Member or members of each supervisory authority shall refrain from + any action incompatible with their duties and shall not, during their term + of office, engage in any incompatible occupation, whether gainful or not. + - urn: urn:intuitem:risk:req_node:gdpr:52.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-52 + ref_id: '52.4' + description: Each Member State shall ensure that each supervisory authority + is provided with the human, technical and financial resources, premises and + infrastructure necessary for the effective performance of its tasks and exercise + of its powers, including those to be carried out in the context of mutual + assistance, cooperation and participation in the Board. + - urn: urn:intuitem:risk:req_node:gdpr:52.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-52 + ref_id: '52.5' + description: Each Member State shall ensure that each supervisory authority + chooses and has its own staff which shall be subject to the exclusive direction + of the member or members of the supervisory authority concerned. + - urn: urn:intuitem:risk:req_node:gdpr:52.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-52 + ref_id: '52.6' + description: Each Member State shall ensure that each supervisory authority + is subject to financial control which does not affect its independence and + that it has separate, public annual budgets, which may be part of the overall + state or national budget. + - urn: urn:intuitem:risk:req_node:gdpr:article-53 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node728 + ref_id: Article 53 + description: General conditions for the members of the supervisory authority + - urn: urn:intuitem:risk:req_node:gdpr:53.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-53 + ref_id: '53.1' + description: 'Member States shall provide for each member of their supervisory + authorities to be appointed by means of a transparent procedure by:' + - urn: urn:intuitem:risk:req_node:gdpr:node743 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-53 + description: "\u2014 their parliament;" + - urn: urn:intuitem:risk:req_node:gdpr:node744 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-53 + description: "\u2014 their government;" + - urn: urn:intuitem:risk:req_node:gdpr:node745 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-53 + description: "\u2014 their head of State; or" + - urn: urn:intuitem:risk:req_node:gdpr:node746 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-53 + description: "\u2014 an independent body entrusted with the appointment under\ + \ Member State law." + - urn: urn:intuitem:risk:req_node:gdpr:53.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-53 + ref_id: '53.2' + description: Each member shall have the qualifications, experience and skills, + in particular in the area of the protection of personal data, required to + perform its duties and exercise its powers. + - urn: urn:intuitem:risk:req_node:gdpr:53.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-53 + ref_id: '53.3' + description: The duties of a member shall end in the event of the expiry of + the term of office, resignation or compulsory retirement, in accordance with + the law of the Member State concerned. + - urn: urn:intuitem:risk:req_node:gdpr:53.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-53 + ref_id: '53.4' + description: A member shall be dismissed only in cases of serious misconduct + or if the member no longer fulfils the conditions required for the performance + of the duties. + - urn: urn:intuitem:risk:req_node:gdpr:article-54 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node728 + ref_id: Article 54 + description: Rules on the establishment of the supervisory authority + - urn: urn:intuitem:risk:req_node:gdpr:54.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-54 + ref_id: '54.1' + description: 'Each Member State shall provide by law for all of the following:' + - urn: urn:intuitem:risk:req_node:gdpr:54.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:54.1 + ref_id: 54.1.a + description: the establishment of each supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:54.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:54.1 + ref_id: 54.1.b + description: the qualifications and eligibility conditions required to be appointed + as member of each supervisory authority; + - urn: urn:intuitem:risk:req_node:gdpr:54.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:54.1 + ref_id: 54.1.c + description: ' the rules and procedures for the appointment of the member or + members of each supervisory authority;' + - urn: urn:intuitem:risk:req_node:gdpr:54.1.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:54.1 + ref_id: 54.1.d + description: the duration of the term of the member or members of each supervisory + authority of no less than four years, except for the first appointment after + 24 May 2016, part of which may take place for a shorter period where that + is necessary to protect the independence of the supervisory authority by means + of a staggered appointment procedure; + - urn: urn:intuitem:risk:req_node:gdpr:54.1.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:54.1 + ref_id: 54.1.e + description: whether and, if so, for how many terms the member or members of + each supervisory authority is eligible for reappointment; + - urn: urn:intuitem:risk:req_node:gdpr:54.1.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:54.1 + ref_id: 54.1.f + description: the conditions governing the obligations of the member or members + and staff of each supervisory authority, prohibitions on actions, occupations + and benefits incompatible therewith during and after the term of office and + rules governing the cessation of employment. + - urn: urn:intuitem:risk:req_node:gdpr:54.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-54 + ref_id: '54.2' + description: The member or members and the staff of each supervisory authority + shall, in accordance with Union or Member State law, be subject to a duty + of professional secrecy both during and after their term of office, with regard + to any confidential information which has come to their knowledge in the course + of the performance of their tasks or exercise of their powers. During their + term of office, that duty of professional secrecy shall in particular apply + to reporting by natural persons of infringements of this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:node759 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-vi + name: Section 2 + description: Competence, tasks and powers + - urn: urn:intuitem:risk:req_node:gdpr:article-55 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node759 + ref_id: Article 55 + description: Competence + - urn: urn:intuitem:risk:req_node:gdpr:55.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-55 + ref_id: '55.1' + description: Each supervisory authority shall be competent for the performance + of the tasks assigned to and the exercise of the powers conferred on it in + accordance with this Regulation on the territory of its own Member State. + - urn: urn:intuitem:risk:req_node:gdpr:55.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-55 + ref_id: '55.2' + description: Where processing is carried out by public authorities or private + bodies acting on the basis of point (c) or (e) of Article 6(1), the supervisory + authority of the Member State concerned shall be competent. In such cases + Article 56 does not apply. + - urn: urn:intuitem:risk:req_node:gdpr:55.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-55 + ref_id: '55.3' + description: Supervisory authorities shall not be competent to supervise processing + operations of courts acting in their judicial capacity. + - urn: urn:intuitem:risk:req_node:gdpr:article-56 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node759 + ref_id: Article 56 + description: Competence of the lead supervisory authority + - urn: urn:intuitem:risk:req_node:gdpr:56.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-56 + ref_id: '56.1' + description: Without prejudice to Article 55, the supervisory authority of the + main establishment or of the single establishment of the controller or processor + shall be competent to act as lead supervisory authority for the cross-border + processing carried out by that controller or processor in accordance with + the procedure provided in Article 60. + - urn: urn:intuitem:risk:req_node:gdpr:56.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-56 + ref_id: '56.2' + description: By derogation from paragraph 1, each supervisory authority shall + be competent to handle a complaint lodged with it or a possible infringement + of this Regulation, if the subject matter relates only to an establishment + in its Member State or substantially affects data subjects only in its Member + State. + - urn: urn:intuitem:risk:req_node:gdpr:56.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-56 + ref_id: '56.3' + description: In the cases referred to in paragraph 2 of this Article, the supervisory + authority shall inform the lead supervisory authority without delay on that + matter. Within a period of three weeks after being informed the lead supervisory + authority shall decide whether or not it will handle the case in accordance + with the procedure provided in Article 60, taking into account whether or + not there is an establishment of the controller or processor in the Member + State of which the supervisory authority informed it. + - urn: urn:intuitem:risk:req_node:gdpr:56.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-56 + ref_id: '56.4' + description: Where the lead supervisory authority decides to handle the case, + the procedure provided in Article 60 shall apply. The supervisory authority + which informed the lead supervisory authority may submit to the lead supervisory + authority a draft for a decision. The lead supervisory authority shall take + utmost account of that draft when preparing the draft decision referred to + in Article 60(3). + - urn: urn:intuitem:risk:req_node:gdpr:56.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-56 + ref_id: '56.5' + description: Where the lead supervisory authority decides not to handle the + case, the supervisory authority which informed the lead supervisory authority + shall handle it according to Articles 61 and 62. + - urn: urn:intuitem:risk:req_node:gdpr:56.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-56 + ref_id: '56.6' + description: The lead supervisory authority shall be the sole interlocutor of + the controller or processor for the cross-border processing carried out by + that controller or processor. + - urn: urn:intuitem:risk:req_node:gdpr:article-57 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node759 + ref_id: Article 57 + description: Tasks + - urn: urn:intuitem:risk:req_node:gdpr:57.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-57 + ref_id: '57.1' + description: 'Without prejudice to other tasks set out under this Regulation, + each supervisory authority shall on its territory:' + - urn: urn:intuitem:risk:req_node:gdpr:57.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.a + description: monitor and enforce the application of this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.b + description: promote public awareness and understanding of the risks, rules, + safeguards and rights in relation to processing. Activities addressed specifically + to children shall receive specific attention; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.c + description: ' advise, in accordance with Member State law, the national parliament, + the government, and other institutions and bodies on legislative and administrative + measures relating to the protection of natural persons'' rights and freedoms + with regard to processing;' + - urn: urn:intuitem:risk:req_node:gdpr:57.1.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.d + description: promote the awareness of controllers and processors of their obligations + under this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.e + description: upon request, provide information to any data subject concerning + the exercise of their rights under this Regulation and, if appropriate, cooperate + with the supervisory authorities in other Member States to that end; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.f + description: handle complaints lodged by a data subject, or by a body, organisation + or association in accordance with Article 80, and investigate, to the extent + appropriate, the subject matter of the complaint and inform the complainant + of the progress and the outcome of the investigation within a reasonable period, + in particular if further investigation or coordination with another supervisory + authority is necessary; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.g + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.g + description: ' cooperate with, including sharing information and provide mutual + assistance to, other supervisory authorities with a view to ensuring the consistency + of application and enforcement of this Regulation;' + - urn: urn:intuitem:risk:req_node:gdpr:57.1.h + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.h + description: conduct investigations on the application of this Regulation, including + on the basis of information received from another supervisory authority or + other public authority; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.i + description: monitor relevant developments, insofar as they have an impact on + the protection of personal data, in particular the development of information + and communication technologies and commercial practices; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.j + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.j + description: adopt standard contractual clauses referred to in Article 28(8) + and in point (d) of Article 46(2); + - urn: urn:intuitem:risk:req_node:gdpr:57.1.k + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.k + description: establish and maintain a list in relation to the requirement for + data protection impact assessment pursuant to Article 35(4); + - urn: urn:intuitem:risk:req_node:gdpr:57.1.l + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.l + description: ' give advice on the processing operations referred to in Article + 36(2);' + - urn: urn:intuitem:risk:req_node:gdpr:57.1.m + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.m + description: encourage the drawing up of codes of conduct pursuant to Article + 40(1) and provide an opinion and approve such codes of conduct which provide + sufficient safeguards, pursuant to Article 40(5); + - urn: urn:intuitem:risk:req_node:gdpr:57.1.n + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.n + description: encourage the establishment of data protection certification mechanisms + and of data protection seals and marks pursuant to Article 42(1), and approve + the criteria of certification pursuant to Article 42(5); + - urn: urn:intuitem:risk:req_node:gdpr:57.1.o + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.o + description: where applicable, carry out a periodic review of certifications + issued in accordance with Article 42(7); + - urn: urn:intuitem:risk:req_node:gdpr:57.1.p + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.p + description: draft and publish the requirements for accreditation of a body + for monitoring codes of conduct pursuant to Article 41 and of a certification + body pursuant to Article 43; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.q + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.q + description: conduct the accreditation of a body for monitoring codes of conduct + pursuant to Article 41 and of a certification body pursuant to Article 43; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.r + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.r + description: ' authorise contractual clauses and provisions referred to in Article + 46(3);' + - urn: urn:intuitem:risk:req_node:gdpr:57.1.s + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.s + description: approve binding corporate rules pursuant to Article 47; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.t + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.t + description: contribute to the activities of the Board; + - urn: urn:intuitem:risk:req_node:gdpr:57.1.u + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.u + description: keep internal records of infringements of this Regulation and of + measures taken in accordance with Article 58(2); and + - urn: urn:intuitem:risk:req_node:gdpr:57.1.v + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:57.1 + ref_id: 57.1.v + description: fulfil any other tasks related to the protection of personal data. + - urn: urn:intuitem:risk:req_node:gdpr:57.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-57 + ref_id: '57.2' + description: Each supervisory authority shall facilitate the submission of complaints + referred to in point (f) of paragraph 1 by measures such as a complaint submission + form which can also be completed electronically, without excluding other means + of communication. + - urn: urn:intuitem:risk:req_node:gdpr:57.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-57 + ref_id: '57.3' + description: The performance of the tasks of each supervisory authority shall + be free of charge for the data subject and, where applicable, for the data + protection officer. + - urn: urn:intuitem:risk:req_node:gdpr:57.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-57 + ref_id: '57.4' + description: Where requests are manifestly unfounded or excessive, in particular + because of their repetitive character, the supervisory authority may charge + a reasonable fee based on administrative costs, or refuse to act on the request. + The supervisory authority shall bear the burden of demonstrating the manifestly + unfounded or excessive character of the request. + - urn: urn:intuitem:risk:req_node:gdpr:article-58 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node759 + ref_id: Article 58 + description: Powers + - urn: urn:intuitem:risk:req_node:gdpr:58.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-58 + ref_id: '58.1' + description: 'Each supervisory authority shall have all of the following investigative + powers:' + - urn: urn:intuitem:risk:req_node:gdpr:58.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.1 + ref_id: 58.1.a + description: to order the controller and the processor, and, where applicable, + the controller's or the processor's representative to provide any information + it requires for the performance of its tasks; + - urn: urn:intuitem:risk:req_node:gdpr:58.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.1 + ref_id: 58.1.b + description: to carry out investigations in the form of data protection audits; + - urn: urn:intuitem:risk:req_node:gdpr:58.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.1 + ref_id: 58.1.c + description: ' to carry out a review on certifications issued pursuant to Article + 42(7);' + - urn: urn:intuitem:risk:req_node:gdpr:58.1.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.1 + ref_id: 58.1.d + description: to notify the controller or the processor of an alleged infringement + of this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:58.1.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.1 + ref_id: 58.1.e + description: ' to obtain, from the controller and the processor, access to all + personal data and to all information necessary for the performance of its + tasks;' + - urn: urn:intuitem:risk:req_node:gdpr:58.1.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.1 + ref_id: 58.1.f + description: to obtain access to any premises of the controller and the processor, + including to any data processing equipment and means, in accordance with Union + or Member State procedural law. + - urn: urn:intuitem:risk:req_node:gdpr:58.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-58 + ref_id: '58.2' + description: 'Each supervisory authority shall have all of the following corrective + powers:' + - urn: urn:intuitem:risk:req_node:gdpr:58.2.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.a + description: to issue warnings to a controller or processor that intended processing + operations are likely to infringe provisions of this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:58.2.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.b + description: to issue reprimands to a controller or a processor where processing + operations have infringed provisions of this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:58.2.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.c + description: to order the controller or the processor to comply with the data + subject's requests to exercise his or her rights pursuant to this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:58.2.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.d + description: to order the controller or processor to bring processing operations + into compliance with the provisions of this Regulation, where appropriate, + in a specified manner and within a specified period; + - urn: urn:intuitem:risk:req_node:gdpr:58.2.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.e + description: to order the controller to communicate a personal data breach to + the data subject; + - urn: urn:intuitem:risk:req_node:gdpr:58.2.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.f + description: to impose a temporary or definitive limitation including a ban + on processing; + - urn: urn:intuitem:risk:req_node:gdpr:58.2.g + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.g + description: ' to order the rectification or erasure of personal data or restriction + of processing pursuant to Articles 16, 17 and 18 and the notification of such + actions to recipients to whom the personal data have been disclosed pursuant + to Article 17(2) and Article 19;' + - urn: urn:intuitem:risk:req_node:gdpr:58.2.h + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.h + description: to withdraw a certification or to order the certification body + to withdraw a certification issued pursuant to Articles 42 and 43, or to order + the certification body not to issue certification if the requirements for + the certification are not or are no longer met; + - urn: urn:intuitem:risk:req_node:gdpr:58.2.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.i + description: to impose an administrative fine pursuant to Article 83, in addition + to, or instead of measures referred to in this paragraph, depending on the + circumstances of each individual case; + - urn: urn:intuitem:risk:req_node:gdpr:58.2.j + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.2 + ref_id: 58.2.j + description: to order the suspension of data flows to a recipient in a third + country or to an international organisation. + - urn: urn:intuitem:risk:req_node:gdpr:58.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-58 + ref_id: '58.3' + description: 'Each supervisory authority shall have all of the following authorisation + and advisory powers:' + - urn: urn:intuitem:risk:req_node:gdpr:58.3.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.a + description: ' to advise the controller in accordance with the prior consultation + procedure referred to in Article 36;' + - urn: urn:intuitem:risk:req_node:gdpr:58.3.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.b + description: to issue, on its own initiative or on request, opinions to the + national parliament, the Member State government or, in accordance with Member + State law, to other institutions and bodies as well as to the public on any + issue related to the protection of personal data; + - urn: urn:intuitem:risk:req_node:gdpr:58.3.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.c + description: to authorise processing referred to in Article 36(5), if the law + of the Member State requires such prior authorisation; + - urn: urn:intuitem:risk:req_node:gdpr:58.3.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.d + description: ' to issue an opinion and approve draft codes of conduct pursuant + to Article 40(5);' + - urn: urn:intuitem:risk:req_node:gdpr:58.3.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.e + description: to accredit certification bodies pursuant to Article 43; + - urn: urn:intuitem:risk:req_node:gdpr:58.3.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.f + description: to issue certifications and approve criteria of certification in + accordance with Article 42(5); + - urn: urn:intuitem:risk:req_node:gdpr:58.3.g + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.g + description: to adopt standard data protection clauses referred to in Article + 28(8) and in point (d) of Article 46(2); + - urn: urn:intuitem:risk:req_node:gdpr:58.3.h + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.h + description: ' to authorise contractual clauses referred to in point (a) of + Article 46(3);' + - urn: urn:intuitem:risk:req_node:gdpr:58.3.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.i + description: to authorise administrative arrangements referred to in point (b) + of Article 46(3); + - urn: urn:intuitem:risk:req_node:gdpr:58.3.j + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:58.3 + ref_id: 58.3.j + description: ' to approve binding corporate rules pursuant to Article 47.' + - urn: urn:intuitem:risk:req_node:gdpr:58.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-58 + ref_id: '58.4' + description: The exercise of the powers conferred on the supervisory authority + pursuant to this Article shall be subject to appropriate safeguards, including + effective judicial remedy and due process, set out in Union and Member State + law in accordance with the Charter. + - urn: urn:intuitem:risk:req_node:gdpr:58.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-58 + ref_id: '58.5' + description: Each Member State shall provide by law that its supervisory authority + shall have the power to bring infringements of this Regulation to the attention + of the judicial authorities and where appropriate, to commence or engage otherwise + in legal proceedings, in order to enforce the provisions of this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:58.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-58 + ref_id: '58.6' + description: Each Member State may provide by law that its supervisory authority + shall have additional powers to those referred to in paragraphs 1, 2 and 3. + The exercise of those powers shall not impair the effective operation of Chapter + VII. + - urn: urn:intuitem:risk:req_node:gdpr:article-59 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node759 + ref_id: Article 59 + description: Activity reports + - urn: urn:intuitem:risk:req_node:gdpr:node832 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-59 + description: Each supervisory authority shall draw up an annual report on its + activities, which may include a list of types of infringement notified and + types of measures taken in accordance with Article 58(2). Those reports shall + be transmitted to the national parliament, the government and other authorities + as designated by Member State law. They shall be made available to the public, + to the Commission and to the Board. + - urn: urn:intuitem:risk:req_node:gdpr:chapter-vii + assessable: false + depth: 1 + ref_id: CHAPTER VII + description: Cooperation and consistency + - urn: urn:intuitem:risk:req_node:gdpr:node834 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-vii + name: Section 1 + description: Cooperation + - urn: urn:intuitem:risk:req_node:gdpr:article-60 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node834 + ref_id: Article 60 + description: Cooperation between the lead supervisory authority and the other + supervisory authorities concerned + - urn: urn:intuitem:risk:req_node:gdpr:60.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.1' + description: The lead supervisory authority shall cooperate with the other supervisory + authorities concerned in accordance with this Article in an endeavour to reach + consensus. The lead supervisory authority and the supervisory authorities + concerned shall exchange all relevant information with each other. + - urn: urn:intuitem:risk:req_node:gdpr:60.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.2' + description: The lead supervisory authority may request at any time other supervisory + authorities concerned to provide mutual assistance pursuant to Article 61 + and may conduct joint operations pursuant to Article 62, in particular for + carrying out investigations or for monitoring the implementation of a measure + concerning a controller or processor established in another Member State. + - urn: urn:intuitem:risk:req_node:gdpr:60.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.3' + description: The lead supervisory authority shall, without delay, communicate + the relevant information on the matter to the other supervisory authorities + concerned. It shall without delay submit a draft decision to the other supervisory + authorities concerned for their opinion and take due account of their views. + - urn: urn:intuitem:risk:req_node:gdpr:60.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.4' + description: Where any of the other supervisory authorities concerned within + a period of four weeks after having been consulted in accordance with paragraph + 3 of this Article, expresses a relevant and reasoned objection to the draft + decision, the lead supervisory authority shall, if it does not follow the + relevant and reasoned objection or is of the opinion that the objection is + not relevant or reasoned, submit the matter to the consistency mechanism referred + to in Article 63. + - urn: urn:intuitem:risk:req_node:gdpr:60.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.5' + description: Where the lead supervisory authority intends to follow the relevant + and reasoned objection made, it shall submit to the other supervisory authorities + concerned a revised draft decision for their opinion. That revised draft decision + shall be subject to the procedure referred to in paragraph 4 within a period + of two weeks. + - urn: urn:intuitem:risk:req_node:gdpr:60.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.6' + description: Where none of the other supervisory authorities concerned has objected + to the draft decision submitted by the lead supervisory authority within the + period referred to in paragraphs 4 and 5, the lead supervisory authority and + the supervisory authorities concerned shall be deemed to be in agreement with + that draft decision and shall be bound by it. + - urn: urn:intuitem:risk:req_node:gdpr:60.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.7' + description: The lead supervisory authority shall adopt and notify the decision + to the main establishment or single establishment of the controller or processor, + as the case may be and inform the other supervisory authorities concerned + and the Board of the decision in question, including a summary of the relevant + facts and grounds. The supervisory authority with which a complaint has been + lodged shall inform the complainant on the decision. + - urn: urn:intuitem:risk:req_node:gdpr:60.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.8' + description: ' By derogation from paragraph 7, where a complaint is dismissed + or rejected, the supervisory authority with which the complaint was lodged + shall adopt the decision and notify it to the complainant and shall inform + the controller thereof.' + - urn: urn:intuitem:risk:req_node:gdpr:60.9 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.9' + description: Where the lead supervisory authority and the supervisory authorities + concerned agree to dismiss or reject parts of a complaint and to act on other + parts of that complaint, a separate decision shall be adopted for each of + those parts of the matter. The lead supervisory authority shall adopt the + decision for the part concerning actions in relation to the controller, shall + notify it to the main establishment or single establishment of the controller + or processor on the territory of its Member State and shall inform the complainant + thereof, while the supervisory authority of the complainant shall adopt the + decision for the part concerning dismissal or rejection of that complaint, + and shall notify it to that complainant and shall inform the controller or + processor thereof. + - urn: urn:intuitem:risk:req_node:gdpr:60.10 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.10' + description: After being notified of the decision of the lead supervisory authority + pursuant to paragraphs 7 and 9, the controller or processor shall take the + necessary measures to ensure compliance with the decision as regards processing + activities in the context of all its establishments in the Union. The controller + or processor shall notify the measures taken for complying with the decision + to the lead supervisory authority, which shall inform the other supervisory + authorities concerned. + - urn: urn:intuitem:risk:req_node:gdpr:60.11 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.11' + description: Where, in exceptional circumstances, a supervisory authority concerned + has reasons to consider that there is an urgent need to act in order to protect + the interests of data subjects, the urgency procedure referred to in Article + 66 shall apply. + - urn: urn:intuitem:risk:req_node:gdpr:60.12 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-60 + ref_id: '60.12' + description: The lead supervisory authority and the other supervisory authorities + concerned shall supply the information required under this Article to each + other by electronic means, using a standardised format. + - urn: urn:intuitem:risk:req_node:gdpr:article-61 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node834 + ref_id: Article 61 + description: Mutual assistance + - urn: urn:intuitem:risk:req_node:gdpr:61.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.1' + description: Supervisory authorities shall provide each other with relevant + information and mutual assistance in order to implement and apply this Regulation + in a consistent manner, and shall put in place measures for effective cooperation + with one another. Mutual assistance shall cover, in particular, information + requests and supervisory measures, such as requests to carry out prior authorisations + and consultations, inspections and investigations. + - urn: urn:intuitem:risk:req_node:gdpr:61.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.2' + description: Each supervisory authority shall take all appropriate measures + required to reply to a request of another supervisory authority without undue + delay and no later than one month after receiving the request. Such measures + may include, in particular, the transmission of relevant information on the + conduct of an investigation. + - urn: urn:intuitem:risk:req_node:gdpr:61.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.3' + description: Requests for assistance shall contain all the necessary information, + including the purpose of and reasons for the request. Information exchanged + shall be used only for the purpose for which it was requested. + - urn: urn:intuitem:risk:req_node:gdpr:61.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.4' + description: 'The requested supervisory authority shall not refuse to comply + with the request unless:' + - urn: urn:intuitem:risk:req_node:gdpr:61.4.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:61.4 + ref_id: 61.4.a + description: it is not competent for the subject-matter of the request or for + the measures it is requested to execute; or + - urn: urn:intuitem:risk:req_node:gdpr:61.4.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:61.4 + ref_id: 61.4.b + description: compliance with the request would infringe this Regulation or Union + or Member State law to which the supervisory authority receiving the request + is subject. + - urn: urn:intuitem:risk:req_node:gdpr:61.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.5' + description: The requested supervisory authority shall inform the requesting + supervisory authority of the results or, as the case may be, of the progress + of the measures taken in order to respond to the request. The requested supervisory + authority shall provide reasons for any refusal to comply with a request pursuant + to paragraph 4. + - urn: urn:intuitem:risk:req_node:gdpr:61.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.6' + description: Requested supervisory authorities shall, as a rule, supply the + information requested by other supervisory authorities by electronic means, + using a standardised format. + - urn: urn:intuitem:risk:req_node:gdpr:61.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.7' + description: Requested supervisory authorities shall not charge a fee for any + action taken by them pursuant to a request for mutual assistance. Supervisory + authorities may agree on rules to indemnify each other for specific expenditure + arising from the provision of mutual assistance in exceptional circumstances. + - urn: urn:intuitem:risk:req_node:gdpr:61.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.8' + description: Where a supervisory authority does not provide the information + referred to in paragraph 5 of this Article within one month of receiving the + request of another supervisory authority, the requesting supervisory authority + may adopt a provisional measure on the territory of its Member State in accordance + with Article 55(1). In that case, the urgent need to act under Article 66(1) + shall be presumed to be met and require an urgent binding decision from the + Board pursuant to Article 66(2). + - urn: urn:intuitem:risk:req_node:gdpr:61.9 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-61 + ref_id: '61.9' + description: The Commission may, by means of implementing acts, specify the + format and procedures for mutual assistance referred to in this Article and + the arrangements for the exchange of information by electronic means between + supervisory authorities, and between supervisory authorities and the Board, + in particular the standardised format referred to in paragraph 6 of this Article. + Those implementing acts shall be adopted in accordance with the examination + procedure referred to in Article 93(2). + - urn: urn:intuitem:risk:req_node:gdpr:article-62 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node834 + ref_id: Article 62 + description: Joint operations of supervisory authorities + - urn: urn:intuitem:risk:req_node:gdpr:62.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-62 + ref_id: '62.1' + description: The supervisory authorities shall, where appropriate, conduct joint + operations including joint investigations and joint enforcement measures in + which members or staff of the supervisory authorities of other Member States + are involved. + - urn: urn:intuitem:risk:req_node:gdpr:62.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-62 + ref_id: '62.2' + description: Where the controller or processor has establishments in several + Member States or where a significant number of data subjects in more than + one Member State are likely to be substantially affected by processing operations, + a supervisory authority of each of those Member States shall have the right + to participate in joint operations. The supervisory authority which is competent + pursuant to Article 56(1) or (4) shall invite the supervisory authority of + each of those Member States to take part in the joint operations and shall + respond without delay to the request of a supervisory authority to participate. + - urn: urn:intuitem:risk:req_node:gdpr:62.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-62 + ref_id: '62.3' + description: A supervisory authority may, in accordance with Member State law, + and with the seconding supervisory authority's authorisation, confer powers, + including investigative powers on the seconding supervisory authority's members + or staff involved in joint operations or, in so far as the law of the Member + State of the host supervisory authority permits, allow the seconding supervisory + authority's members or staff to exercise their investigative powers in accordance + with the law of the Member State of the seconding supervisory authority. Such + investigative powers may be exercised only under the guidance and in the presence + of members or staff of the host supervisory authority. The seconding supervisory + authority's members or staff shall be subject to the Member State law of the + host supervisory authority. + - urn: urn:intuitem:risk:req_node:gdpr:62.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-62 + ref_id: '62.4' + description: Where, in accordance with paragraph 1, staff of a seconding supervisory + authority operate in another Member State, the Member State of the host supervisory + authority shall assume responsibility for their actions, including liability, + for any damage caused by them during their operations, in accordance with + the law of the Member State in whose territory they are operating. + - urn: urn:intuitem:risk:req_node:gdpr:62.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-62 + ref_id: '62.5' + description: The Member State in whose territory the damage was caused shall + make good such damage under the conditions applicable to damage caused by + its own staff. The Member State of the seconding supervisory authority whose + staff has caused damage to any person in the territory of another Member State + shall reimburse that other Member State in full any sums it has paid to the + persons entitled on their behalf. + - urn: urn:intuitem:risk:req_node:gdpr:62.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-62 + ref_id: '62.6' + description: "Without prejudice to the exercise of its rights vis-\xE0-vis third\ + \ parties and with the exception of paragraph 5, each Member State shall refrain,\ + \ in the case provided for in paragraph 1, from requesting reimbursement from\ + \ another Member State in relation to damage referred to in paragraph 4." + - urn: urn:intuitem:risk:req_node:gdpr:62.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-62 + ref_id: '62.7' + description: Where a joint operation is intended and a supervisory authority + does not, within one month, comply with the obligation laid down in the second + sentence of paragraph 2 of this Article, the other supervisory authorities + may adopt a provisional measure on the territory of its Member State in accordance + with Article 55. In that case, the urgent need to act under Article 66(1) + shall be presumed to be met and require an opinion or an urgent binding decision + from the Board pursuant to Article 66(2). + - urn: urn:intuitem:risk:req_node:gdpr:node868 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-vii + name: Section 2 + description: Consistency + - urn: urn:intuitem:risk:req_node:gdpr:article-63 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node868 + ref_id: Article 63 + description: Consistency mechanism + - urn: urn:intuitem:risk:req_node:gdpr:node870 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-63 + description: In order to contribute to the consistent application of this Regulation + throughout the Union, the supervisory authorities shall cooperate with each + other and, where relevant, with the Commission, through the consistency mechanism + as set out in this Section. + - urn: urn:intuitem:risk:req_node:gdpr:article-64 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node868 + ref_id: Article 64 + description: Opinion of the Board + - urn: urn:intuitem:risk:req_node:gdpr:64.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-64 + ref_id: '64.1' + description: 'The Board shall issue an opinion where a competent supervisory + authority intends to adopt any of the measures below. To that end, the competent + supervisory authority shall communicate the draft decision to the Board, when + it:' + - urn: urn:intuitem:risk:req_node:gdpr:64.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:64.1 + ref_id: 64.1.a + description: aims to adopt a list of the processing operations subject to the + requirement for a data protection impact assessment pursuant to Article 35(4); + - urn: urn:intuitem:risk:req_node:gdpr:64.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:64.1 + ref_id: 64.1.b + description: ' concerns a matter pursuant to Article 40(7) whether a draft code + of conduct or an amendment or extension to a code of conduct complies with + this Regulation;' + - urn: urn:intuitem:risk:req_node:gdpr:64.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:64.1 + ref_id: 64.1.c + description: aims to approve the requirements for accreditation of a body pursuant + to Article 41(3), of a certification body pursuant to Article 43(3) or the + criteria for certification referred to in Article 42(5); + - urn: urn:intuitem:risk:req_node:gdpr:64.1.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:64.1 + ref_id: 64.1.d + description: aims to determine standard data protection clauses referred to + in point (d) of Article 46(2) and in Article 28(8); + - urn: urn:intuitem:risk:req_node:gdpr:64.1.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:64.1 + ref_id: 64.1.e + description: ' aims to authorise contractual clauses referred to in point (a) + of Article 46(3); or' + - urn: urn:intuitem:risk:req_node:gdpr:64.1.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:64.1 + ref_id: 64.1.f + description: ' aims to approve binding corporate rules within the meaning of + Article 47.' + - urn: urn:intuitem:risk:req_node:gdpr:64.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-64 + ref_id: '64.2' + description: Any supervisory authority, the Chair of the Board or the Commission + may request that any matter of general application or producing effects in + more than one Member State be examined by the Board with a view to obtaining + an opinion, in particular where a competent supervisory authority does not + comply with the obligations for mutual assistance in accordance with Article + 61 or for joint operations in accordance with Article 62. + - urn: urn:intuitem:risk:req_node:gdpr:64.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-64 + ref_id: '64.3' + description: In the cases referred to in paragraphs 1 and 2, the Board shall + issue an opinion on the matter submitted to it provided that it has not already + issued an opinion on the same matter. That opinion shall be adopted within + eight weeks by simple majority of the members of the Board. That period may + be extended by a further six weeks, taking into account the complexity of + the subject matter. Regarding the draft decision referred to in paragraph + 1 circulated to the members of the Board in accordance with paragraph 5, a + member which has not objected within a reasonable period indicated by the + Chair, shall be deemed to be in agreement with the draft decision. + - urn: urn:intuitem:risk:req_node:gdpr:64.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-64 + ref_id: '64.4' + description: Supervisory authorities and the Commission shall, without undue + delay, communicate by electronic means to the Board, using a standardised + format any relevant information, including as the case may be a summary of + the facts, the draft decision, the grounds which make the enactment of such + measure necessary, and the views of other supervisory authorities concerned. + - urn: urn:intuitem:risk:req_node:gdpr:64.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-64 + ref_id: '64.5' + description: ' The Chair of the Board shall, without undue, delay inform by + electronic means:' + - urn: urn:intuitem:risk:req_node:gdpr:64.5.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:64.5 + ref_id: 64.5.a + description: the members of the Board and the Commission of any relevant information + which has been communicated to it using a standardised format. The secretariat + of the Board shall, where necessary, provide translations of relevant information; + and + - urn: urn:intuitem:risk:req_node:gdpr:64.5.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:64.5 + ref_id: 64.5.b + description: the supervisory authority referred to, as the case may be, in paragraphs + 1 and 2, and the Commission of the opinion and make it public. + - urn: urn:intuitem:risk:req_node:gdpr:64.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-64 + ref_id: '64.6' + description: The competent supervisory authority referred to in paragraph 1 + shall not adopt its draft decision referred to in paragraph 1 within the period + referred to in paragraph 3. + - urn: urn:intuitem:risk:req_node:gdpr:64.7 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-64 + ref_id: '64.7' + description: ' The competent supervisory authority referred to in paragraph + 1 shall take utmost account of the opinion of the Board and shall, within + two weeks after receiving the opinion, communicate to the Chair of the Board + by electronic means whether it will maintain or amend its draft decision and, + if any, the amended draft decision, using a standardised format.' + - urn: urn:intuitem:risk:req_node:gdpr:64.8 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-64 + ref_id: '64.8' + description: Where the competent supervisory authority referred to in paragraph + 1 informs the Chair of the Board within the period referred to in paragraph + 7 of this Article that it does not intend to follow the opinion of the Board, + in whole or in part, providing the relevant grounds, Article 65(1) shall apply. + - urn: urn:intuitem:risk:req_node:gdpr:article-65 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node868 + ref_id: Article 65 + description: Dispute resolution by the Board + - urn: urn:intuitem:risk:req_node:gdpr:65.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-65 + ref_id: '65.1' + description: 'In order to ensure the correct and consistent application of this + Regulation in individual cases, the Board shall adopt a binding decision in + the following cases:' + - urn: urn:intuitem:risk:req_node:gdpr:65.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:65.1 + ref_id: 65.1.a + description: where, in a case referred to in Article 60(4), a supervisory authority + concerned has raised a relevant and reasoned objection to a draft decision + of the lead supervisory authority and the lead supervisory authority has not + followed the objection or has rejected such an objection as being not relevant + or reasoned. The binding decision shall concern all the matters which are + the subject of the relevant and reasoned objection, in particular whether + there is an infringement of this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:65.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:65.1 + ref_id: 65.1.b + description: where there are conflicting views on which of the supervisory authorities + concerned is competent for the main establishment; + - urn: urn:intuitem:risk:req_node:gdpr:65.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:65.1 + ref_id: 65.1.c + description: ' where a competent supervisory authority does not request the + opinion of the Board in the cases referred to in Article 64(1), or does not + follow the opinion of the Board issued under Article 64. In that case, any + supervisory authority concerned or the Commission may communicate the matter + to the Board.' + - urn: urn:intuitem:risk:req_node:gdpr:65.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-65 + ref_id: '65.2' + description: The decision referred to in paragraph 1 shall be adopted within + one month from the referral of the subject-matter by a two-thirds majority + of the members of the Board. That period may be extended by a further month + on account of the complexity of the subject-matter. The decision referred + to in paragraph 1 shall be reasoned and addressed to the lead supervisory + authority and all the supervisory authorities concerned and binding on them. + - urn: urn:intuitem:risk:req_node:gdpr:65.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-65 + ref_id: '65.3' + description: Where the Board has been unable to adopt a decision within the + periods referred to in paragraph 2, it shall adopt its decision within two + weeks following the expiration of the second month referred to in paragraph + 2 by a simple majority of the members of the Board. Where the members of the + Board are split, the decision shall by adopted by the vote of its Chair. + - urn: urn:intuitem:risk:req_node:gdpr:65.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-65 + ref_id: '65.4' + description: The supervisory authorities concerned shall not adopt a decision + on the subject matter submitted to the Board under paragraph 1 during the + periods referred to in paragraphs 2 and 3. + - urn: urn:intuitem:risk:req_node:gdpr:65.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-65 + ref_id: '65.5' + description: The Chair of the Board shall notify, without undue delay, the decision + referred to in paragraph 1 to the supervisory authorities concerned. It shall + inform the Commission thereof. The decision shall be published on the website + of the Board without delay after the supervisory authority has notified the + final decision referred to in paragraph 6. + - urn: urn:intuitem:risk:req_node:gdpr:65.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-65 + ref_id: '65.6' + description: The lead supervisory authority or, as the case may be, the supervisory + authority with which the complaint has been lodged shall adopt its final decision + on the basis of the decision referred to in paragraph 1 of this Article, without + undue delay and at the latest by one month after the Board has notified its + decision. The lead supervisory authority or, as the case may be, the supervisory + authority with which the complaint has been lodged, shall inform the Board + of the date when its final decision is notified respectively to the controller + or the processor and to the data subject. The final decision of the supervisory + authorities concerned shall be adopted under the terms of Article 60(7), (8) + and (9). The final decision shall refer to the decision referred to in paragraph + 1 of this Article and shall specify that the decision referred to in that + paragraph will be published on the website of the Board in accordance with + paragraph 5 of this Article. The final decision shall attach the decision + referred to in paragraph 1 of this Article. + - urn: urn:intuitem:risk:req_node:gdpr:article-66 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node868 + ref_id: Article 66 + description: Urgency procedure + - urn: urn:intuitem:risk:req_node:gdpr:66.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-66 + ref_id: '66.1' + description: In exceptional circumstances, where a supervisory authority concerned + considers that there is an urgent need to act in order to protect the rights + and freedoms of data subjects, it may, by way of derogation from the consistency + mechanism referred to in Articles 63, 64 and 65 or the procedure referred + to in Article 60, immediately adopt provisional measures intended to produce + legal effects on its own territory with a specified period of validity which + shall not exceed three months. The supervisory authority shall, without delay, + communicate those measures and the reasons for adopting them to the other + supervisory authorities concerned, to the Board and to the Commission. + - urn: urn:intuitem:risk:req_node:gdpr:66.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-66 + ref_id: '66.2' + description: Where a supervisory authority has taken a measure pursuant to paragraph + 1 and considers that final measures need urgently be adopted, it may request + an urgent opinion or an urgent binding decision from the Board, giving reasons + for requesting such opinion or decision. + - urn: urn:intuitem:risk:req_node:gdpr:66.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-66 + ref_id: '66.3' + description: Any supervisory authority may request an urgent opinion or an urgent + binding decision, as the case may be, from the Board where a competent supervisory + authority has not taken an appropriate measure in a situation where there + is an urgent need to act, in order to protect the rights and freedoms of data + subjects, giving reasons for requesting such opinion or decision, including + for the urgent need to act. + - urn: urn:intuitem:risk:req_node:gdpr:66.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-66 + ref_id: '66.4' + description: By derogation from Article 64(3) and Article 65(2), an urgent opinion + or an urgent binding decision referred to in paragraphs 2 and 3 of this Article + shall be adopted within two weeks by simple majority of the members of the + Board. + - urn: urn:intuitem:risk:req_node:gdpr:article-67 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node868 + ref_id: Article 67 + description: Exchange of information + - urn: urn:intuitem:risk:req_node:gdpr:node904 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-67 + description: The Commission may adopt implementing acts of general scope in + order to specify the arrangements for the exchange of information by electronic + means between supervisory authorities, and between supervisory authorities + and the Board, in particular the standardised format referred to in Article + 64. + - urn: urn:intuitem:risk:req_node:gdpr:node905 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-67 + description: Those implementing acts shall be adopted in accordance with the + examination procedure referred to in Article 93(2). + - urn: urn:intuitem:risk:req_node:gdpr:node906 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-vii + name: Section 3 + description: European data protection board + - urn: urn:intuitem:risk:req_node:gdpr:article-68 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 68 + description: European Data Protection Board + - urn: urn:intuitem:risk:req_node:gdpr:68.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-68 + ref_id: '68.1' + description: "The European Data Protection Board (the \u2018Board\u2019) is\ + \ hereby established as a body of the Union and shall have legal personality." + - urn: urn:intuitem:risk:req_node:gdpr:68.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-68 + ref_id: '68.2' + description: The Board shall be represented by its Chair. + - urn: urn:intuitem:risk:req_node:gdpr:68.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-68 + ref_id: '68.3' + description: The Board shall be composed of the head of one supervisory authority + of each Member State and of the European Data Protection Supervisor, or their + respective representatives. + - urn: urn:intuitem:risk:req_node:gdpr:68.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-68 + ref_id: '68.4' + description: Where in a Member State more than one supervisory authority is + responsible for monitoring the application of the provisions pursuant to this + Regulation, a joint representative shall be appointed in accordance with that + Member State's law. + - urn: urn:intuitem:risk:req_node:gdpr:68.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-68 + ref_id: '68.5' + description: The Commission shall have the right to participate in the activities + and meetings of the Board without voting right. The Commission shall designate + a representative. The Chair of the Board shall communicate to the Commission + the activities of the Board. + - urn: urn:intuitem:risk:req_node:gdpr:68.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-68 + ref_id: '68.6' + description: In the cases referred to in Article 65, the European Data Protection + Supervisor shall have voting rights only on decisions which concern principles + and rules applicable to the Union institutions, bodies, offices and agencies + which correspond in substance to those of this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:article-69 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 69 + description: Independence + - urn: urn:intuitem:risk:req_node:gdpr:69.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-69 + ref_id: '69.1' + description: The Board shall act independently when performing its tasks or + exercising its powers pursuant to Articles 70 and 71. + - urn: urn:intuitem:risk:req_node:gdpr:69.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-69 + ref_id: '69.2' + description: Without prejudice to requests by the Commission referred to in + Article 70(1) and (2), the Board shall, in the performance of its tasks or + the exercise of its powers, neither seek nor take instructions from anybody. + - urn: urn:intuitem:risk:req_node:gdpr:article-70 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 70 + description: Tasks of the Board + - urn: urn:intuitem:risk:req_node:gdpr:70.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-70 + ref_id: '70.1' + description: 'The Board shall ensure the consistent application of this Regulation. + To that end, the Board shall, on its own initiative or, where relevant, at + the request of the Commission, in particular:' + - urn: urn:intuitem:risk:req_node:gdpr:70.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.a + description: monitor and ensure the correct application of this Regulation in + the cases provided for in Articles 64 and 65 without prejudice to the tasks + of national supervisory authorities; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.b + description: advise the Commission on any issue related to the protection of + personal data in the Union, including on any proposed amendment of this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.c + description: advise the Commission on the format and procedures for the exchange + of information between controllers, processors and supervisory authorities + for binding corporate rules; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.d + description: issue guidelines, recommendations, and best practices on procedures + for erasing links, copies or replications of personal data from publicly available + communication services as referred to in Article 17(2); + - urn: urn:intuitem:risk:req_node:gdpr:70.1.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.e + description: examine, on its own initiative, on request of one of its members + or on request of the Commission, any question covering the application of + this Regulation and issue guidelines, recommendations and best practices in + order to encourage consistent application of this Regulation; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.f + description: issue guidelines, recommendations and best practices in accordance + with point (e) of this paragraph for further specifying the criteria and conditions + for decisions based on profiling pursuant to Article 22(2); + - urn: urn:intuitem:risk:req_node:gdpr:70.1.g + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.g + description: issue guidelines, recommendations and best practices in accordance + with point (e) of this paragraph for establishing the personal data breaches + and determining the undue delay referred to in Article 33(1) and (2) and for + the particular circumstances in which a controller or a processor is required + to notify the personal data breach; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.h + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.h + description: issue guidelines, recommendations and best practices in accordance + with point (e) of this paragraph as to the circumstances in which a personal + data breach is likely to result in a high risk to the rights and freedoms + of the natural persons referred to in Article 34(1). + - urn: urn:intuitem:risk:req_node:gdpr:70.1.i + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.i + description: issue guidelines, recommendations and best practices in accordance + with point (e) of this paragraph for the purpose of further specifying the + criteria and requirements for personal data transfers based on binding corporate + rules adhered to by controllers and binding corporate rules adhered to by + processors and on further necessary requirements to ensure the protection + of personal data of the data subjects concerned referred to in Article 47; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.j + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.j + description: ' issue guidelines, recommendations and best practices in accordance + with point (e) of this paragraph for the purpose of further specifying the + criteria and requirements for the personal data transfers on the basis of + Article 49(1);' + - urn: urn:intuitem:risk:req_node:gdpr:70.1.k + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.k + description: draw up guidelines for supervisory authorities concerning the application + of measures referred to in Article 58(1), (2) and (3) and the setting of administrative + fines pursuant to Article 83; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.l + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.l + description: review the practical application of the guidelines, recommendations + and best practices; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.m + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.m + description: issue guidelines, recommendations and best practices in accordance + with point (e) of this paragraph for establishing common procedures for reporting + by natural persons of infringements of this Regulation pursuant to Article + 54(2); + - urn: urn:intuitem:risk:req_node:gdpr:70.1.n + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.n + description: encourage the drawing-up of codes of conduct and the establishment + of data protection certification mechanisms and data protection seals and + marks pursuant to Articles 40 and 42; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.o + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.o + description: approve the criteria of certification pursuant to Article 42(5) + and maintain a public register of certification mechanisms and data protection + seals and marks pursuant to Article 42(8) and of the certified controllers + or processors established in third countries pursuant to Article 42(7); + - urn: urn:intuitem:risk:req_node:gdpr:70.1.p + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.p + description: approve the requirements referred to in Article 43(3) with a view + to the accreditation of certification bodies referred to in Article 43; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.q + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.q + description: provide the Commission with an opinion on the certification requirements + referred to in Article 43(8); + - urn: urn:intuitem:risk:req_node:gdpr:70.1.r + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.r + description: provide the Commission with an opinion on the icons referred to + in Article 12(7); + - urn: urn:intuitem:risk:req_node:gdpr:70.1.s + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.s + description: provide the Commission with an opinion for the assessment of the + adequacy of the level of protection in a third country or international organisation, + including for the assessment whether a third country, a territory or one or + more specified sectors within that third country, or an international organisation + no longer ensures an adequate level of protection. To that end, the Commission + shall provide the Board with all necessary documentation, including correspondence + with the government of the third country, with regard to that third country, + territory or specified sector, or with the international organisation. + - urn: urn:intuitem:risk:req_node:gdpr:70.1.t + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.t + description: issue opinions on draft decisions of supervisory authorities pursuant + to the consistency mechanism referred to in Article 64(1), on matters submitted + pursuant to Article 64(2) and to issue binding decisions pursuant to Article + 65, including in cases referred to in Article 66; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.u + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.u + description: promote the cooperation and the effective bilateral and multilateral + exchange of information and best practices between the supervisory authorities; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.v + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.v + description: promote common training programmes and facilitate personnel exchanges + between the supervisory authorities and, where appropriate, with the supervisory + authorities of third countries or with international organisations; + - urn: urn:intuitem:risk:req_node:gdpr:70.1.w + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.w + description: promote the exchange of knowledge and documentation on data protection + legislation and practice with data protection supervisory authorities worldwide. + - urn: urn:intuitem:risk:req_node:gdpr:70.1.x + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.x + description: issue opinions on codes of conduct drawn up at Union level pursuant + to Article 40(9); and + - urn: urn:intuitem:risk:req_node:gdpr:70.1.y + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:70.1 + ref_id: 70.1.y + description: maintain a publicly accessible electronic register of decisions + taken by supervisory authorities and courts on issues handled in the consistency + mechanism. + - urn: urn:intuitem:risk:req_node:gdpr:70.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-70 + ref_id: '70.2' + description: Where the Commission requests advice from the Board, it may indicate + a time limit, taking into account the urgency of the matter. + - urn: urn:intuitem:risk:req_node:gdpr:70.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-70 + ref_id: '70.3' + description: The Board shall forward its opinions, guidelines, recommendations, + and best practices to the Commission and to the committee referred to in Article + 93 and make them public. + - urn: urn:intuitem:risk:req_node:gdpr:70.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-70 + ref_id: '70.4' + description: The Board shall, where appropriate, consult interested parties + and give them the opportunity to comment within a reasonable period. The Board + shall, without prejudice to Article 76, make the results of the consultation + procedure publicly available. + - urn: urn:intuitem:risk:req_node:gdpr:article-71 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 71 + description: Reports + - urn: urn:intuitem:risk:req_node:gdpr:71.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-71 + ref_id: '71.1' + description: The Board shall draw up an annual report regarding the protection + of natural persons with regard to processing in the Union and, where relevant, + in third countries and international organisations. The report shall be made + public and be transmitted to the European Parliament, to the Council and to + the Commission. + - urn: urn:intuitem:risk:req_node:gdpr:71.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-71 + ref_id: '71.2' + description: The annual report shall include a review of the practical application + of the guidelines, recommendations and best practices referred to in point + (l) of Article 70(1) as well as of the binding decisions referred to in Article + 65. + - urn: urn:intuitem:risk:req_node:gdpr:article-72 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 72 + description: Procedure + - urn: urn:intuitem:risk:req_node:gdpr:72.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-72 + ref_id: '72.1' + description: The Board shall take decisions by a simple majority of its members, + unless otherwise provided for in this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:73.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-72 + ref_id: '73.2' + description: The Board shall adopt its own rules of procedure by a two-thirds + majority of its members and organise its own operational arrangements. + - urn: urn:intuitem:risk:req_node:gdpr:article-73 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 73 + description: Chair + - urn: urn:intuitem:risk:req_node:gdpr:73.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-73 + ref_id: '73.1' + description: The Board shall elect a chair and two deputy chairs from amongst + its members by simple majority. + - urn: urn:intuitem:risk:req_node:gdpr:72.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-73 + ref_id: '72.2' + description: The term of office of the Chair and of the deputy chairs shall + be five years and be renewable once. + - urn: urn:intuitem:risk:req_node:gdpr:article-74 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 74 + description: Tasks of the Chair + - urn: urn:intuitem:risk:req_node:gdpr:74.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-74 + ref_id: '74.1' + description: 'The Chair shall have the following tasks:' + - urn: urn:intuitem:risk:req_node:gdpr:74.1.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:74.1 + ref_id: 74.1.a + description: to convene the meetings of the Board and prepare its agenda; + - urn: urn:intuitem:risk:req_node:gdpr:74.1.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:74.1 + ref_id: 74.1.b + description: ' to notify decisions adopted by the Board pursuant to Article + 65 to the lead supervisory authority and the supervisory authorities concerned;' + - urn: urn:intuitem:risk:req_node:gdpr:74.1.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:74.1 + ref_id: 74.1.c + description: to ensure the timely performance of the tasks of the Board, in + particular in relation to the consistency mechanism referred to in Article + 63. + - urn: urn:intuitem:risk:req_node:gdpr:74.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-74 + ref_id: '74.2' + description: The Board shall lay down the allocation of tasks between the Chair + and the deputy chairs in its rules of procedure. + - urn: urn:intuitem:risk:req_node:gdpr:article-75 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 75 + description: Secretariat + - urn: urn:intuitem:risk:req_node:gdpr:75.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-75 + ref_id: '75.1' + description: ' The Board shall have a secretariat, which shall be provided by + the European Data Protection Supervisor.' + - urn: urn:intuitem:risk:req_node:gdpr:75.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-75 + ref_id: '75.2' + description: The secretariat shall perform its tasks exclusively under the instructions + of the Chair of the Board. + - urn: urn:intuitem:risk:req_node:gdpr:75.3 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-75 + ref_id: '75.3' + description: The staff of the European Data Protection Supervisor involved in + carrying out the tasks conferred on the Board by this Regulation shall be + subject to separate reporting lines from the staff involved in carrying out + tasks conferred on the European Data Protection Supervisor. + - urn: urn:intuitem:risk:req_node:gdpr:75.4 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-75 + ref_id: '75.4' + description: Where appropriate, the Board and the European Data Protection Supervisor + shall establish and publish a Memorandum of Understanding implementing this + Article, determining the terms of their cooperation, and applicable to the + staff of the European Data Protection Supervisor involved in carrying out + the tasks conferred on the Board by this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:75.5 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-75 + ref_id: '75.5' + description: The secretariat shall provide analytical, administrative and logistical + support to the Board. + - urn: urn:intuitem:risk:req_node:gdpr:75.6 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-75 + ref_id: '75.6' + description: 'The secretariat shall be responsible in particular for:' + - urn: urn:intuitem:risk:req_node:gdpr:75.6.a + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:75.6 + ref_id: 75.6.a + description: ' the day-to-day business of the Board;' + - urn: urn:intuitem:risk:req_node:gdpr:75.6.b + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:75.6 + ref_id: 75.6.b + description: ' communication between the members of the Board, its Chair and + the Commission;' + - urn: urn:intuitem:risk:req_node:gdpr:75.6.c + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:75.6 + ref_id: 75.6.c + description: ' communication with other institutions and the public;' + - urn: urn:intuitem:risk:req_node:gdpr:75.6.d + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:75.6 + ref_id: 75.6.d + description: the use of electronic means for the internal and external communication; + - urn: urn:intuitem:risk:req_node:gdpr:75.6.e + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:75.6 + ref_id: 75.6.e + description: the translation of relevant information; + - urn: urn:intuitem:risk:req_node:gdpr:75.6.f + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:75.6 + ref_id: 75.6.f + description: the preparation and follow-up of the meetings of the Board; + - urn: urn:intuitem:risk:req_node:gdpr:75.6.g + assessable: false + depth: 5 + parent_urn: urn:intuitem:risk:req_node:gdpr:75.6 + ref_id: 75.6.g + description: the preparation, drafting and publication of opinions, decisions + on the settlement of disputes between supervisory authorities and other texts + adopted by the Board. + - urn: urn:intuitem:risk:req_node:gdpr:article-76 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:node906 + ref_id: Article 76 + description: Confidentiality + - urn: urn:intuitem:risk:req_node:gdpr:76.1 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-76 + ref_id: '76.1' + description: The discussions of the Board shall be confidential where the Board + deems it necessary, as provided for in its rules of procedure. + - urn: urn:intuitem:risk:req_node:gdpr:76.2 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-76 + ref_id: '76.2' + description: Access to documents submitted to members of the Board, experts + and representatives of third parties shall be governed by Regulation (EC) + No 1049/2001 of the European Parliament and of the Council ( 1 ). + - urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + assessable: false + depth: 1 + ref_id: CHAPTER VIII + description: Remedies, liability and penalties + - urn: urn:intuitem:risk:req_node:gdpr:article-77 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + ref_id: Article 77 + description: Right to lodge a complaint with a supervisory authority + - urn: urn:intuitem:risk:req_node:gdpr:77.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-77 + ref_id: '77.1' + description: Without prejudice to any other administrative or judicial remedy, + every data subject shall have the right to lodge a complaint with a supervisory + authority, in particular in the Member State of his or her habitual residence, + place of work or place of the alleged infringement if the data subject considers + that the processing of personal data relating to him or her infringes this + Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:77.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-77 + ref_id: '77.2' + description: The supervisory authority with which the complaint has been lodged + shall inform the complainant on the progress and the outcome of the complaint + including the possibility of a judicial remedy pursuant to Article 78. + - urn: urn:intuitem:risk:req_node:gdpr:article-78 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + ref_id: Article 78 + description: Right to an effective judicial remedy against a supervisory authority + - urn: urn:intuitem:risk:req_node:gdpr:78.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-78 + ref_id: '78.1' + description: Without prejudice to any other administrative or non-judicial remedy, + each natural or legal person shall have the right to an effective judicial + remedy against a legally binding decision of a supervisory authority concerning + them. + - urn: urn:intuitem:risk:req_node:gdpr:78.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-78 + ref_id: '78.2' + description: Without prejudice to any other administrative or non-judicial remedy, + each data subject shall have the right to a an effective judicial remedy where + the supervisory authority which is competent pursuant to Articles 55 and 56 + does not handle a complaint or does not inform the data subject within three + months on the progress or outcome of the complaint lodged pursuant to Article + 77. + - urn: urn:intuitem:risk:req_node:gdpr:78.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-78 + ref_id: '78.3' + description: Proceedings against a supervisory authority shall be brought before + the courts of the Member State where the supervisory authority is established. + - urn: urn:intuitem:risk:req_node:gdpr:78.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-78 + ref_id: '78.4' + description: Where proceedings are brought against a decision of a supervisory + authority which was preceded by an opinion or a decision of the Board in the + consistency mechanism, the supervisory authority shall forward that opinion + or decision to the court. + - urn: urn:intuitem:risk:req_node:gdpr:article-79 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + ref_id: Article 79 + description: Right to an effective judicial remedy against a controller or processor + - urn: urn:intuitem:risk:req_node:gdpr:79.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-79 + ref_id: '79.1' + description: Without prejudice to any available administrative or non-judicial + remedy, including the right to lodge a complaint with a supervisory authority + pursuant to Article 77, each data subject shall have the right to an effective + judicial remedy where he or she considers that his or her rights under this + Regulation have been infringed as a result of the processing of his or her + personal data in non-compliance with this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:79.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-79 + ref_id: '79.2' + description: Proceedings against a controller or a processor shall be brought + before the courts of the Member State where the controller or processor has + an establishment. Alternatively, such proceedings may be brought before the + courts of the Member State where the data subject has his or her habitual + residence, unless the controller or processor is a public authority of a Member + State acting in the exercise of its public powers. + - urn: urn:intuitem:risk:req_node:gdpr:article-80 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + ref_id: Article 80 + description: Representation of data subjects + - urn: urn:intuitem:risk:req_node:gdpr:80.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-80 + ref_id: '80.1' + description: The data subject shall have the right to mandate a not-for-profit + body, organisation or association which has been properly constituted in accordance + with the law of a Member State, has statutory objectives which are in the + public interest, and is active in the field of the protection of data subjects' + rights and freedoms with regard to the protection of their personal data to + lodge the complaint on his or her behalf, to exercise the rights referred + to in Articles 77, 78 and 79 on his or her behalf, and to exercise the right + to receive compensation referred to in Article 82 on his or her behalf where + provided for by Member State law. + - urn: urn:intuitem:risk:req_node:gdpr:80.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-80 + ref_id: '80.2' + description: Member States may provide that any body, organisation or association + referred to in paragraph 1 of this Article, independently of a data subject's + mandate, has the right to lodge, in that Member State, a complaint with the + supervisory authority which is competent pursuant to Article 77 and to exercise + the rights referred to in Articles 78 and 79 if it considers that the rights + of a data subject under this Regulation have been infringed as a result of + the processing. + - urn: urn:intuitem:risk:req_node:gdpr:article-81 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + ref_id: Article 81 + description: Suspension of proceedings + - urn: urn:intuitem:risk:req_node:gdpr:81.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-81 + ref_id: '81.1' + description: Where a competent court of a Member State has information on proceedings, + concerning the same subject matter as regards processing by the same controller + or processor, that are pending in a court in another Member State, it shall + contact that court in the other Member State to confirm the existence of such + proceedings. + - urn: urn:intuitem:risk:req_node:gdpr:81.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-81 + ref_id: '81.2' + description: Where proceedings concerning the same subject matter as regards + processing of the same controller or processor are pending in a court in another + Member State, any competent court other than the court first seized may suspend + its proceedings. + - urn: urn:intuitem:risk:req_node:gdpr:81.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-81 + ref_id: '81.3' + description: Where those proceedings are pending at first instance, any court + other than the court first seized may also, on the application of one of the + parties, decline jurisdiction if the court first seized has jurisdiction over + the actions in question and its law permits the consolidation thereof. + - urn: urn:intuitem:risk:req_node:gdpr:article-82 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + ref_id: Article 82 + description: Right to compensation and liability + - urn: urn:intuitem:risk:req_node:gdpr:82.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-82 + ref_id: '82.1' + description: Any person who has suffered material or non-material damage as + a result of an infringement of this Regulation shall have the right to receive + compensation from the controller or processor for the damage suffered. + - urn: urn:intuitem:risk:req_node:gdpr:82.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-82 + ref_id: '82.2' + description: Any controller involved in processing shall be liable for the damage + caused by processing which infringes this Regulation. A processor shall be + liable for the damage caused by processing only where it has not complied + with obligations of this Regulation specifically directed to processors or + where it has acted outside or contrary to lawful instructions of the controller. + - urn: urn:intuitem:risk:req_node:gdpr:82.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-82 + ref_id: '82.3' + description: A controller or processor shall be exempt from liability under + paragraph 2 if it proves that it is not in any way responsible for the event + giving rise to the damage. + - urn: urn:intuitem:risk:req_node:gdpr:82.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-82 + ref_id: '82.4' + description: Where more than one controller or processor, or both a controller + and a processor, are involved in the same processing and where they are, under + paragraphs 2 and 3, responsible for any damage caused by processing, each + controller or processor shall be held liable for the entire damage in order + to ensure effective compensation of the data subject. + - urn: urn:intuitem:risk:req_node:gdpr:82.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-82 + ref_id: '82.5' + description: ' Where a controller or processor has, in accordance with paragraph + 4, paid full compensation for the damage suffered, that controller or processor + shall be entitled to claim back from the other controllers or processors involved + in the same processing that part of the compensation corresponding to their + part of responsibility for the damage, in accordance with the conditions set + out in paragraph 2.' + - urn: urn:intuitem:risk:req_node:gdpr:82.6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-82 + ref_id: '82.6' + description: Court proceedings for exercising the right to receive compensation + shall be brought before the courts competent under the law of the Member State + referred to in Article 79(2). + - urn: urn:intuitem:risk:req_node:gdpr:article-83 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + ref_id: Article 83 + description: General conditions for imposing administrative fines + - urn: urn:intuitem:risk:req_node:gdpr:83.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.1' + description: Each supervisory authority shall ensure that the imposition of + administrative fines pursuant to this Article in respect of infringements + of this Regulation referred to in paragraphs 4, 5 and 6 shall in each individual + case be effective, proportionate and dissuasive. + - urn: urn:intuitem:risk:req_node:gdpr:83.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.2' + description: 'Administrative fines shall, depending on the circumstances of + each individual case, be imposed in addition to, or instead of, measures referred + to in points (a) to (h) and (j) of Article 58(2). When deciding whether to + impose an administrative fine and deciding on the amount of the administrative + fine in each individual case due regard shall be given to the following:' + - urn: urn:intuitem:risk:req_node:gdpr:83.2.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.a + description: the nature, gravity and duration of the infringement taking into + account the nature scope or purpose of the processing concerned as well as + the number of data subjects affected and the level of damage suffered by them; + - urn: urn:intuitem:risk:req_node:gdpr:83.2.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.b + description: ' the intentional or negligent character of the infringement;' + - urn: urn:intuitem:risk:req_node:gdpr:83.2.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.c + description: ' any action taken by the controller or processor to mitigate the + damage suffered by data subjects;' + - urn: urn:intuitem:risk:req_node:gdpr:83.2.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.d + description: ' the degree of responsibility of the controller or processor taking + into account technical and organisational measures implemented by them pursuant + to Articles 25 and 32;' + - urn: urn:intuitem:risk:req_node:gdpr:83.2.e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.e + description: ' any relevant previous infringements by the controller or processor;' + - urn: urn:intuitem:risk:req_node:gdpr:83.2.f + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.f + description: ' the degree of cooperation with the supervisory authority, in + order to remedy the infringement and mitigate the possible adverse effects + of the infringement;' + - urn: urn:intuitem:risk:req_node:gdpr:83.2.g + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.g + description: ' the categories of personal data affected by the infringement;' + - urn: urn:intuitem:risk:req_node:gdpr:83.2.h + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.h + description: the manner in which the infringement became known to the supervisory + authority, in particular whether, and if so to what extent, the controller + or processor notified the infringement; + - urn: urn:intuitem:risk:req_node:gdpr:83.2.i + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.i + description: where measures referred to in Article 58(2) have previously been + ordered against the controller or processor concerned with regard to the same + subject-matter, compliance with those measures; + - urn: urn:intuitem:risk:req_node:gdpr:83.2.j + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.j + description: adherence to approved codes of conduct pursuant to Article 40 or + approved certification mechanisms pursuant to Article 42; and + - urn: urn:intuitem:risk:req_node:gdpr:83.2.k + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.2 + ref_id: 83.2.k + description: any other aggravating or mitigating factor applicable to the circumstances + of the case, such as financial benefits gained, or losses avoided, directly + or indirectly, from the infringement. + - urn: urn:intuitem:risk:req_node:gdpr:83.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.3' + description: If a controller or processor intentionally or negligently, for + the same or linked processing operations, infringes several provisions of + this Regulation, the total amount of the administrative fine shall not exceed + the amount specified for the gravest infringement. + - urn: urn:intuitem:risk:req_node:gdpr:83.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.4' + description: 'Infringements of the following provisions shall, in accordance + with paragraph 2, be subject to administrative fines up to 10 000 000 EUR, + or in the case of an undertaking, up to 2 % of the total worldwide annual + turnover of the preceding financial year, whichever is higher:' + - urn: urn:intuitem:risk:req_node:gdpr:83.4.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.4 + ref_id: 83.4.a + description: the obligations of the controller and the processor pursuant to + Articles 8, 11, 25 to 39 and 42 and 43; + - urn: urn:intuitem:risk:req_node:gdpr:83.4.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.4 + ref_id: 83.4.b + description: the obligations of the certification body pursuant to Articles + 42 and 43; + - urn: urn:intuitem:risk:req_node:gdpr:83.4.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.4 + ref_id: 83.4.c + description: the obligations of the monitoring body pursuant to Article 41(4). + - urn: urn:intuitem:risk:req_node:gdpr:83.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.5' + description: 'Infringements of the following provisions shall, in accordance + with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, + or in the case of an undertaking, up to 4 % of the total worldwide annual + turnover of the preceding financial year, whichever is higher:' + - urn: urn:intuitem:risk:req_node:gdpr:83.5.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.5 + ref_id: 83.5.a + description: the basic principles for processing, including conditions for consent, + pursuant to Articles 5, 6, 7 and 9; + - urn: urn:intuitem:risk:req_node:gdpr:83.5.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.5 + ref_id: 83.5.b + description: ' the data subjects'' rights pursuant to Articles 12 to 22;' + - urn: urn:intuitem:risk:req_node:gdpr:83.5.c + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.5 + ref_id: 83.5.c + description: the transfers of personal data to a recipient in a third country + or an international organisation pursuant to Articles 44 to 49; + - urn: urn:intuitem:risk:req_node:gdpr:83.5.d + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.5 + ref_id: 83.5.d + description: any obligations pursuant to Member State law adopted under Chapter + IX; + - urn: urn:intuitem:risk:req_node:gdpr:83.5.e + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:83.5 + ref_id: 83.5.e + description: non-compliance with an order or a temporary or definitive limitation + on processing or the suspension of data flows by the supervisory authority + pursuant to Article 58(2) or failure to provide access in violation of Article + 58(1). + - urn: urn:intuitem:risk:req_node:gdpr:83.6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.6' + description: Non-compliance with an order by the supervisory authority as referred + to in Article 58(2) shall, in accordance with paragraph 2 of this Article, + be subject to administrative fines up to 20 000 000 EUR, or in the case of + an undertaking, up to 4 % of the total worldwide annual turnover of the preceding + financial year, whichever is higher. + - urn: urn:intuitem:risk:req_node:gdpr:83.7 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.7' + description: Without prejudice to the corrective powers of supervisory authorities + pursuant to Article 58(2), each Member State may lay down the rules on whether + and to what extent administrative fines may be imposed on public authorities + and bodies established in that Member State. + - urn: urn:intuitem:risk:req_node:gdpr:83.8 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.8' + description: The exercise by the supervisory authority of its powers under this + Article shall be subject to appropriate procedural safeguards in accordance + with Union and Member State law, including effective judicial remedy and due + process. + - urn: urn:intuitem:risk:req_node:gdpr:83.9 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-83 + ref_id: '83.9' + description: Where the legal system of the Member State does not provide for + administrative fines, this Article may be applied in such a manner that the + fine is initiated by the competent supervisory authority and imposed by competent + national courts, while ensuring that those legal remedies are effective and + have an equivalent effect to the administrative fines imposed by supervisory + authorities. In any event, the fines imposed shall be effective, proportionate + and dissuasive. Those Member States shall notify to the Commission the provisions + of their laws which they adopt pursuant to this paragraph by 25 May 2018 and, + without delay, any subsequent amendment law or amendment affecting them. + - urn: urn:intuitem:risk:req_node:gdpr:article-84 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-viii + ref_id: Article 84 + description: Penalties + - urn: urn:intuitem:risk:req_node:gdpr:84.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-84 + ref_id: '84.1' + description: Member States shall lay down the rules on other penalties applicable + to infringements of this Regulation in particular for infringements which + are not subject to administrative fines pursuant to Article 83, and shall + take all measures necessary to ensure that they are implemented. Such penalties + shall be effective, proportionate and dissuasive. + annotation: Under French law, Articles 226-16 to 226-24 of the Penal Code provide + for sanctions. + - urn: urn:intuitem:risk:req_node:gdpr:84.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-84 + ref_id: '84.2' + description: Each Member State shall notify to the Commission the provisions + of its law which it adopts pursuant to paragraph 1, by 25 May 2018 and, without + delay, any subsequent amendment affecting them. + - urn: urn:intuitem:risk:req_node:gdpr:chapter-ix + assessable: false + depth: 1 + ref_id: CHAPTER IX + description: Provisions relating to specific processing situations + - urn: urn:intuitem:risk:req_node:gdpr:article-85 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ix + ref_id: Article 85 + description: Processing and freedom of expression and information + - urn: urn:intuitem:risk:req_node:gdpr:85.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-85 + ref_id: '85.1' + description: Member States shall by law reconcile the right to the protection + of personal data pursuant to this Regulation with the right to freedom of + expression and information, including processing for journalistic purposes + and the purposes of academic, artistic or literary expression. + - urn: urn:intuitem:risk:req_node:gdpr:85.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-85 + ref_id: '85.2' + description: For processing carried out for journalistic purposes or the purpose + of academic artistic or literary expression, Member States shall provide for + exemptions or derogations from Chapter II (principles), Chapter III (rights + of the data subject), Chapter IV (controller and processor), Chapter V (transfer + of personal data to third countries or international organisations), Chapter + VI (independent supervisory authorities), Chapter VII (cooperation and consistency) + and Chapter IX (specific data processing situations) if they are necessary + to reconcile the right to the protection of personal data with the freedom + of expression and information. + annotation: Based on national legislation, consider the exceptions that have + been implemented + - urn: urn:intuitem:risk:req_node:gdpr:85.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-85 + ref_id: '85.3' + description: Each Member State shall notify to the Commission the provisions + of its law which it has adopted pursuant to paragraph 2 and, without delay, + any subsequent amendment law or amendment affecting them. + - urn: urn:intuitem:risk:req_node:gdpr:article-86 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ix + ref_id: Article 86 + description: Processing and public access to official documents + - urn: urn:intuitem:risk:req_node:gdpr:node1043 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-86 + description: Personal data in official documents held by a public authority + or a public body or a private body for the performance of a task carried out + in the public interest may be disclosed by the authority or body in accordance + with Union or Member State law to which the public authority or body is subject + in order to reconcile public access to official documents with the right to + the protection of personal data pursuant to this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:article-87 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ix + ref_id: Article 87 + description: Processing of the national identification number + - urn: urn:intuitem:risk:req_node:gdpr:node1045 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-87 + description: Member States may further determine the specific conditions for + the processing of a national identification number or any other identifier + of general application. In that case the national identification number or + any other identifier of general application shall be used only under appropriate + safeguards for the rights and freedoms of the data subject pursuant to this + Regulation. + annotation: Based on national legislation, consider the exceptions that have + been implemented + - urn: urn:intuitem:risk:req_node:gdpr:article-88 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ix + ref_id: Article 88 + description: Processing in the context of employment + - urn: urn:intuitem:risk:req_node:gdpr:88.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-88 + ref_id: '88.1' + description: Member States may, by law or by collective agreements, provide + for more specific rules to ensure the protection of the rights and freedoms + in respect of the processing of employees' personal data in the employment + context, in particular for the purposes of the recruitment, the performance + of the contract of employment, including discharge of obligations laid down + by law or by collective agreements, management, planning and organisation + of work, equality and diversity in the workplace, health and safety at work, + protection of employer's or customer's property and for the purposes of the + exercise and enjoyment, on an individual or collective basis, of rights and + benefits related to employment, and for the purpose of the termination of + the employment relationship. + annotation: Based on national legislation, consider the exceptions that have + been implemented + - urn: urn:intuitem:risk:req_node:gdpr:88.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-88 + ref_id: '88.2' + description: Those rules shall include suitable and specific measures to safeguard + the data subject's human dignity, legitimate interests and fundamental rights, + with particular regard to the transparency of processing, the transfer of + personal data within a group of undertakings, or a group of enterprises engaged + in a joint economic activity and monitoring systems at the work place. + - urn: urn:intuitem:risk:req_node:gdpr:88.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-88 + ref_id: '88.3' + description: Each Member State shall notify to the Commission those provisions + of its law which it adopts pursuant to paragraph 1, by 25 May 2018 and, without + delay, any subsequent amendment affecting them. + - urn: urn:intuitem:risk:req_node:gdpr:article-89 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ix + ref_id: Article 89 + description: Safeguards and derogations relating to processing for archiving + purposes in the public interest, scientific or historical research purposes + or statistical purposes + - urn: urn:intuitem:risk:req_node:gdpr:89.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-89 + ref_id: '89.1' + description: Processing for archiving purposes in the public interest, scientific + or historical research purposes or statistical purposes, shall be subject + to appropriate safeguards, in accordance with this Regulation, for the rights + and freedoms of the data subject. Those safeguards shall ensure that technical + and organisational measures are in place in particular in order to ensure + respect for the principle of data minimisation. Those measures may include + pseudonymisation provided that those purposes can be fulfilled in that manner. + Where those purposes can be fulfilled by further processing which does not + permit or no longer permits the identification of data subjects, those purposes + shall be fulfilled in that manner. + annotation: Based on national legislation, consider the exceptions that have + been implemented + - urn: urn:intuitem:risk:req_node:gdpr:89.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-89 + ref_id: '89.2' + description: Where personal data are processed for scientific or historical + research purposes or statistical purposes, Union or Member State law may provide + for derogations from the rights referred to in Articles 15, 16, 18 and 21 + subject to the conditions and safeguards referred to in paragraph 1 of this + Article in so far as such rights are likely to render impossible or seriously + impair the achievement of the specific purposes, and such derogations are + necessary for the fulfilment of those purposes. + - urn: urn:intuitem:risk:req_node:gdpr:89.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-89 + ref_id: '89.3' + description: Where personal data are processed for archiving purposes in the + public interest, Union or Member State law may provide for derogations from + the rights referred to in Articles 15, 16, 18, 19, 20 and 21 subject to the + conditions and safeguards referred to in paragraph 1 of this Article in so + far as such rights are likely to render impossible or seriously impair the + achievement of the specific purposes, and such derogations are necessary for + the fulfilment of those purposes. + - urn: urn:intuitem:risk:req_node:gdpr:89.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-89 + ref_id: '89.4' + description: Where processing referred to in paragraphs 2 and 3 serves at the + same time another purpose, the derogations shall apply only to processing + for the purposes referred to in those paragraphs. + - urn: urn:intuitem:risk:req_node:gdpr:article-90 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ix + ref_id: Article 90 + description: Obligations of secrecy + - urn: urn:intuitem:risk:req_node:gdpr:90.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-90 + ref_id: '90.1' + description: Member States may adopt specific rules to set out the powers of + the supervisory authorities laid down in points (e) and (f) of Article 58(1) + in relation to controllers or processors that are subject, under Union or + Member State law or rules established by national competent bodies, to an + obligation of professional secrecy or other equivalent obligations of secrecy + where this is necessary and proportionate to reconcile the right of the protection + of personal data with the obligation of secrecy. Those rules shall apply only + with regard to personal data which the controller or processor has received + as a result of or has obtained in an activity covered by that obligation of + secrecy. + - urn: urn:intuitem:risk:req_node:gdpr:90.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-90 + ref_id: '90.2' + description: Each Member State shall notify to the Commission the rules adopted + pursuant to paragraph 1, by 25 May 2018 and, without delay, any subsequent + amendment affecting them. + - urn: urn:intuitem:risk:req_node:gdpr:article-91 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-ix + ref_id: Article 91 + description: Existing data protection rules of churches and religious associations + - urn: urn:intuitem:risk:req_node:gdpr:91.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-91 + ref_id: '91.1' + description: Where in a Member State, churches and religious associations or + communities apply, at the time of entry into force of this Regulation, comprehensive + rules relating to the protection of natural persons with regard to processing, + such rules may continue to apply, provided that they are brought into line + with this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:91.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-91 + ref_id: '91.2' + description: Churches and religious associations which apply comprehensive rules + in accordance with paragraph 1 of this Article shall be subject to the supervision + of an independent supervisory authority, which may be specific, provided that + it fulfils the conditions laid down in Chapter VI of this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:chapter-x + assessable: false + depth: 1 + ref_id: CHAPTER X + description: Delegated acts and implementing acts + - urn: urn:intuitem:risk:req_node:gdpr:article-92 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-x + ref_id: Article 92 + description: Exercise of the delegation + - urn: urn:intuitem:risk:req_node:gdpr:92.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-92 + ref_id: '92.1' + description: The power to adopt delegated acts is conferred on the Commission + subject to the conditions laid down in this Article. + - urn: urn:intuitem:risk:req_node:gdpr:92.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-92 + ref_id: '92.2' + description: The delegation of power referred to in Article 12(8) and Article + 43(8) shall be conferred on the Commission for an indeterminate period of + time from 24 May 2016. + - urn: urn:intuitem:risk:req_node:gdpr:92.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-92 + ref_id: '92.3' + description: The delegation of power referred to in Article 12(8) and Article + 43(8) may be revoked at any time by the European Parliament or by the Council. + A decision of revocation shall put an end to the delegation of power specified + in that decision. It shall take effect the day following that of its publication + in the Official Journal of the European Union or at a later date specified + therein. It shall not affect the validity of any delegated acts already in + force. + - urn: urn:intuitem:risk:req_node:gdpr:92.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-92 + ref_id: '92.4' + description: As soon as it adopts a delegated act, the Commission shall notify + it simultaneously to the European Parliament and to the Council. + - urn: urn:intuitem:risk:req_node:gdpr:92.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-92 + ref_id: '92.5' + description: A delegated act adopted pursuant to Article 12(8) and Article 43(8) + shall enter into force only if no objection has been expressed by either the + European Parliament or the Council within a period of three months of notification + of that act to the European Parliament and the Council or if, before the expiry + of that period, the European Parliament and the Council have both informed + the Commission that they will not object. That period shall be extended by + three months at the initiative of the European Parliament or of the Council. + - urn: urn:intuitem:risk:req_node:gdpr:article-93 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-x + ref_id: Article 93 + description: Committee procedure + - urn: urn:intuitem:risk:req_node:gdpr:93.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-93 + ref_id: '93.1' + description: The Commission shall be assisted by a committee. That committee + shall be a committee within the meaning of Regulation (EU) No 182/2011. + - urn: urn:intuitem:risk:req_node:gdpr:93.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-93 + ref_id: '93.2' + description: Where reference is made to this paragraph, Article 5 of Regulation + (EU) No 182/2011 shall apply. + - urn: urn:intuitem:risk:req_node:gdpr:93.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-93 + ref_id: '93.3' + description: Where reference is made to this paragraph, Article 8 of Regulation + (EU) No 182/2011, in conjunction with Article 5 thereof, shall apply. + - urn: urn:intuitem:risk:req_node:gdpr:chapter-xi + assessable: false + depth: 1 + ref_id: CHAPTER XI + description: Final provisions + - urn: urn:intuitem:risk:req_node:gdpr:article-94 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-xi + ref_id: Article 94 + description: Repeal of Directive 95/46/EC + - urn: urn:intuitem:risk:req_node:gdpr:94.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-94 + ref_id: '94.1' + description: Directive 95/46/EC is repealed with effect from 25 May 2018. + - urn: urn:intuitem:risk:req_node:gdpr:94.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-94 + ref_id: '94.2' + description: References to the repealed Directive shall be construed as references + to this Regulation. References to the Working Party on the Protection of Individuals + with regard to the Processing of Personal Data established by Article 29 of + Directive 95/46/EC shall be construed as references to the European Data Protection + Board established by this Regulation. + - urn: urn:intuitem:risk:req_node:gdpr:article-95 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-xi + ref_id: Article 95 + description: Relationship with Directive 2002/58/EC + - urn: urn:intuitem:risk:req_node:gdpr:node1077 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-95 + description: This Regulation shall not impose additional obligations on natural + or legal persons in relation to processing in connection with the provision + of publicly available electronic communications services in public communication + networks in the Union in relation to matters for which they are subject to + specific obligations with the same objective set out in Directive 2002/58/EC. + - urn: urn:intuitem:risk:req_node:gdpr:article-96 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-xi + ref_id: Article 96 + description: Relationship with previously concluded Agreements + - urn: urn:intuitem:risk:req_node:gdpr:node1079 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-96 + description: International agreements involving the transfer of personal data + to third countries or international organisations which were concluded by + Member States prior to 24 May 2016, and which comply with Union law as applicable + prior to that date, shall remain in force until amended, replaced or revoked. + - urn: urn:intuitem:risk:req_node:gdpr:article-97 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-xi + ref_id: Article 97 + description: Commission reports + - urn: urn:intuitem:risk:req_node:gdpr:97.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-97 + ref_id: '97.1' + description: By 25 May 2020 and every four years thereafter, the Commission + shall submit a report on the evaluation and review of this Regulation to the + European Parliament and to the Council. The reports shall be made public. + - urn: urn:intuitem:risk:req_node:gdpr:97.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-97 + ref_id: '97.2' + description: 'In the context of the evaluations and reviews referred to in paragraph + 1, the Commission shall examine, in particular, the application and functioning + of:' + - urn: urn:intuitem:risk:req_node:gdpr:97.2.a + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:97.2 + ref_id: 97.2.a + description: Chapter V on the transfer of personal data to third countries or + international organisations with particular regard to decisions adopted pursuant + to Article 45(3) of this Regulation and decisions adopted on the basis of + Article 25(6) of Directive 95/46/EC; + - urn: urn:intuitem:risk:req_node:gdpr:97.2.b + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:gdpr:97.2 + ref_id: 97.2.b + description: ' Chapter VII on cooperation and consistency.' + - urn: urn:intuitem:risk:req_node:gdpr:97.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-97 + ref_id: '97.3' + description: For the purpose of paragraph 1, the Commission may request information + from Member States and supervisory authorities. + - urn: urn:intuitem:risk:req_node:gdpr:97.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-97 + ref_id: '97.4' + description: In carrying out the evaluations and reviews referred to in paragraphs + 1 and 2, the Commission shall take into account the positions and findings + of the European Parliament, of the Council, and of other relevant bodies or + sources. + - urn: urn:intuitem:risk:req_node:gdpr:97.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-97 + ref_id: '97.5' + description: The Commission shall, if necessary, submit appropriate proposals + to amend this Regulation, in particular taking into account of developments + in information technology and in the light of the state of progress in the + information society. + - urn: urn:intuitem:risk:req_node:gdpr:article-98 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-xi + ref_id: Article 98 + description: Review of other Union legal acts on data protection + - urn: urn:intuitem:risk:req_node:gdpr:node1089 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-98 + description: The Commission shall, if appropriate, submit legislative proposals + with a view to amending other Union legal acts on the protection of personal + data, in order to ensure uniform and consistent protection of natural persons + with regard to processing. This shall in particular concern the rules relating + to the protection of natural persons with regard to processing by Union institutions, + bodies, offices and agencies and on the free movement of such data. + - urn: urn:intuitem:risk:req_node:gdpr:article-99 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:gdpr:chapter-xi + ref_id: Article 99 + description: Entry into force and application + - urn: urn:intuitem:risk:req_node:gdpr:99.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-99 + ref_id: '99.1' + description: This Regulation shall enter into force on the twentieth day following + that of its publication in the Official Journal of the European Union. + - urn: urn:intuitem:risk:req_node:gdpr:99.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-99 + ref_id: '99.2' + description: It shall apply from 25 May 2018. + - urn: urn:intuitem:risk:req_node:gdpr:node1093 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:gdpr:article-99 + description: This Regulation shall be binding in its entirety and directly applicable + in all Member States. diff --git a/backend/library/libraries/iso27001-2013.yaml b/backend/library/libraries/iso27001-2013.yaml new file mode 100644 index 000000000..cc1a00ee6 --- /dev/null +++ b/backend/library/libraries/iso27001-2013.yaml @@ -0,0 +1,1330 @@ +urn: urn:intuitem:risk:library:iso27001-2013 +locale: en +ref_id: ISO/IEC 27001:2013 +name: International standard ISO/IEC 27001:2013 +description: "Information security, cybersecurity and privacy protection \u2014 Information\ + \ security management systems \u2014 Requirements" +copyright: See https://www.iso.org/standard/27001 +version: 1 +provider: ISO/IEC +packager: intuitem +dependencies: +- urn:intuitem:risk:library:doc-pol +objects: + framework: + urn: urn:intuitem:risk:framework:iso27001-2013 + ref_id: ISO/IEC 27001:2013 + name: International standard ISO/IEC 27001:2013 + description: "Information security, cybersecurity and privacy protection \u2014\ + \ Information security management systems \u2014 Requirements" + requirement_nodes: + - urn: urn:intuitem:risk:req_node:iso27001-2013:core + name: Core + assessable: false + - urn: urn:intuitem:risk:req_node:iso27001-2013:4 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:core + ref_id: '4' + name: 'Context of the organization ' + - urn: urn:intuitem:risk:req_node:iso27001-2013:4.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:4 + ref_id: '4.1' + name: Understanding the organization and its context + description: Understand the context and the organization. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.CONTEXT + - urn: urn:intuitem:risk:req_node:iso27001-2013:4.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:4 + ref_id: '4.2' + name: Understanding the needs and expectations of interested parties + description: Determine interested parties and understand therir requirements + in relation with the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.CONTEXT + - urn: urn:intuitem:risk:req_node:iso27001-2013:4.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:4 + ref_id: '4.3' + name: Determining the scope of the information security management system + description: Determine the scope of the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.SCOPE + - urn: urn:intuitem:risk:req_node:iso27001-2013:4.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:4 + ref_id: '4.4' + name: Information security management system + description: Design and implement the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.OVERVIEW + - urn: urn:intuitem:risk:req_node:iso27001-2013:5 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:core + ref_id: '5' + name: Leadership + - urn: urn:intuitem:risk:req_node:iso27001-2013:5.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:5 + ref_id: '5.1' + name: Leadership and commitment + description: Ensure top management provides adequate commitment and resources + for the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.OVERVIEW + - urn:intuitem:risk:function:doc-pol:DOC.CONTROLS + - urn:intuitem:risk:function:doc-pol:DOC.COM + - urn:intuitem:risk:function:doc-pol:DOC.AUDIT_PLAN + - urn:intuitem:risk:function:doc-pol:DOC.COMPETENCY + - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn: urn:intuitem:risk:req_node:iso27001-2013:5.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:5 + ref_id: '5.2' + name: ' Policy' + description: Define an adequate security policy. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn: urn:intuitem:risk:req_node:iso27001-2013:5.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:5 + ref_id: '5.3' + name: Organizational roles, responsibilities and authorities + description: Ensure roles and responsibilities are properly defined. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.RACI + - urn: urn:intuitem:risk:req_node:iso27001-2013:6 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:core + ref_id: '6' + name: Planning + - urn: urn:intuitem:risk:req_node:iso27001-2013:6.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:6 + ref_id: '6.1' + name: Actions to address risks and opportunities + - urn: urn:intuitem:risk:req_node:iso27001-2013:6.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:6.1 + ref_id: 6.1.1 + name: General + description: When planning for the ISMS, take into account risks and opportunities, + and actions to address them. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.RISK + - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:6.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:6.1 + ref_id: 6.1.2 + name: Information security risk assessment requirement + description: Establish a proper risk assessment process. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.RISK + - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:6.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:6.1 + ref_id: 6.1.3 + name: Information security risk treatment + description: Establish a proper risk treatment process, and produce a Statement + of Applicability. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.RISK + - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn:intuitem:risk:function:doc-pol:DOC.SOA + - urn: urn:intuitem:risk:req_node:iso27001-2013:6.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:6 + ref_id: '6.2' + name: Information security objectives and planning to achieve them + description: Define and maintain relevant security objectives. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn:intuitem:risk:function:doc-pol:DOC.SO_REGISTER + - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn:intuitem:risk:function:doc-pol:DOC.MGMT_REVIEW + - urn: urn:intuitem:risk:req_node:iso27001-2013:7 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:core + ref_id: '7' + name: ' Support' + - urn: urn:intuitem:risk:req_node:iso27001-2013:7.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:7 + ref_id: '7.1' + name: Resources + description: Provide adequate resources for the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.RACI + - urn:intuitem:risk:function:doc-pol:DOC.COMPETENCY + - urn:intuitem:risk:function:doc-pol:DOC.CONTROLS + - urn: urn:intuitem:risk:req_node:iso27001-2013:7.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:7 + ref_id: '7.2' + name: Competence + description: Manage competence of workforce interacting with the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.EDUC + - urn:intuitem:risk:function:doc-pol:DOC.EDUC_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:7.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:7 + ref_id: '7.3' + name: Awareness + description: Manage awareness of all employees and contractors. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.EDUC + - urn:intuitem:risk:function:doc-pol:DOC.EDUC_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:7.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:7 + ref_id: '7.4' + name: Communication + description: Manage communication relevant to the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.COM + - urn: urn:intuitem:risk:req_node:iso27001-2013:7.5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:7 + ref_id: '7.5' + name: Documented Information + - urn: urn:intuitem:risk:req_node:iso27001-2013:7.5.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:7.5 + ref_id: 7.5.1 + name: General + description: Document adequate information relevant to the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.DOC_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:7.5.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:7.5 + ref_id: 7.5.2 + name: Creating and updating documented information + description: Identify properly the documents, and manage reviews and approvals. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.DOC_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:7.5.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:7.5 + ref_id: 7.5.3 + name: Control of documented information + description: Ensure the ISM documentation is available and adequately protected. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.DOC_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:8 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:core + ref_id: '8' + name: Operations + - urn: urn:intuitem:risk:req_node:iso27001-2013:8.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:8 + ref_id: '8.1' + name: Operational planning and control + description: Define and implement adequate processes, and control them. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.RACI + - urn:intuitem:risk:function:doc-pol:DOC.PROC_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:8.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:8 + ref_id: '8.2' + name: Information security risk assessment + description: Perform risk assessments periodically. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.PROC_REGISTER + - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:8.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:8 + ref_id: '8.3' + name: Information security risk treatment + description: Implement risk treatment plan. + reference_controls: + - urn:intuitem:risk:function:doc-pol:DOC.PROC_REGISTER + - urn:intuitem:risk:function:doc-pol:DOC.RISK_REGISTER + - urn: urn:intuitem:risk:req_node:iso27001-2013:9 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:core + ref_id: '9' + name: Performance evaluation + - urn: urn:intuitem:risk:req_node:iso27001-2013:9.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:9 + ref_id: '9.1' + name: Monitoring, measurement, analysis, evaluation + description: Implement relevant monitoring, and evaluate performance and effectiveness + of the ISMS. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.MONITOR + - urn:intuitem:risk:function:doc-pol:DOC.AUDIT_PLAN + - urn: urn:intuitem:risk:req_node:iso27001-2013:9.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:9 + ref_id: '9.2' + name: Internal audit + description: 'Perform regular internal audits of the ISMS. + + Manage the internal audit programme appropriately.' + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.AUDIT + - urn:intuitem:risk:function:doc-pol:DOC.AUDIT_PLAN + - urn: urn:intuitem:risk:req_node:iso27001-2013:9.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:9 + ref_id: '9.3' + name: Management review + description: 'Organize management reviews of the ISMS periodically. + + Include appropriate data for effective management reviews. + + Document the results of the management reviews.' + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn:intuitem:risk:function:doc-pol:DOC.MGMT_REVIEW + - urn: urn:intuitem:risk:req_node:iso27001-2013:10 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:core + ref_id: '10' + name: Improvement + - urn: urn:intuitem:risk:req_node:iso27001-2013:10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:10 + ref_id: '10.1' + name: Nonconformity and corrective action + description: Manage nonconformities appropriately. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn:intuitem:risk:function:doc-pol:POL.INCIDENT + - urn:intuitem:risk:function:doc-pol:DOC.NC_LOG + - urn:intuitem:risk:function:doc-pol:DOC.PROC_REGISTER + - urn:intuitem:risk:function:doc-pol:DOC.RACI + - urn:intuitem:risk:function:doc-pol:DOC.MGMT_REVIEW + - urn: urn:intuitem:risk:req_node:iso27001-2013:10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:10 + ref_id: '10.2' + name: "Continual improvement\_" + description: Improve the ISMS continuously. + reference_controls: + - urn:intuitem:risk:function:doc-pol:POL.MAIN + - urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + name: Annex A + assessable: false + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.5 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.5 + name: Information security policies + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.5.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.5 + ref_id: A.5.1 + name: Management direction for information security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.5.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.5.1 + ref_id: A.5.1.1 + name: Policies for information security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.5.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.5.1 + ref_id: A.5.1.2 + name: Review of the policies for information security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.6 + name: Organization of information security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6 + ref_id: A.6.1 + name: Internal organization + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1 + ref_id: A.6.1.1 + name: Information security roles and responsibilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1 + ref_id: A.6.1.2 + name: Segregation of duties + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1 + ref_id: A.6.1.3 + name: Contact with authorities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1 + ref_id: A.6.1.4 + name: Contact with special interest groups + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1 + ref_id: A.6.1.5 + name: Information security in project management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6 + ref_id: A.6.2 + name: Mobile devices and teleworking + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.2 + ref_id: A.6.2.1 + name: Mobile device policy + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.2 + ref_id: A.6.2.2 + name: Teleworking + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.7 + name: Human resource security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7 + ref_id: A.7.1 + name: Prior to employment + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.1 + ref_id: A.7.1.1 + name: Screening + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.1 + ref_id: A.7.1.2 + name: ' Terms and conditions of employment' + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7 + ref_id: A.7.2 + name: During employment + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2 + ref_id: A.7.2.1 + name: Management responsibilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2 + ref_id: A.7.2.2 + name: Information security awareness, education and training + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2 + ref_id: A.7.2.3 + name: Disciplinary process + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7 + ref_id: A.7.3 + name: Termination and change of employment + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.3.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.3 + ref_id: A.7.3.1 + name: Termination or change of employment responsibilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.8 + name: Asset management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8 + ref_id: A.8.1 + name: Responsibility for assets + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1 + ref_id: A.8.1.1 + name: Inventory of assets + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1 + ref_id: A.8.1.2 + name: Ownership of assets + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1 + ref_id: A.8.1.3 + name: Acceptable use of assets + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1 + ref_id: A.8.1.4 + name: Return of assets + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8 + ref_id: A.8.2 + name: Information classification + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2 + ref_id: A.8.2.1 + name: Classification of information + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2 + ref_id: A.8.2.2 + name: Labelling of information + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2 + ref_id: A.8.2.3 + name: Handling of assets + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8 + ref_id: A.8.3 + name: Media handling + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3 + ref_id: A.8.3.1 + name: Management of removable media + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3 + ref_id: A.8.3.2 + name: Disposal of media + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3 + ref_id: A.8.3.3 + name: Physical media transfer + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.9 + name: Access control + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9 + ref_id: A.9.1 + name: Business requirements of access control + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.1 + ref_id: A.9.1.1 + name: Access control policy + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.1 + ref_id: A.9.1.2 + name: Access to networks and network services + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9 + ref_id: A.9.2 + name: User access management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2 + ref_id: A.9.2.1 + name: User registration and de-registration + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2 + ref_id: A.9.2.2 + name: User access provisioning + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2 + ref_id: A.9.2.3 + name: Management of privileged access rights + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2 + ref_id: A.9.2.4 + name: Management of secret authentication information of users + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2 + ref_id: A.9.2.5 + name: Review of user access rights + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2 + ref_id: A.9.2.6 + name: Removal or adjustment of access rights + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9 + ref_id: A.9.3 + name: User responsibilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.3.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.3 + ref_id: A.9.3.1 + name: Use of secret authentication information + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9 + ref_id: A.9.4 + name: System and application access control + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4 + ref_id: A.9.4.1 + name: Information access restriction + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4 + ref_id: A.9.4.2 + name: Secure log-on procedures + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4 + ref_id: A.9.4.3 + name: Password management system + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4 + ref_id: A.9.4.4 + name: Use of privileged utility programs + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4 + ref_id: A.9.4.5 + name: Access control to program source code + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.10 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.10 + name: Cryptography + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.10.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.10 + ref_id: A.10.1 + name: Cryptographic controls + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.10.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.10.1 + ref_id: A.10.1.1 + name: Policy on the use of cryptographic controls + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.10.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.10.1 + ref_id: A.10.1.2 + name: Key management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.11 + name: Physical and environmental security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11 + ref_id: A.11.1 + name: Secure areas + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1 + ref_id: A.11.1.1 + name: Physical security perimeter + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1 + ref_id: A.11.1.2 + name: Physical entry controls + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1 + ref_id: A.11.1.3 + name: Securing offices, rooms and facilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1 + ref_id: A.11.1.4 + name: Protecting against external and environmental threats + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1 + ref_id: A.11.1.5 + name: Working in secure areas + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1 + ref_id: A.11.1.6 + name: Delivery and loading areas + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11 + ref_id: A.11.2 + name: Equipment + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.1 + name: Equipment siting and protection + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.2 + name: Supporting utilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.3 + name: Cabling security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.4 + name: Equipment maintenance + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.5 + name: Removal of assets + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.6 + name: Security of equipment and assets off-premises + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.7 + name: Secure disposal or reuse of equipment + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.8 + name: Unattended user equipment + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.9 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2 + ref_id: A.11.2.9 + name: Clear desk and clear screen policy + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.12 + name: Operations security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12 + ref_id: A.12.1 + name: Operational procedures and responsibilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1 + ref_id: A.12.1.1 + name: Documented operating procedures + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1 + ref_id: A.12.1.2 + name: Change management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1 + ref_id: A.12.1.3 + name: Capacity management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1 + ref_id: A.12.1.4 + name: Separation of development, testing and operational environments + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12 + ref_id: A.12.2 + name: Protection from malware + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.2 + ref_id: A.12.2.1 + name: Controls against malware + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12 + ref_id: A.12.3 + name: Backup + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.3.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.3 + ref_id: A.12.3.1 + name: Information backup + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12 + ref_id: A.12.4 + name: Logging and monitoring + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4 + ref_id: A.12.4.1 + name: Event logging + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4 + ref_id: A.12.4.2 + name: Protection of log information + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4 + ref_id: A.12.4.3 + name: Administrator and operator logs + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4 + ref_id: A.12.4.4 + name: Clock synchronisation + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12 + ref_id: A.12.5 + name: Control of operational software + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.5.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.5 + ref_id: A.12.5.1 + name: Installation of software on operational systems + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12 + ref_id: A.12.6 + name: Technical vulnerability management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.6.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.6 + ref_id: A.12.6.1 + name: Management of technial vulnerabilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.6.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.6 + ref_id: A.12.6.2 + name: Restrictions on software installation + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.7 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12 + ref_id: A.12.7 + name: Information systems audit considerations + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.7.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.7 + ref_id: A.12.7.1 + name: Information systems audit controls + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.13 + name: Communications security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13 + ref_id: A.13.1 + name: Network security management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1 + ref_id: A.13.1.1 + name: Network controls + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1 + ref_id: A.13.1.2 + name: Security of network services + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1 + ref_id: A.13.1.3 + name: Segregation in networks + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13 + ref_id: A.13.2 + name: Information transfer + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2 + ref_id: A.13.2.1 + name: Information transfer policies and procedures + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2 + ref_id: A.13.2.2 + name: Agreements on information transfer + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2 + ref_id: A.13.2.3 + name: Electronic messaging + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2 + ref_id: A.13.2.4 + name: Confidentiality or non-disclosure agreements + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.14 + name: System acquisition, development and maintenance + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14 + ref_id: A.14.1 + name: Security requirements of information systems + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1 + ref_id: A.14.1.1 + name: Information security requirements analysis and specification + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1 + ref_id: A.14.1.2 + name: Securing application services on public networks + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1 + ref_id: A.14.1.3 + name: Protecting application services transactions + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14 + ref_id: A.14.2 + name: Security in development and support processes + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.1 + name: ' Secure development policy' + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.2 + name: System change control procedures + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.3 + name: Technical review of applications after operating platform changes + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.4 + name: Restrictions on changes to software packages + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.5 + name: Secure system engineering principles + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.6 + name: Secure development environment + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.7 + name: Outsourced development + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.8 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.8 + name: System security testing + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.9 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2 + ref_id: A.14.2.9 + name: System acceptance testing + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14 + ref_id: A.14.3 + name: Test data + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.3.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.3 + ref_id: A.14.3.1 + name: Protection of test data + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.15 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.15 + name: Supplier relationships + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15 + ref_id: A.15.1 + name: Information security in supplier relationships + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1 + ref_id: A.15.1.1 + name: Information security policy for supplier relationships + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1 + ref_id: A.15.1.2 + name: Addressing security within supplier agreements + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1 + ref_id: A.15.1.3 + name: Information and communication technology supply chain + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15 + ref_id: A.15.2 + name: Supplier service delivery management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.2 + ref_id: A.15.2.1 + name: ' Monitoring and review of supplier services' + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.2 + ref_id: A.15.2.2 + name: Managing changes to supplier services + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.16 + name: Information security incident management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16 + ref_id: A.16.1 + name: Management of information security incidents and improvements + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1 + ref_id: A.16.1.1 + name: Responsibilities and procedures + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1 + ref_id: A.16.1.2 + name: Reporting information security events + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1 + ref_id: A.16.1.3 + name: Reporting information security weaknesses + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1 + ref_id: A.16.1.4 + name: Assessment of and decision on information security events + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1 + ref_id: A.16.1.5 + name: Response to information security incidents + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1 + ref_id: A.16.1.6 + name: Learning from information security incidents + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.7 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1 + ref_id: A.16.1.7 + name: Collection of evidence + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.17 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.17 + name: Information security aspects of business continuity management + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17 + ref_id: A.17.1 + name: Information security continuity + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1 + ref_id: A.17.1.1 + name: Planning information security continuity + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1 + ref_id: A.17.1.2 + name: Implementing information security continuity + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1 + ref_id: A.17.1.3 + name: Verify, review and evaluate information security continuity + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17 + ref_id: A.17.2 + name: Redundancies + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.2 + ref_id: A.17.2.1 + name: Availability of information processing facilities + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18 + assessable: false + depth: 1 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:annex-a + ref_id: A.18 + name: Compliance + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18 + ref_id: A.18.1 + name: Compliance with legal and contractual requirements + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1 + ref_id: A.18.1.1 + name: Identification of applicable legislation and contractual requirements + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1 + ref_id: A.18.1.2 + name: Intellectual property rights + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1 + ref_id: A.18.1.3 + name: Protection of records + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1 + ref_id: A.18.1.4 + name: Privacy and protection of personally identifiable information + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1 + ref_id: A.18.1.5 + name: Regulation of cryptographic controls + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18 + ref_id: A.18.2 + name: Information security reviews + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2.1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2 + ref_id: A.18.2.1 + name: Independent review of information security + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2.2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2 + ref_id: A.18.2.2 + name: Compliance with security policies and standards + - urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2.3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2 + ref_id: A.18.2.3 + name: Technical compliance review diff --git a/backend/library/libraries/map-nist-csf-1.1-iso27001-2022.yaml b/backend/library/libraries/map-nist-csf-1.1-iso27001-2022.yaml new file mode 100644 index 000000000..65a845390 --- /dev/null +++ b/backend/library/libraries/map-nist-csf-1.1-iso27001-2022.yaml @@ -0,0 +1,920 @@ +urn: urn:intuitem:risk:library:map-nist-csf-1.1-iso27001-2022 +locale: en +ref_id: map-nist-csf-1.1-iso27001-2022 +name: Mapping from nist-csf-1.1 to iso27001-2022 +description: Mapping from nist-csf-1.1 to iso27001-2022 +version: 1 +copyright: NIST and ISO/IEC +provider: NIST and ISO/IEC +packager: intuitem +dependencies: +- urn:intuitem:risk:library:iso27001-2022 +- urn:intuitem:risk:library:nist-csf-1.1 +objects: + requirement_mapping_set: + urn: urn:intuitem:risk:req_mapping_set:nist-csf-1.1-to-iso27001-2022 + ref_id: mapping-nist-csf-1.1-iso27001-2022 + name: mapping-nist-csf-1.1-iso27001-2022 + source_framework_urn: urn:intuitem:risk:framework:nist-csf-1.1 + target_framework_urn: urn:intuitem:risk:framework:iso27001-2022 + requirement_mappings: + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.9 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.9 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.9 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.12 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.21 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.4 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.11 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.12 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.6 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.5 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.1 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.4 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.31 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.32 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.33 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.16 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.7 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.19 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.20 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.21 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.19 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.20 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.21 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.16 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.17 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.18 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.5 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.1 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.4 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.12 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.7 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.20 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.15 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.18 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.20 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.22 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.15 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.18 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.18 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.4 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.20 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.26 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.13 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.1 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.5 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.13 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.15 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.17 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.4 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.22 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.26 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.7 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.19 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.26 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-7 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.31 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-8 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.13 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.32 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.9 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.19 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.25 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.27 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.32 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.9 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.19 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.13 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.33 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.4 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.5 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.11 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.12 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-8 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.27 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-9 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.24 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-9 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-9 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-10 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.3 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-11 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.1 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-11 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.5 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-11 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.34 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-12 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-12 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.36 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.13 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.13 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.19 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.15 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.17 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.34 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.1 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.7 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.15 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.20 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.14 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.16 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.24 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.25 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.16 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.4 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.15 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.7 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.16 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.19 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.30 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-7 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.16 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-8 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.34 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.29 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.27 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.rp-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.26 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.24 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.15 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.16 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.26 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.27 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.28 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.25 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.mi-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.26 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.mi-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.7 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.mi-2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.26 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.mi-3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.im-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.27 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.rp-1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.26 + relationship: intersect + rationale: semantic + annotation: '' diff --git a/backend/library/libraries/map-nist-csf-1.1-nist-csf-2.0.yaml b/backend/library/libraries/map-nist-csf-1.1-nist-csf-2.0.yaml new file mode 100644 index 000000000..00870c70f --- /dev/null +++ b/backend/library/libraries/map-nist-csf-1.1-nist-csf-2.0.yaml @@ -0,0 +1,945 @@ +urn: urn:intuitem:risk:library:map-nist-csf-1.1-nist-csf-2.0 +locale: en +ref_id: map-nist-csf-1.1-nist-csf-2.0 +name: Mapping from nist-csf-1.1 to nist-csf-2.0 +description: Mapping from nist-csf-1.1 to nist-csf-2.0 +version: 1 +copyright: NIST +provider: NIST +packager: intuitem +dependencies: +- urn:intuitem:risk:library:nist-csf-2.0 +- urn:intuitem:risk:library:nist-csf-1.1 +objects: + requirement_mapping_set: + urn: urn:intuitem:risk:requirement_mapping_set:nist-csf-1.1-to-nist-csf-2.0 + ref_id: mapping-nist-csf-1.1-nist-csf-2.0 + name: mapping-nist-csf-1.1-nist-csf-2.0 + source_framework_urn: urn:intuitem:risk:framework:nist-csf-1.1 + target_framework_urn: urn:intuitem:risk:framework:nist-csf-2.0 + requirement_mappings: + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.be-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.oc-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.rm + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.rm-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.rm-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.rm-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.rm-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.rm-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rm-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-6 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-07 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-07 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-09 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.sc-10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-6 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.rm-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-11 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.rr-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.gv-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:gv.po-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.am-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-6 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.am-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-12 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-8 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.ra-6 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.mi-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-07 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-8 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-09 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.ra-10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.im + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.im + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-7 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:id.sc-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-10 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-7 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-8 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.im-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.im-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.im-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.im-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-9 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.im-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.im-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-10 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:id.im-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-6 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-7 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-05 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.aa-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.at-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.at-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-6 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-10 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ds-11 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-12 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ma-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ps-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ac-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-7 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ip-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.pt-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:pr.ir-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-7 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-7 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-6 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-7 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-6 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-09 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:pr.ds-8 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-09 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-09 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-09 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.cm-7 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.cm-09 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.dp-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-07 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:de.ae-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:de.ae-08 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.rp + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.rp-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-4 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.ma-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.an-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.an-06 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-5 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.co-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.mi + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.mi-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.mi-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rs.mi-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.rp + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.rp-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-01 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.rp-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.rp-02 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.co + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.co-3 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co-03 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rc.co-1 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co-04 + relationship: intersect + rationale: semantic + annotation: '' + - source_requirement_urn: urn:intuitem:risk:req_node:nist-csf-1.1:rs.co-2 + target_requirement_urn: urn:intuitem:risk:req_node:nist-csf-2.0:rc.co-04 + relationship: intersect + rationale: semantic + annotation: '' diff --git a/backend/library/libraries/mapping-iso27001-2013-to-iso27001-2022.yaml b/backend/library/libraries/mapping-iso27001-2013-to-iso27001-2022.yaml new file mode 100644 index 000000000..0d7b6028f --- /dev/null +++ b/backend/library/libraries/mapping-iso27001-2013-to-iso27001-2022.yaml @@ -0,0 +1,693 @@ +urn: urn:intuitem:risk:library:mapping-iso27001-2013-to-iso27001-2022 +locale: en +ref_id: mapping-iso27001-2013-to-iso27001-2022 +name: ISO/IEC 27001:2013 -> ISO/IEC 27001:2022 +description: Mapping from International standard ISO/IEC 27001:2013 to International + standard ISO/IEC 27001:2022 +copyright: intuitem +version: 1 +provider: intuitem +packager: intuitem +dependencies: +- urn:intuitem:risk:library:iso27001-2013 +- urn:intuitem:risk:library:iso27001-2022 +objects: + requirement_mapping_set: + urn: urn:intuitem:risk:req_mapping_set:iso27001-2013 + ref_id: mapping-iso27001-2013-to-iso27001-2022 + name: ISO/IEC 27001:2013 -> ISO/IEC 27001:2022 + description: Mapping from International standard ISO/IEC 27001:2013 to International + standard ISO/IEC 27001:2022 + source_framework_urn: urn:intuitem:risk:framework:iso27001-2013 + target_framework_urn: urn:intuitem:risk:framework:iso27001-2022 + requirement_mappings: + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:4.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:4.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:4.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:4.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:4.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:4.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:4.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:4.4 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:5.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:5.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:5.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:5.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:5.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:5.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:6.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:6.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:6.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:6.1.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:6.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:6.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:7.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:7.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:7.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:7.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:7.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:7.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:7.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:7.4 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:7.5.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:7.5.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:7.5.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:7.5.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:8.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:8.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:8.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:8.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:8.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:8.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:9.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:9.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:9.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:9.2.1 + relationship: superset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:9.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:9.2.2 + relationship: superset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:9.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3.1 + relationship: superset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:9.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3.2 + relationship: superset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:9.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:9.3.3 + relationship: superset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:10.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:10.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:10.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:10.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.5.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.1 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.5.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.1 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.1 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.6.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.7 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.4 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.2.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.4 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.7.3.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.5 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.9 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.9 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.10 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.1.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.11 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.12 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.13 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.2.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.10 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.8.3.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.15 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.15 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.16 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.18 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.2 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.2.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.17 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.3.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.17 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.5 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.17 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.18 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.9.4.5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.4 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.10.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.24 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.10.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.24 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.1 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.2 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.3 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.5 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.6 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.1.6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.2 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.8 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.11 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.12 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.13 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.10 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.9 + relationship: superset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.7 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.14 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.8 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.1 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.11.2.9 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.7.7 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.37 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.32 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.6 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.1.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.31 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.7 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.3.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.13 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.15 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.15 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.15 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.4.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.17 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.5.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.19 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.12.6.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.8 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.20 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.21 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.22 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.14 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.14 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.14 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.13.2.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.6 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.8 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.26 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.26 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.25 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.32 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.27 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.31 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.7 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.30 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.8 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.29 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.2.9 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.29 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.14.3.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.33 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.19 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.20 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.21 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.15.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.22 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.24 + relationship: intersect + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.6.8 + relationship: intersect + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.25 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.26 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.6 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.27 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.16.1.7 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.28 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.29 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.17.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.8.14 + relationship: intersect + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.31 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.32 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.33 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.4 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.34 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.1.5 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.31 + relationship: subset + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2.1 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.35 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2.2 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.36 + relationship: equal + rationale: syntactic + stregth_of_relationship: null + - source_requirement_urn: urn:intuitem:risk:req_node:iso27001-2013:a.18.2.3 + target_requirement_urn: urn:intuitem:risk:req_node:iso27001-2022:a.5.36 + relationship: subset + rationale: syntactic + stregth_of_relationship: null diff --git a/backend/library/libraries/ncsc-caf-3.2.yaml b/backend/library/libraries/ncsc-caf-3.2.yaml new file mode 100644 index 000000000..b30970be3 --- /dev/null +++ b/backend/library/libraries/ncsc-caf-3.2.yaml @@ -0,0 +1,1932 @@ +urn: urn:intuitem:risk:library:ncsc-caf-3.2 +locale: en +ref_id: ncsc-caf-3.2 +name: Cyber Assessment Framework +description: 'National Cyber Security Centre - Cyber Assessment Framework + + https://www.ncsc.gov.uk/collection/cyber-assessment-framework' +copyright: NCSC https://www.ncsc.gov.uk/collection/cyber-assessment-framework +version: 1 +provider: NCSC +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:ncsc-caf-3.2 + ref_id: ncsc-caf-3.2 + name: Cyber Assessment Framework + description: 'National Cyber Security Centre - Cyber Assessment Framework + + https://www.ncsc.gov.uk/collection/cyber-assessment-framework' + requirement_nodes: + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a + assessable: false + depth: 1 + ref_id: A + name: Managing security risk + description: Appropriate organisational structures, policies, processes and + procedures in place to understand, assess and systematically manage security + risks to the network and information systems supporting essential functions. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a + ref_id: A1 + name: Governance + description: The organisation has appropriate management policies, processes + and procedures in place to govern its approach to the security of network + and information systems. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1 + ref_id: A1.a + name: Board Direction + description: You have effective organisational security management led at board + level and articulated clearly in corresponding policies. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a + ref_id: A1.a.1 + description: Your organisation's approach and policy relating to the security + of network and information systems supporting the operation of your essential + function(s) are owned and managed at board-level. These are communicated, + in a meaningful way, to risk management decision-makers across the organisation. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a + ref_id: A1.a.2 + description: Regular board-level discussions on the security of network and + information systems supporting the operation of your essential function(s) + take place, based on timely and accurate information and informed by expert + guidance. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a + ref_id: A1.a.3 + description: There is a board-level individual who has overall accountability + for the security of network and information systems and drives regular discussion + at board-level. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.a + ref_id: A1.a.4 + description: Direction set at board-level is translated into effective organisational + practices that direct and control the security of the network and information + systems supporting your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1 + ref_id: A1.b + name: Roles and Responsibilities + description: Your organisation has established roles and responsibilities for + the security of network and information systems at all levels, with clear + and well-understood channels for communicating and escalating risks. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.b + ref_id: A1.b.1 + description: Key roles and responsibilities for the security of network and + information systems supporting your essential function(s) have been identified. + These are reviewed regularly to ensure they remain fit for purpose. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.b + ref_id: A1.b.2 + description: Appropriately capable and knowledgeable staff fill those roles + and are given the time, authority, and resources to carry out their duties. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.b + ref_id: A1.b.3 + description: There is clarity on who in your organisation has overall accountability + for the security of the network and information systems supporting your essential + function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1 + ref_id: A1.c + name: Decision-making + description: You have senior-level accountability for the security of network + and information systems, and delegate decision-making authority appropriately + and effectively. Risks to network and information systems related to the operation + of your essential function(s) are considered in the context of other organisational + risks. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c + ref_id: A1.c.1 + description: Senior management have visibility of key risk decisions made throughout + the organisation. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c + ref_id: A1.c.2 + description: Risk management decision-makers understand their responsibilities + for making effective and timely decisions in the context of the risk appetite + regarding the essential function(s), as set by senior management. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c + ref_id: A1.c.3 + description: Risk management decision-making is delegated and escalated where + necessary, across the organisation, to people who have the skills, knowledge, + tools and authority they need. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a1.c + ref_id: A1.c.4 + description: Risk management decisions are regularly reviewed to ensure their + continued relevance and validity. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a + ref_id: A2 + name: Risk Management + description: The organisation takes appropriate steps to identify, assess and + understand security risks to the network and information systems supporting + the operation of essential functions. This includes an overall organisational + approach to risk management. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2 + ref_id: A2.a + name: Risk Management Process + description: Your organisation has effective internal processes for managing + risks to the security of network and information systems related to the operation + of your essential function(s) and communicating associated activities. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.1 + description: Your organisational process ensures that security risks to network + and information systems relevant to essential function(s) are identified, + analysed, prioritised, and managed. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.2 + description: Your approach to risk is focused on the possibility of adverse + impact to your essential function(s), leading to a detailed understanding + of how such impact might arise as a consequence of possible attacker actions + and the security properties of your network and information systems. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.3 + description: Your risk assessments are based on a clearly understood set of + threat assumptions, informed by an up-to-date understanding of security threats + to your essential function(s) and your sector. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.4 + description: Your risk assessments are informed by an understanding of the vulnerabilities + in the network and information systems supporting your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.5 + description: The output from your risk management process is a clear set of + security requirements that will address the risks in line with your organisational + approach to security. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.6 + description: Significant conclusions reached in the course of your risk management + process are communicated to key security decision-makers and accountable individuals. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.7 + description: Your risk assessments are dynamic and updated in the light of relevant + changes which may include technical changes to network and information systems, + change of use and new threat information. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.8 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.8 + description: The effectiveness of your risk management process is reviewed regularly, + and improvements made as required. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a.9 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.a + ref_id: A2.a.9 + description: You perform detailed threat analysis and understand how this applies + to your organisation in the context of the threat to your sector and the wider + CNI. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2 + ref_id: A2.b + name: Assurance + description: You have gained confidence in the effectiveness of the security + of your technology, people, and processes relevant to your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b + ref_id: A2.b.1 + description: "You validate that the security measures in place to protect the\ + \ network and information systems\Lare effective and remain effective for\ + \ the lifetime over which they are needed." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b + ref_id: A2.b.2 + description: You understand the assurance methods available to you and choose + appropriate methods to gain confidence in the security of essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b + ref_id: A2.b.3 + description: "Your confidence in the security as it relates to your technology,\ + \ people, and processes can be\Ljustified to, and verified by, a third party." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b + ref_id: A2.b.4 + description: Security deficiencies uncovered by assurance activities are assessed, + prioritised and remedied when necessary in a timely and effective way. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a2.b + ref_id: A2.b.5 + description: The methods used for assurance are reviewed to ensure they are + working as intended and remain the most appropriate method to use. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a + ref_id: A3 + name: Asset Management + description: Everything required to deliver, maintain or support network and + information systems necessary for the operation of essential functions is + determined and understood. This includes data, people and systems, as well + as any supporting infrastructure (such as power or cooling). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3 + ref_id: A3.a + name: Asset Management + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a + ref_id: A3.a.1 + description: All assets relevant to the secure operation of essential function(s) + are identified and inventoried (at a suitable level of detail). The inventory + is kept up-to-date. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a + ref_id: A3.a.2 + description: Dependencies on supporting infrastructure (e.g. power, cooling + etc) are recognised and recorded. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a + ref_id: A3.a.3 + description: You have prioritised your assets according to their importance + to the operation of the essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a + ref_id: A3.a.4 + description: You have assigned responsibility for managing all assets, including + physical assets, relevant to the operation of the essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a3.a + ref_id: A3.a.5 + description: Assets relevant to the essential function(s) are managed with cyber + security in mind throughout their lifecycle, from creation through to eventual + decommissioning or disposal. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a + ref_id: A4 + name: Supply Chain + description: The organisation understands and manages security risks to network + and information systems supporting the operation of essential functions that + arise as a result of dependencies on external suppliers. This includes ensuring + that appropriate measures are employed where third party services are used. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4 + ref_id: A4.a + name: Supply Chain + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a + ref_id: A4.a.1 + description: "You have a deep understanding of your supply chain, including\ + \ sub- contractors and the wider risks it faces. You consider factors such\ + \ as supplier\u2019s partnerships, competitors, nationality and other organisations\ + \ with which they sub- contract. This informs your risk assessment and procurement\ + \ processes." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a + ref_id: A4.a.2 + description: Your approach to supply chain risk management considers the risks + to your essential function(s) arising from supply chain subversion by capable + and well-resourced attackers. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a + ref_id: A4.a.3 + description: You have confidence that information shared with suppliers that + is essential to the operation of your function(s) is appropriately protected + from sophisticated attacks. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a + ref_id: A4.a.4 + description: You understand which contracts are relevant and you include appropriate + security obligations in relevant contracts. You have a proactive approach + to contract management which may include a contract management plan for relevant + contracts. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a + ref_id: A4.a.5 + description: Customer / supplier ownership of responsibilities is laid out in + contracts. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a + ref_id: A4.a.6 + description: All network connections and data sharing with third parties are + managed effectively and proportionately. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:a4.a + ref_id: A4.a.7 + description: When appropriate, your incident management process and that of + your suppliers provide mutual support in the resolution of incidents. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b + assessable: false + depth: 1 + ref_id: B + name: Protecting against cyber attack + description: Proportionate security measures are in place to protect the network + and information systems supporting essential functions from cyber attack. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b + ref_id: B1 + name: Service Protection Policies, Processes and Procedures + description: The organisation defines, implements, communicates and enforces + appropriate policies, processes and procedures that direct its overall approach + to securing systems and data that support operation of essential functions. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1 + ref_id: B1.a + name: Policy, Process and Procedure Development + description: You have developed and continue to improve a set of cyber security + and resilience policies, processes and procedures that manage and mitigate + the risk of adverse impact on your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a + ref_id: B1.a.1 + description: You fully document your overarching security governance and risk + management approach, technical security practice and specific regulatory compliance. + Cyber security is integrated and embedded throughout policies, processes and + procedures and key performance indicators are reported to your executive management. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a + ref_id: B1.a.2 + description: "Your organisation\u2019s policies, processes and procedures are\ + \ developed to be practical, usable and appropriate for your essential function(s)\ + \ and your technologies." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a + ref_id: B1.a.3 + description: Policies, processes and procedures that rely on user behaviour + are practical, appropriate and achievable. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a + ref_id: B1.a.4 + description: You review and update policies, processes and procedures at suitably + regular intervals to ensure they remain relevant. This is in addition to reviews + following a major cyber security incident. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a + ref_id: B1.a.5 + description: Any changes to the essential function(s) or the threat it faces + triggers a review of policies, processes and procedures. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.a + ref_id: B1.a.6 + description: Your systems are designed so that they remain secure even when + user security policies, processes and procedures are not always followed. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1 + ref_id: B1.b + name: Policy, Process and Procedure Implementation + description: You have successfully implemented your security policies, processes + and procedures and can demonstrate the security benefits achieved. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b + ref_id: B1.b.1 + description: All your policies, processes and procedures are followed, their + correct application and security effectiveness is evaluated. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b + ref_id: B1.b.2 + description: Your policies, processes and procedures are integrated with other + organisational policies, processes and procedures, including HR assessments + of individuals' trustworthiness. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b + ref_id: B1.b.3 + description: Your policies, processes and procedures are effectively and appropriately + communicated across all levels of the organisation resulting in good staff + awareness of their responsibilities. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b1.b + ref_id: B1.b.4 + description: Appropriate action is taken to address all breaches of policies, + processes and procedures with potential to adversely impact the essential + function(s) including aggregated breaches. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b + ref_id: B2 + name: Identity and Access Control + description: The organisation understands, documents and manages access to network + and information systems supporting the operation of essential functions. Users + (or automated functions) that can access data or systems are appropriately + verified, authenticated and authorised. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2 + ref_id: B2.a + name: Identity Verification, Authentication and Authorisation + description: You robustly verify, authenticate and authorise access to the network + and information systems supporting your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a + ref_id: B2.a.1 + description: "Your process of initial identity verification is robust enough\ + \ to provide a high level of confidence of a user\u2019s identity profile\ + \ before allowing an authorised user access to network and information systems\ + \ that support your essential function(s)." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a + ref_id: B2.a.2 + description: Only authorised and individually authenticated users can physically + access and logically connect to your network or information systems on which + your essential function(s) depends. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a + ref_id: B2.a.3 + description: The number of authorised users and systems that have access to + all your network and information systems supporting the essential function(s) + is limited to the minimum necessary. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a + ref_id: B2.a.4 + description: "You use additional authentication mechanisms, such as multi-factor\L\ + (MFA), for all user access, including remote access, to all network and information\ + \ systems that operate or support your essential function(s)." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a + ref_id: B2.a.5 + description: The list of users and systems with access to network and information + systems supporting and delivering the essential function(s) is reviewed on + a regular basis, at least every six months. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.a + ref_id: B2.a.6 + description: Your approach to authenticating users, devices and systems follows + up to date best practice. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2 + ref_id: B2.b + name: Device Management + description: You fully know and have trust in the devices that are used to access + your networks, information systems and data that support your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b + ref_id: B2.b.1 + description: All privileged operations performed on your network and information + systems supporting your essential function(s) are conducted from highly trusted + devices, such as Privileged Access Workstations, dedicated solely to those + operations. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b + ref_id: B2.b.2 + description: You either obtain independent and professional assurance of the + security of third-party devices or networks before they connect to your network + and information systems, or you only allow third-party devices or networks + that are dedicated to supporting your network and information systems to connect. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b + ref_id: B2.b.3 + description: You perform certificate-based device identity management and only + allow known devices to access systems necessary for the operation of your + essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.b + ref_id: B2.b.4 + description: You perform regular scans to detect unknown devices and investigate + any findings. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2 + ref_id: B2.c + name: Privileged User Management + description: You closely manage privileged user access to network and information + systems supporting your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c + ref_id: B2.c.1 + description: Privileged user access to network and information systems supporting + your essential function(s) is carried out from dedicated separate accounts + that are closely monitored and managed. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c + ref_id: B2.c.2 + description: The issuing of temporary, time- bound rights for privileged user + access and / or external third- party support access is in place. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c + ref_id: B2.c.3 + description: Privileged user access rights are regularly reviewed and always + updated as part of your joiners, movers and leavers process. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.c + ref_id: B2.c.4 + description: All privileged user activity is routinely reviewed, validated and + recorded for offline analysis and investigation. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2 + ref_id: B2.d + name: Identity and Access Management (IdAM) + description: You closely manage and maintain identity and access control for + users, devices and systems accessing the network and information systems supporting + your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d + ref_id: B2.d.1 + description: You follow a robust procedure to verify each user and issue the + minimum required access rights, and the application of the procedure is regularly + audited. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d + ref_id: B2.d.2 + description: User access rights are reviewed both when people change roles via + your joiners, leavers and movers process and at regular intervals - at least + annually. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d + ref_id: B2.d.3 + description: All user, device and systems access to the systems supporting the + essential function(s) is logged and monitored. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d + ref_id: B2.d.4 + description: You regularly review access logs and correlate this data with other + access records and expected activity. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b2.d + ref_id: B2.d.5 + description: Attempts by unauthorised users, devices or systems to connect to + the systems supporting the essential function(s) are alerted, promptly assessed + and investigated. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b + ref_id: B3 + name: Data Security + description: Data stored or transmitted electronically is protected from actions + such as unauthorised access, modification, or deletion that may cause an adverse + impact on essential functions. Such protection extends to the means by which + authorised users, devices and systems access critical data necessary for the + operation of essential functions. It also covers information that would assist + an attacker, such as design details of network and information systems. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3 + ref_id: B3.a + name: Understanding Data + description: You have a good understanding of data important to the operation + of your essential function(s), where it is stored, where it travels and how + unavailability or unauthorised access, modification or deletion would adversely + impact the essential function(s). This also applies to third parties storing + or accessing data important to the operation of your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.1 + description: You have identified and catalogued all the data important to the + operation of the essential function(s), or that would assist an attacker. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.2 + description: You have identified and catalogued who has access to the data important + to the operation of the essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.3 + description: You maintain a current understanding of the location, quantity + and quality of data important to the operation of the essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.4 + description: You take steps to remove or minimise unnecessary copies or unneeded + historic data. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.5 + description: You have identified all mobile devices and media that may hold + data important to the operation of the essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.6 + description: You maintain a current understanding of the data links used to + transmit data that is important to your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.7 + description: You understand the context, limitations and dependencies of your + important data. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.8 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.8 + description: You understand and document the impact on your essential function(s) + of all relevant scenarios, including unauthorised data access, modification + or deletion, or when authorised users are unable to appropriately access this + data. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a.9 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.a + ref_id: B3.a.9 + description: You validate these documented impact statements regularly, at least + annually. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3 + ref_id: B3.b + name: Data in Transit + description: You have protected the transit of data important to the operation + of your essential function(s). This includes the transfer of data to third + parties. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.b + ref_id: B3.b.1 + description: You have identified and protected (effectively and proportionately) + all the data links that carry data important to the operation of your essential + function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.b + ref_id: B3.b.2 + description: You apply appropriate physical and / or technical means to protect + data that travels over non-trusted or openly accessible carriers, with justified + confidence in the robustness of the protection applied. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.b + ref_id: B3.b.3 + description: Suitable alternative transmission paths are available where there + is a significant risk of impact on the operation of the essential function(s) + due to resource limitation (e.g. transmission equipment or function failure, + or important data being blocked or jammed). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3 + ref_id: B3.c + name: Stored Data + description: You have protected stored soft and hard copy data important to + the operation of your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c + ref_id: B3.c.1 + description: All copies of data important to the operation of your essential + function(s) are necessary. Where this important data is transferred to less + secure systems, the data is provided with limited detail and / or as a read-only + copy. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c + ref_id: B3.c.2 + description: You have applied suitable physical and / or technical means to + protect this important stored data from unauthorised access, modification + or deletion. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c + ref_id: B3.c.3 + description: If cryptographic protections are used you apply suitable technical + and procedural means, and you have justified confidence in the robustness + of the protection applied. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c + ref_id: B3.c.4 + description: You have suitable, secured backups of data to allow the operation + of the essential function(s) to continue should the original data not be available. + This may include off- line or segregated backups, or appropriate alternative + forms such as paper copies. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.c + ref_id: B3.c.5 + description: Necessary historic or archive data is suitably secured in storage. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.d + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3 + ref_id: B3.d + name: Mobile Data + description: You have protected data important to the operation of your essential + function(s) on mobile devices. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.d.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.d + ref_id: B3.d.1 + description: Mobile devices that hold data that is important to the operation + of the essential function(s) are catalogued, are under your organisation's + control and configured according to best practice for the platform, with appropriate + technical and procedural policies in place. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.d.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.d + ref_id: B3.d.2 + description: Your organisation can remotely wipe all mobile devices holding + data important to the operation of the essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.d.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.d + ref_id: B3.d.3 + description: You have minimised this data on these mobile devices. Some data + may be automatically deleted off mobile devices after a certain period. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.e + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3 + ref_id: B3.e + name: Media / Equipment Sanitisation + description: Before reuse and / or disposal you appropriately sanitise devices, + equipment and removable media holding data important to the operation of your + essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.e.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.e + ref_id: B3.e.1 + description: You catalogue and track all devices that contain data important + to the operation of the essential function(s) (whether a specific storage + device or one with integral storage). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.e.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b3.e + ref_id: B3.e.2 + description: Data important to the operation of the essential function(s) is + removed from all devices, equipment and removable media before reuse and / + or disposal using an assured product or service. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b + ref_id: B4 + name: System Security + description: Network and information systems and technology critical for the + operation of essential functions are protected from cyber attack. An organisational + understanding of risk to essential functions informs the use of robust and + reliable protective security measures to effectively limit opportunities for + attackers to compromise networks and systems. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4 + ref_id: B4.a + name: Secure by Design + description: You design security into the network and information systems that + support the operation of your essential function(s). You minimise their attack + surface and ensure that the operation of your essential function(s) should + not be impacted by the exploitation of any single vulnerability. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a + ref_id: B4.a.1 + description: You employ appropriate expertise to design network and information + systems. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a + ref_id: B4.a.2 + description: Your network and information systems are segregated into appropriate + security zones (e.g. systems supporting the essential function(s) are segregated + in a highly trusted, more secure zone). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a + ref_id: B4.a.3 + description: The network and information systems supporting your essential function(s) + are designed to have simple data flows between components to support effective + security monitoring. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a + ref_id: B4.a.4 + description: The network and information systems supporting your essential function(s) + are designed to be easy to recover. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.a + ref_id: B4.a.5 + description: Content-based attacks are mitigated for all inputs to network and + information systems that affect the essential function(s) (e.g. via transformation + and inspection). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4 + ref_id: B4.b + name: Secure Configuration + description: You securely configure the network and information systems that + support the operation of your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + ref_id: B4.b.1 + description: You have identified, documented and actively manage (e.g. maintain + security configurations, patching, updating according to good practice) the + assets that need to be carefully configured to maintain the security of the + essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + ref_id: B4.b.2 + description: All platforms conform to your secure, defined baseline build, or + the latest known good configuration version for that environment. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + ref_id: B4.b.3 + description: You closely and effectively manage changes in your environment, + ensuring that network and system configurations are secure and documented. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + ref_id: B4.b.4 + description: You regularly review and validate that your network and information + systems have the expected, secure settings and configuration. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + ref_id: B4.b.5 + description: Only permitted software can be installed. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + ref_id: B4.b.6 + description: Standard users are not able to change settings that would impact + security or the business operation. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + ref_id: B4.b.7 + description: If automated decision-making technologies are in use, their operation + is well understood, and decisions can be replicated. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b.8 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.b + ref_id: B4.b.8 + description: Generic, shared, default name and built-in accounts have been removed + or disabled. Where this is not possible, credentials to these accounts have + been changed. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4 + ref_id: B4.c + name: Secure Management + description: You manage your organisation's network and information systems + that support the operation of your essential function(s) to enable and maintain + security. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.c.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.c + ref_id: B4.c.1 + description: Your systems and devices supporting the operation of the essential + function(s) are only administered or maintained by authorised privileged users + from highly trusted devices, such as Privileged Access Workstations, dedicated + solely to those operations. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.c.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.c + ref_id: B4.c.2 + description: You regularly review and update technical knowledge about network + and information systems, such as documentation and network diagrams, and ensure + they are securely stored. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.c.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.c + ref_id: B4.c.3 + description: You prevent, detect and remove malware, and unauthorised software. + You use technical, procedural and physical measures as necessary. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4 + ref_id: B4.d + name: Vulnerability Management + description: You manage known vulnerabilities in your network and information + systems to prevent adverse impact on your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d + ref_id: B4.d.1 + description: You maintain a current understanding of the exposure of your essential + function(s) to publicly-known vulnerabilities. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d + ref_id: B4.d.2 + description: Announced vulnerabilities for all software packages, network and + information systems used to support your essential function(s) are tracked, + prioritised and mitigated (e.g. by patching) promptly. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d + ref_id: B4.d.3 + description: You regularly test to fully understand the vulnerabilities of the + network and information systems that support the operation of your essential + function(s) and verify this understanding with third-party testing. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b4.d + ref_id: B4.d.4 + description: You maximise the use of supported software, firmware and hardware + in your network and information systems supporting your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b + ref_id: B5 + name: Resilient Networks and Systems + description: The organisation builds resilience against cyber attack and system + failure into the design, implementation, operation and management of systems + that support the operation of essential functions. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5 + ref_id: B5.a + name: Resilience Preparation + description: You are prepared to restore the operation of your essential function(s) + following adverse impact. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.a + ref_id: B5.a.1 + description: "You have business continuity and disaster recovery plans that\ + \ have been tested for practicality, effectiveness and completeness. Appropriate\ + \ use is made\Lof different test methods (e.g. manual fail-over, table-top\ + \ exercises, or red-teaming)." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.a + ref_id: B5.a.2 + description: You use your security awareness and threat intelligence sources + to identify new or heightened levels of risk, which result in immediate and + potentially temporary security measures to enhance the security of your network + and information systems (e.g. in response to a widespread outbreak of very + damaging malware). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5 + ref_id: B5.b + name: Design for Resilience + description: You design the network and information systems supporting your + essential function(s) to be resilient to cyber security incidents. Systems + are appropriately segregated and resource limitations are mitigated. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b + ref_id: B5.b.1 + description: Network and information systems supporting the operation of your + essential function(s) are segregated from other business and external systems + by appropriate technical and physical means (e.g. separate network and system + infrastructure with independent user administration). Internet services are + not accessible from network and information systems supporting the essential + function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b + ref_id: B5.b.2 + description: You have identified and mitigated all resource limitations (e.g. + bandwidth limitations and single network paths). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b + ref_id: B5.b.3 + description: "You have identified and mitigated any geographical constraints\ + \ or weaknesses. (e.g. systems that your essential function(s) depends upon\L\ + are replicated in another location, important network connectivity has alternative\ + \ physical paths and service providers)." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.b + ref_id: B5.b.4 + description: You review and update assessments of dependencies, resource and + geographical limitations and mitigations when necessary. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5 + ref_id: B5.c + name: Backups + description: You hold accessible and secured current backups of data and information + needed to recover operation of your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.c.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.c + ref_id: B5.c.1 + description: Your comprehensive, automatic and tested technical and procedural + backups are secured at centrally accessible or secondary sites to recover + from an extreme event. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.c.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b5.c + ref_id: B5.c.2 + description: Backups of all important data and information needed to recover + the essential function(s) are made, tested, documented and routinely reviewed. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b + ref_id: B6 + name: Staff Awareness and Training + description: Staff have appropriate awareness, knowledge and skills to carry + out their organisational roles effectively in relation to the security of + network and information systems supporting the operation of essential functions. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6 + ref_id: B6.a + name: Cyber Security Culture + description: You develop and maintain a positive cyber security culture. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a + ref_id: B6.a.1 + description: Your executive management clearly and effectively communicates + the organisation's cyber security priorities and objectives to all staff. + Your organisation displays positive cyber security attitudes, behaviours and + expectations. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a + ref_id: B6.a.2 + description: People in your organisation raising potential cyber security incidents + and issues are treated positively. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a + ref_id: B6.a.3 + description: Individuals at all levels in your organisation routinely report + concerns or issues about cyber security and are recognised for their contribution + to keeping the organisation secure. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a + ref_id: B6.a.4 + description: Your management is seen to be committed to and actively involved + in cyber security. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a + ref_id: B6.a.5 + description: Your organisation communicates openly about cyber security, with + any concern being taken seriously. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.a + ref_id: B6.a.6 + description: People across your organisation participate in cyber security activities + and improvements, building joint ownership and bringing knowledge of their + area of expertise. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6 + ref_id: B6.b + name: Cyber Security Training + description: The people who support the operation of your essential function(s) + are appropriately trained in cyber security. A range of approaches to cyber + security training, awareness and communications are employed. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b + ref_id: B6.b.1 + description: All people in your organisation, from the most senior to the most + junior, follow appropriate cyber security training paths. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b + ref_id: B6.b.2 + description: Each individuals cyber security training is tracked and refreshed + at suitable intervals. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b + ref_id: B6.b.3 + description: You routinely evaluate your cyber security training and awareness + activities to ensure they reach the widest audience and are effective. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:b6.b + ref_id: B6.b.4 + description: You make cyber security information and good practice guidance + easily accessible, widely available and you know it is referenced and used + within your organisation. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c + assessable: false + depth: 1 + ref_id: C + name: Detecting cyber security events + description: Capabilities exist to ensure security defences remain effective + and to detect cyber security events affecting, or with the potential to affect, + essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c + ref_id: C1 + name: Security Monitoring + description: The organisation monitors the security status of the network and + information systems supporting the operation of essential functions in order + to detect potential security problems and to track the ongoing effectiveness + of protective security measures. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1 + ref_id: C1.a + name: Monitoring Coverage + description: The data sources that you include in your monitoring allow for + timely identification of security events which might affect the operation + of your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a + ref_id: C1.a.1 + description: Monitoring is based on an understanding of your networks, common + cyber attack methods and what you need awareness of in order to detect potential + security incidents that could affect the operation of your essential function(s) + (e.g. presence of malware, malicious emails, user policy violations). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a + ref_id: C1.a.2 + description: Your monitoring data provides enough detail to reliably detect + security incidents that could affect the operation of your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a + ref_id: C1.a.3 + description: You easily detect the presence or absence of IoCs on your essential + function(s), such as known malicious command and control signatures. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a + ref_id: C1.a.4 + description: Extensive monitoring of user activity in relation to the operation + of your essential function(s) enables you to detect policy violations and + an agreed list of suspicious or undesirable behaviour. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a + ref_id: C1.a.5 + description: You have extensive monitoring coverage that includes host-based + monitoring and network gateways. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.a + ref_id: C1.a.6 + description: All new systems are considered as potential monitoring data sources + to maintain a comprehensive monitoring capability. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1 + ref_id: C1.b + name: Securing Logs + description: You hold log data securely and grant appropriate access only to + accounts with business a need. No system or user should ever need to modify + or delete master copies of log data within an agreed retention period, after + which it should be deleted. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b + ref_id: C1.b.1 + description: The integrity of log data is protected, or any modification is + detected and attributed. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b + ref_id: C1.b.2 + description: The logging architecture has mechanisms, policies, processes and + procedures to ensure that it can protect itself from threats comparable to + those it is trying to identify. This includes protecting the essential function(s) + itself, and the data within it. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b + ref_id: C1.b.3 + description: Log data analysis and normalisation is only performed on copies + of the data keeping the master copy unaltered. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b + ref_id: C1.b.4 + description: Log data is synchronised, using an accurate common time source, + so that separate datasets can be correlated in different ways. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b + ref_id: C1.b.5 + description: Access to log data is limited to those with business need and no + others. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b + ref_id: C1.b.6 + description: All actions involving all log data (e.g. copying, deleting, modifying + or viewing) can be traced back to a unique user. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.b + ref_id: C1.b.7 + description: Legitimate reasons for accessing log data are given in use policies. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1 + ref_id: C1.c + name: Generating Alerts + description: Evidence of potential security incidents contained in your monitoring + data is reliably identified and triggers alerts. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c + ref_id: C1.c.1 + description: Log data is enriched with other network knowledge and data when + investigating certain suspicious activity or alerts. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c + ref_id: C1.c.2 + description: A wide range of signatures and indicators of compromise is used + for investigations of suspicious activity and alerts. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c + ref_id: C1.c.3 + description: Alerts can be easily resolved to network assets using knowledge + of networks and systems. The resolution of these alerts is performed in almost + real time. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c + ref_id: C1.c.4 + description: Security alerts relating to all essential function(s) are prioritised + and this information is used to support incident management. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c + ref_id: C1.c.5 + description: Logs are reviewed almost continuously, in real time. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.c + ref_id: C1.c.6 + description: Alerts are tested to ensure that they are generated reliably and + that it is possible to distinguish genuine security incidents from false alarms. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1 + ref_id: C1.d + name: Identifying Security Incidents + description: You contextualise alerts with knowledge of the threat and your + systems, to identify those security incidents that require some form of response. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d + ref_id: C1.d.1 + description: "You have selected threat intelligence sources or services using\ + \ risk-based and threat- informed decisions based\Lon your business needs\ + \ and sector (e.g. vendor reporting and patching, strong anti-virus providers,\ + \ sector and community-based infoshare, special interest groups)." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d + ref_id: C1.d.2 + description: You apply all new signatures and IoCs within a reasonable (risk-based) + time of receiving them. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d + ref_id: C1.d.3 + description: You receive signature updates for all your protective technologies + (e.g. AV, IDS). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.d + ref_id: C1.d.4 + description: You track the effectiveness of your intelligence feeds and actively + share feedback on the usefulness of IoCs and any other indicators with the + threat community (e.g. sector partners, threat intelligence providers, government + agencies). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1 + ref_id: C1.e + name: Monitoring Tools and Skills + description: Monitoring staff skills, tools and roles, including any that are + outsourced, should reflect governance and reporting requirements, expected + threats and the complexities of the network or system data they need to use. + Monitoring staff have knowledge of the essential function(s) they need to + protect. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e + ref_id: C1.e.1 + description: You have monitoring staff, who are responsible for the analysis, + investigation and reporting of monitoring alerts covering both security and + performance. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e + ref_id: C1.e.2 + description: Monitoring staff have defined roles and skills that cover all parts + of the monitoring and investigation process. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e + ref_id: C1.e.3 + description: Monitoring staff follow policies, processes and procedures that + address all governance reporting requirements, internal and external. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e + ref_id: C1.e.4 + description: Monitoring staff are empowered to look beyond the fixed process + to investigate and understand non-standard threats, by developing their own + investigative techniques and making new use of data. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e + ref_id: C1.e.5 + description: Your monitoring tools make use of all log data collected to pinpoint + activity within an incident. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e + ref_id: C1.e.6 + description: Monitoring staff and tools drive and shape new log data collection + and can make wide use of it. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e.7 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c1.e + ref_id: C1.e.7 + description: Monitoring staff are aware of the operation of essential function(s) + and related assets and can identify and prioritise alerts or investigations + that relate to them. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c + ref_id: C2 + name: Proactive Security Event Discovery + description: The organisation detects, within network and information systems, + malicious activity affecting, or with the potential to affect, the operation + of essential functions even when the activity evades standard signature based + security prevent/detect solutions (or when standard solutions are not deployable). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2 + ref_id: C2.a + name: System Abnormalities for Attack Detection + description: You define examples of abnormalities in system behaviour that provide + practical ways of detecting malicious activity that is otherwise hard to identify. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a + ref_id: C2.a.1 + description: Normal system behaviour is fully understood to such an extent that + searching for system abnormalities is a potentially effective way of detecting + malicious activity (e.g. You fully understand which systems should and should + not communicate and when). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a + ref_id: C2.a.2 + description: System abnormality descriptions from past attacks and threat intelligence, + on yours and other networks, are used to signify malicious activity. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a + ref_id: C2.a.3 + description: The system abnormalities you search for consider the nature of + attacks likely to impact on the network and information systems supporting + the operation of your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.a + ref_id: C2.a.4 + description: The system abnormality descriptions you use are updated to reflect + changes in your network and information systems and current threat intelligence. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2 + ref_id: C2.b + name: Proactive Attack Discovery + description: You use an informed understanding of more sophisticated attack + methods and of normal system behaviour to monitor proactively for malicious + activity. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.b + ref_id: C2.b.1 + description: You routinely search for system abnormalities indicative of malicious + activity on the network and information systems supporting the operation of + your essential function(s), generating alerts based on the results of such + searches. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:c2.b + ref_id: C2.b.2 + description: You have justified confidence in the effectiveness of your searches + for system abnormalities indicative of malicious activity. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d + assessable: false + depth: 1 + ref_id: D + name: Minimising the impact of cyber security incidents + description: Capabilities exist to minimise the adverse impact of a cyber security + incident on the operation of essential functions, including the restoration + of those function(s) where necessary. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d + ref_id: D1 + name: Response and Recovery Planning + description: There are well-defined and tested incident management processes + in place, that aim to ensure continuity of essential function(s) in the event + of system or service failure. Mitigation activities designed to contain or + limit the impact of compromise are also in place. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1 + ref_id: D1.a + name: Response Plan + description: You have an up-to-date incident response plan that is grounded + in a thorough risk assessment that takes account of your essential function(s) + and covers a range of incident scenarios. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a + ref_id: D1.a.1 + description: Your incident response plan is based on a clear understanding of + the security risks to the network and information systems supporting your + essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a + ref_id: D1.a.2 + description: Your incident response plan is comprehensive (i.e. covers the complete + lifecycle of an incident, roles and responsibilities, and reporting) and covers + likely impacts of both known attack patterns and of possible attacks, previously + unseen. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a + ref_id: D1.a.3 + description: Your incident response plan is documented and integrated with wider + organisational business plans and supply chain response plans, as well as + dependencies on supporting infrastructure (e.g. power, cooling etc). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.a + ref_id: D1.a.4 + description: Your incident response plan is communicated and understood by the + business areas involved with the operation of your essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1 + ref_id: D1.b + name: Response and Recovery Capability + description: You have the capability to enact your incident response plan, including + effective limitation of impact on the operation of your essential function(s). + During an incident, you have access to timely information on which to base + your response decisions. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b + ref_id: D1.b.1 + description: You understand the resources that will likely be needed to carry + out any required response activities, and arrangements are in place to make + these resources available. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b + ref_id: D1.b.2 + description: You understand the types of information that will likely be needed + to inform response decisions and arrangements are in place to make this information + available. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b + ref_id: D1.b.3 + description: Your response team members have the skills and knowledge required + to decide on the response actions necessary to limit harm, and the authority + to carry them out. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b + ref_id: D1.b.4 + description: Key roles are duplicated, and operational delivery knowledge is + shared with all individuals involved in the operations and recovery of the + essential function(s). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b + ref_id: D1.b.5 + description: Back-up mechanisms are available that can be readily activated + to allow continued operation of your essential function(s), although possibly + at a reduced level, if primary network and information systems fail or are + unavailable. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b.6 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.b + ref_id: D1.b.6 + description: "Arrangements exist to augment your organisation\u2019s incident\ + \ response capabilities with external support if necessary (e.g. specialist\ + \ cyber incident responders)." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1 + ref_id: D1.c + name: Testing and Exercising + description: Your organisation carries out exercises to test response plans, + using past incidents that affected your (and other) organisation, and scenarios + that draw on threat intelligence and your risk assessment. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c + ref_id: D1.c.1 + description: Exercise scenarios are based on incidents experienced by your and + other organisations or are composed using experience or threat intelligence. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c + ref_id: D1.c.2 + description: Exercise scenarios are documented, regularly reviewed, and validated. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c + ref_id: D1.c.3 + description: Exercises are routinely run, with the findings documented and used + to refine incident response plans and protective security, in line with the + lessons learned. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d1.c + ref_id: D1.c.4 + description: Exercises test all parts of your response cycle relating to your + essential function(s) (e.g. restoration of normal function(s) levels). + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d + ref_id: D2 + name: Lessons Learned + description: When an incident occurs, steps are taken to understand its root + causes and to ensure appropriate remediating action is taken to protect against + future incidents. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.a + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2 + ref_id: D2.a + name: Incident Root Cause Analysis + description: When an incident occurs, steps must be taken to understand its + root causes and ensure appropriate remediating action is taken. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.a.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.a + ref_id: D2.a.1 + description: Root cause analysis is conducted routinely as a key part of your + lessons learned activities following an incident. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.a.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.a + ref_id: D2.a.2 + description: Your root cause analysis is comprehensive, covering organisational + process issues, as well as vulnerabilities in your networks, systems or software. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.a.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.a + ref_id: D2.a.3 + description: All relevant incident data is made available to the analysis team + to perform root cause analysis. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2 + ref_id: D2.b + name: Using Incidents to Drive Improvements + description: Your organisation uses lessons learned from incidents to improve + your security measures. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b.1 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b + ref_id: D2.b.1 + description: "You have a documented incident review process/policy which ensures\ + \ that lessons learned from each incident are identified, captured,\Land acted\ + \ upon." + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b.2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b + ref_id: D2.b.2 + description: Lessons learned cover issues with reporting, roles, governance, + skills and organisational processes as well as technical aspects of network + and information systems. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b.3 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b + ref_id: D2.b.3 + description: You use lessons learned to improve security measures, including + updating and retesting response plans when necessary. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b.4 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b + ref_id: D2.b.4 + description: Security improvements identified as a result of lessons learned + are prioritised, with the highest priority improvements completed quickly. + - urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b.5 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:ncsc-caf-3.2:d2.b + ref_id: D2.b.5 + description: Analysis is fed to senior management and incorporated into risk + management and continuous improvement. diff --git a/backend/library/libraries/pssie.yaml b/backend/library/libraries/pssie.yaml new file mode 100644 index 000000000..404f696fc --- /dev/null +++ b/backend/library/libraries/pssie.yaml @@ -0,0 +1,2771 @@ +urn: urn:intuitem:risk:library:pssi-e +locale: fr +ref_id: PSSI-E +name: PSSI Etat +description: "Politique de s\xE9curit\xE9 des syst\xE8mes d'information de l'Etat\n\ + https://www.legifrance.gouv.fr/download/file/pdf/cir_38641/CIRC" +copyright: Document public +version: 1 +provider: "Etat Fran\xE7ais" +packager: Th3Ju +objects: + framework: + urn: urn:intuitem:risk:framework:pssie + ref_id: PSSI-E + name: PSSI Etat + description: "Politique de s\xE9curit\xE9 des syst\xE8mes d'information de l'Etat" + min_score: 0 + max_score: 100 + requirement_nodes: + - urn: urn:intuitem:risk:req_node:pssie:1 + assessable: false + depth: 1 + ref_id: '1' + name: Politique, organisation, gouvernance + - urn: urn:intuitem:risk:req_node:pssie:1.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:1 + ref_id: '1.1' + name: "Organisation de la s\xE9curit\xE9 des syst\xE8mes d'information" + - urn: urn:intuitem:risk:req_node:pssie:objectif-1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1 + ref_id: Objectif 1 + name: organisation de la SSI + description: "Mettre en place une organisation ad\xE9quate, garantissant la\ + \ prise en compte pr\xE9ventive et r\xE9active de la s\xE9curit\xE9." + - urn: urn:intuitem:risk:req_node:pssie:1.1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1 + ref_id: 1.1.1 + name: organisation SSI + - urn: urn:intuitem:risk:req_node:pssie:org-ssi + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1.1 + ref_id: ORG-SSI + name: organisation SSI + description: "Une organisation d\xE9di\xE9e \xE0 la SSI est d\xE9ploy\xE9e \xE0\ + \ tous les niveaux de l'\xC9tat, au sein de chaque minist\xE8re et au sein\ + \ de chaque entit\xE9 suivant les principes de l'IGI 1300. \nCette organisation,\ + \ \xE9tablie selon les directives du haut fonctionnaire de d\xE9fense et de\ + \ s\xE9curit\xE9 (HFDS), d\xE9finit les responsabilit\xE9s internes et \xE0\ + \ l'\xE9gard des tiers, les modalit\xE9s de coordination avec les autorit\xE9\ + s externes, ainsi que les modalit\xE9s d'application des mesures de protection.\ + \ Des proc\xE9dures d'applications sont \xE9crites et port\xE9es \xE0 la connaissance\ + \ de tous." + - urn: urn:intuitem:risk:req_node:pssie:1.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1 + ref_id: 1.1.2 + name: Acteurs SSI + - urn: urn:intuitem:risk:req_node:pssie:org-act-ssi + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1.2 + ref_id: ORG-ACT-SSI + name: Identification des acteurs SSI + description: "L'organisation SSI de l'\xE9tat s'appuie sur des acteurs SSI clairement\ + \ identifi\xE9s, \xE0 tous les niveaux d'organisation de l'\xC9tat. \nLes\ + \ acteurs responsables en mati\xE8re de SSI pour la protection du secret de\ + \ la d\xE9fense d\xE9sign\xE9s dans l'IGI 1300, et les agents charg\xE9s de\ + \ les assister dans cette mission, sont responsables de la mise en application\ + \ g\xE9n\xE9rale de la politique SSI de l'\xE9tat Ils sont r\xE9f\xE9renc\xE9\ + s dans un annuaire interminist\xE9riel. Cette cha\xEEne fonctionnelle s'appuie,\ + \ pour chaque minist\xE8re, sur le le HFDS, assist\xE9 par un fonctionnaire\ + \ de s\xE9curit\xE9 des syst\xE8mes d'information (FSSI)." + - urn: urn:intuitem:risk:req_node:pssie:1.1.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1 + ref_id: 1.1.3 + name: "Responsabilit\xE9s internes" + - urn: urn:intuitem:risk:req_node:pssie:org-rss + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1.3 + ref_id: ORG-RSS + name: "D\xE9signation du responsable SSI" + description: "Chaque autorit\xE9 qualifi\xE9e en s\xE9curit\xE9 des syst\xE8\ + mes d'information (AQSSI) s'appuie sur un ou plusieurs responsables de la\ + \ s\xE9curit\xE9 des syst\xE8mes d'information (RSSI), charg\xE9(s) de l'assister\ + \ dans le pilotage et la gestion de la SSI.\nDes \xAB correspondants locaux\ + \ SSI \xBB peuvent \xEAtre d\xE9sign\xE9s, le cas \xE9ch\xE9ant, afin de constituer\ + \ un relais du RSSI. Le RSSI d'une entit\xE9 fait valider les mesures d'application\ + \ de la PSSIE par l'autorit\xE9 qualifi\xE9e et veille \xE0 leur application.\ + \ Des d\xE9nominations alternatives des fonctions cit\xE9es ci-dessus peuvent\ + \ \xEAtre utilis\xE9es si n\xE9cessaire." + - urn: urn:intuitem:risk:req_node:pssie:org-resp + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1.3 + ref_id: ORG-RESP + name: "Formalisation des responsabilit\xE9s" + description: "Une note d'organisation fixe la r\xE9partition au sein de chaque\ + \ entit\xE9 et au niveau local des responsabilit\xE9s et r\xF4les en mati\xE8\ + re de SSI. Cette note sera, le plus souvent, propos\xE9e par le RSSI et valid\xE9\ + e par l'autorit\xE9 qualifi\xE9e." + - urn: urn:intuitem:risk:req_node:pssie:1.1.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1 + ref_id: 1.1.4 + name: "Responsabilit\xE9s vis-\xE0-vis des tiers" + - urn: urn:intuitem:risk:req_node:pssie:org-tiers + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1.4 + ref_id: ORG-TIERS + name: Gestion contractuelle des tiers + description: "Le RSSI coordonne les actions permettant l'int\xE9gration des\ + \ clauses li\xE9es \xE0 la SSI dans tout contrat ou convention impliquant\ + \ un acc\xE8s par des tiers \xE0 des informations ou \xE0 des ressources informatiques." + - urn: urn:intuitem:risk:req_node:pssie:1.1.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1 + ref_id: 1.1.5 + name: "PSSI minist\xE9rielle" + - urn: urn:intuitem:risk:req_node:pssie:org-pil-pss/m + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1.5 + ref_id: ORG-PIL-PSS/M + name: "D\xE9finition et pilotage de la PSSI minist\xE9rielle." + description: "Chaque minist\xE8re \xE9tablit une politique SSI minist\xE9rielle,\ + \ sous la responsabilit\xE9 du HFDS. Cette politique reprend le socle commun\ + \ \xE9tabli par la pr\xE9sente PSSIE. Une structure de pilotage de la PSSI\ + \ minist\xE9rielle est d\xE9finie. Cette structure est charg\xE9e de sa mise\ + \ en place, de son \xE9volution, de son suivi et de son contr\xF4le." + - urn: urn:intuitem:risk:req_node:pssie:1.1.6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1 + ref_id: 1.1.6 + name: "Application des mesures de s\xE9curit\xE9 au sein de l'entit\xE9" + - urn: urn:intuitem:risk:req_node:pssie:org-app-instr + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1.6 + ref_id: ORG-APP-INSTR + name: "Application de l'instruction dans l'entit\xE9" + description: "Le RSSI planifie les actions de mise en application de la PSSIE.\ + \ Il rend compte r\xE9guli\xE8rement de la mise en application des mesures\ + \ de s\xE9curit\xE9 aupr\xE8s de son autorit\xE9 qualifi\xE9e et du FSSI." + - urn: urn:intuitem:risk:req_node:pssie:org-app-docs + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:1.1.6 + ref_id: ORG-APP-DOCS + name: Formalisation de documents d'application + description: "Le RSSI formalise et tient \xE0 jour les documents d'application,\ + \ approuv\xE9s par l'autorit\xE9 qualifi\xE9e, permettant la mise en \u0153\ + uvre des mesures de la PSSIE sur son p\xE9rim\xE8tre." + - urn: urn:intuitem:risk:req_node:pssie:2 + assessable: false + depth: 1 + ref_id: '2' + name: Ressources humaines + - urn: urn:intuitem:risk:req_node:pssie:objectif-2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:2 + ref_id: Objectif 2 + name: ressources humaines + description: "Faire des personnes les maillons forts des SI de l'\xC9tat" + - urn: urn:intuitem:risk:req_node:pssie:2.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:2 + ref_id: '2.1' + name: Utilisateurs + - urn: urn:intuitem:risk:req_node:pssie:rh-ssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:2.1 + ref_id: RH-SSI + name: Charte d'application SSI + description: "Une charte d'application de la politique SSI, r\xE9capitulant\ + \ les mesures pratiques d'utilisation s\xE9curis\xE9e des ressources informatiques\ + \ et \xE9labor\xE9e sous le pilotage de la cha\xEEne fonctionnelle SSI, est\ + \ communiqu\xE9e \xE0 l'ensemble des agents de chaque entit\xE9. Cette charte\ + \ doit \xEAtre opposable Juridiquement et, si possible, int\xE9gr\xE9e au\ + \ r\xE8glement int\xE9rieur de l'entit\xE9. Le personnel non permanent (stagiaires,\ + \ int\xE9rimaires, prestataires ...) est inform\xE9 de ses devoirs dans le\ + \ cadre de son usage des SI de l'\xC9tat." + - urn: urn:intuitem:risk:req_node:pssie:2.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:2 + ref_id: '2.2' + name: Personnel permanent + - urn: urn:intuitem:risk:req_node:pssie:rh-motiv + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:2.2 + ref_id: RH-MOTIV + name: "Choix et sensibilisation des personnes tenant les postes cl\xE9s de la\ + \ SSI" + description: "Une attention particuli\xE8re doit \xEAtre port\xE9e au recrutement\ + \ des personnes-cl\xE9s de la SSI : RSSI, correspondants SSI locaux et administrateurs\ + \ de s\xE9curit\xE9. Les RSSI et leurs correspondants SSI locaux doivent \xEA\ + tre sp\xE9cifiquement form\xE9s \xE0 la SSI. Les administrateurs des SI doivent\ + \ \xEAtre r\xE9guli\xE8rement sensibilis\xE9s aux devoirs li\xE9s \xE0 leur\ + \ fonction, et doivent veiller \xE0 respecter ces exigences dans le cadre\ + \ de leurs activit\xE9s quotidiennes." + - urn: urn:intuitem:risk:req_node:pssie:rh-conf + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:2.2 + ref_id: RH-CONF + name: Personnels de confiance + description: "Toutes les personnes manipulant des informations sensibles doivent\ + \ le faire avec une attention et une probit\xE9 particuli\xE8re, dans le respect\ + \ des textes en vigueur. Les sanctions \xE9ventuelles s'appliquant aux cas\ + \ de n\xE9gligence ou de malveillance leur sont rappel\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:rh-util + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:2.2 + ref_id: RH-UTIL + name: "Sensibilisation des utilisateurs des syst\xE8mes d'information" + description: "Chaque utilisateur doit \xEAtre r\xE9guli\xE8rement inform\xE9\ + \ des exigences de s\xE9curit\xE9 le concernant, et motiv\xE9 \xE0 leur respect.\ + \ Il doit \xEAtre form\xE9 \xE0 l'utilisation des outils de travail conform\xE9\ + ment aux r\xE8gles SSI." + - urn: urn:intuitem:risk:req_node:pssie:2.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:2 + ref_id: '2.3' + name: Mouvement de personnel + - urn: urn:intuitem:risk:req_node:pssie:rh-mouv + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:2.3 + ref_id: RH-MOUV + description: "Une proc\xE9dure permettant de g\xE9rer les arriv\xE9es, les mutations\ + \ et les d\xE9parts des collaborateurs dans les SI doit \xEAtre formalis\xE9\ + e, et appliqu\xE9e strictement. \nCette proc\xE9dure doit couvrir au minimum:\ + \ \n- la gestion/r\xE9vocation des comptes et des droits d'acc\xE8s aux SI,\ + \ y compris pour les partenaires et les prestataires externes \n- la gestion\ + \ du contr\xF4le d'acc\xE8s aux locaux \n- la gestion des \xE9quipements mobiles\ + \ \n- la gestion du contr\xF4le des habilitations" + - urn: urn:intuitem:risk:req_node:pssie:2.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:2 + ref_id: '2.4' + name: Personnel non permanent + - urn: urn:intuitem:risk:req_node:pssie:rh-nperm + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:2.4 + ref_id: RH-NPERM + description: "Les r\xE8gles de la PSSIE s'appliquent \xE0 tout personnel non\ + \ permanent utilisateur d'un SI d'une administration de l'\xC9tat. \nLes dispositions\ + \ contractuelles pr\xE9existantes r\xE9gissant l'emploi de ce personnel sont\ + \ amend\xE9es si n\xE9cessaire. Pour tout personnel non permanent, un tutorat\ + \ par un agent permanent est mis en place, afin de l'informer de ces r\xE8\ + gles et d'en contr\xF4ler l'application." + - urn: urn:intuitem:risk:req_node:pssie:3 + assessable: false + depth: 1 + ref_id: '3' + name: Gestion des biens + - urn: urn:intuitem:risk:req_node:pssie:objectif-3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:3 + ref_id: Objectif 3 + name: cartographie des SI + description: "Tenir \xE0 jour une cartographie d\xE9taill\xE9e et compl\xE8\ + te des SI." + - urn: urn:intuitem:risk:req_node:pssie:gdb-invent + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:3 + ref_id: GDB-INVENT + name: Inventaire des ressources informatiques + description: "Chaque entit\xE9 \xE9tablit et maintient \xE0 jour un inventaire\ + \ des ressources informatiques sous sa responsabilit\xE9, en s'appuyant sur\ + \ un outillage adapt\xE9. \nCet inventaire est tenu \xE0 disposition du RSSI,\ + \ ainsi que du FSSI et de l'ANSSI en cas de besoin de coordination op\xE9\ + rationnelle. Il comprend la liste des briques mat\xE9rielles et logicielles\ + \ utilis\xE9es, ainsi que leurs versions exactes. Il est constitu\xE9 d'une\ + \ base de donn\xE9es de configuration, maintenue \xE0 jour et tenue \xE0 disposition\ + \ du RSSI. L'historique des attributions des biens inventori\xE9s doit \xEA\ + tre conserv\xE9, dans le respect de la l\xE9gislation." + - urn: urn:intuitem:risk:req_node:pssie:gdb-carto + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:3 + ref_id: GDB-CARTO + name: Cartographie + description: "La cartographie pr\xE9cise les centres informatiques, les architectures\ + \ des r\xE9seaux (sur lesquelles sont identifi\xE9s les points n\xE9vralgiques\ + \ et la sensibilit\xE9 des informations manipul\xE9es) et qualifie le niveau\ + \ de s\xE9curit\xE9 attendu. \nCette cartographie est maintenue \xE0 jour\ + \ et tenue \xE0 disposition du RSSI, ainsi que du FSSI et de l'ANSSI en cas\ + \ de besoin de coordination op\xE9rationnelle." + - urn: urn:intuitem:risk:req_node:pssie:objectif-4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:3 + ref_id: Objectif 4 + name: "qualification et protection de l'information. Qualifier l'information\ + \ de fa\xE7on \xE0 adapter les mesures de protection" + description: " Qualifier l'information de fa\xE7on \xE0 adapter les mesures\ + \ de protection." + - urn: urn:intuitem:risk:req_node:pssie:gdb-qualif-sensi + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:3 + ref_id: GDB-QUALIF-SENSI + name: Qualification des informations + description: "La sensibilit\xE9 de toute information doit \xEAtre \xE9valu\xE9\ + e. Le marquage syst\xE9matique des documents, en fonction du niveau de sensibilit\xE9\ + , est fortement recommand\xE9. " + - urn: urn:intuitem:risk:req_node:pssie:gdb-prot-is + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:3 + ref_id: GDB-PROT-IS + name: Protection des informations + description: "L'utilisateur doit prot\xE9ger les informations qu'il est amen\xE9\ + \ \xE0 manipuler dans le cadre de ses fonctions, selon leur sensibilit\xE9\ + \ et tout au long de leur cycle de vie, depuis la cr\xE9ation du brouillon\ + \ jusqu'\xE0 son \xE9ventuelle destruction." + - urn: urn:intuitem:risk:req_node:pssie:4 + assessable: false + depth: 1 + ref_id: '4' + name: "Int\xE9gration de la SSI dans le cycle de vie des syst\xE8mes d'information" + - urn: urn:intuitem:risk:req_node:pssie:4.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:4 + ref_id: '4.1' + name: "Gestion des risques et homologation de s\xE9curit\xE9" + - urn: urn:intuitem:risk:req_node:pssie:objectif-5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.1 + ref_id: Objectif 5 + name: risques + description: "Appr\xE9cier, traiter, et communiquer sur les risques relatifs\ + \ \xE0 la s\xE9curit\xE9 des syst\xE8mes d'information." + - urn: urn:intuitem:risk:req_node:pssie:int-homolog-ssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.1 + ref_id: INT-HOMOLOG-SSI + name: "Homologation de s\xE9curit\xE9 des syst\xE8mes d'information" + description: "Tout syst\xE8me d'information doit faire l'objet d'une d\xE9cision\ + \ d'homologation de sa s\xE9curit\xE9 avant sa mise en exploitation dans les\ + \ conditions d'emploi d\xE9finies. \nL'homologation est l'acte selon lequel\ + \ l'autorit\xE9 atteste formellement aupr\xE8s des utilisateurs que le syst\xE8\ + me d'information est prot\xE9g\xE9 conform\xE9ment aux objectifs de s\xE9\ + curit\xE9 fix\xE9s. La d\xE9cision d'homologation est prise par l'autorit\xE9\ + \ d'homologation (d\xE9sign\xE9e par l'autorit\xE9 qualifi\xE9e), le cas \xE9\ + ch\xE9ant apr\xE8s avis de la commission d'homologation. Cette d\xE9cision\ + \ s'appuie sur une analyse de risques adapt\xE9e aux enjeux du syst\xE8me\ + \ consid\xE9r\xE9, et pr\xE9cise les conditions d'emploi." + - urn: urn:intuitem:risk:req_node:pssie:4.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:4 + ref_id: '4.2' + name: "Maintien en condition de s\xE9curit\xE9 des syst\xE8mes d'information\ + \ .." + - urn: urn:intuitem:risk:req_node:pssie:objectif-6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.2 + ref_id: Objectif 6 + name: "maintien en condition de s\xE9curit\xE9" + description: "G\xE9rer dynamiquement les mesures de protection, tout au long\ + \ de la vie du SI" + - urn: urn:intuitem:risk:req_node:pssie:int-ssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.2 + ref_id: INT-SSI + name: "int\xE9gration de la s\xE9curit\xE9 dans les projets" + description: "La s\xE9curit\xE9 des syst\xE8mes d'information doit \xEAtre prise\ + \ en compte dans toutes les phases des projets informatiques, sous le contr\xF4\ + le de l'autorit\xE9 d'homologation, de la conception et de la sp\xE9cification\ + \ du syst\xE8me jusqu'\xE0 son retrait du service." + - urn: urn:intuitem:risk:req_node:pssie:int-quot-ssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.2 + ref_id: INT-QUOT-SSI + name: "Mise en \u0153uvre au quotidien de la SSO" + description: "La s\xE9curit\xE9 des syst\xE8mes d'information se traite au quotidien\ + \ par des pratiques d'hygi\xE8ne informatique. Des proc\xE9dures \xE9crites\ + \ d\xE9finissent les actes \xE9l\xE9mentaires du maintien en condition de\ + \ s\xE9curit\xE9 lors des phases de conception, \xE9volution ou retrait d'un\ + \ syst\xE8me." + - urn: urn:intuitem:risk:req_node:pssie:int-tbd + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.2 + ref_id: INT-TBD + name: "Cr\xE9er un tableau de bord SSI" + description: "Un tableau de bord SSI est mis en place et tenu \xE0 jour. Il\ + \ fournit au RSSI et aux autorit\xE9s une vision g\xE9n\xE9rale du niveau\ + \ de s\xE9curit\xE9 et de son \xE9volution, rendant ainsi plus efficace le\ + \ pilotage de la SSI. \nAu niveau strat\xE9gique, le tableau de bord SSI permet\ + \ de suivre l'application de la politique de s\xE9curit\xE9 et de disposer\ + \ d'\xE9l\xE9ments propres \xE0 qualifier les ressources devant \xEAtre allou\xE9\ + es \xE0 la SSI. Au niveau du pilotage, la mise en place de ce tableau de bord\ + \ permet de contr\xF4ler la r\xE9alisation d'objectifs op\xE9rationnels, d'am\xE9\ + liorer la qualit\xE9 de service et de d\xE9tecter au plus t\xF4t les retards\ + \ dans la r\xE9alisation de certains objectifs de s\xE9curit\xE9." + - urn: urn:intuitem:risk:req_node:pssie:4.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:4 + ref_id: '4.3' + name: "Produits et services labellis\xE9s" + - urn: urn:intuitem:risk:req_node:pssie:objectif-7 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.3 + ref_id: Objectif 7 + name: "produits et services qualifi\xE9s ou certifi\xE9s" + description: "Utiliser des produits et services dont la s\xE9curit\xE9 est \xE9\ + valu\xE9e et attest\xE9e selon des proc\xE9dures reconnues par /'ANSS/, afin\ + \ de renforcer la protection des SI." + - urn: urn:intuitem:risk:req_node:pssie:int-aq-psl + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.3 + ref_id: INT-AQ-PSL + name: Acquisition de produits et services de confiance + description: "Lorsqu'ils sont disponibles, des produits ou des services de s\xE9\ + curit\xE9 labellis\xE9s (certifi\xE9s, qualifi\xE9s) par L'ANSSI doivent \xEA\ + tre utilis\xE9s." + - urn: urn:intuitem:risk:req_node:pssie:4.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:4 + ref_id: '4.4' + name: Gestion des prestataires + - urn: urn:intuitem:risk:req_node:pssie:objectif-8 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.4 + ref_id: Objectif 8 + name: maitrise des prestations + description: "Veiller aux exigences de s\xE9curit\xE9 lorsqu'il est fait appel\ + \ \xE0 de la prestation par des tiers." + - urn: urn:intuitem:risk:req_node:pssie:int-pres-cs + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.4 + ref_id: INT-PRES-CS + name: "Clauses de s\xE9curit\xE9" + description: "Toute prestation dans le domaine des SI est encadr\xE9e par des\ + \ clauses de s\xE9curit\xE9. Ces clauses sp\xE9cifient les mesures SSI que\ + \ le prestataire doit respecter dans le cadre de ses activit\xE9s." + - urn: urn:intuitem:risk:req_node:pssie:jnt-pres-cntrl + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.4 + ref_id: JNT-PRES-CNTRL + name: "Suivi et contr\xF4le des prestations fournies" + description: "Le maintien d'un niveau de s\xE9curit\xE9 au cours du temps n\xE9\ + cessite un double contr\xF4le : \n\n-l'un, effectu\xE9 p\xE9riodiquement par\ + \ l'\xE9quipe encadrant la prestation, qui porte sur les actions du sous-traitant\ + \ et la conformit\xE9 au cahier des charges \n-l'autre, effectu\xE9 par une\ + \ \xE9quipe externe, qui porte sur la pertinence du cahier des charges en\ + \ amont des projets, la conformit\xE9 des r\xE9ponses apport\xE9es par le\ + \ sous- traitant en phase de recette et le niveau de s\xE9curit\xE9 global\ + \ obtenu en production" + - urn: urn:intuitem:risk:req_node:pssie:int-rex-ar + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.4 + ref_id: INT-REX-AR + name: Analyse de risques + description: "Toute op\xE9ration d'externalisation s'appuie sur une analyse\ + \ de risques pr\xE9alable, de fa\xE7on \xE0 formaliser des objectifs de s\xE9\ + curit\xE9 et d\xE9finir des mesures adapt\xE9es. L'ensemble des objectifs\ + \ de s\xE9curit\xE9 ainsi formalis\xE9s permet de d\xE9finir une cible de\ + \ s\xE9curit\xE9 servant de cadre au contrat \xE9tabli avec le prestataire." + - urn: urn:intuitem:risk:req_node:pssie:int-rex-hb + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.4 + ref_id: INT-REX-HB + name: "H\xE9bergement" + description: "L'h\xE9bergement des donn\xE9es sensibles de l'administration\ + \ sur le territoire national est obligatoire, sauf accord du HFDS, et d\xE9\ + rogation d\xFBment motiv\xE9e et pr\xE9cis\xE9e dans la d\xE9cision d'homologation." + - urn: urn:intuitem:risk:req_node:pssie:int-rex-hs + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:4.4 + ref_id: INT-REX-HS + name: "H\xE9bergement et clauses de s\xE9curit\xE9" + description: "Tout contrat d'h\xE9bergement d\xE9taille les dispositions mises\ + \ en \u0153uvre pour prendre en compte la SSI. Ce sont notamment les mesures\ + \ prises pour assurer le maintien en condition de s\xE9curit\xE9 des syst\xE8\ + mes et permettre une gestion de crise efficace (conditions d'acc\xE8s aux\ + \ journaux, mise en place d'astreintes, etc.)." + - urn: urn:intuitem:risk:req_node:pssie:5 + assessable: false + depth: 1 + ref_id: '5' + name: "S\xE9curit\xE9 physique" + - urn: urn:intuitem:risk:req_node:pssie:5.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:5 + ref_id: '5.1' + name: "S\xE9curit\xE9 physique des locaux abritant les SI" + - urn: urn:intuitem:risk:req_node:pssie:5.1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1 + ref_id: 5.1.1 + name: "R\xE8gles g\xE9n\xE9rales" + - urn: urn:intuitem:risk:req_node:pssie:objectif-9 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1.1 + ref_id: Objectif 9 + name: "s\xE9curit\xE9 physique des locaux abritant les SI" + description: "Inscrire la s\xE9curisation physique des SI dans la s\xE9curisation\ + \ physique des locaux et dans les processus associ\xE9s." + - urn: urn:intuitem:risk:req_node:pssie:phy-zones + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1.1 + ref_id: PHY-ZONES + name: "D\xE9coupage des sites en zones de s\xE9curit\xE9" + description: "Un d\xE9coupage des sites en zones physiques de s\xE9curit\xE9\ + \ doit \xEAtre effectu\xE9, en liaison avec le RSSI, les correspondants locaux\ + \ SSI et les services en charge : de l'immobilier, de la s\xE9curit\xE9 et\ + \ des moyens g\xE9n\xE9raux. Pour chaque zone de s\xE9curit\xE9, des crit\xE8\ + res pr\xE9cis d'autorisation d'acc\xE8s sont \xE9tablis." + - urn: urn:intuitem:risk:req_node:pssie:5.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1 + ref_id: 5.1.2 + name: "R\xE8gles de s\xE9curit\xE9 s'appliquant aux zones d'accueil du public" + - urn: urn:intuitem:risk:req_node:pssie:phy-publ + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1.2 + ref_id: PHY-PUBL + name: "Acc\xE8s r\xE9seau en zone d'accueil du public" + description: "Tout acc\xE8s r\xE9seau install\xE9 dans une zone d'accueil du\ + \ public doit \xEAtre filtr\xE9 ou isol\xE9 du reste du r\xE9seau informatique\ + \ de l'entit\xE9." + - urn: urn:intuitem:risk:req_node:pssie:phy-sens + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1.2 + ref_id: PHY-SENS + name: Protection des informations sensibles au sein des zones d'accueil + description: "Le traitement d'informations sensibles au sein des zones d'accueil\ + \ est \xE0 \xE9viter. Si un tel traitement est strictement n\xE9cessaire,\ + \ il doit rester ponctuel et exceptionnel. Des mesures particuli\xE8res sont\ + \ alors adopt\xE9es, notamment en mati\xE8re de protection audiovisuelle,\ + \ ainsi qu'en mati\xE8re de protection des informations stock\xE9es sur les\ + \ supports." + - urn: urn:intuitem:risk:req_node:pssie:5.1.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1 + ref_id: 5.1.3 + name: "R\xE8gles de s\xE9curit\xE9 compl\xE9mentaires s'appliquant aux locaux\ + \ techniques" + - urn: urn:intuitem:risk:req_node:pssie:phy-tech + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1.3 + ref_id: PHY-TECH + name: "S\xE9curit\xE9 physique des locaux techniques" + description: "L'acc\xE8s aux locaux techniques abritant des \xE9quipements d'alimentation\ + \ et de distribution d'\xE9nergie, ou des \xE9quipements de r\xE9seau et de\ + \ t\xE9l\xE9phonie, doit \xEAtre physiquement prot\xE9g\xE9." + - urn: urn:intuitem:risk:req_node:pssie:phy-telecom + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1.3 + ref_id: PHY-TELECOM + name: "Protection des c\xE2bles \xE9lectriques et de t\xE9l\xE9communications" + description: "Il convient de prot\xE9ger le c\xE2blage r\xE9seau contre les\ + \ dommages et les interceptions des communications qu'ils transmettent. En\ + \ compl\xE9ment, les panneaux de raccordements et les salles des cibles doivent\ + \ \xEAtre plac\xE9s en dehors des zones d'accueil du public et leur acc\xE8\ + s doit \xEAtre contr\xF4l\xE9." + - urn: urn:intuitem:risk:req_node:pssie:phy-ctrl + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.1.3 + ref_id: PHY-CTRL + name: "Contr\xF4les anti-pi\xE9qeaqes" + description: "Sur les SI particuli\xE8rement sensibles, il convient de mener\ + \ des contr\xF4les anti-pi\xE9geages r\xE9guliers, effectu\xE9s par du personnel\ + \ form\xE9. Il peut \xEAtre fait appel \xE0 des services sp\xE9cialis\xE9\ + s (op\xE9rations dites de\xAB d\xE9poussi\xE9rage\xBB)." + - urn: urn:intuitem:risk:req_node:pssie:5.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:5 + ref_id: '5.2' + name: "S\xE9curit\xE9 physique des centres informatiques" + - urn: urn:intuitem:risk:req_node:pssie:5.2.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2 + ref_id: 5.2.1 + name: "R\xE8gles g\xE9n\xE9rales" + - urn: urn:intuitem:risk:req_node:pssie:objectif-10 + assessable: false + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.1 + ref_id: Objectif 10 + name: "s\xE9curit\xE9 physique des centres informatiques" + description: "Dimensionner les protections physiques des centres informatiques\ + \ en fonction des enjeux li\xE9s \xE0 la concentration des moyens et donn\xE9\ + es abrit\xE9s." + - urn: urn:intuitem:risk:req_node:pssie:phy-ci-loc + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.1 + ref_id: PHY-CI-LOC + name: "D\xE9coupage des locaux en zones de s\xE9curit\xE9" + description: "Un d\xE9coupage du centre informatique en zones physiques de s\xE9\ + curit\xE9 doit \xEAtre effectu\xE9, en liaison avec le RSSI et les services\ + \ en charge de l'immobilier, de la s\xE9curit\xE9 et des moyens g\xE9n\xE9\ + raux. Des r\xE8gles doivent fixer les conditions d'acc\xE8s \xE0 ces diff\xE9\ + rentes zones." + - urn: urn:intuitem:risk:req_node:pssie:phy-ci-heberg + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.1 + ref_id: PHY-CI-HEBERG + name: "Convention de service en cas d'h\xE9bergement tiers" + description: "Dans le cas o\xF9 un tiers g\xE8re tout ou partie des locaux du\ + \ centre informatique, une convention de service, d\xE9finissant les responsabilit\xE9\ + s mutuelles en mati\xE8re de s\xE9curit\xE9, doit \xEAtre \xE9tablie entre\ + \ ce tiers et l'entit\xE9 ou le minist\xE8re." + - urn: urn:intuitem:risk:req_node:pssie:5.2.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2 + ref_id: 5.2.2 + name: "R\xE8gles de s\xE9curit\xE9 compl\xE9mentaires s'appliquant aux zones\ + \ internes et restreintes" + - urn: urn:intuitem:risk:req_node:pssie:phy-ci-ctrlacc + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.2 + ref_id: PHY-CI-CTRLACC + name: "Contr\xF4le d'acc\xE8s physique" + description: "L'acc\xE8s aux zones internes (autoris\xE9es uniquement au personnel\ + \ du centre informatique ou aux visiteurs accompagn\xE9s) et restreintes (autoris\xE9\ + es aux seules personnes habilit\xE9es ou aux visiteurs accompagn\xE9s) doit\ + \ reposer sur un dispositif de contr\xF4le d'acc\xE8s physique. Ce dispositif\ + \ doit s'appuyer sur des produits qualifi\xE9s, lorsqu'ils sont disponibles,\ + \ et b\xE9n\xE9ficier d'un maintien en condition de s\xE9curit\xE9 rigoureux." + - urn: urn:intuitem:risk:req_node:pssie:phy-ci-moyens + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.2 + ref_id: PHY-CI-MOYENS + name: "D\xE9livrance des moyens d'acc\xE8s physique" + description: "La d\xE9livrance des moyens d'acc\xE8s physique doit respecter\ + \ un processus formel permettant de s'assurer de l'identit\xE9 de la personne,\ + \ s'appuyant sur le processus d'arriv\xE9e et de d\xE9part du personnel. Le\ + \ personnel autre que celui explicitement autoris\xE9 et habilit\xE9, mais\ + \ n\xE9anmoins appel\xE9 \xE0 intervenir dans les zones sensibles (entretien\ + \ ou r\xE9paration des b\xE2timents, des \xE9quipements non informatiques,\ + \ nettoyage, visiteurs, ...), intervient syst\xE9matiquement et imp\xE9rativement\ + \ sous surveillance permanente." + - urn: urn:intuitem:risk:req_node:pssie:phy-cj-tra-ce + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.2 + ref_id: PHY-CJ-TRA CE + name: "Tra\xE7abilit\xE9 des acc\xE8s" + description: "Une tra\xE7abilit\xE9 des acc\xE8s, par les visiteurs externes,\ + \ aux zones restreintes doit \xEAtre mise en place. Ces traces sont alors\ + \ conserv\xE9es un an, dans le respect des textes prot\xE9geant les donn\xE9\ + es personnelles." + - urn: urn:intuitem:risk:req_node:pssie:5.2.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2 + ref_id: 5.2.3 + name: "R\xE8gles de s\xE9curit\xE9 compl\xE9mentaires s'appliquant aux salles\ + \ informatiques et aux locaux techniques" + - urn: urn:intuitem:risk:req_node:pssie:phy-ci-energie + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.3 + ref_id: PHY-CI-ENERGIE + name: "Local \xE9nergie" + description: "L'alimentation secteur des \xE9quipements devra \xEAtre conforme\ + \ aux r\xE8gles de l'art, de fa\xE7on \xE0 se pr\xE9munir des atteintes \xE0\ + \ la s\xE9curit\xE9 des personnes et \xE9quipements li\xE9es \xE0 un d\xE9\ + faut \xE9lectrique." + - urn: urn:intuitem:risk:req_node:pssie:phy-ci-clim + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.3 + ref_id: PHY-CI-CLIM + name: Climatisation + description: "Un dispositif de climatisation dimensionn\xE9 en fonction des\ + \ besoins \xE9nerg\xE9tiques du syst\xE8me informatique doit \xEAtre install\xE9\ + . Des proc\xE9dures de r\xE9action en cas de panne, connues du personnel,\ + \ doivent \xEAtre \xE9labor\xE9es et v\xE9rifi\xE9es annuellement. Ces dispositions\ + \ visent \xE0 pr\xE9venir toute surchauffe des \xE9quipements, pouvant engendrer\ + \ une perte du service voire une d\xE9t\xE9rioration du mat\xE9riel." + - urn: urn:intuitem:risk:req_node:pssie:phy-ci-inc + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.3 + ref_id: PHY-CI-INC + name: Lutte contre l'incendie + description: "L'installation de mat\xE9riel de protection contre le feu est\ + \ obligatoire. Des proc\xE9dures de r\xE9action \xE0 un incendie sont d\xE9\ + finies et r\xE9guli\xE8rement test\xE9es. Les salles techniques doivent \xEA\ + tre propres. Aucun carton, papier, ou autre source potentielle de d\xE9part\ + \ de feu ne doit \xEAtre entrepos\xE9 dans ces locaux." + - urn: urn:intuitem:risk:req_node:pssie:phy-cl-eau + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:5.2.3 + ref_id: PHY Cl-EAU + name: Lutte contre les voies d'eau + description: "Une \xE9tude sur les risques dus aux voies d'eau doit \xEAtre\ + \ r\xE9alis\xE9e. Cette \xE9tude doit notamment prendre en compte le risque\ + \ de fuite sur un collecteur d'eau douce." + - urn: urn:intuitem:risk:req_node:pssie:5.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:5 + ref_id: '5.3' + name: "SI de s\xFBret\xE9" + - urn: urn:intuitem:risk:req_node:pssie:objectif-11 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.3 + ref_id: Objectif 11 + name: "s\xE9curit\xE9 du SI de s\xFBret\xE9" + description: "Traiter de mani\xE8re globale la s\xE9curit\xE9 des syst\xE8mes\ + \ d'information et de communication qui assurent la s\xFBret\xE9 d'un site." + - urn: urn:intuitem:risk:req_node:pssie:node85 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.3 + description: "Les sites importants (reconnus le cas \xE9ch\xE9ant comme points\ + \ d'importance vitale) s'appuient sur des services support des activit\xE9\ + s de s\xFBret\xE9 physique. Dans ce cadre, l'appellation \xAB services de\ + \ syst\xE8mes d'information et de communication de s\xFBret\xE9 \xBB regroupe\ + \ : \n\n* les services support des activit\xE9s de contr\xF4le d'acc\xE8\ + s et d\xE9tection d'intrusion (CTA), permettant au personnel de s\xFBret\xE9\ + : \n--d'authentifier, d'autoriser et de tracer l'acc\xE8s \xE0 une ressource\ + \ physique (contr\xF4le d'acc\xE8s), \n--de d\xE9tecter, d'alerter et de tracer\ + \ en cas de tentative d'acc\xE8s non autoris\xE9 (d\xE9tection d'intrusion).\ + \ \n\n* les services support des activit\xE9s de vid\xE9o-surveillance (VS),\ + \ fournissant au personnel de s\xFBret\xE9 un syst\xE8me de cam\xE9ras dispos\xE9\ + es sur l'ensemble du site, de transport des flux vid\xE9o, d'enregistrement,\ + \ d'archivage et de visionnage de ces vid\xE9os; \n\n* les services support\ + \ de la gestion technique des b\xE2timents (GTB), permettant de superviser\ + \ et de g\xE9rer l'ensemble des \xE9quipements des b\xE2timents du site, et\ + \ d'avoir une vue globale de l'\xE9tat de ces b\xE2timents; \n\n* les services\ + \ support de la s\xE9curit\xE9 incendie (INC), regroupant l'ensemble des ;moyens\ + \ informatiques mis en \u0153uvre pour d\xE9tecter, informer, intervenir et/ou\ + \ \xE9vacuer tout ou partie du site en cas d'incendie." + - urn: urn:intuitem:risk:req_node:pssie:phy-si-sur + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:5.3 + ref_id: PHY-SI-SUR + name: "S\xE9curisation du SI de s\xFBret\xE9" + description: "Pour les sites physiques consid\xE9r\xE9s comme importants, des\ + \ mesures de protection doivent \xEAtre d\xE9finies et appliqu\xE9es en se\ + \ basant sur les conclusions d'une analyse de risques. L'analyse de risques\ + \ conduit \xE0 la d\xE9signation des briques essentielles dont il faut assurer\ + \ la protection contre des actes malveillants. Un syst\xE8me de gestion de\ + \ la s\xE9curit\xE9 du SI de s\xFBret\xE9 (s'inspirant de la norme ISO 27001)\ + \ assure le maintien en condition de s\xE9curit\xE9. L'emploi de produits\ + \ labellis\xE9s, quand ils existent, est fortement recommand\xE9." + - urn: urn:intuitem:risk:req_node:pssie:6 + assessable: false + depth: 1 + ref_id: '6' + name: "S\xE9curit\xE9 des r\xE9seaux" + - urn: urn:intuitem:risk:req_node:pssie:6.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:6 + ref_id: '6.1' + name: "S\xE9curit\xE9 des r\xE9seaux nationaux" + - urn: urn:intuitem:risk:req_node:pssie:objectif-12 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.1 + ref_id: Objectif 12 + name: "usage s\xE9curis\xE9 des r\xE9seaux nationaux" + description: "Utiliser les infrastructur es nationales, en respectant les r\xE8\ + gles de s\xE9curit\xE9 qui leur sont attach\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:res-maitrise + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.1 + ref_id: RES-MAITRISE + name: "Syst\xE8mes autoris\xE9s sur le r\xE9seau" + description: "Seuls les \xE9quipements g\xE9r\xE9s et configur\xE9s par les\ + \ \xE9quipes informatiques habilit\xE9es peuvent \xEAtre connect\xE9s au r\xE9\ + seau local d'une entit\xE9." + - urn: urn:intuitem:risk:req_node:pssie:res-interco + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.1 + ref_id: RES-INTERCO + name: "Interconnexion avec des r\xE9seaux externes" + description: "Toute interconnexion entre les r\xE9seaux locaux d'une entit\xE9\ + \ et un r\xE9seau externe (r\xE9seau d'un tiers, Internet, etc.) doit \xEA\ + tre r\xE9alis\xE9e via les infrastructures nationales." + - urn: urn:intuitem:risk:req_node:pssie:res-entsor + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.1 + ref_id: RES-ENTSOR + name: "Mettre en place un filtrage r\xE9seau pour les flux sortants et entrants" + description: "Dans l'optique de r\xE9duire les possibilit\xE9s offertes \xE0\ + \ un attaquant, les connexions des machines du r\xE9seau interne vers l'ext\xE9\ + rieur doivent \xEAtre filtr\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:res-prot + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.1 + ref_id: RES-PROT + name: Protection des informations + description: "Les acc\xE8s \xE0 Internet passent obligatoirement \xE0 travers\ + \ les passerelles nationales. D\xE8s lors que des informations sensibles doivent\ + \ transiter sur des r\xE9seaux non ma\xEEtris\xE9s, il convient de les prot\xE9\ + ger sp\xE9cifiquement par chiffrement adapt\xE9." + - urn: urn:intuitem:risk:req_node:pssie:6.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:6 + ref_id: '6.2' + name: "S\xE9curit\xE9 des r\xE9seaux locaux" + - urn: urn:intuitem:risk:req_node:pssie:objectif-13 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.2 + ref_id: Objectif 13 + name: "usage s\xE9curis\xE9 des r\xE9seaux locaux" + description: "Maitriser les interconnexions de r\xE9seaux locaux. Configurer\ + \ de mani\xE8re ad\xE9quate les \xE9quipements de r\xE9seau actifs." + - urn: urn:intuitem:risk:req_node:pssie:res-clois + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.2 + ref_id: RES-CLOIS + name: "Cloisonner le SI en sous-r\xE9seaux de niveaux de s\xE9curit\xE9 homog\xE8\ + nes" + description: "Par analogie avec le cloisonnement physique d'un B\xE2timent,\ + \ le syst\xE8me d'information doit \xEAtre segment\xE9 selon des zones pr\xE9\ + sentant chacune un niveau de s\xE9curit\xE9 homog\xE8ne." + - urn: urn:intuitem:risk:req_node:pssie:res-intercogeo + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.2 + ref_id: RES-INTERCOGEO + name: "Interconnexion des sites g\xE9ographiques locaux d'une entit\xE9" + description: "L'interconnexion au niveau local de r\xE9seaux locaux d'une entit\xE9\ + \ n'est possible que si la proximit\xE9 g\xE9ographique Je justifie et sous\ + \ r\xE9serve de la mise en place de connexions d\xE9di\xE9es \xE0 cet effet,\ + \ et de passerelles s\xE9curis\xE9es et valid\xE9es par le HFDS." + - urn: urn:intuitem:risk:req_node:pssie:res-ress + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.2 + ref_id: RES-RESS + name: Cloisonnement des ressources en cas de partage de locaux + description: "Dans le cas o\xF9 une entit\xE9 partage des locaux {bureaux ou\ + \ locaux techniques) avec des entit\xE9s externes, des mesures de cloisonnement\ + \ des ressources informatiques doivent \xEAtre mises en place. Si le cloisonnement\ + \ n'est pas physique, les mesures prises doivent \xEAtre valid\xE9es par Je\ + \ ou les HFDS concern\xE9s." + - urn: urn:intuitem:risk:req_node:pssie:6.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:6 + ref_id: '6.3' + name: "Acc\xE8s sp\xE9cifiques" + - urn: urn:intuitem:risk:req_node:pssie:objectif-14 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.3 + ref_id: Objectif 14 + name: "acc\xE8s sp\xE9cifiques" + description: "Ne pas porter atteinte \xE0 la s\xE9curit\xE9 du SI par le d\xE9\ + ploiement d'acc\xE8s non supervis\xE9s." + - urn: urn:intuitem:risk:req_node:pssie:res-internet-specifique + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.3 + ref_id: RES-INTERNET-SPECIFIQUE + name: "Cas particulier des acc\xE8s sp\xE9cifiques dans une entit\xE9" + description: "Les acc\xE8s sp\xE9cifiques \xE0 Internet n\xE9cessitant des droits\ + \ particuliers pour un usage m\xE9tier ne peuvent \xEAtre mis en place que\ + \ sur d\xE9rogation d\xFBment justifi\xE9e, et sur des machines isol\xE9es\ + \ physiquement et s\xE9par\xE9es du r\xE9seau de l'entit\xE9, apr\xE8s validation\ + \ pr\xE9alable de l'autorit\xE9 d'homologation." + - urn: urn:intuitem:risk:req_node:pssie:6.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:6 + ref_id: '6.4' + name: "S\xE9curit\xE9 des r\xE9seaux sans fil." + - urn: urn:intuitem:risk:req_node:pssie:objectif-15 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.4 + ref_id: Objectif 15 + name: "usage s\xE9curis\xE9 des r\xE9seaux sans fil" + description: "Maitriser le d\xE9ploiement, la configuration et l'usage des r\xE9\ + seaux sans fil." + - urn: urn:intuitem:risk:req_node:pssie:res-ssfil + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.4 + ref_id: RES-SSFIL + name: "Mise en place de r\xE9seaux sans fil" + description: "Le d\xE9ploiement de r\xE9seaux sans fil doit faire l'objet d'une\ + \ analyse de risques sp\xE9cifique. Les protections intrins\xE8ques \xE9tant\ + \ insuffisantes, des mesures compl\xE9mentaires, valid\xE9es par le HFDS concern\xE9\ + , doivent \xEAtre prises dans le cadre de la d\xE9fense en profondeur. En\ + \ particulier, une segmentation du r\xE9seau doit \xEAtre mise en place de\ + \ fa\xE7on \xE0 limiter \xE0 un p\xE9rim\xE8tre d\xE9termin\xE9 les cons\xE9\ + quences d'une intrusion depuis la voie radio. A d\xE9faut de mise en \u0153\ + uvre de mesures sp\xE9cifiques, le d\xE9ploiement de r\xE9seaux sans fil sur\ + \ des SI manipulant des donn\xE9es sensibles est proscrit." + - urn: urn:intuitem:risk:req_node:pssie:6.5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:6 + ref_id: '6.5' + name: "S\xE9curisation des m\xE9canismes de commutation et de routage" + - urn: urn:intuitem:risk:req_node:pssie:objectif-16 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.5 + ref_id: Objectif 16 + name: "s\xE9curit\xE9 des m\xE9canismes de commutation et de routage" + description: "Configurer les m\xE9canismes de commutation et de routage pour\ + \ se prot\xE9ger des attaques." + - urn: urn:intuitem:risk:req_node:pssie:res-couchbas + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.5 + ref_id: RES-COUCHBAS + name: "Implanter des m\xE9canismes de protection contre les attaques sur les\ + \ couches basses" + description: "Une attention particuli\xE8re doit \xEAtre apport\xE9e \xE0 l'implantation\ + \ des protocoles de couches basses, de fa\xE7on \xE0 se pr\xE9munir des attaques\ + \ usuelles par saturation ou empoisonnement de cache. Cela concerne, par exemple,\ + \ le protocole ARP." + - urn: urn:intuitem:risk:req_node:pssie:res-routdyn + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.5 + ref_id: RES-ROUTDYN + name: Surveiller les annonces de routage + description: "Lorsque l'utilisation de protocoles de routage dynamiques est\ + \ n\xE9cessaire, celle-ci doit s'accompagner de la mise en place d'une surveillance\ + \ des annonces de routage, et de proc\xE9dures permettant de r\xE9agir rapidement\ + \ en cas d'incidents." + - urn: urn:intuitem:risk:req_node:pssie:res-routdyn-igp + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.5 + ref_id: RES-ROUTDYN-IGP + name: "Configurer le protocole IGP de mani\xE8re s\xE9curis\xE9e" + description: "Le protocole de routage dynamique de type IGP doit \xEAtre activ\xE9\ + \ exclusivement sur les interfaces n\xE9cessaires \xE0 la construction de\ + \ la topologie du r\xE9seau et d\xE9sactiv\xE9 sur le reste des interfaces.\ + \ La configuration du protocole de routage dynamique doit syst\xE9matiquement\ + \ s'accompagner d'un mot de passe de type MESSAGE-DIGEST-KEY." + - urn: urn:intuitem:risk:req_node:pssie:res-routdyn-egp + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.5 + ref_id: RES-ROUTDYN-EGP + name: "S\xE9curiser les sessions EGP" + description: "Lors de la mise en place d'une session EGP avec un pair ext\xE9\ + rieur sur un m\xE9dia partag\xE9, cette session doit s'accompagner d'un mot\ + \ de passe de type message-digest-key." + - urn: urn:intuitem:risk:req_node:pssie:res-secret + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.5 + ref_id: RES-SECRET + name: "Modifier syst\xE9matiquement les \xE9l\xE9ments d'authentification par\ + \ d\xE9faut des \xE9quipements et services" + description: "Les mots de passe par d\xE9faut doivent \xEAtre imp\xE9rativement\ + \ modifi\xE9s, de m\xEAme en ce qui concerne les certificats. Les dispositions\ + \ n\xE9cessaires doivent \xEAtre prises aupr\xE8s des fournisseurs de fa\xE7\ + on \xE0 pouvoir modifier les certificats install\xE9s par d\xE9faut." + - urn: urn:intuitem:risk:req_node:pssie:res-durci + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.5 + ref_id: RES-DURCI + name: "Durcir les configurations des \xE9quipements de r\xE9seaux" + description: "Les \xE9quipements de r\xE9seaux (comme les routeurs) doivent\ + \ faire l'objet d'un durcissement sp\xE9cifique comprenant notamment, outre\ + \ le changement des mots de passe et certificats, la d\xE9sactivation des\ + \ interfaces et services inutiles, ainsi que la mise en place de m\xE9canismes\ + \ de protection du plan de contr\xF4le." + - urn: urn:intuitem:risk:req_node:pssie:6.6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:6 + ref_id: '6.6' + name: "Cartographie r\xE9seau" + - urn: urn:intuitem:risk:req_node:pssie:objectif-17 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.6 + ref_id: Objectif 17 + name: "cartographie r\xE9seau" + description: "Tenir \xE0 jour une cartographie d\xE9taill\xE9e et compl\xE8\ + te des r\xE9seaux et des interconnexions." + - urn: urn:intuitem:risk:req_node:pssie:res-carto + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:6.6 + ref_id: RES-CARTO + name: Elaborer les documents d'architecture technique et fonctionnelle + description: "L'architecture r\xE9seau du syst\xE8me d'information doit \xEA\ + tre d\xE9crite et formalis\xE9e \xE0 travers des sch\xE9mas d'architecture,\ + \ et des configurations, maintenus au fil des \xE9volutions apport\xE9es au\ + \ SI. Les documents d'architecture sont sensibles et font l'objet d'une protection\ + \ adapt\xE9e. La cartographie r\xE9seau s'ins\xE8re dans la cartographie globale\ + \ des SI." + - urn: urn:intuitem:risk:req_node:pssie:7 + assessable: false + depth: 1 + ref_id: '7' + name: Architecture des SI + - urn: urn:intuitem:risk:req_node:pssie:7.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:7 + ref_id: '7.1' + name: Architecture des centres informatiques + - urn: urn:intuitem:risk:req_node:pssie:objectif-18 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:7.1 + ref_id: Objectif 18 + name: "architecture s\xE9curis\xE9e des centres informatiques" + description: "Appliquer les principes de d\xE9fense en profondeur \xE0 l'architecture\ + \ mat\xE9rielle et logicielle des centres informatiques." + - urn: urn:intuitem:risk:req_node:pssie:archi-heberg + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:7.1 + ref_id: ARCHI-HEBERG + name: "Principes d'architecture de la zone d'h\xE9bergement" + description: "D'une mani\xE8re g\xE9n\xE9rale, l'architecture des infrastructures\ + \ des centres informatiques est con\xE7ue de fa\xE7on \xE0 satisfaire l'ensemble\ + \ des besoins en disponibilit\xE9, confidentialit\xE9, tra\xE7abilit\xE9 et\ + \ int\xE9grit\xE9. \nLe principe de d\xE9fense en profondeur doit \xEAtre\ + \ respect\xE9, en particulier par la mise en \u0153uvre successive de \xAB\ + \ zones d\xE9militaris\xE9es \xBB (DMZ), d'environnements de s\xE9curit\xE9\ + \ en zone d'h\xE9bergement, de machines virtuelles ou physiques d\xE9di\xE9\ + es, de r\xE9seaux locaux virtuels (VLAN) appropri\xE9s, d'un filtrage strict\ + \ des flux applicatifs et d 'administration." + - urn: urn:intuitem:risk:req_node:pssie:archi-stockci + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:7.1 + ref_id: ARCHI-STOCKCI + name: Architecture de stockage et de sauvegarde + description: "Le r\xE9seau de stockage/sauvegarde pour les besoins des centres\ + \ informatiques repose sur une architecture d\xE9di\xE9e \xE0 cet effet." + - urn: urn:intuitem:risk:req_node:pssie:archi-pass + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:7.1 + ref_id: ARCHI-PASS + name: Passerelle Internet + description: "Les interconnexions Internet passent obligatoirement par les passerelles\ + \ nationales homologu\xE9es" + - urn: urn:intuitem:risk:req_node:pssie:8 + assessable: false + depth: 1 + ref_id: '8' + name: Exploitation des SI + - urn: urn:intuitem:risk:req_node:pssie:8.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:8 + ref_id: '8.1' + name: Protection des informations sensibles + - urn: urn:intuitem:risk:req_node:pssie:objectif-19 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.1 + ref_id: Objectif 19 + name: protection des informations sensibles + description: "D\xE9finir et mettre en \u0153uvre des mesures de protection renforc\xE9\ + es pour les informations sensibles." + - urn: urn:intuitem:risk:req_node:pssie:exp-prot-inf + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.1 + ref_id: EXP-PROT-INF + name: "Protection des informations sensibles en confidentialit\xE9 et en int\xE9\ + grit\xE9" + description: "Des mesures doivent \xEAtre mises en \u0153uvre afin de garantir\ + \ la protection des informations sensibles en confidentialit\xE9 et en int\xE9\ + grit\xE9. A d\xE9faut d'utilisation d'un r\xE9seau homologu\xE9, ces informations\ + \ doivent \xEAtre chiffr\xE9es \xE0 l'aide d'un moyen de chiffrement labellis\xE9\ + ." + - urn: urn:intuitem:risk:req_node:pssie:8.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:8 + ref_id: '8.2' + name: "S\xE9curit\xE9 des ressources informatiques" + - urn: urn:intuitem:risk:req_node:pssie:objectif-20 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.2 + ref_id: Objectif 20 + name: 'surveillance et configuration des ressources informatiques ' + description: "Durcir les configurations des ressources informatiques, et surveiller\ + \ les interventions op\xE9r\xE9es sur celles-ci." + - urn: urn:intuitem:risk:req_node:pssie:exp-trac + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.2 + ref_id: EXP-TRAC + name: "Tra\xE7abilit\xE9 des interventions sur le syst\xE8me" + description: "Les interventions de maintenance sur les ressources informatiques\ + \ de l'entit\xE9 doivent \xEAtre trac\xE9es par le service informatique, et\ + \ ces traces doivent \xEAtre accessibles au correspondant SSI local durant\ + \ au moins un an." + - urn: urn:intuitem:risk:req_node:pssie:exp-config + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.2 + ref_id: EXP-CONFIG + name: Configuration des ressources informatiques + description: "Les syst\xE8mes d'exploitation et les logiciels doivent faire\ + \ l'objet d'un durcissement. Les configurations et mises \xE0 jour sont appliqu\xE9\ + es dans le strict respect des guides ou proc\xE9dures en vigueur dans l'entit\xE9\ + \ ou, par d\xE9faut, en vigueur au niveau central." + - urn: urn:intuitem:risk:req_node:pssie:exp-doc-config + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.2 + ref_id: EXP-DOC-CONFIG + name: Documentation des configurations + description: "La configuration standard des ressources informatiques doit \xEA\ + tre document\xE9e et mise \xE0 jour \xE0 chaque changement notable." + - urn: urn:intuitem:risk:req_node:pssie:8.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:8 + ref_id: '8.3' + name: "Gestion des autorisations et contr\xF4le d'acc\xE8s logique aux ressources" + - urn: urn:intuitem:risk:req_node:pssie:objectif-21 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3 + ref_id: Objectif 21 + name: "autorisations et contr\xF4les d'acc\xE8s" + description: "Authentifier les usagers et contr\xF4ler leurs acc\xE8s aux ressources\ + \ des SI de l'~tat, en fonction d'une politique explicite d'autorisations." + - urn: urn:intuitem:risk:req_node:pssie:8.3.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3 + ref_id: 8.3.1 + name: "Contr\xF4le des acc\xE8s logiques" + - urn: urn:intuitem:risk:req_node:pssie:exp-id-auth + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.1 + ref_id: EXP-ID-AUTH + name: "Identification, authentification et contr\xF4le d'acc\xE8s logique" + description: "L'acc\xE8s \xE0 toute ressource non publique doit n\xE9cessiter\ + \ une identification et une authentification individuelle de l'utilisateur.\ + \ Dans le cas de l'acc\xE8s \xE0 des donn\xE9es sensibles, des moyens d'authentification\ + \ forte doivent \xEAtre utilis\xE9s. A cette fin, l'usage d'une carte \xE0\ + \ puce doit \xEAtre privil\xE9gi\xE9. Le contr\xF4le d'acc\xE8s doit \xEA\ + tre g\xE9r\xE9 et s'appuyer sur un processus formalis\xE9 en coh\xE9rence\ + \ avec la gestion des ressources humaines." + - urn: urn:intuitem:risk:req_node:pssie:exp-droits + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.1 + ref_id: EXP-DROITS + name: "Droits d'acc\xE8s aux ressources" + description: "Apr\xE8s avoir d\xE9termin\xE9 le niveau de sensibilit\xE9, le\ + \ besoin de diffusion et de partage des ressources, les droits d'acc\xE8s\ + \ aux ressources doivent \xEAtre g\xE9r\xE9s suivant les principes suivants\ + \ : \n* besoin d'en conna\xEEtre (chaque utilisateur n'est autoris\xE9 \xE0\ + \ acc\xE9der qu'aux ressources pour lesquelles on lui accorde explicitement\ + \ le b\xE9n\xE9fice de l'acc\xE8s), \n* moindre privil\xE8ge (chaque utilisateur\ + \ acc\xE8de aux ressources avec le minimum de privil\xE8ges lui permettant\ + \ de conduire les actions explicitement autoris\xE9es pour lui)." + - urn: urn:intuitem:risk:req_node:pssie:exp-profils + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.1 + ref_id: EXP-PROFILS + name: "Gestion des profils d'acc\xE8s aux applications" + description: "Les applications manipulant des donn\xE9es sensibles doivent permettre\ + \ une gestion fine par profils d'acc\xE8s. Les principes du besoin d'en conna\xEE\ + tre et du moindre privil\xE8ge s'appliquent." + - urn: urn:intuitem:risk:req_node:pssie:8.3.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3 + ref_id: 8.3.2 + name: Processus d'autorisation + - urn: urn:intuitem:risk:req_node:pssie:exp-proc-auth + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.2 + ref_id: EXP-PROC-AUTH + name: "Autorisations d'acc\xE8s des utilisateurs" + description: "Toute action d'autorisation d'acc\xE8s d'un utilisateur \xE0 une\ + \ ressource des SI, qu'elle soit locale ou nationale, doit s'inscrire dans\ + \ le cadre d'un processus d'autorisation formalis\xE9, qui s'appuie sur le\ + \ processus d'arriv\xE9e et de d\xE9part du personnel." + - urn: urn:intuitem:risk:req_node:pssie:exp-revue-auth + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.2 + ref_id: EXP-REVUE-AUTH + name: "Revue des autorisations d'acc\xE8s" + description: "Une revue des autorisations d'acc\xE8s doit \xEAtre r\xE9alis\xE9\ + e annuellement sous le contr\xF4le du RSSI, le cas \xE9ch\xE9ant avec l'appui\ + \ du correspondant local SSI." + - urn: urn:intuitem:risk:req_node:pssie:8.3.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3 + ref_id: 8.3.4 + name: Gestion des authentifiants + - urn: urn:intuitem:risk:req_node:pssie:exp-conf-auth + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.4 + ref_id: EXP-CONF-AUTH + name: "Confidentialit\xE9 des informations d'authentification" + description: "Les informations d'authentification (mots de passe d'acc\xE8s\ + \ aux SI, cl\xE9s priv\xE9es li\xE9es aux certificats \xE9lectroniques, etc.)\ + \ doivent \xEAtre consid\xE9r\xE9es comme des donn\xE9es sensibles." + - urn: urn:intuitem:risk:req_node:pssie:exp-gest-pass + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.4 + ref_id: EXP-GEST-PASS + name: Gestion des mots de passe + description: "Les utilisateurs ne doivent pas stocker leurs mots de passe en\ + \ clair (par exemple dans un fichier) sur leur poste de travail. Les mots\ + \ de passe ne doivent pas transiter en clair sur les r\xE9seaux." + - urn: urn:intuitem:risk:req_node:pssie:exp-init-pass + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.4 + ref_id: EXP-INIT-PASS + name: Initialisation des mots de passe + description: "Chaque compte utilisateur doit \xEAtre cr\xE9\xE9 avec un mot\ + \ de passe initial al\xE9atoire unique. Si les circonstances l'imposent, un\ + \ mot de passe plus simple mais \xE0 usage unique peut \xEAtre envisag\xE9\ + ." + - urn: urn:intuitem:risk:req_node:pssie:exp-pol-pass + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.4 + ref_id: EXP-POL-PASS + name: Politiques de mots de passe + description: "Les r\xE8gles de gestion et de protection des mots de passe donnant\ + \ acc\xE8s aux applications et infrastructures nationales, telles qu'\xE9\ + dict\xE9es par les ma\xEEtrises d'ouvrage nationales, doivent \xEAtre respect\xE9\ + es dans chaque entit\xE9. Pour les ressources dont la politique de mots de\ + \ passe est g\xE9r\xE9e localement, les recommandations de l'ANSSI doivent\ + \ \xEAtre appliqu\xE9es pour tous les comptes." + - urn: urn:intuitem:risk:req_node:pssie:exp-certifs + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.4 + ref_id: EXP-CERTIFS + name: "Utilisation de certificats \xE9lectroniques" + description: "L'utilisation de certificats \xE9lectroniques doit respecter les\ + \ r\xE8gles \xE9dict\xE9es par le RGS." + - urn: urn:intuitem:risk:req_node:pssie:exp-qual-pass + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.4 + ref_id: EXP-QUAL-PASS + name: "Contr\xF4le syst\xE9matique de la qualit\xE9 des mots de passe" + description: "Des moyens techniques permettant d'imposer la politique de mots\ + \ de passe (par exemple pour s'assurer du respect de l'\xE9ventuelle obligation\ + \ relative \xE0 l'usage de caract\xE8res sp\xE9ciaux) doivent \xEAtre mis\ + \ en place. A d\xE9faut, un contr\xF4le p\xE9riodique des param\xE8tres techniques\ + \ relatifs aux mots de passe doit \xEAtre r\xE9alis\xE9." + - urn: urn:intuitem:risk:req_node:pssie:8.3.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3 + ref_id: 8.3.5 + name: Gestion des authentifiants d'administration + - urn: urn:intuitem:risk:req_node:pssie:exp-seq-admin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.5 + ref_id: EXP-SEQ-ADMIN + name: "S\xE9questre des authentifiants \xAB administrateur\xBB" + description: "Les authentifiants permettant l'administration des ressources\ + \ des SI doivent \xEAtre plac\xE9s sous s\xE9questre et tenus \xE0 jour, dans\ + \ un coffre ou une armoire ferm\xE9e \xE0 cl\xE9. L'authentifi\xE9 doit \xEA\ + tre inform\xE9 de l'existence de ces op\xE9rations de gestion, de leurs finalit\xE9\ + s et limites. Tout acc\xE8s d'administration \xE0 une ressource informatique\ + \ doit pouvoir \xEAtre trac\xE9 et permettre de remonter \xE0 la personne\ + \ exer\xE7ant ce droit. Les informations d'authentification b\xE9n\xE9ficiant\ + \ d'un moyen de protection physique (notamment carte \xE0 puce) n'ont, par\ + \ d\xE9faut, pas besoin d'\xEAtre l'objet d'op\xE9rations de s\xE9questre\ + \ de la part d'autres personnels que l'authentifi\xE9 lui-m\xEAme." + - urn: urn:intuitem:risk:req_node:pssie:exp-pol-admin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.5 + ref_id: EXP-POL-ADMIN + name: "Politique de mots de passe \xABadministrateurs\xBB" + description: "Chaque administrateur doit disposer d'un mot de passe propre et\ + \ destin\xE9 \xE0 l'administration." + - urn: urn:intuitem:risk:req_node:pssie:exp-dep-admin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.3.5 + ref_id: EXP-DEP-ADMIN + name: "Gestion du d\xE9part d'un administrateur des SI" + description: "En cas de d\xE9part d'un administrateur disposant de privil\xE8\ + ges sur des composants des SI, les comptes individuels dont il disposait doivent\ + \ \xEAtre imm\xE9diatement d\xE9sactiv\xE9s. Les \xE9ventuels mots de passe\ + \ d'administration dont il avait connaissance doivent \xEAtre chang\xE9s (exemples\ + \ : mots de passe des comptes fonctionnels, comptes g\xE9n\xE9riques ou comptes\ + \ de service utilis\xE9s dans le cadre des fonctions de l'administrateur)." + - urn: urn:intuitem:risk:req_node:pssie:8.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:8 + ref_id: '8.4' + name: "Exploitation s\xE9curis\xE9e des ressources informatiques" + - urn: urn:intuitem:risk:req_node:pssie:objectif-22 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4 + ref_id: Objectif 22 + name: "s\xE9curisation de l'exploitation" + description: "Fournir aux administrateurs les outils n\xE9cessaires \xE0 l'exercice\ + \ des t~ches SS/ et configurer ces outils de mani\xE8re s\xE9curis\xE9e." + - urn: urn:intuitem:risk:req_node:pssie:8.4.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4 + ref_id: 8.4.1 + name: "Administration des syst\xE8mes" + - urn: urn:intuitem:risk:req_node:pssie:exp-restr-droits + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.1 + ref_id: EXP-RESTR-DROITS + name: Restriction des droits + description: "Sauf exception d\xFBment motiv\xE9e et valid\xE9e par le RSSI,\ + \ les utilisateurs n'ont pas de droits d'administration." + - urn: urn:intuitem:risk:req_node:pssie:exp-prot-admin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.1 + ref_id: EXP-PROT-ADMIN + name: "Protection des acc\xE8s aux outils d'administration" + description: "L'acc\xE8s aux outils et interfaces d'administration doit \xEA\ + tre strictement limit\xE9 aux personnes habilit\xE9es, selon une proc\xE9\ + dure formelle d'autorisation d'acc\xE8s." + - urn: urn:intuitem:risk:req_node:pssie:exp-habilit-admin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.1 + ref_id: EXP-HABILIT-ADMIN + name: Habilitation des administrateurs + description: "L'habilitation des administrateurs s'effectue selon une proc\xE9\ + dure valid\xE9e par l'autorit\xE9 d'homologation. Le nombre de personnes habilit\xE9\ + es pour des op\xE9rations d'administration doit \xEAtre connu et valid\xE9\ + \ par l'autorit\xE9 d'homologation." + - urn: urn:intuitem:risk:req_node:pssie:exp-gest-admin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.1 + ref_id: EXP-GEST-ADMIN + name: Gestion des actions d'administration + description: "Les op\xE9rations d'administration doivent \xEAtre trac\xE9es\ + \ de mani\xE8re \xE0 pouvoir g\xE9rer au niveau individuel l'imputabilit\xE9\ + \ des actions d'administration." + - urn: urn:intuitem:risk:req_node:pssie:exp-sec-fluxadmin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.1 + ref_id: EXP-SEC-FLUXADMIN + name: "S\xE9curisation des flux d'administration" + description: "Les op\xE9rations d'administration sur les ressources locales\ + \ d'une entit\xE9 doivent s'appuyer sur des protocoles s\xE9curis\xE9s. Un\ + \ r\xE9seau d\xE9di\xE9 \xE0 l'administration des \xE9quipements, ou au moins\ + \ un r\xE9seau logiquement s\xE9par\xE9 de celui des utilisateurs, doit \xEA\ + tre utilis\xE9. Les postes d'administrateurs doivent \xEAtre d\xE9di\xE9s\ + \ et ne doivent pas pouvoir acc\xE9der \xE0 Internet." + - urn: urn:intuitem:risk:req_node:pssie:exp-central + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.1 + ref_id: EXP-CENTRAL + name: "Centraliser la gestion du syst\xE8me d'information" + description: "Afin de g\xE9rer efficacement un grand nombre de postes d'utilisateurs,\ + \ de serveurs ou d'\xE9quipements r\xE9seau, les administrateurs doivent utiliser\ + \ des outils centralis\xE9s, permettant l'automatisation de traitements quotidiens\ + \ et offrant une vue globale et pertinente sur le syst\xE8me d'information." + - urn: urn:intuitem:risk:req_node:pssie:exp-secx-dist + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.1 + ref_id: EXP-SECX-DIST + name: "S\xE9curisation des outils de prise de main \xE0 distance" + description: "La prise de main \xE0 distance d'une ressource informatique locale\ + \ ne doit \xEAtre r\xE9alisable que par les agents autoris\xE9s par l'\xE9\ + quipe locale charg\xE9e des SI, sur les ressources informatiques de leur p\xE9\ + rim\xE8tre. Des mesures de s\xE9curit\xE9 sp\xE9cifiques doivent \xEAtre d\xE9\ + finies et respect\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:8.4.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4 + ref_id: 8.4.2 + name: Administration des domaines + - urn: urn:intuitem:risk:req_node:pssie:exp-dom-pol + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.2 + ref_id: EXP-DOM-POL + name: "D\xE9finir une politique de gestion des comptes du domaine" + description: "Une politique explicite de gestion des comptes du domaine doit\ + \ \xEAtre document\xE9e." + - urn: urn:intuitem:risk:req_node:pssie:exp-dom-pass + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.2 + ref_id: EXP-DOM-PASS + name: "Configurer la strat\xE9gie des mots de passe des domaines" + description: "La politique de gestion des mots de passe doit \xEAtre con\xE7\ + ue de fa\xE7on \xE0 prot\xE9ger contre les attaques par essais successifs\ + \ de mots de passe. Une complexit\xE9 minimale dans le choix des mots de passe\ + \ doit \xEAtre impos\xE9e aux utilisateurs." + - urn: urn:intuitem:risk:req_node:pssie:exp-dom-nomenclat + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.2 + ref_id: EXP-DOM-NOMENCLAT + name: "D\xE9finir et appliquer une nomenclature des comptes du domaine" + description: "La gestion des comptes doit s'appuyer sur une nomenclature adapt\xE9\ + e, afin de pouvoir distinguer selon leur usage : comptes d'utilisateur standard,\ + \ comptes d'administration (domaine, serveurs, postes de travail) et comptes\ + \ de service." + - urn: urn:intuitem:risk:req_node:pssie:exp-dom-restadmin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.2 + ref_id: EXP-DOM-RESTADMIN + name: Restreindre au maximum l'appartenance aux groupes d'administration du + domaine + description: "L'appartenance aux groupes du domaine ADMINISTRATEURS DE L'ENTREPRISE\ + \ et ADMINISTRATEURS DU DOMAINE n'est n\xE9cessaire que dans de tr\xE8s rares\ + \ cas. Les op\xE9rations les plus courantes doivent \xEAtre effectu\xE9es\ + \ avec des comptes du domaine membres des groupes locaux d'administration\ + \ des ordinateurs ou ayant une d\xE9l\xE9gation d'administration." + - urn: urn:intuitem:risk:req_node:pssie:exp-dom-serv + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.2 + ref_id: EXP-DOM-SERV + name: "Ma\xEEtriser l'utilisation des comptes de service" + description: "Les comptes de service ont la particularit\xE9 d'avoir g\xE9n\xE9\ + ralement leurs mots de passe inscrits en dur dans des applications ou dans\ + \ des syst\xE8mes. Afin de pouvoir \xEAtre en mesure de changer ces mots de\ + \ passe en urgence, il est n\xE9cessaire de ma\xEEtriser leur utilisation." + - urn: urn:intuitem:risk:req_node:pssie:exp-dom-limitserv + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.2 + ref_id: EXP-DOM-LIMITSERV + name: Limiter les droits des comptes de service + description: "Les comptes de service doivent faire l'objet d'une restriction\ + \ des droits, en suivant le principe du moindre privil\xE8ge." + - urn: urn:intuitem:risk:req_node:pssie:exp-dom-obsolet + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.2 + ref_id: EXP-DOM-OBSOLET + name: "D\xE9sactiver les comptes du domaine obsol\xE8tes" + description: "Il est n\xE9cessaire de d\xE9sactiver imm\xE9diatement, voire\ + \ de supprimer, les comptes obsol\xE8tes, que ce soient des comptes d'utilisateur\ + \ (administrateur, de service ou utilisateur standard) ou des comptes de machine." + - urn: urn:intuitem:risk:req_node:pssie:exp-dom-adminloc + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.2 + ref_id: EXP-DOM-ADMINLOC + name: "Am\xE9liorer la gestion des comptes d'administrateur locaux" + description: "Afin d'emp\xEAcher la r\xE9-utilisation des empreintes d'un compte\ + \ utilisateur local d'une machine \xE0 une autre, il faut soit utiliser des\ + \ mots de passe diff\xE9rents pour les comptes locaux d'administration, soit\ + \ interdire la connexion \xE0 distance via ces comptes." + - urn: urn:intuitem:risk:req_node:pssie:8.4.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4 + ref_id: 8.4.3 + name: Envoi en maintenance et mise au rebut + - urn: urn:intuitem:risk:req_node:pssie:exp-maint-ext + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.3 + ref_id: EXP-MAINT-EXT + name: Maintenance externe + description: "Les donn\xE9es non chiffr\xE9es doivent \xEAtre effac\xE9es avant\ + \ l'envoi en maintenance externe de toute ressource informatique. Les op\xE9\ + rations de chiffrement doivent faire appel \xE0 des produits qualifi\xE9s.\ + \ L'effacement des donn\xE9es sensibles doit s'appuyer sur des produits qualifi\xE9\ + s, ou respecter des proc\xE9dures \xE9tablies en concertation avec l'ANSSI." + - urn: urn:intuitem:risk:req_node:pssie:exp-mis-reb + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.3 + ref_id: EXP-MIS-REB + name: Mise au rebut + description: "Lorsqu'une ressource informatique est amen\xE9e \xE0 quitter d\xE9\ + finitivement l'entit\xE9, les donn\xE9es pr\xE9sentes sur les disques durs\ + \ ou la m\xE9moire int\xE9gr\xE9e doivent \xEAtre effac\xE9es de mani\xE8\ + re s\xE9curis\xE9e. L'effacement des donn\xE9es sensibles doit s'appuyer sur\ + \ des produits qualifi\xE9s, ou respecter des proc\xE9dures \xE9tablies en\ + \ concertation avec l'ANSSI." + - urn: urn:intuitem:risk:req_node:pssie:8.4.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4 + ref_id: 8.4.4 + name: Lutte contre les codes malveillants + - urn: urn:intuitem:risk:req_node:pssie:exp-prot-mal-v + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.4 + ref_id: EXP-PROT-MAL V + name: Protection contre les codes malveillants + description: "Des logiciels de protection contre les codes malveillants, appel\xE9\ + s commun\xE9ment antivirus, doivent \xEAtre install\xE9s sur l'ensemble des\ + \ serveurs d'interconnexion, serveurs applicatifs et postes de travail de\ + \ l'entit\xE9. Ces logiciels de protection doivent \xEAtre distincts pour\ + \ ces trois cat\xE9gories au moins, et le d\xE9pouillement de leurs journaux\ + \ doit \xEAtre corr\xE9l\xE9." + - urn: urn:intuitem:risk:req_node:pssie:exp-ges-antivir + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.4 + ref_id: EXP-GES-ANTIVIR + name: "Gestion des \xE9v\xE9nements de s\xE9curit\xE9 de l'antivirus" + description: "Les \xE9v\xE9nements de s\xE9curit\xE9 de l'antivirus doivent\ + \ \xEAtre remont\xE9s sur un serveur national pour analyse statistique et\ + \ gestion des probl\xE8mes a posteriori (exemples: serveur constamment infect\xE9\ + , virus d\xE9tect\xE9 et non \xE9radiqu\xE9 par l'antivirus, etc.)." + - urn: urn:intuitem:risk:req_node:pssie:exp-maj-antivir + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.4 + ref_id: EXP-MAJ-ANTIVIR + name: "Mise \xE0 jour de la base de signatures" + description: "Les mises \xE0 jour des bases antivirales et des moteurs d'antivirus\ + \ doivent \xEAtre d\xE9ploy\xE9es automatiquement sur les serveurs et les\ + \ postes de travail par un dispositif prescrit par les services centraux." + - urn: urn:intuitem:risk:req_node:pssie:exp-navig + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.4 + ref_id: EXP-NAVIG + name: Configuration du navigateur Internet. + description: "Le navigateur d\xE9ploy\xE9 par J'\xE9quipe locale charg\xE9e\ + \ des SI sur l'ensemble des serveurs et des postes de travail n\xE9cessitant\ + \ un acc\xE8s Internet ou Intranet doit \xEAtre configur\xE9 de mani\xE8re\ + \ s\xE9curis\xE9e (d\xE9sactivation des services inutiles, nettoyage du magasin\ + \ de certificats, etc.)." + - urn: urn:intuitem:risk:req_node:pssie:8.4.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4 + ref_id: 8.4.5 + name: "Mise \xE0 jour des syst\xE8mes et des logiciels" + - urn: urn:intuitem:risk:req_node:pssie:exp-pol-cor + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.5 + ref_id: EXP-POL-COR + name: "D\xE9finir et mettre en \u0153uvre une politique de suivi et d'application\ + \ des correctifs de s\xE9curit\xE9" + description: "Le maintien dans le temps du niveau de s\xE9curit\xE9 d'un syst\xE8\ + me d'information impose une gestion organis\xE9e et adapt\xE9e des mises \xE0\ + \ jour de s\xE9curit\xE9. Un processus de gestion des correctifs propre \xE0\ + \ chaque syst\xE8me ou applicatif doit \xEAtre d\xE9fini, et adapt\xE9 suivant\ + \ les contraintes et Je niveau d'exposition du syst\xE8me." + - urn: urn:intuitem:risk:req_node:pssie:exp-cor-sec + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.5 + ref_id: EXP-COR-SEC + name: "D\xE9ploiement des correctifs de s\xE9curit\xE9" + description: "Les correctifs de s\xE9curit\xE9 des ressources informatiques\ + \ locales doivent \xEAtre d\xE9ploy\xE9s par l'\xE9quipe locale charg\xE9\ + e des SI en s'appuyant sur les pr\xE9conisations et outils propos\xE9s par\ + \ les services centraux." + - urn: urn:intuitem:risk:req_node:pssie:exp-obsolet + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.5 + ref_id: EXP-OBSOLET + name: "Assurer la migration des syst\xE8mes obsol\xE8tes" + description: "L'ensemble des logiciels utilis\xE9s sur le syst\xE8me d'information\ + \ doit \xEAtre dans une version pour laquelle l'\xE9diteur assure le support,\ + \ et tenu \xE0 jour. En cas de d\xE9faillance du support, il convient d'en\ + \ \xE9tudier l'impact et de prendre les mesures adapt\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:exp-isol + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.5 + ref_id: EXP-ISOL + name: "Isoler les syst\xE8mes obsol\xE8tes restants" + description: "Il est n\xE9cessaire d'isoler les syst\xE8mes obsol\xE8tes, gard\xE9\ + s volontairement pour assurer un maintien en condition op\xE9rationnelle des\ + \ projets, et pour lesquels une migration n'est pas envisageable. Chaque fois\ + \ que cela est possible, cette isolation doit \xEAtre effectu\xE9e au niveau\ + \ du r\xE9seau (filtrage strict), des \xE9l\xE9ments d'authentification (qui\ + \ ne doivent pas \xEAtre communs avec le reste du SI) et des applications\ + \ (pas de ressources partag\xE9es avec le reste du SI)." + - urn: urn:intuitem:risk:req_node:pssie:8.4.6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4 + ref_id: 8.4.6 + name: Journalisation + - urn: urn:intuitem:risk:req_node:pssie:exp-jour-sur + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.6 + ref_id: EXP-JOUR-SUR + name: Journalisation des alertes + description: "Chaque syst\xE8me doit disposer de dispositifs de journalisation\ + \ permettant de conserver une trace des \xE9v\xE9nements de s\xE9curit\xE9\ + . Ces traces doivent \xEAtre conserv\xE9es de mani\xE8re s\xFBre." + - urn: urn:intuitem:risk:req_node:pssie:exp-pol-jour + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.6 + ref_id: EXP-POL-JOUR + name: "D\xE9finir et mettre en \u0153uvre une politique de gestion et d'analyse\ + \ des journaux de traces" + description: "Une politique de gestion et d'analyse des journaux de traces des\ + \ \xE9v\xE9nements de s\xE9curit\xE9 est d\xE9finie par le RSSI, valid\xE9\ + e par l'autorit\xE9 qualifi\xE9e, et mise en \u0153uvre. Le niveau de s\xE9\ + curit\xE9 d'un syst\xE8me d'information d\xE9pend en grande partie de la capacit\xE9\ + \ de ses exploitants et administrateurs \xE0 d\xE9tecter les erreurs, dysfonctionnements\ + \ et tentatives d'acc\xE8s illicites survenant sur les \xE9l\xE9ments qui\ + \ le composent." + - urn: urn:intuitem:risk:req_node:pssie:exp-cons-jour + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.4.6 + ref_id: EXP-CONS-JOUR + name: Conservation des journaux + description: "Les journaux des \xE9v\xE9nements de s\xE9curit\xE9 doivent \xEA\ + tre conserv\xE9s sur douze mois glissants, hors contraintes l\xE9gales et\ + \ r\xE9glementaires particuli\xE8res imposant des dur\xE9es de conservation\ + \ sp\xE9cifiques." + - urn: urn:intuitem:risk:req_node:pssie:8.5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:8 + ref_id: '8.5' + name: "D\xE9fense des syst\xE8mes d'information" + - urn: urn:intuitem:risk:req_node:pssie:objectif-23 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5 + ref_id: Objectif 23 + name: "d\xE9fense des syst\xE8mes d'information" + description: "D\xE9fendre les SI n\xE9cessite une vigilance de tous, et des\ + \ actions permanentes" + - urn: urn:intuitem:risk:req_node:pssie:exp-ges-dyn + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5 + ref_id: EXP-GES-DYN + name: "Gestion dynamique de la s\xE9curit\xE9" + description: "L'\xE9quipe en charge de la SSI doit proc\xE9der, notamment via\ + \ l'analyse des journaux, \xE0 la surveillance des comportements anormaux\ + \ au sein du syst\xE8me d'information, et \xE0 la surveillance des flux d'entr\xE9\ + e et de sortie du syst\xE8me d'information." + - urn: urn:intuitem:risk:req_node:pssie:8.5.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5 + ref_id: 8.5.1 + name: "Gestion des mat\xE9riels informatiques fournis \xE0 l'utilisateur" + - urn: urn:intuitem:risk:req_node:pssie:exp-mait-mat + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5.1 + ref_id: EXP-MAIT-MAT + name: "Ma\xEEtrise des mat\xE9riels" + description: "Les postes de travail - y compris dans le cas d'une location -\ + \ sont fournis \xE0 l'utilisateur par l'entit\xE9, g\xE9r\xE9s et configur\xE9\ + s sous la responsabilit\xE9 de l'entit\xE9. La connexion d'\xE9quipements\ + \ non ma\xEEtris\xE9s, non administr\xE9s ou non mis \xE0 jour par l'entit\xE9\ + \ (qu'il s'agisse d'ordiphones, d'\xE9quipements informatiques nomades et\ + \ fixes ou de supports de stockage amovibles) sur des \xE9quipements et des\ + \ r\xE9seaux professionnels est interdite." + - urn: urn:intuitem:risk:req_node:pssie:exp-prot-vol + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5.1 + ref_id: EXP-PROT-VOL + name: Rappel des mesures de protection contre le vol + description: "Les postes fixes b\xE9n\xE9ficient des mesures de protection physique\ + \ offertes au titre de la directive de s\xE9curit\xE9 physique de la pr\xE9\ + sente PSSIE. Chaque utilisateur doit veiller \xE0 la s\xE9curit\xE9 des supports\ + \ amovibles (cl\xE9s USB et disques amovibles), notamment en les conservant\ + \ dans un endroit s\xFBr. Il est recommand\xE9 de chiffrer les donn\xE9es\ + \ contenues sur ces supports. Les supports contenant des donn\xE9es sensibles\ + \ doivent \xEAtre stock\xE9s dans des meubles fermant \xE0 clef." + - urn: urn:intuitem:risk:req_node:pssie:exp-declar-vol + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5.1 + ref_id: EXP-DECLAR-VOL + name: "D\xE9clarer les pertes et vols" + description: "Toute perte ou vol d'une ressource d'un syst\xE8me d'information\ + \ doit \xEAtre d\xE9clar\xE9e au RSSI." + - urn: urn:intuitem:risk:req_node:pssie:exp-reaffect + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5.1 + ref_id: EXP-REAFFECT + name: "R\xE9affectation de mat\xE9riels informatiques" + description: "Une proc\xE9dure de gestion des postes et supports dans le cadre\ + \ de d\xE9parts de personnel ou de r\xE9affectations \xE0 de nouveaux utilisateurs\ + \ doit \xEAtre mise en place et valid\xE9e par le RSSI. Elle doit d\xE9finir\ + \ les conditions de recours \xE0 un effacement des donn\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:8.5.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5 + ref_id: 8.5.2 + name: Nomadisme + - urn: urn:intuitem:risk:req_node:pssie:exp-nomad-sens + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5.2 + ref_id: EXP-NOMAD-SENS + name: "D\xE9claration des \xE9quipements nomades aptes \xE0 traiter des informations\ + \ sensibles" + description: "L'autorit\xE9 d'homologation du SI valide les usages possibles\ + \ des \xE9quipements nomades vis-\xE0-vis du traitement des informations sensibles\ + \ ; les usages non explicitement autoris\xE9s sont interdits." + - urn: urn:intuitem:risk:req_node:pssie:exp-acc-dist + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5.2 + ref_id: EXP-ACC-DIST + name: "Acc\xE8s \xE0 distance au syst\xE8me d'information de l'organisme" + description: "Les utilisateurs distants doivent s'authentifier sur le r\xE9\ + seau de l'entit\xE9 en utilisant une m\xE9thode conforme \xE0 l'annexe B3\ + \ du RGS." + - urn: urn:intuitem:risk:req_node:pssie:8.5.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5 + ref_id: 8.5.3 + name: "S\xE9curisation des imprimantes et copieurs multifonctions manipulant\ + \ des informations sensibles" + - urn: urn:intuitem:risk:req_node:pssie:exp-imp-sens + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5.3 + ref_id: EXP-IMP-SENS + name: Impression des informations sensibles + description: "Les impressions d'informations sensibles doivent \xEAtre effectu\xE9\ + es selon une proc\xE9dure pr\xE9d\xE9finie, garantissant le contr\xF4le de\ + \ l'utilisateur, du d\xE9clenchement de l'impression jusqu'\xE0 la r\xE9cup\xE9\ + ration du support imprim\xE9." + - urn: urn:intuitem:risk:req_node:pssie:exp-imp-2 + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.5.3 + ref_id: EXP-IMP-2 + name: "S\xE9curit\xE9 des imprimantes et copieurs multifonctions" + description: "Les imprimantes et copieurs multifonctions sont des ressources\ + \ informatiques \xE0 part enti\xE8re qui doivent \xEAtre g\xE9r\xE9es en tant\ + \ que telles. Elles ne doivent pas pouvoir communiquer avec l'ext\xE9rieur." + - urn: urn:intuitem:risk:req_node:pssie:8.6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:8 + ref_id: '8.6' + name: Exploitation des centres informatiques + - urn: urn:intuitem:risk:req_node:pssie:objectif-24 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6 + ref_id: Objectif 24 + name: "exploitation s\xE9curis\xE9e des centres informatiques" + description: "Exploiter de mani\xE8re s\xE9curis\xE9e les centres informatiques\ + \ en s'appuyant sur des proc\xE9dures adapt\xE9es et sur la maitrise des outils\ + \ de supervision." + - urn: urn:intuitem:risk:req_node:pssie:8.6.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6 + ref_id: 8.6.1 + name: "S\xE9curit\xE9 des ressources informatiques" + description: "Les r\xE8gles suivantes sont pr\xE9sent\xE9es selon le mod\xE8\ + le qui structure l'architecture des applications selon trois Tiers (Pr\xE9\ + sentation -Application - Donn\xE9es). Les socles techniques d\xE9ploy\xE9\ + s dans chaque Tiers - en particulier les r\xE8gles de s\xE9curit\xE9 \xE0\ + \ appliquer - sont pr\xE9cis\xE9s dans un cadre de coh\xE9rence technique\ + \ minist\xE9riel (CCT)." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-os + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-OS + name: "Syst\xE8mes d'exploitation" + description: "Les syst\xE8mes d'exploitation d\xE9ploy\xE9s doivent faire l'objet\ + \ d'un support valide de la part d'un \xE9diteur ou d'un prestataire de service.\ + \ Seuls les services et applications n\xE9cessaires sont install\xE9s, de\ + \ fa\xE7on \xE0 r\xE9duire la surface d'attaque. Une attention particuli\xE8\ + re doit \xEAtre apport\xE9e aux comptes administrateurs." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-ltp + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-LTP + name: "Logiciels en Tiers Pr\xE9sentation" + description: "La mise en \u0153uvre d'une configuration renforc\xE9e est obligatoire\ + \ sur les logiciels d\xE9ploy\xE9s pour le tiers pr\xE9sentation (ex : serveur\ + \ Web, Reverse Proxy)." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-lta + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-LTA + name: Logiciels en Tiers Application + description: "Des r\xE8gles de d\xE9veloppement s\xE9curis\xE9, et les configurations\ + \ des logiciels en Tiers Application doivent \xEAtre fix\xE9es et appliqu\xE9\ + es. Elles sont d\xE9taill\xE9es dans le cadre de coh\xE9rence technique (CCT)." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-ltd + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-LTD + name: "Logiciels en Tiers Donn\xE9es" + description: "Des r\xE8gles tr\xE8s strictes (restrictions d'acc\xE8s, interdictions\ + \ de connexions, gestion des privil\xE8ges) s'appliquent aux logiciels en\ + \ tiers donn\xE9es. Ces r\xE8gles doivent \xEAtre d\xE9taill\xE9es dans le\ + \ cadre de coh\xE9rence technique (CCT)." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-protfic + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-PROTFIC + name: "Passerelle d'\xE9change de fichiers" + description: "Les \xE9changes de fichiers entre applications doivent privil\xE9\ + gier les protocoles s\xE9curis\xE9s (SSUTLS, FTPS ...)." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-messtech + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-MESSTECH + name: Messagerie technique + description: "Pour satisfaire les besoins d'exploitation et de supervision des\ + \ infrastructures et des applications, une messagerie dite technique peut\ + \ \xEAtre d\xE9ploy\xE9e en zone de Back-office du centre informatique. Cette\ + \ messagerie technique ne doit \xEAtre en aucun cas utilis\xE9e directement\ + \ par un utilisateur." + - urn: urn:intuitem:risk:req_node:pssie:exp-cl-filt + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-Cl-FILT + name: Filtrage des flux applicatifs + description: "De fa\xE7on \xE0 garantir un niveau de s\xE9curit\xE9 satisfaisant\ + \ face aux attaques informatiques, des m\xE9canismes de filtrage et de cloisonnement\ + \ doivent \xEAtre mis en \u0153uvre." + - urn: urn:intuitem:risk:req_node:pssie:exp-cj-admin + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CJ-ADMIN + name: Flux d'administration + description: "D'une mani\xE8re g\xE9n\xE9rale, il convient de diff\xE9rencier\ + \ deux type de flux d'administration : les flux d'administration de l'infrastructure\ + \ (r\xE9serv\xE9s aux agents du centre informatique) d'une part, les flux\ + \ d'administration des applications m\xE9tier (r\xE9serv\xE9s \xE0 la direction\ + \ m\xE9tier) d'autre part. L'attribution des droits d'administration doit\ + \ respecter cette diff\xE9renciation, et les 2 types de flux d'administration\ + \ doivent \xEAtre dans la mesure du possible cloisonn\xE9s." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-dns + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-DNS + name: Service de noms de domaine - DNS technique + description: "Dans le cas du d\xE9ploiement d'un serveur de noms de domaines\ + \ pour les besoins techniques internes au centre informatique, on utilisera\ + \ les extensions s\xE9curis\xE9es DNSSEC." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-effac + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-EFFAC + name: Effacement de support + description: "Le reconditionnement et la r\xE9utilisation des disques durs pour\ + \ un autre usage (ex : r\xE9-attribution d'une machine/serveur) ne sont autoris\xE9\ + s qu'apr\xE8s une op\xE9ration d'effacement s\xE9curis\xE9 des donn\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-destr + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-DESTR + name: destruction de support + description: "La fin de vie d'un support ou d'un mat\xE9riel embarquant un support\ + \ de stockage (imprimante, routeur, commutateur...) doit s'accompagner d'une\ + \ op\xE9ration de destruction avant remise au constructeur." + - urn: urn:intuitem:risk:req_node:pssie:exp-cl-trac + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-Cl-TRAC + name: "Tra\xE7abilit\xE9 / imputabilit\xE9." + description: "Afin d'assurer une coh\xE9rence dans les \xE9changes entre applications\ + \ ainsi qu'une tra\xE7abilit\xE9 pertinente des \xE9v\xE9nements techniques\ + \ et de s\xE9curit\xE9, les centres d'exploitation emploient une r\xE9f\xE9\ + rence de temps commune (service NTP, Network Time Protocol)." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-supervis + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-SUPERVIS + name: Supervision + description: "Un cloisonnement entre les flux de supervision (remont\xE9e d'informations)\ + \ et les flux d'administration (commandes, mises \xE0 jour) doit \xEAtre mis\ + \ en place." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-amov + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-AMOV + name: "Acc\xE8s aux p\xE9riph\xE9riques amovibles." + description: "L'acc\xE8s aux supports informatiques amovibles fait l'objet d'un\ + \ traitement adapt\xE9, plus particuli\xE8rement lorsqu'ils ont \xE9t\xE9\ + \ utilis\xE9s pour m\xE9moriser de l'information sensible ou lorsqu'ils sont\ + \ utilis\xE9s pour des op\xE9rations d'exploitation." + - urn: urn:intuitem:risk:req_node:pssie:exp-ci-accres + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-CI-ACCRES + name: "Acc\xE8s aux r\xE9seaux" + description: "Dans un centre informatique, Je contr\xF4le physique des acc\xE8\ + s r\xE9seaux, l'attribution des adresses IP, le filtrage des informations\ + \ et l'usage de dispositifs sp\xE9cifiques (machines virtuelles, cartes d'administration\ + \ \xE0 distance, etc.) font l'objet de proc\xE9dures s\xE9curis\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:exp-cl-audit + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:8.6.1 + ref_id: EXP-Cl-AUDIT + name: "Audit/contr\xF4le" + description: "Le RSSI pilote des audits r\xE9guliers du syst\xE8me d'information\ + \ relevant de sa responsabilit\xE9." + - urn: urn:intuitem:risk:req_node:pssie:9 + assessable: false + depth: 1 + ref_id: '9' + name: "S\xE9curit\xE9 du poste de travail" + - urn: urn:intuitem:risk:req_node:pssie:9.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:9 + ref_id: '9.1' + name: "S\xE9curisation des postes de travail" + - urn: urn:intuitem:risk:req_node:pssie:objectif-25 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1 + ref_id: Objectif 25 + name: "s\xE9curisation des postes de travail" + description: "Durcir les configurations des postes de travail en prot\xE9geant\ + \ /es utilisateurs." + - urn: urn:intuitem:risk:req_node:pssie:9.1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1 + ref_id: 9.1.1 + name: "Mise \xE0 disposition du poste" + - urn: urn:intuitem:risk:req_node:pssie:pdt-gest + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.1 + ref_id: PDT-GEST + name: Fourniture et gestion des postes des travail + description: "Les postes de travail utilis\xE9s dans le cadre professionnel\ + \ sont roumis et g\xE9r\xE9s par l'\xE9quipe locale charg\xE9e des SI." + - urn: urn:intuitem:risk:req_node:pssie:pdt-config + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.1 + ref_id: PDT-CONFIG + name: Formalisation de la configuration des postes des travail + description: "Une proc\xE9dure formalis\xE9e de configuration des postes de\ + \ travail est \xE9tablie par chaque entit\xE9, conform\xE9ment aux directives\ + \ nationales existantes." + - urn: urn:intuitem:risk:req_node:pssie:9.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1 + ref_id: 9.1.2 + name: "S\xE9curit\xE9 physique des postes de travail" + - urn: urn:intuitem:risk:req_node:pssie:pdt-verouil-fixe + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.2 + ref_id: PDT-VEROUIL-FIXE + name: "Verrouillage de l'unit\xE9 centrale des postes fixes" + description: "Lorsque l'unit\xE9 centrale d'un poste fixe est peu volumineuse,\ + \ donc susceptible d'\xEAtre facilement emport\xE9e, elle doit \xEAtre prot\xE9\ + g\xE9e contre le vol par un syst\xE8me d'attache (par exemple un c\xE2ble\ + \ antivol)." + - urn: urn:intuitem:risk:req_node:pssie:pdt-verouil-port + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.2 + ref_id: PDT-VEROUIL-PORT + name: Verrouillage des postes portables + description: "Un c\xE2ble physique de s\xE9curit\xE9 doit \xEAtre fourni avec\ + \ chaque poste portable. Les utilisateurs doivent \xEAtre sensibilis\xE9s\ + \ \xE0 son utilisation." + - urn: urn:intuitem:risk:req_node:pssie:9.1.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1 + ref_id: 9.1.3 + name: "R\xE9affectation du poste et r\xE9cup\xE9ration d'informations" + - urn: urn:intuitem:risk:req_node:pssie:pdt-reaffect + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.3 + ref_id: PDT-REAFFECT + name: "R\xE9affectation du poste de travail" + description: "Une proc\xE9dure SSI d\xE9finit les r\xE8gles concernant le traitement\ + \ \xE0 appliquer aux informations ayant \xE9t\xE9 stock\xE9es ou manipul\xE9\ + es sur les postes r\xE9affect\xE9s." + - urn: urn:intuitem:risk:req_node:pssie:9.1.4 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1 + ref_id: 9.1.4 + name: "Gestion des privil\xE8ges sur les postes de travail" + - urn: urn:intuitem:risk:req_node:pssie:pdt-privjl + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.4 + ref_id: PDT-PRIVJL + name: "Privil\xE8ges des utilisateurs sur les postes de travail" + description: "La gestion des privil\xE8ges des utilisateurs sur leurs postes\ + \ de travail doit suivre le principe du \xAB moindre privil\xE8ge \xBB : chaque\ + \ utilisateur ne doit disposer que des privil\xE8ges n\xE9cessaires \xE0 la\ + \ conduite des actions relevant de sa mission." + - urn: urn:intuitem:risk:req_node:pssie:pdt-priv + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.4 + ref_id: PDT-PRIV + name: "Utilisation des privil\xE8ges d'acc\xE8s \xABadministrateur\xBB" + description: "Les privil\xE8ges d'acc\xE8s \xAB administrateur \xBB doivent\ + \ \xEAtre utilis\xE9s uniquement pour les actions d'administration le n\xE9\ + cessitant." + - urn: urn:intuitem:risk:req_node:pssie:pdt-adm-local + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.4 + ref_id: PDT-ADM-LOCAL + name: "Gestion du compte \xAB administrateur local\xBB" + description: "L'acc\xE8s au compte \xAB administrateur local \xBB sur les postes\ + \ de travail doit \xEAtre strictement limit\xE9 aux \xE9quipes en charge de\ + \ l'exploitation et du support sur ces postes de travail." + - urn: urn:intuitem:risk:req_node:pssie:9.1.5 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1 + ref_id: 9.1.5 + name: Protection des informations + - urn: urn:intuitem:risk:req_node:pssie:pdt-stock + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.5 + ref_id: PDT-STOCK + name: Stockage des informations + description: "Dans la mesure du possible, les donn\xE9es trait\xE9es par les\ + \ utilisateurs doivent \xEAtre stock\xE9es sur des espaces r\xE9seau, eux-m\xEA\ + mes sauvegard\xE9s selon les exigences des entit\xE9s et en accord avec les\ + \ r\xE8gles de s\xE9curit\xE9 en vigueur." + - urn: urn:intuitem:risk:req_node:pssie:pdt-sauv-loc + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.5 + ref_id: PDT-SAUV-LOC + name: "Sauvegarde / synchronisation des donn\xE9es locales" + description: "Dans le cas o\xF9 des donn\xE9es doivent \xEAtre stock\xE9es en\ + \ local sur le poste de travail, des moyens de synchronisation ou de sauvegarde\ + \ doivent \xEAtre fournis aux utilisateurs." + - urn: urn:intuitem:risk:req_node:pssie:pdt-part-fic + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.5 + ref_id: PDT-PART-FIC + name: Partage de fichiers + description: "Le partage de r\xE9pertoires ou de donn\xE9es h\xE9berg\xE9es\ + \ localement sur les postes de travail n'est pas autoris\xE9." + - urn: urn:intuitem:risk:req_node:pssie:pdt-suppr-part + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.5 + ref_id: PDT-SUPPR-PART + name: "Suppression des donn\xE9es sur les postes partag\xE9s" + description: "Les donn\xE9es pr\xE9sentes sur les postes partag\xE9s (portable\ + \ de pr\xEAt, par exemple) doivent \xEAtre supprim\xE9es entre deux utilisations,\ + \ d\xE8s lors que les utilisateurs ne disposent pas du m\xEAme besoin d'en\ + \ conna\xEEtre." + - urn: urn:intuitem:risk:req_node:pssie:pdt-chiff-sens + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.5 + ref_id: PDT-CHIFF-SENS + name: "Chiffrement des donn\xE9es sensibles" + description: "Une solution de chiffrement labellis\xE9e doit \xEAtre mise \xE0\ + \ disposition des utilisateurs et des administrateurs afin de chiffrer les\ + \ donn\xE9es sensibles stock\xE9es sur les postes de travail, les serveurs,\ + \ les espaces de travail, ou les supports amovibles." + - urn: urn:intuitem:risk:req_node:pssie:pdt-amov + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.5 + ref_id: PDT-AMOV + name: Fourniture de supports de stockage amovibles + description: "Les supports de stockage amovibles (cl\xE9s USB et disque durs\ + \ externes, notamment) doivent \xEAtre fournis aux utilisateurs par l'\xE9\ + quipe locale charg\xE9e des SI." + - urn: urn:intuitem:risk:req_node:pssie:9.1.6 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1 + ref_id: 9.1.6 + name: Nomadisme + - urn: urn:intuitem:risk:req_node:pssie:pdt-nomad-access + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.6 + ref_id: PDT-NOMAD-ACCESS + name: "Acc\xE8s \xE0 distance aux Syst\xE8mes d'information de l'entit\xE9" + description: "Les acc\xE8s \xE0 distance aux SI de l'entit\xE9 (acc\xE8s dits\ + \ \xABnomades\xBB) doivent \xEAtre r\xE9alis\xE9s via les infrastructures\ + \ nationales. Lorsque l'acc\xE8s \xE0 distance utilise d'autres infrastructures,\ + \ l'usage de r\xE9seaux priv\xE9s virtuels (VPN) de confiance est n\xE9cessaire." + - urn: urn:intuitem:risk:req_node:pssie:pdt-nomad-parefeu + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.6 + ref_id: PDT-NOMAD-PAREFEU + name: Pare-feu local + description: "Un pare-feu local conforme aux directives nationales doit \xEA\ + tre install\xE9 sur les postes nomades." + - urn: urn:intuitem:risk:req_node:pssie:pdt-nomad-stock + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.6 + ref_id: PDT-NOMAD-STOCK + name: Stockage local d'information sur les postes nomades + description: "Le stockage local d'information sur les postes de travail nomades\ + \ doit \xEAtre limit\xE9 au strict n\xE9cessaire. Les informations sensibles\ + \ doivent \xEAtre obligatoirement chiffr\xE9es par un moyen de chiffrement\ + \ labellis\xE9." + - urn: urn:intuitem:risk:req_node:pssie:pdt-nomad-filt + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.6 + ref_id: PDT-NOMAD-FILT + name: "Filtre de confidentialit\xE9" + description: "Pour les postes de travail nomades manipulant des donn\xE9es sensibles,\ + \ un filtre de confidentialit\xE9 doit \xEAtre fourni et \xEAtre positionn\xE9\ + \ sur l'\xE9cran d\xE8s lors que le poste est utilis\xE9 en dehors de l'entit\xE9\ + ." + - urn: urn:intuitem:risk:req_node:pssie:pdt-nomad-connex + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.6 + ref_id: PDT-NOMAD-CONNEX + name: Configuration des interfaces de connexion sans fil + description: La configuration des interfaces de connexion sans fil doit interdire + les usages dangereux de ces interfaces. + - urn: urn:intuitem:risk:req_node:pssie:pdt-nomad-desactiv + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:9.1.6 + ref_id: PDT-NOMAD-DESACTIV + name: "D\xE9sactivation des interfaces de connexion sans fil" + description: "Des r\xE8gles de configuration des interfaces de connexion sans\ + \ fil (Wifi, Bluetooth, 3G \u2026), permettant d'interdire les usages non\ + \ ma\xEEtris\xE9s et d'\xE9viter les intrusions via ces interfaces, doivent\ + \ \xEAtre d\xE9finies et appliqu\xE9es. Les interfaces sans fil ne doivent\ + \ \xEAtre activ\xE9es qu'en cas de besoin." + - urn: urn:intuitem:risk:req_node:pssie:9.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:9 + ref_id: '9.2' + name: "S\xE9curisation des imprimantes et copieurs multifonctions" + - urn: urn:intuitem:risk:req_node:pssie:objectif-26 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.2 + ref_id: Objectif 26 + name: "s\xE9curisation des copieurs multifonctions" + description: "Param\xE9trer /es imprimantes et copieurs multifonctions afin\ + \ de diminuer leur surface d'attaque." + - urn: urn:intuitem:risk:req_node:pssie:pdt-mul-durciss + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.2 + ref_id: PDT-MUL-DURCISS + name: Durcissement des imprimantes et copieurs multifonctions + description: "Les imprimantes et copieurs multifonctions h\xE9berg\xE9s localement\ + \ dans une entit\xE9 doivent faire l'objet d'un durcissement en termes de\ + \ s\xE9curit\xE9 : changement des mots de passe initialement fix\xE9s par\ + \ le \xAB constructeur\xBB, d\xE9sactivation des interfaces r\xE9seau inutiles,\ + \ suppression des services inutiles, chiffrement des donn\xE9es sur le disque\ + \ dur lorsque cette fonctionnalit\xE9 est disponible, configuration r\xE9\ + seau statique." + - urn: urn:intuitem:risk:req_node:pssie:pdt-mul-secnum + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.2 + ref_id: PDT-MUL-SECNUM + name: "S\xE9curisation de la fonction de num\xE9risation" + description: "Lorsqu'elle est activ\xE9e, la fonction de num\xE9risation sur\ + \ les copieurs multifonctions h\xE9berg\xE9s dans une entit\xE9 doit \xEA\ + tre s\xE9curis\xE9e. \nLes mesures de s\xE9curit\xE9 suivantes doivent notamment\ + \ \xEAtre appliqu\xE9es : \n* envoi de documents uniquement \xE0 destination\ + \ d'une adresse de messagerie interne \xE0 l'entit\xE9, \n* envoi uniquement\ + \ \xE0 une seule adresse de messagerie." + - urn: urn:intuitem:risk:req_node:pssie:9.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:9 + ref_id: '9.3' + name: "S\xE9curisation de la t\xE9l\xE9phonie" + - urn: urn:intuitem:risk:req_node:pssie:objectif-27 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.3 + ref_id: Objectif 27 + name: "s\xE9curisation de la t\xE9l\xE9phonie" + description: "S\xE9curiser la t\xE9l\xE9phonie pour prot\xE9ger les utilisateurs\ + \ contre des attaques malveillantes." + - urn: urn:intuitem:risk:req_node:pssie:pdt-tel-minim + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.3 + ref_id: PDT-TEL-MINIM + name: "S\xE9curiser la configuration des autocommutateurs" + description: "Les autocommutateurs doivent \xEAtre maintenus \xE0 jour au niveau\ + \ des correctifs de s\xE9curit\xE9. Leur configuration doit \xEAtre durcie.\ + \ La d\xE9finition et l'affectation des droits d'acc\xE8s et des privil\xE8\ + ges aux utilisateurs (transfert d\xE9part-d\xE9part, entr\xE9e en tiers, interphonie,\ + \ autorisation de d\xE9blocage, renvoi sur num\xE9ro ext\xE9rieur, substitution,\ + \ substitution de privil\xE8ge, interception d'appel dirig\xE9, etc.) doivent\ + \ faire l'objet d'une attention particuli\xE8re. Une revue de la programmation\ + \ t\xE9l\xE9phonique doit \xEAtre organis\xE9e p\xE9riodiquement." + - urn: urn:intuitem:risk:req_node:pssie:pot-tel-codes + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.3 + ref_id: POT-TEL-CODES + name: "Codes d'acc\xE8s t\xE9l\xE9phoniques" + description: "Il est n\xE9cessaire de sensibiliser les utilisateurs au besoin\ + \ de modifier le code d'acc\xE8s de leur t\xE9l\xE9phone et de leur messagerie\ + \ vocale." + - urn: urn:intuitem:risk:req_node:pssie:pdt-tel-dect + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.3 + ref_id: PDT-TEL-DECT + name: Limiter l'utilisation du DECT + description: "Les communications r\xE9alis\xE9es au travers du protocole DECT\ + \ sont susceptibles d'\xEAtre intercept\xE9es, m\xEAme si les m\xE9canismes\ + \ d'authentification et de chiffrement que propose ce protocole sont activ\xE9\ + s. Il est recommand\xE9 d'attribuer des postes t\xE9l\xE9phoniques filaires\ + \ aux utilisateurs dont les \xE9changes sont les plus sensibles." + - urn: urn:intuitem:risk:req_node:pssie:9.4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:9 + ref_id: '9.4' + name: "Contr\xF4les de conformit\xE9" + - urn: urn:intuitem:risk:req_node:pssie:pdt-conf-verif + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:9.4 + ref_id: PDT-CONF-VERIF + name: "Utiliser des outils de v\xE9rification automatique de la conformit\xE9" + description: "Un outil de v\xE9rification r\xE9guli\xE8re de la conformit\xE9\ + \ des \xE9l\xE9ments de configuration des postes de travail doit \xEAtre mis\ + \ en place, afin d'\xE9viter une d\xE9rive dans le temps de ces \xE9l\xE9\ + ments de configuration." + - urn: urn:intuitem:risk:req_node:pssie:10 + assessable: false + depth: 1 + ref_id: '10' + name: "S\xE9curit\xE9 du d\xE9veloppement des syst\xE8mes" + - urn: urn:intuitem:risk:req_node:pssie:10.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:10 + ref_id: '10.1' + name: "D\xE9veloppement des syst\xE8mes" + - urn: urn:intuitem:risk:req_node:pssie:objectif-29 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.1 + ref_id: Objectif 29 + name: "prise en compte de la s\xE9curit\xE9 dans le d\xE9veloppement des SI" + description: "Reconnaitre la s\xE9curit\xE9 comme une fonction essentielle,\ + \ et la prendre en compte d\xE8s la conception des projets." + - urn: urn:intuitem:risk:req_node:pssie:dev-integr-secloc + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.1 + ref_id: DEV-INTEGR-SECLOC + name: "Int\xE9grer la s\xE9curit\xE9 dans les d\xE9veloppements locaux" + description: "Toute initiative locale de d\xE9veloppement informatique doit\ + \ respecter les exigences nationales en mati\xE8re de SSI, concernant la prise\ + \ en compte de la s\xE9curit\xE9 dans les projets et les d\xE9veloppements\ + \ informatiques. Le service \xE0 l'origine du projet se porte garant de l'application\ + \ du r\xE9f\xE9rentiel g\xE9n\xE9ral de s\xE9curit\xE9, et de l'application\ + \ d 'une d\xE9marche d'homologation du syst\xE8me." + - urn: urn:intuitem:risk:req_node:pssie:dev-sous-trait + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.1 + ref_id: DEV-SOUS-TRAIT + name: "Int\xE9grer des clauses SSI dans les contrats de sous-traitance de d\xE9\ + veloppement informatique." + description: "Lors de l'\xE9criture d'un contrat de sous-traitance de d\xE9\ + veloppement, plusieurs clauses relatives \xE0 la SSI doivent \xEAtre int\xE9\ + gr\xE9es : \n\n* formation obligatoire des d\xE9veloppeurs sur le d\xE9veloppement\ + \ s\xE9curis\xE9 et sur les vuln\xE9rabilit\xE9s classiques ; \n* utilisation\ + \ obligatoire d'outils permettant de minimiser les erreurs introduites durant\ + \ le d\xE9veloppement (outils gratuits d'analyse statique de code, utilisation\ + \ de biblioth\xE8ques r\xE9put\xE9es pour leur s\xE9curit\xE9, etc.) ; \n\ + * production de documentation technique d\xE9crivant l'implantation des protections\ + \ d\xE9velopp\xE9es (gestion de l'authentification, stockage des mots de passe,\ + \ gestion des droits, chiffrement, etc.) ; \n* respect de normes de d\xE9\ + veloppement s\xE9curis\xE9, qu'elles soient propres au d\xE9veloppeur, publiques\ + \ ou propres au commanditaire ; \n* obligation pour le prestataire de corriger,\ + \ dans un temps raisonnable et pour un prix d\xE9fini, les vuln\xE9rabilit\xE9\ + s introduites durant le d\xE9veloppement et qui lui sont remont\xE9es, en\ + \ incluant automatiquement les corrections des autres occurrences des m\xEA\ + mes erreurs de programmation." + - urn: urn:intuitem:risk:req_node:pssie:10.2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:10 + ref_id: '10.2' + name: "D\xE9veloppements logiciels et s\xE9curit\xE9" + - urn: urn:intuitem:risk:req_node:pssie:objectif-30 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.2 + ref_id: Objectif 30 + name: "prise en compte de la s\xE9curit\xE9 dans le d\xE9veloppement des logiciels" + description: "Mener les d\xE9veloppements logiciels selon une m\xE9thodologie\ + \ de s\xE9curisation du code produit." + - urn: urn:intuitem:risk:req_node:pssie:dev-fuites + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.2 + ref_id: DEV-FUITES + name: Limiter les fuites d'information + description: "Les fuites d'informations techniques sur les logiciels utilis\xE9\ + s permettent aux attaquants de d\xE9celer plus facilement d'\xE9ventuelles\ + \ vuln\xE9rabilit\xE9s. Il est imp\xE9ratif de limiter fortement la diffusion\ + \ d'informations au sujet des produits utilis\xE9s, m\xEAme si cette pr\xE9\ + caution ne constitue pas une protection en tant que telle." + - urn: urn:intuitem:risk:req_node:pssie:dev-log-adher + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.2 + ref_id: DEV-LOG-ADHER + name: "R\xE9duire l'adh\xE9rence des applications \xE0 des produits ou technologies\ + \ sp\xE9cifiques" + description: "Le fonctionnement d'une application s'appuie sur un environnement\ + \ logiciel et mat\xE9riel. En phases de conception et de sp\xE9cification\ + \ technique, il est n\xE9cessaire de s'assurer que les applications n'ont\ + \ pas une trop forte adh\xE9rence vis-\xE0-vis des environnements sur lesquels\ + \ elles reposent. En effet, l'apparition de failles sur un environnement a\ + \ de fait un impact sur la s\xE9curit\xE9 des applications qui en d\xE9pendent.\ + \ En plus du maintien en condition de s\xE9curit\xE9 propre \xE0 l'application,\ + \ il est donc n\xE9cessaire de pouvoir faire \xE9voluer son environnement\ + \ pour garantir sa s\xE9curit\xE9 dans la dur\xE9e." + - urn: urn:intuitem:risk:req_node:pssie:dev-log-crit + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.2 + ref_id: DEV-LOG-CRIT + name: "Instaurer des crit\xE8res de d\xE9veloppement s\xE9curis\xE9" + description: "Une fois pass\xE9es les phases de d\xE9finition des besoins et\ + \ de conception de l'architecture applicative, le niveau de s\xE9curit\xE9\ + \ d'une application d\xE9pend fortement des modalit\xE9s pratiques suivies\ + \ lors de sa phase de d\xE9veloppement." + - urn: urn:intuitem:risk:req_node:pssie:dev-log-cycle + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.2 + ref_id: DEV-LOG-CYCLE + name: "int\xE9grer la s\xE9curit\xE9 dans le cycle de vie logiciel" + description: "La s\xE9curit\xE9 doit \xEAtre int\xE9gr\xE9e \xE0 toutes les\ + \ \xE9tapes du cycle de vie du projet, depuis l'expression des besoins jusqu'\xE0\ + \ la maintenance applicative, en passant par la r\xE9daction du cahier des\ + \ charges et les phases de recette." + - urn: urn:intuitem:risk:req_node:pssie:dev-log-web + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.2 + ref_id: DEV-LOG-WEB + name: "am\xE9liorer la prise en compte de la s\xE9curit\xE9 dans les d\xE9veloppements\ + \ Web" + description: "Les d\xE9veloppements Web (et les d\xE9veloppements en PHP en\ + \ particulier) font l'objet de probl\xE8mes de s\xE9curit\xE9 r\xE9currents\ + \ qui ont conduit \xE0 la constitution de r\xE9f\xE9rentiels de s\xE9curit\xE9\ + . Ces r\xE9f\xE9rentiels ont pour objectif de fixer des R\xC8GLES DE BONNES\ + \ PRATIQUES \xE0 l'usage des d\xE9veloppeurs. Ce sont des r\xE8gles d'ordre\ + \ g\xE9n\xE9rique ou pouvant \xEAtre sp\xE9cifiques \xE0 un langage (PHP,\ + \ ASP, NET, etc.)." + - urn: urn:intuitem:risk:req_node:pssie:dev-log-pass + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.2 + ref_id: DEV-LOG-PASS + name: "Calculer les empreintes de mots de passe de mani\xE8re s\xE9curis\xE9\ + e" + description: "Lorsqu'une application doit stocker les mots de passe de ses utilisateurs,\ + \ il est important de mettre en \u0153uvre des mesures permettant de se pr\xE9\ + munir contre les attaques document\xE9es : attaques par dictionnaire, attaques\ + \ par tables arc-en-ciel, attaques par force brute, etc." + - urn: urn:intuitem:risk:req_node:pssie:10.3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:10 + ref_id: '10.3' + name: "Applications \xE0 risques" + - urn: urn:intuitem:risk:req_node:pssie:objectif-31 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.3 + ref_id: Objectif 31 + name: "s\xE9curisation des applications \xE0 risques" + description: "Accompagner le d\xE9veloppement s\xE9curis\xE9 d'applications\ + \ \xE0 risques par des contre-mesures minimisant l'impact d'attaques nouvelles." + - urn: urn:intuitem:risk:req_node:pssie:dev-fil-t-appl + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:10.3 + ref_id: DEV-FIL T-APPL + name: "Mettre en \u0153uvre des fonctionnalit\xE9s de filtrage applicatif pour\ + \ les applications \xE0 risque" + description: "Devant les applications \xE0 risques, il est recommand\xE9 de\ + \ faire usage d'une solution tierce de filtrage applicatif." + - urn: urn:intuitem:risk:req_node:pssie:11 + assessable: false + depth: 1 + ref_id: '11' + name: Traitement des incidents + - urn: urn:intuitem:risk:req_node:pssie:11.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:11 + ref_id: '11.1' + name: "Cha\xEEnes op\xE9rationnelles" + - urn: urn:intuitem:risk:req_node:pssie:objectif-32 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:11.1 + ref_id: Objectif 32 + name: "chaines op\xE9rationnelles" + description: "Partager l'information (alertes, incidents) dans le respect des\ + \ r\xE8gles de prudence et mutualiser les op\xE9rations de remise en \xE9\ + tat, de fa\xE7on \xE0 lutter efficacement contre les attaques." + - urn: urn:intuitem:risk:req_node:pssie:ti-ops-ssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:11.1 + ref_id: TI-OPS-SSI + name: "Cha\xEEnes op\xE9rationnelles SSI" + description: "Les cha\xEEnes op\xE9rationnelles des minist\xE8res concourent\ + \ \xE0 l'effort national de cybers\xE9curit\xE9. Les alertes et les incidents\ + \ sont g\xE9r\xE9s selon des proc\xE9dures test\xE9es lors d'exercices. La\ + \ coordination des comp\xE9tences est organis\xE9e \xE0 l'\xE9chelon minist\xE9\ + riel. Les situations d'urgences peuvent faire appel \xE0 des mesures d\xE9\ + finies pr\xE9alablement dans le cadre des plans gouvernementaux." + - urn: urn:intuitem:risk:req_node:pssie:11.1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:11.1 + ref_id: 11.1.1 + name: "Traitement des alertes de s\xE9curit\xE9 \xE9mises par les instances\ + \ nationales (ANSSI)" + - urn: urn:intuitem:risk:req_node:pssie:ti-mob + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:11.1.1 + ref_id: TI-MOB + name: Mobilisation en cas d'alerte + description: "En cas d'alerte de s\xE9curit\xE9 identifi\xE9e au niveau national,\ + \ les RSSI de chaque entit\xE9 s'assurent de la bonne application des exigences\ + \ formul\xE9es par les instances nationales, dans les meilleurs d\xE9lais." + - urn: urn:intuitem:risk:req_node:pssie:11.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:11.1 + ref_id: 11.1.2 + name: "Remont\xE9e des incidents de s\xE9curit\xE9 rencontr\xE9s" + - urn: urn:intuitem:risk:req_node:pssie:ti-qual-trait + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:11.1.2 + ref_id: TI-QUAL-TRAIT + name: Qualification et traitement des incidents + description: "La cha\xEEne fonctionnelle SSI est inform\xE9e par la cha\xEE\ + ne op\xE9rationnelle de tout incident de s\xE9curit\xE9, et contribue si n\xE9\ + cessaire \xE0 la qualification de l'incident et au pilotage de son traitement." + - urn: urn:intuitem:risk:req_node:pssie:ti-inc-rem + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:11.1.2 + ref_id: TI-INC-REM + name: "Remont\xE9e des incidents" + description: "Tout incident de s\xE9curit\xE9, m\xEAme apparemment mineur, dont\ + \ l'impact d\xE9passe ou est susceptible de d\xE9passer le SI d'une entit\xE9\ + \ ou d'un minist\xE8re, fait l'objet d'un compte-rendu, via la cha\xEEne SSI,\ + \ au Centre op\xE9rationnel de la s\xE9curit\xE9 des syst\xE8mes d'information\ + \ (COSSI) de l'ANSSI. \nLa remont\xE9e d'incidents par les cha1nes op\xE9\ + rationnelles minist\xE9rielles participe \xE0 la posture permanente de vigilance.\ + \ Cette remont\xE9e est imm\xE9diate pour les incidents dont la port\xE9e\ + \ est susceptible de d\xE9passer \xE0 court terme le p\xE9rim\xE8tre de l'entit\xE9\ + \ ou du minist\xE8re, et pour les incidents correspondant \xE0 des signalements\ + \ sp\xE9cifiques, notamment de la part de l'ANSSI. La remont\xE9e prend la\ + \ forme d'une synth\xE8se mensuelle pour les autres incidents.\nLes crit\xE8\ + res et proc\xE9dures pr\xE9cis de remont\xE9e d'incidents sont \xE9labor\xE9\ + s sous le pilotage de la cha\xEEne fonctionnelle SSI, en lien avec la cha\xEE\ + ne op\xE9rationnelle. Chaque entit\xE9 doit maintenir \xE0 jour un historique\ + \ clair des suites li\xE9es \xE0 l'escalade de chaque incident, afin de capitaliser\ + \ les enseignements associ\xE9s \xE0 la r\xE9solution (ou non) de ces incidents.\ + \ L'aspect difficile de la caract\xE9risation des attaques (ambigu\xEFt\xE9\ + \ de la source, du dommage, du moyen, de la finalit\xE9) rend n\xE9cessaire\ + \ les \xE9changes d'informations interminist\xE9riels - m\xEAme sur des \xAB\ + \ signaux faibles \xBB - ainsi que la coordination continue des actions." + - urn: urn:intuitem:risk:req_node:pssie:12 + assessable: false + depth: 1 + ref_id: '12' + name: "Continuit\xE9 d'activit\xE9" + - urn: urn:intuitem:risk:req_node:pssie:12.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:12 + ref_id: '12.1' + name: "Gestion de la continuit\xE9 d'activit\xE9 des SI" + - urn: urn:intuitem:risk:req_node:pssie:objectif-33 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1 + ref_id: Objectif 33 + name: "gestion de la continuit\xE9 d'activit\xE9" + description: "Se doter de plans de continuit\xE9 d'activit\xE9, et les tester." + - urn: urn:intuitem:risk:req_node:pssie:pca-minis + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1 + ref_id: PCA-MINIS + name: "D\xE9finition du plan minist\xE9riel de continuit\xE9 d'activit\xE9 des\ + \ Syst\xE8mes d'information" + description: "Chaque minist\xE8re d\xE9finit un plan de continuit\xE9 d'activit\xE9\ + \ minist\xE9riel des syst\xE8mes d'information permettant d'assurer, en cas\ + \ de sinistre, la continuit\xE9 d'activit\xE9 des syst\xE8mes d'information." + - urn: urn:intuitem:risk:req_node:pssie:12.1.1 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1 + ref_id: 12.1.1 + name: "D\xE9finition du plan de continuit\xE9 d'activit\xE9 des syst\xE8mes\ + \ d'information d'une entit\xE9" + - urn: urn:intuitem:risk:req_node:pssie:pca-local + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1.1 + ref_id: PCA-LOCAL + name: "D\xE9finition du plan local de continuit\xE9 d'activit\xE9 des syst\xE8\ + mes d'information." + description: "Le directeur des syst\xE8mes d'information ou le RSSI d'une entit\xE9\ + \ d\xE9finit la structure et les attendus du plan de continuit\xE9 d'activit\xE9\ + \ des syst\xE8mes d'information permettant d'assurer effectivement, en cas\ + \ de sinistre, la continuit\xE9 d'activit\xE9." + - urn: urn:intuitem:risk:req_node:pssie:12.1.2 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1 + ref_id: 12.1.2 + name: "Mise en \u0153uvre du plan local de continuit\xE9 d'activit\xE9 des syst\xE8\ + mes d'information" + - urn: urn:intuitem:risk:req_node:pssie:pca-suivilocal + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1.2 + ref_id: PCA-SUIVILOCAL + name: "Suivi de la mise en \u0153uvre du PCA local des Syst\xE8mes d'information\ + \ (PCA des SI)." + description: "Le RSSI d'une entit\xE9 s'assure de la bonne mise en \u0153uvre\ + \ des dispositions pr\xE9vues dans le plan de continuit\xE9 d'activit\xE9\ + \ des syst\xE8mes d'information." + - urn: urn:intuitem:risk:req_node:pssie:pca-proc + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1.2 + ref_id: PCA-PROC + name: "Mise en \u0153uvre des dispositifs techniques et des proc\xE9dures op\xE9\ + rationnelles." + description: "Les \xE9quipes informatiques mettent en \u0153uvre les dispositifs\ + \ techniques et les proc\xE9dures op\xE9rationnelles contribuant \xE0 la continuit\xE9\ + \ des SI, en assurent la supervision au quotidien et la maintenance dans le\ + \ temps." + - urn: urn:intuitem:risk:req_node:pssie:pca-sauve + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1.2 + ref_id: PCA-SAUVE + name: "Protection de la disponibilit\xE9 des sauvegardes" + description: "Les sauvegardes de donn\xE9es ne doivent pas \xEAtre soumises\ + \ aux m\xEAmes risques de sinistres que les donn\xE9es sauvegard\xE9es." + - urn: urn:intuitem:risk:req_node:pssie:pca-prot + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1.2 + ref_id: PCA-PROT + name: "Protection de la confidentialit\xE9 des sauvegardes" + description: "Les sauvegardes doivent \xEAtre trait\xE9es de mani\xE8re \xE0\ + \ garantir leur confidentialit\xE9 et leur int\xE9grit\xE9." + - urn: urn:intuitem:risk:req_node:pssie:12.1.3 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1 + ref_id: 12.1.3 + name: "Maintien en conditions op\xE9rationnelles du plan local de continuit\xE9\ + \ d'activit\xE9 des SI" + - urn: urn:intuitem:risk:req_node:pssie:pca-exerc + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1.3 + ref_id: PCA-EXERC + name: "Exercice r\xE9gulier du plan local de continuit\xE9 d'activit\xE9 des\ + \ syst\xE8mes d'information." + description: "Le RSSI d'une entit\xE9 organise des exercices r\xE9guliers, afin\ + \ de tester le plan local de continuit\xE9 d'activit\xE9 des syst\xE8mes d'information" + - urn: urn:intuitem:risk:req_node:pssie:pca-misajour + assessable: true + depth: 4 + parent_urn: urn:intuitem:risk:req_node:pssie:12.1.3 + ref_id: PCA-MISAJOUR + name: "Mise \xE0 jour du plan local de continuit\xE9 d'activit\xE9 des syst\xE8\ + mes d'information." + description: "Le RSSI d'une entit\xE9 assure le maintien \xE0 jour du plan local\ + \ de continuit\xE9 d'activit\xE9 des Syst\xE8mes d'information" + - urn: urn:intuitem:risk:req_node:pssie:13 + assessable: false + depth: 1 + ref_id: '13' + name: "Conformit\xE9, audit, inspection, contr\xF4le" + - urn: urn:intuitem:risk:req_node:pssie:13.1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:pssie:13 + ref_id: '13.1' + name: "Contr\xF4les" + - urn: urn:intuitem:risk:req_node:pssie:objectif-34 + assessable: false + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:13.1 + ref_id: Objectif 34 + name: "contr\xF4les r\xE9guliers" + description: "Effectuer des contr\xF4les (audits, inspections) et des exercices\ + \ r\xE9guliers de fa\xE7on \xE0 mesurer les progr\xE8s accomplis et corriger\ + \ les manquements." + - urn: urn:intuitem:risk:req_node:pssie:contr-ssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:13.1 + ref_id: CONTR-SSI + name: "Contr\xF4les locaux" + description: "La conformit\xE9 \xE0 la PSSIE et \xE0 la PSSI minist\xE9rielle\ + \ est v\xE9rifi\xE9e par des contr\xF4les r\xE9guliers. \n\nLes RSSI de chaque\ + \ entit\xE9 conduisent des actions locales d'\xE9valuation de la conformit\xE9\ + \ \xE0 la PSSIE et contribuent \xE0 la consolidation, dans un bilan annuel,\ + \ de l'\xE9tat d'avancement de sa mise en \u0153uvre." + - urn: urn:intuitem:risk:req_node:pssie:contr-bilan-ssi + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:pssie:13.1 + ref_id: CONTR-BILAN-SSI + name: Bilan annuel + description: "Chaque minist\xE8re \xE9tablit un bilan annuel mesurant sa maturit\xE9\ + \ SSI globale.\nL'ANSSI consolide l'ensemble de ces bilans. Le document de\ + \ synth\xE8se est soumis au Premier ministre." diff --git a/backend/library/libraries/scf-2024-2.yaml b/backend/library/libraries/scf-2024-2.yaml new file mode 100644 index 000000000..2a810276e --- /dev/null +++ b/backend/library/libraries/scf-2024-2.yaml @@ -0,0 +1,17560 @@ +urn: urn:intuitem:risk:library:scf-2024-2 +locale: en +ref_id: SCF-2024-2 +name: 'SCF: Secure Controls Framework' +description: 'SCF: Secure Controls Framework + + https://securecontrolsframework.com/about-us/' +copyright: SCF - https://securecontrolsframework.com/terms-conditions/ +version: 1 +provider: SCF +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:scf-2024-2 + ref_id: SCF-2024-2 + name: 'SCF: Secure Controls Framework' + description: 'SCF: Secure Controls Framework + + https://securecontrolsframework.com/about-us/' + min_score: 1 + max_score: 5 + scores_definition: + - score: 0 + name: Not Performed + description: null + - score: 1 + name: Performed Informally + description: null + - score: 2 + name: Planned & Tracked + description: null + - score: 3 + name: Well Defined + description: null + - score: 4 + name: Quantitatively Controlled + description: null + - score: 5 + name: Continuously Improving + description: null + implementation_groups_definition: + - ref_id: tier1 + name: Tier 1 - Strategic + description: null + - ref_id: tier2 + name: Tier 2 - Operational + description: null + - ref_id: tier3 + name: Tier 3 - Tactical + description: null + requirement_nodes: + - urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + assessable: false + depth: 1 + name: Cybersecurity & Data Protection Governance + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-01 + name: 'Cybersecurity & Data Protection Governance Program ' + description: Mechanisms exist to facilitate the implementation of cybersecurity + & data protection governance controls. + annotation: Does the organization facilitate the implementation of cybersecurity + & data protection governance controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-01.1 + name: Steering Committee & Program Oversight + description: Mechanisms exist to coordinate cybersecurity, data protection and + business alignment through a steering committee or advisory board, comprised + of key cybersecurity, data privacy and business executives, which meets formally + and on a regular basis. + annotation: Does the organization coordinate cybersecurity, data protection + and business alignment through a steering committee or advisory board, comprised + of key cybersecurity, data privacy and business executives, which meets formally + and on a regular basis? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-01.2 + name: Status Reporting To Governing Body + description: "Mechanisms exist to provide governance oversight reporting and\ + \ recommendations to those entrusted to make executive decisions about matters\ + \ considered material to the organization\u2019s cybersecurity & data protection\ + \ program." + annotation: "Does the organization provide governance oversight reporting and\ + \ recommendations to those entrusted to make executive decisions about matters\ + \ considered material to the organization\u2019s cybersecurity & data protection\ + \ program?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-02 + name: 'Publishing Cybersecurity & Data Protection Documentation ' + description: Mechanisms exist to establish, maintain and disseminate cybersecurity + & data protection policies, standards and procedures. + annotation: Does the organization establish, maintain and disseminate cybersecurity + & data protection policies, standards and procedures? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-02.1 + name: Exception Management + description: Mechanisms exist to prohibit exceptions to standards, except when + the exception has been formally assessed for risk impact, approved and recorded. + annotation: Does the organization prohibit exceptions to standards, except when + the exception has been formally assessed for risk impact, approved and recorded? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-03 + name: Periodic Review & Update of Cybersecurity & Data Protection Program + description: 'Mechanisms exist to review the cybersecurity & data privacy program, + including policies, standards and procedures, at planned intervals or if significant + changes occur to ensure their continuing suitability, adequacy and effectiveness. ' + annotation: 'Does the organization review the cybersecurity & data privacy program, + including policies, standards and procedures, at planned intervals or if significant + changes occur to ensure their continuing suitability, adequacy and effectiveness? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-04 + name: 'Assigned Cybersecurity & Data Protection Responsibilities ' + description: 'Mechanisms exist to assign one or more qualified individuals with + the mission and resources to centrally-manage, coordinate, develop, implement + and maintain an enterprise-wide cybersecurity & data protection program. ' + annotation: 'Does the organization assign one or more qualified individuals + with the mission and resources to centrally-manage, coordinate, develop, implement + and maintain an enterprise-wide cybersecurity & data protection program? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-04.1 + name: Stakeholder Accountability Structure + description: Mechanisms exist to enforce an accountability structure so that + appropriate teams and individuals are empowered, responsible and trained for + mapping, measuring and managing data and technology-related risks. + annotation: Does the organization enforce an accountability structure so that + appropriate teams and individuals are empowered, responsible and trained for + mapping, measuring and managing data and technology-related risks? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-04.2 + name: Authoritative Chain of Command + description: Mechanisms exist to establish an authoritative chain of command + with clear lines of communication to remove ambiguity from individuals and + teams related to managing data and technology-related risks. + annotation: Does the organization establish an authoritative chain of command + with clear lines of communication to remove ambiguity from individuals and + teams related to managing data and technology-related risks? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-05 + name: 'Measures of Performance ' + description: Mechanisms exist to develop, report and monitor cybersecurity & + data privacy program measures of performance. + annotation: Does the organization develop, report and monitor cybersecurity + & data privacy program measures of performance? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-05.1 + name: Key Performance Indicators (KPIs) + description: Mechanisms exist to develop, report and monitor Key Performance + Indicators (KPIs) to assist organizational management in performance monitoring + and trend analysis of the cybersecurity & data privacy program. + annotation: Does the organization develop, report and monitor Key Performance + Indicators (KPIs) to assist organizational management in performance monitoring + and trend analysis of the cybersecurity & data privacy program? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-05.2 + name: Key Risk Indicators (KRIs) + description: Mechanisms exist to develop, report and monitor Key Risk Indicators + (KRIs) to assist senior management in performance monitoring and trend analysis + of the cybersecurity & data privacy program. + annotation: Does the organization develop, report and monitor Key Risk Indicators + (KRIs) to assist senior management in performance monitoring and trend analysis + of the cybersecurity & data privacy program? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-06 + name: 'Contacts With Authorities ' + description: Mechanisms exist to identify and document appropriate contacts + with relevant law enforcement and regulatory bodies. + annotation: Does the organization identify and document appropriate contacts + with relevant law enforcement and regulatory bodies? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-07 + name: 'Contacts With Groups & Associations ' + description: "Mechanisms exist to establish contact with selected groups and\ + \ associations within the cybersecurity & data privacy communities to: \n\ + \ \u25AA Facilitate ongoing cybersecurity & data privacy education and training\ + \ for organizational personnel;\n \u25AA Maintain currency with recommended\ + \ cybersecurity & data privacy practices, techniques and technologies; and\n\ + \ \u25AA Share current cybersecurity and/or data privacy-related information\ + \ including threats, vulnerabilities and incidents.\n" + annotation: "Does the organization establish contact with selected groups and\ + \ associations within the cybersecurity & data privacy communities to: \n\ + \ \u25AA Facilitate ongoing cybersecurity & data privacy education and training\ + \ for organizational personnel;\n \u25AA Maintain currency with recommended\ + \ cybersecurity & data privacy practices, techniques and technologies; and\n\ + \ \u25AA Share current cybersecurity and/or data privacy-related information\ + \ including threats, vulnerabilities and incidents?\n" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-08 + name: Defining Business Context & Mission + description: Mechanisms exist to define the context of its business model and + document the mission of the organization. + annotation: Does the organization define the context of its business model and + document the mission of the organization? + implementation_groups: + - tier1 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-09 + name: Define Control Objectives + description: "Mechanisms exist to establish control objectives as the basis\ + \ for the selection, implementation and management of the organization\u2019\ + s internal control system." + annotation: "Does the organization establish control objectives as the basis\ + \ for the selection, implementation and management of the organization\u2019\ + s internal control system?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-10 + name: Data Governance + description: Mechanisms exist to facilitate data governance to oversee the organization's + policies, standards and procedures so that sensitive/regulated data is effectively + managed and maintained in accordance with applicable statutory, regulatory + and contractual obligations. + annotation: Does the organization facilitate data governance to oversee the + organization's policies, standards and procedures so that sensitive/regulated + data is effectively managed and maintained in accordance with applicable statutory, + regulatory and contractual obligations? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-11 + name: Purpose Validation + description: Mechanisms exist to monitor mission/business-critical services + or functions to ensure those resources are being used consistent with their + intended purpose. + annotation: Does the organization monitor mission/business-critical services + or functions to ensure those resources are being used consistent with their + intended purpose? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-12 + name: Forced Technology Transfer (FTT) + description: Mechanisms exist to avoid and/or constrain the forced exfiltration + of sensitive / regulated information (e.g., Intellectual Property (IP)) to + the host government for purposes of market access or market management practices. + annotation: Does the organization avoid and/or constrain the forced exfiltration + of sensitive / regulated information (e.g., Intellectual Property (IP)) to + the host government for purposes of market access or market management practices? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-13 + name: State-Sponsored Espionage + description: 'Mechanisms exist to constrain the host government''s ability to + leverage the organization''s technology assets for economic or political espionage + and/or cyberwarfare activities. ' + annotation: 'Does the organization constrain the host government''s ability + to leverage the organization''s technology assets for economic or political + espionage and/or cyberwarfare activities? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-14 + name: Business As Usual (BAU) Secure Practices + description: Mechanisms exist to incorporate cybersecurity & data privacy principles + into Business As Usual (BAU) practices through executive leadership involvement. + annotation: Does the organization incorporate cybersecurity & data privacy principles + into Business As Usual (BAU) practices through executive leadership involvement? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-15 + name: Operationalizing Cybersecurity & Data Protection Practices + description: Mechanisms exist to compel data and/or process owners to operationalize + cybersecurity & data privacy practices for each system, application and/or + service under their control. + annotation: Does the organization compel data and/or process owners to operationalize + cybersecurity & data privacy practices for each system, application and/or + service under their control? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-15.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-15.1 + name: Select Controls + description: Mechanisms exist to compel data and/or process owners to select + required cybersecurity & data privacy controls for each system, application + and/or service under their control. + annotation: Does the organization compel data and/or process owners to select + required cybersecurity & data privacy controls for each system, application + and/or service under their control? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-15.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-15.2 + name: Implement Controls + description: Mechanisms exist to compel data and/or process owners to implement + required cybersecurity & data privacy controls for each system, application + and/or service under their control. + annotation: Does the organization compel data and/or process owners to implement + required cybersecurity & data privacy controls for each system, application + and/or service under their control? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-15.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-15.3 + name: Assess Controls + description: Mechanisms exist to compel data and/or process owners to assess + if required cybersecurity & data privacy controls for each system, application + and/or service under their control are implemented correctly and are operating + as intended. + annotation: Does the organization compel data and/or process owners to assess + if required cybersecurity & data privacy controls for each system, application + and/or service under their control are implemented correctly and are operating + as intended? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-15.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-15.4 + name: Authorize Systems, Applications & Services + description: Mechanisms exist to compel data and/or process owners to obtain + authorization for the production use of each system, application and/or service + under their control. + annotation: Does the organization compel data and/or process owners to obtain + authorization for the production use of each system, application and/or service + under their control? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-15.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-15.5 + name: Monitor Controls + description: Mechanisms exist to compel data and/or process owners to monitor + systems, applications and/or services under their control on an ongoing basis + for applicable threats and risks, as well as to ensure cybersecurity & data + privacy controls are operating as intended. + annotation: Does the organization compel data and/or process owners to monitor + systems, applications and/or services under their control on an ongoing basis + for applicable threats and risks, as well as to ensure cybersecurity & data + privacy controls are operating as intended? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-16 + name: Materiality Determination + description: Mechanisms exist to define materiality threshold criteria capable + of designating an incident as material to the organization. + annotation: Does the organization define materiality threshold criteria capable + of designating an incident as material to the organization? + implementation_groups: + - tier1 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-16.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-16.1 + name: Material Risks + description: Mechanisms exist to define criteria necessary to designate a risk + as a material risk. + annotation: Does the organization define criteria necessary to designate a risk + as a material risk? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-16.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-16.2 + name: Material Threats + description: Mechanisms exist to define criteria necessary to designate a threat + as a material threat. + annotation: Does the organization define criteria necessary to designate a threat + as a material threat? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:gov-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node2 + ref_id: GOV-17 + name: Cybersecurity & Data Privacy Status Reporting + description: Mechanisms exist to submit status reporting of the organization's + cybersecurity and/or data privacy program to applicable statutory and/or regulatory + authorities, as required. + annotation: Does the organization submit status reporting of the organization's + cybersecurity and/or data privacy program to applicable statutory and/or regulatory + authorities, as required? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + assessable: false + depth: 1 + name: Artificial & Autonomous Technologies + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-01 + name: Artificial Intelligence (AI) & Autonomous Technologies Governance + description: Mechanisms exist to ensure policies, processes, procedures and + practices related to the mapping, measuring and managing of Artificial Intelligence + (AI) and Autonomous Technologies (AAT)-related risks are in place, transparent + and implemented effectively. + annotation: Does the organization ensure policies, processes, procedures and + practices related to the mapping, measuring and managing of Artificial Intelligence + (AI) and Autonomous Technologies (AAT)-related risks are in place, transparent + and implemented effectively? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-01.1 + name: AI & Autonomous Technologies-Related Legal Requirements Definition + description: Mechanisms exist to identify, understand, document and manage applicable + statutory and regulatory requirements for Artificial Intelligence (AI) and + Autonomous Technologies (AAT). + annotation: Does the organization identify, understand, document and manage + applicable statutory and regulatory requirements for Artificial Intelligence + (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-01.2 + name: Trustworthy AI & Autonomous Technologies + description: Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous + Technologies (AAT) are designed to be reliable, safe, fair, secure, resilient, + transparent, explainable and data privacy-enhanced to minimize emergent properties + or unintended consequences. + annotation: Does the organization ensure Artificial Intelligence (AI) and Autonomous + Technologies (AAT) are designed to be reliable, safe, fair, secure, resilient, + transparent, explainable and data privacy-enhanced to minimize emergent properties + or unintended consequences? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-01.3 + name: AI & Autonomous Technologies Value Sustainment + description: Mechanisms exist to sustain the value of deployed Artificial Intelligence + (AI) and Autonomous Technologies (AAT). + annotation: Does the organization sustain the value of deployed Artificial Intelligence + (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-02 + name: Situational Awareness of AI & Autonomous Technologies + description: Mechanisms exist to develop and maintain an inventory of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) (internal and third-party). + annotation: Does the organization develop and maintain an inventory of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) (internal and third-party)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-02.1 + name: AI & Autonomous Technologies Risk Mapping + description: Mechanisms exist to identify Artificial Intelligence (AI) and Autonomous + Technologies (AAT) in use and map those components to potential legal risks, + including statutory and regulatory compliance requirements. + annotation: Does the organization identify Artificial Intelligence (AI) and + Autonomous Technologies (AAT) in use and map those components to potential + legal risks, including statutory and regulatory compliance requirements? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-02.2 + name: AI & Autonomous Technologies Internal Controls + description: Mechanisms exist to identify and document internal cybersecurity + & data privacy controls for Artificial Intelligence (AI) and Autonomous Technologies + (AAT). + annotation: Does the organization identify and document internal cybersecurity + & data privacy controls for Artificial Intelligence (AI) and Autonomous Technologies + (AAT)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-03 + name: AI & Autonomous Technologies Context Definition + description: "Mechanisms exist to establish and document the context surrounding\ + \ Artificial Intelligence (AI) and Autonomous Technologies (AAT), including:\n\ + \ \u25AA Intended purposes;\n \u25AA Potentially beneficial uses;\n \u25AA\ + \ Context-specific laws and regulations;\n \u25AA Norms and expectations;\ + \ and\n \u25AA Prospective settings in which the system(s) will be deployed." + annotation: "Does the organization establish and document the context surrounding\ + \ Artificial Intelligence (AI) and Autonomous Technologies (AAT), including:\n\ + \ \u25AA Intended purposes;\n \u25AA Potentially beneficial uses;\n \u25AA\ + \ Context-specific laws and regulations;\n \u25AA Norms and expectations;\ + \ and\n \u25AA Prospective settings in which the system(s) will be deployed?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-03.1 + name: AI & Autonomous Technologies Mission and Goals Definition + description: "Mechanisms exist to define and document the organization\u2019\ + s mission and defined goals for Artificial Intelligence (AI) and Autonomous\ + \ Technologies (AAT)." + annotation: "Does the organization define and document the organization\u2019\ + s mission and defined goals for Artificial Intelligence (AI) and Autonomous\ + \ Technologies (AAT)?" + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-04 + name: AI & Autonomous Technologies Business Case + description: Mechanisms exist to benchmark capabilities, targeted usage, goals + and expected benefits and costs of Artificial Intelligence (AI) and Autonomous + Technologies (AAT). + annotation: Does the organization benchmark capabilities, targeted usage, goals + and expected benefits and costs of Artificial Intelligence (AI) and Autonomous + Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-04.1 + name: AI & Autonomous Technologies Potential Benefits Analysis + description: Mechanisms exist to assess the potential benefits of proposed Artificial + Intelligence (AI) and Autonomous Technologies (AAT). + annotation: Does the organization assess the potential benefits of proposed + Artificial Intelligence (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-04.2 + name: AI & Autonomous Technologies Potential Costs Analysis + description: Mechanisms exist to assess potential costs, including non-monetary + costs, resulting from expected or realized Artificial Intelligence (AI) and + Autonomous Technologies (AAT)-related errors or system functionality and trustworthiness. + annotation: Does the organization assess potential costs, including non-monetary + costs, resulting from expected or realized Artificial Intelligence (AI) and + Autonomous Technologies (AAT)-related errors or system functionality and trustworthiness? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-04.3 + name: AI & Autonomous Technologies Targeted Application Scope + description: Mechanisms exist to specify and document the targeted application + scope of the proposed use and operation of Artificial Intelligence (AI) and + Autonomous Technologies (AAT). + annotation: Does the organization specify and document the targeted application + scope of the proposed use and operation of Artificial Intelligence (AI) and + Autonomous Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-04.4 + name: AI & Autonomous Technologies Cost / Benefit Mapping + description: Mechanisms exist to map risks and benefits for all components of + Artificial Intelligence (AI) and Autonomous Technologies (AAT), including + third-party software and data. + annotation: Does the organization map risks and benefits for all components + of Artificial Intelligence (AI) and Autonomous Technologies (AAT), including + third-party software and data? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-05 + name: AI & Autonomous Technologies Training + description: Mechanisms exist to ensure personnel and external stakeholders + are provided with position-specific risk management training for Artificial + Intelligence (AI) and Autonomous Technologies (AAT). + annotation: Does the organization ensure personnel and external stakeholders + are provided with position-specific risk management training for Artificial + Intelligence (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-06 + name: AI & Autonomous Technologies Fairness & Bias + description: Mechanisms exist to prevent Artificial Intelligence (AI) and Autonomous + Technologies (AAT) from unfairly identifying, profiling and/or statistically + singling out a segmented population defined by race, religion, gender identity, + national origin, religion, disability or any other politically-charged identifier. + annotation: Does the organization prevent Artificial Intelligence (AI) and Autonomous + Technologies (AAT) from unfairly identifying, profiling and/or statistically + singling out a segmented population defined by race, religion, gender identity, + national origin, religion, disability or any other politically-charged identifier? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-07 + name: AI & Autonomous Technologies Risk Management Decisions + description: Mechanisms exist to leverage decision makers from a diversity of + demographics, disciplines, experience, expertise and backgrounds for mapping, + measuring and managing Artificial Intelligence (AI) and Autonomous Technologies + (AAT)-related risks. + annotation: Does the organization leverage decision makers from a diversity + of demographics, disciplines, experience, expertise and backgrounds for mapping, + measuring and managing Artificial Intelligence (AI) and Autonomous Technologies + (AAT)-related risks? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-07.1 + name: AI & Autonomous Technologies Impact Characterization + description: Mechanisms exist to characterize the impacts of proposed Artificial + Intelligence (AI) and Autonomous Technologies (AAT) on individuals, groups, + communities, organizations and society. + annotation: Does the organization characterize the impacts of proposed Artificial + Intelligence (AI) and Autonomous Technologies (AAT) on individuals, groups, + communities, organizations and society? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-07.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-07.2 + name: AI & Autonomous Technologies Likelihood & Impact Risk Analysis + description: Mechanisms exist to define the potential likelihood and impact + of each identified risk based on expected use and past uses of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) in similar contexts. + annotation: Does the organization define the potential likelihood and impact + of each identified risk based on expected use and past uses of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) in similar contexts? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-07.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-07.3 + name: AI & Autonomous Technologies Continuous Improvements + description: Mechanisms exist to continuously improve Artificial Intelligence + (AI) and Autonomous Technologies (AAT) capabilities to maximize benefits and + minimize negative impacts associated with AAT. + annotation: Does the organization continuously improve Artificial Intelligence + (AI) and Autonomous Technologies (AAT) capabilities to maximize benefits and + minimize negative impacts associated with AAT? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-08 + name: Assigned Responsibilities for AI & Autonomous Technologies + description: Mechanisms exist to define and differentiate roles and responsibilities + for human-AI configurations and oversight of AI systems. + annotation: Does the organization define and differentiate roles and responsibilities + for human-AI configurations and oversight of AI systems? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-09 + name: AI & Autonomous Technologies Risk Profiling + description: Mechanisms exist to document the risks and potential impacts of + Artificial Intelligence (AI) and Autonomous Technologies (AAT) designed, developed, + deployed, evaluated and used. + annotation: Does the organization document the risks and potential impacts of + Artificial Intelligence (AI) and Autonomous Technologies (AAT) designed, developed, + deployed, evaluated and used? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10 + name: 'Artificial Intelligence Test, Evaluation, Validation & Verification (AI + TEVV) ' + description: Mechanisms exist to implement Artificial Intelligence Test, Evaluation, + Validation & Verification (AI TEVV) practices to enable Artificial Intelligence + (AI) and Autonomous Technologies (AAT)-related testing, identification of + incidents and information sharing. + annotation: Does the organization implement Artificial Intelligence Test, Evaluation, + Validation & Verification (AI TEVV) practices to enable Artificial Intelligence + (AI) and Autonomous Technologies (AAT)-related testing, identification of + incidents and information sharing? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.1 + name: AI TEVV Trustworthiness Assessment + description: Mechanisms exist to evaluate Artificial Intelligence (AI) and Autonomous + Technologies (AAT) for trustworthy behavior and operation including security, + anonymization and disaggregation of captured and stored data for approved + purposes. + annotation: Does the organization evaluate Artificial Intelligence (AI) and + Autonomous Technologies (AAT) for trustworthy behavior and operation including + security, anonymization and disaggregation of captured and stored data for + approved purposes? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.2 + name: AI TEVV Tools + description: Mechanisms exist to document test sets, metrics and details about + the tools used during Artificial Intelligence Test, Evaluation, Validation + & Verification (AI TEVV) practices. + annotation: Does the organization document test sets, metrics and details about + the tools used during Artificial Intelligence Test, Evaluation, Validation + & Verification (AI TEVV) practices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.3 + name: AI TEVV Trustworthiness Demonstration + description: Mechanisms exist to demonstrate the Artificial Intelligence (AI) + and Autonomous Technologies (AAT) to be deployed is valid, reliable and operate + as intended based on approved designs. + annotation: Does the organization demonstrate the Artificial Intelligence (AI) + and Autonomous Technologies (AAT) to be deployed is valid, reliable and operate + as intended based on approved designs? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.4 + name: AI TEVV Safety Demonstration + description: Mechanisms exist to demonstrate the Artificial Intelligence (AI) + and Autonomous Technologies (AAT) to be deployed are safe, residual risk does + not exceed the organization's risk tolerance and can fail safely, particularly + if made to operate beyond its knowledge limits. + annotation: Does the organization demonstrate the Artificial Intelligence (AI) + and Autonomous Technologies (AAT) to be deployed are safe, residual risk does + not exceed the organization's risk tolerance and can fail safely, particularly + if made to operate beyond its knowledge limits? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.5 + name: AI TEVV Resiliency Assessment + description: Mechanisms exist to evaluate the security and resilience of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) to be deployed. + annotation: Does the organization evaluate the security and resilience of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) to be deployed? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.6 + name: AI TEVV Transparency & Accountability Assessment + description: Mechanisms exist to examine risks associated with transparency + and accountability of Artificial Intelligence (AI) and Autonomous Technologies + (AAT) to be deployed. + annotation: Does the organization examine risks associated with transparency + and accountability of Artificial Intelligence (AI) and Autonomous Technologies + (AAT) to be deployed? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.7 + name: AI TEVV Privacy Assessment + description: Mechanisms exist to examine the data privacy risk of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) to be deployed. + annotation: Does the organization examine the data privacy risk of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) to be deployed? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.8 + name: AI TEVV Fairness & Bias Assessment + description: Mechanisms exist to examine fairness and bias of Artificial Intelligence + (AI) and Autonomous Technologies (AAT) to be deployed. + annotation: Does the organization examine fairness and bias of Artificial Intelligence + (AI) and Autonomous Technologies (AAT) to be deployed? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.9 + name: AI & Autonomous Technologies Model Validation + description: Mechanisms exist to validate the Artificial Intelligence (AI) and + Autonomous Technologies (AAT) model. + annotation: Does the organization validate the Artificial Intelligence (AI) + and Autonomous Technologies (AAT) model? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.10 + name: AI TEVV Results Evaluation + description: Mechanisms exist to evaluate the results of Artificial Intelligence + Test, Evaluation, Validation & Verification (AI TEVV) to determine the viability + of the proposed Artificial Intelligence (AI) and Autonomous Technologies (AAT). + annotation: Does the organization evaluate the results of Artificial Intelligence + Test, Evaluation, Validation & Verification (AI TEVV) to determine the viability + of the proposed Artificial Intelligence (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.11 + name: AI TEVV Effectiveness + description: Mechanisms exist to evaluate the effectiveness of the processes + utilized to perform Artificial Intelligence Test, Evaluation, Validation & + Verification (AI TEVV). + annotation: Does the organization evaluate the effectiveness of the processes + utilized to perform Artificial Intelligence Test, Evaluation, Validation & + Verification (AI TEVV)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.12 + name: AI TEVV Comparable Deployment Settings + description: Mechanisms exist to evaluate Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related performance or the assurance criteria demonstrated + for conditions similar to deployment settings. + annotation: Does the organization evaluate Artificial Intelligence (AI) and + Autonomous Technologies (AAT)-related performance or the assurance criteria + demonstrated for conditions similar to deployment settings? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.13 + name: AI TEVV Post-Deployment Monitoring + description: Mechanisms exist to proactively and continuously monitor deployed + Artificial Intelligence (AI) and Autonomous Technologies (AAT). + annotation: Does the organization proactively and continuously monitor deployed + Artificial Intelligence (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-10.14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-10.14 + name: Updating AI & Autonomous Technologies + description: Mechanisms exist to integrate continual improvements for deployed + Artificial Intelligence (AI) and Autonomous Technologies (AAT). + annotation: Does the organization integrate continual improvements for deployed + Artificial Intelligence (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-11 + name: Robust Stakeholder Engagement for AI & Autonomous Technologies + description: Mechanisms exist to compel ongoing engagement with relevant Artificial + Intelligence (AI) and Autonomous Technologies (AAT) stakeholders to encourage + feedback about positive, negative and unanticipated impacts. + annotation: Does the organization compel ongoing engagement with relevant Artificial + Intelligence (AI) and Autonomous Technologies (AAT) stakeholders to encourage + feedback about positive, negative and unanticipated impacts? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-11.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-11.1 + name: AI & Autonomous Technologies Stakeholder Feedback Integration + description: Mechanisms exist to regularly collect, consider, prioritize and + integrate risk-related feedback from those external to the team that developed + or deployed Artificial Intelligence (AI) and Autonomous Technologies (AAT). + annotation: Does the organization regularly collect, consider, prioritize and + integrate risk-related feedback from those external to the team that developed + or deployed Artificial Intelligence (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-11.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-11.2 + name: AI & Autonomous Technologies Ongoing Assessments + description: Mechanisms exist to conduct regular assessments of Artificial Intelligence + (AI) and Autonomous Technologies (AAT) with independent assessors and stakeholders + not involved in the development of the AAT. + annotation: Does the organization conduct regular assessments of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) with independent assessors + and stakeholders not involved in the development of the AAT? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-11.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-11.3 + name: AI & Autonomous Technologies End User Feedback + description: Mechanisms exist to collect and integrate feedback from end users + and impacted communities into Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related system evaluation metrics. + annotation: Does the organization collect and integrate feedback from end users + and impacted communities into Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related system evaluation metrics? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-11.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-11.4 + name: AI & Autonomous Technologies Incident & Error Reporting + description: 'Mechanisms exist to communicate Artificial Intelligence (AI) and + Autonomous Technologies (AAT)-related incidents and/or errors to relevant + stakeholders, including affected communities. ' + annotation: 'Does the organization communicate Artificial Intelligence (AI) + and Autonomous Technologies (AAT)-related incidents and/or errors to relevant + stakeholders, including affected communities? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-12 + name: AI & Autonomous Technologies Intellectual Property Infringement Protections + description: Mechanisms exist to prevent third-party Intellectual Property (IP) + rights infringement by Artificial Intelligence (AI) and Autonomous Technologies + (AAT). + annotation: Does the organization prevent third-party Intellectual Property + (IP) rights infringement by Artificial Intelligence (AI) and Autonomous Technologies + (AAT)? + implementation_groups: + - tier1 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-12.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-12.1 + name: Data Source Identification + description: Mechanisms exist to identify and document data sources utilized + in the training and/or operation of Artificial Intelligence and Autonomous + Technologies (AAT). + annotation: Does the organization identify and document data sources utilized + in the training and/or operation of Artificial Intelligence and Autonomous + Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-12.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-12.2 + name: Data Source Integrity + description: Mechanisms exist to protect the integrity of source data to prevent + accidental contamination or malicious corruption (e.g., data poisoning) that + could compromise the performance of Artificial Intelligence and Autonomous + Technologies (AAT). + annotation: Does the organization protect the integrity of source data to prevent + accidental contamination or malicious corruption (e.g., data poisoning) that + could compromise the performance of Artificial Intelligence and Autonomous + Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-13 + name: AI & Autonomous Technologies Stakeholder Diversity + description: Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous + Technologies (AAT) stakeholder competencies, skills and capacities incorporate + demographic diversity, broad domain and user experience expertise. + annotation: Does the organization ensure Artificial Intelligence (AI) and Autonomous + Technologies (AAT) stakeholder competencies, skills and capacities incorporate + demographic diversity, broad domain and user experience expertise? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-13.1 + name: AI & Autonomous Technologies Stakeholder Competencies + description: Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related operator and practitioner proficiency requirements + for Artificial Intelligence (AI) and Autonomous Technologies (AAT) are defined, + assessed and documented. + annotation: Does the organization ensure Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related operator and practitioner proficiency requirements + for Artificial Intelligence (AI) and Autonomous Technologies (AAT) are defined, + assessed and documented? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-14 + name: AI & Autonomous Technologies Requirements Definitions + description: Mechanisms exist to take socio-technical implications into account + to address risks associated with Artificial Intelligence (AI) and Autonomous + Technologies (AAT). + annotation: Does the organization take socio-technical implications into account + to address risks associated with Artificial Intelligence (AI) and Autonomous + Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-14.1 + name: AI & Autonomous Technologies Implementation Tasks Definition + description: Mechanisms exist to define the tasks that Artificial Intelligence + (AI) and Autonomous Technologies (AAT) will support (e.g., classifiers, generative + models, recommenders). + annotation: Does the organization define the tasks that Artificial Intelligence + (AI) and Autonomous Technologies (AAT) will support (e.g., classifiers, generative + models, recommenders)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-14.2 + name: AI & Autonomous Technologies Knowledge Limits + description: Mechanisms exist to identify and document knowledge limits of Artificial + Intelligence (AI) and Autonomous Technologies (AAT) to provide sufficient + information to assist relevant stakeholder decision making. + annotation: Does the organization identify and document knowledge limits of + Artificial Intelligence (AI) and Autonomous Technologies (AAT) to provide + sufficient information to assist relevant stakeholder decision making? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-15 + name: AI & Autonomous Technologies Viability Decisions + description: Mechanisms exist to define the criteria as to whether Artificial + Intelligence (AI) and Autonomous Technologies (AAT) achieved intended purposes + and stated objectives to determine whether its development or deployment should + proceed. + annotation: Does the organization define the criteria as to whether Artificial + Intelligence (AI) and Autonomous Technologies (AAT) achieved intended purposes + and stated objectives to determine whether its development or deployment should + proceed? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-15.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-15.1 + name: AI & Autonomous Technologies Negative Residual Risks + description: Mechanisms exist to identify and document negative, residual risks + (defined as the sum of all unmitigated risks) to both downstream acquirers + and end users of Artificial Intelligence (AI) and Autonomous Technologies + (AAT). + annotation: Does the organization identify and document negative, residual risks + (defined as the sum of all unmitigated risks) to both downstream acquirers + and end users of Artificial Intelligence (AI) and Autonomous Technologies + (AAT)? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-15.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-15.2 + name: Responsibility To Supersede, Deactivate and/or Disengage AI & Autonomous + Technologies + description: Mechanisms exist to define the criteria and responsible party(ies) + for superseding, disengaging or deactivating Artificial Intelligence (AI) + and Autonomous Technologies (AAT) that demonstrate performance or outcomes + inconsistent with intended use. + annotation: Does the organization define the criteria and responsible party(ies) + for superseding, disengaging or deactivating Artificial Intelligence (AI) + and Autonomous Technologies (AAT) that demonstrate performance or outcomes + inconsistent with intended use? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-16 + name: AI & Autonomous Technologies Production Monitoring + description: Mechanisms exist to monitor the functionality and behavior of the + deployed Artificial Intelligence (AI) and Autonomous Technologies (AAT). + annotation: Does the organization monitor the functionality and behavior of + the deployed Artificial Intelligence (AI) and Autonomous Technologies (AAT)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-16.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-16.1 + name: AI & Autonomous Technologies Measurement Approaches + description: Mechanisms exist to measure Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related risks to deployment context(s) through review and + consultation with industry experts, domain specialists and end users. + annotation: Does the organization measure Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related risks to deployment context(s) through review and + consultation with industry experts, domain specialists and end users? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-16.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-16.2 + name: Measuring AI & Autonomous Technologies Effectiveness + description: Mechanisms exist to regularly assess the effectiveness of existing + controls, including reports of errors and potential impacts on affected communities. + annotation: Does the organization regularly assess the effectiveness of existing + controls, including reports of errors and potential impacts on affected communities? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-16.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-16.3 + name: Unmeasurable AI & Autonomous Technologies Risks + description: Mechanisms exist to identify and document unmeasurable risks or + trustworthiness characteristics. + annotation: Does the organization identify and document unmeasurable risks or + trustworthiness characteristics? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-16.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-16.4 + name: Efficacy of AI & Autonomous Technologies Measurement + description: Mechanisms exist to gather and assess feedback about the efficacy + of Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related + measurements. + annotation: Does the organization gather and assess feedback about the efficacy + of Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related + measurements? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-16.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-16.5 + name: AI & Autonomous Technologies Domain Expert Reviews + description: Mechanisms exist to utilize input from domain experts and relevant + stakeholders to validate whether the Artificial Intelligence (AI) and Autonomous + Technologies (AAT) perform consistently, as intended. + annotation: Does the organization utilize input from domain experts and relevant + stakeholders to validate whether the Artificial Intelligence (AI) and Autonomous + Technologies (AAT) perform consistently, as intended? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-16.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-16.6 + name: AI & Autonomous Technologies Performance Changes + description: Mechanisms exist to evaluate performance improvements or declines + with domain experts and relevant stakeholders to define context-relevant risks + and trustworthiness issues. + annotation: Does the organization evaluate performance improvements or declines + with domain experts and relevant stakeholders to define context-relevant risks + and trustworthiness issues? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-16.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-16.7 + name: Pre-Trained AI & Autonomous Technologies Models + description: Mechanisms exist to validate the information sources and quality + of pre-trained models used in Artificial Intelligence (AI) and Autonomous + Technologies (AAT training, maintenance and improvement-related activities. + annotation: Does the organization validate the information sources and quality + of pre-trained models used in Artificial Intelligence (AI) and Autonomous + Technologies (AAT training, maintenance and improvement-related activities? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-17 + name: AI & Autonomous Technologies Harm Prevention + description: Mechanisms exist to proactively prevent harm by regularly identifying + and tracking existing, unanticipated and emergent Artificial Intelligence + (AI) and Autonomous Technologies (AAT)-related risks. + annotation: Does the organization proactively prevent harm by regularly identifying + and tracking existing, unanticipated and emergent Artificial Intelligence + (AI) and Autonomous Technologies (AAT)-related risks? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-17.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-17.1 + name: AI & Autonomous Technologies Human Subject Protections + description: Mechanisms exist to protect human subjects from harm. + annotation: Does the organization protect human subjects from harm? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-17.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-17.2 + name: AI & Autonomous Technologies Environmental Impact & Sustainability + description: Mechanisms exist to assess and document the environmental impacts + and sustainability of Artificial Intelligence (AI) and Autonomous Technologies + (AAT). + annotation: Does the organization assess and document the environmental impacts + and sustainability of Artificial Intelligence (AI) and Autonomous Technologies + (AAT)? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-17.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-17.3 + name: Previously Unknown AI & Autonomous Technologies Threats & Risks + description: Mechanisms exist to respond to and recover from a previously unknown + Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risk + when it is identified. + annotation: Does the organization respond to and recover from a previously unknown + Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risk + when it is identified? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-18 + name: AI & Autonomous Technologies Risk Tracking Approaches + description: Mechanisms exist to track Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related risks are difficult to assess using currently available + measurement techniques or where metrics are not yet available. + annotation: Does the organization track Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related risks are difficult to assess using currently available + measurement techniques or where metrics are not yet available? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:aat-18.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node34 + ref_id: AAT-18.1 + name: AI & Autonomous Technologies Risk Response + description: Mechanisms exist to prioritize, respond to and remediate Artificial + Intelligence (AI) and Autonomous Technologies (AAT)-related risks based on + assessments and other analytical output. + annotation: Does the organization prioritize, respond to and remediate Artificial + Intelligence (AI) and Autonomous Technologies (AAT)-related risks based on + assessments and other analytical output? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + assessable: false + depth: 1 + name: Asset Management + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-01 + name: 'Asset Governance ' + description: Mechanisms exist to facilitate an IT Asset Management (ITAM) program + to implement and manage asset management controls. + annotation: Does the organization facilitate an IT Asset Management (ITAM) program + to implement and manage asset management controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-01.1 + name: Asset-Service Dependencies + description: 'Mechanisms exist to identify and assess the security of technology + assets that support more than one critical business function. ' + annotation: 'Does the organization identify and assess the security of technology + assets that support more than one critical business function? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-01.2 + name: Stakeholder Identification & Involvement + description: Mechanisms exist to identify and involve pertinent stakeholders + of critical systems, applications and services to support the ongoing secure + management of those assets. + annotation: Does the organization identify and involve pertinent stakeholders + of critical systems, applications and services to support the ongoing secure + management of those assets? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-01.3 + name: Standardized Naming Convention + description: Mechanisms exist to implement a scalable, standardized naming convention + for systems, applications and services that avoids asset naming conflicts. + annotation: Does the organization implement a scalable, standardized naming + convention for systems, applications and services that avoids asset naming + conflicts? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-01.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-01.4 + name: Approved Technologies + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization maintain a current list of approved technologies + (hardware and software)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02 + name: 'Asset Inventories ' + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: "Does the organization perform inventories of technology assets\ + \ that:\n \u25AA Accurately reflects the current systems, applications and\ + \ services in use; \n \u25AA Identifies authorized software products, including\ + \ business justification details;\n \u25AA Is at the level of granularity\ + \ deemed necessary for tracking and reporting;\n \u25AA Includes organization-defined\ + \ information deemed necessary to achieve effective property accountability;\ + \ and\n \u25AA Is available for review and audit by designated organizational\ + \ personnel?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.1 + name: Updates During Installations / Removals + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: 'Does the organization update asset inventories as part of component + installations, removals and asset upgrades? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.2 + name: Automated Unauthorized Component Detection + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization use automated mechanisms to detect and alert + upon the detection of unauthorized hardware, software and firmware components? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.3 + name: 'Component Duplication Avoidance ' + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization establish and maintain an authoritative source + and repository to provide a trusted source and accountability for approved + and implemented system components that prevents assets from being duplicated + in other asset inventories? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.4 + name: Approved Baseline Deviations + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: 'Does the organization document and govern instances of approved + deviations from established baseline configurations? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.5 + name: Network Access Control (NAC) + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization use automated mechanisms to employ Network + Access Control (NAC), or a similar technology, which is capable of detecting + unauthorized devices and disable network access to those unauthorized devices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.6 + name: Dynamic Host Configuration Protocol (DHCP) Server Logging + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: 'Does the organization enable Dynamic Host Configuration Protocol + (DHCP) server logging to improve asset inventories and assist in detecting + unknown systems? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.7 + name: Software Licensing Restrictions + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: 'Does the organization protect Intellectual Property (IP) rights + with software licensing restrictions? + + ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.8 + name: Data Action Mapping + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization create and maintain a map of technology assets + where sensitive/regulated data is stored, transmitted or processed? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.9 + name: Configuration Management Database (CMDB) + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization implement and manage a Configuration Management + Database (CMDB), or similar technology, to monitor and govern technology asset-specific + information? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.10 + name: 'Automated Location + + Tracking' + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization track the geographic location of system components? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-02.11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-02.11 + name: Component Assignment + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization bind components to a specific system? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-03 + name: Asset Ownership Assignment + description: 'Mechanisms exist to maintain a current list of approved technologies + (hardware and software). ' + annotation: Does the organization ensure asset ownership responsibilities are + assigned, tracked and managed at a team, individual, or responsible organization + level to establish a common understanding of requirements for asset protection? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-03.1 + name: Accountability Information + description: Mechanisms exist to include capturing the name, position and/or + role of individuals responsible/accountable for administering assets as part + of the technology asset inventory process. + annotation: Does the organization include capturing the name, position and/or + role of individuals responsible/accountable for administering assets as part + of the technology asset inventory process? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-03.2 + name: Provenance + description: Mechanisms exist to track the origin, development, ownership, location + and changes to systems, system components and associated data. + annotation: Does the organization track the origin, development, ownership, + location and changes to systems, system components and associated data? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-04 + name: Network Diagrams & Data Flow Diagrams (DFDs) + description: "Mechanisms exist to maintain network architecture diagrams that:\ + \ \n \u25AA Contain sufficient detail to assess the security of the network's\ + \ architecture;\n \u25AA Reflect the current architecture of the network environment;\ + \ and\n \u25AA Document all sensitive/regulated data flows." + annotation: "Does the organization maintain network architecture diagrams that:\ + \ \n \u25AA Contain sufficient detail to assess the security of the network's\ + \ architecture;\n \u25AA Reflect the current architecture of the network environment;\ + \ and\n \u25AA Document all sensitive/regulated data flows?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-04.1 + name: Asset Scope Classification + description: Mechanisms exist to determine cybersecurity & data privacy control + applicability by identifying, assigning and documenting the appropriate asset + scope categorization for all systems, applications, services and personnel + (internal and third-parties). + annotation: Does the organization determine cybersecurity & data privacy control + applicability by identifying, assigning and documenting the appropriate asset + scope categorization for all systems, applications, services and personnel + (internal and third-parties)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-04.2 + name: Control Applicability Boundary Graphical Representation + description: Mechanisms exist to ensure control applicability is appropriately-determined + for systems, applications, services and third parties by graphically representing + applicable boundaries. + annotation: Does the organization ensure control applicability is appropriately-determined + for systems, applications, services and third parties by graphically representing + applicable boundaries? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-04.3 + name: Compliance-Specific Asset Identification + description: Mechanisms exist to create and maintain a current inventory of + systems, applications and services that are in scope for statutory, regulatory + and/or contractual compliance obligations that provides sufficient detail + to determine control applicability, based on asset scope categorization. + annotation: Does the organization create and maintain a current inventory of + systems, applications and services that are in scope for statutory, regulatory + and/or contractual compliance obligations that provides sufficient detail + to determine control applicability, based on asset scope categorization? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-05 + name: Security of Assets & Media + description: 'Mechanisms exist to maintain strict control over the internal + or external distribution of any kind of sensitive/regulated media. ' + annotation: 'Does the organization maintain strict control over the internal + or external distribution of any kind of sensitive/regulated media? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-05.1 + name: Management Approval For External Media Transfer + description: Mechanisms exist to obtain management approval for any sensitive + / regulated media that is transferred outside of the organization's facilities. + annotation: Does the organization obtain management approval for any sensitive + / regulated media that is transferred outside of the organization's facilities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-06 + name: 'Unattended End-User Equipment ' + description: Mechanisms exist to implement enhanced protection measures for + unattended systems to protect against tampering and unauthorized access. + annotation: Does the organization implement enhanced protection measures for + unattended systems to protect against tampering and unauthorized access? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-06.1 + name: Asset Storage In Automobiles + description: Mechanisms exist to educate users on the need to physically secure + laptops and other mobile devices out of site when traveling, preferably in + the trunk of a vehicle. + annotation: Does the organization educate users on the need to physically secure + laptops and other mobile devices out of site when traveling, preferably in + the trunk of a vehicle? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-07 + name: Kiosks & Point of Interaction (PoI) Devices + description: 'Mechanisms exist to appropriately protect devices that capture + sensitive/regulated data via direct physical interaction from tampering and + substitution. ' + annotation: 'Does the organization appropriately protect devices that capture + sensitive/regulated data via direct physical interaction from tampering and + substitution? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-08 + name: Tamper Detection + description: Mechanisms exist to periodically inspect systems and system components + for Indicators of Compromise (IoC). + annotation: Does the organization periodically inspect systems and system components + for Indicators of Compromise (IoC)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-09 + name: 'Secure Disposal, Destruction or Re-Use of Equipment ' + description: Mechanisms exist to securely dispose of, destroy or repurpose system + components using organization-defined techniques and methods to prevent information + being recovered from these components. + annotation: Does the organization securely dispose of, destroy or repurpose + system components using organization-defined techniques and methods to prevent + information being recovered from these components? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-10 + name: 'Return of Assets ' + description: Mechanisms exist to ensure that employees and third-party users + return all organizational assets in their possession upon termination of employment, + contract or agreement. + annotation: Does the organization ensure that employees and third-party users + return all organizational assets in their possession upon termination of employment, + contract or agreement? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-11 + name: 'Removal of Assets ' + description: 'Mechanisms exist to authorize, control and track technology assets + entering and exiting organizational facilities. ' + annotation: 'Does the organization authorize, control and track technology assets + entering and exiting organizational facilities? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-12 + name: Use of Personal Devices + description: Mechanisms exist to restrict the possession and usage of personally-owned + technology devices within organization-controlled facilities. + annotation: Does the organization restrict the possession and usage of personally-owned + technology devices within organization-controlled facilities? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-13 + name: Use of Third-Party Devices + description: Mechanisms exist to reduce the risk associated with third-party + assets that are attached to the network from harming organizational assets + or exfiltrating organizational data. + annotation: Does the organization reduce the risk associated with third-party + assets that are attached to the network from harming organizational assets + or exfiltrating organizational data? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-14 + name: Usage Parameters + description: "Mechanisms exist to monitor and enforce usage parameters that\ + \ limit the potential damage caused from the unauthorized or unintentional\ + \ alteration of system parameters. \n" + annotation: "Does the organization monitor and enforce usage parameters that\ + \ limit the potential damage caused from the unauthorized or unintentional\ + \ alteration of system parameters? \n" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-14.1 + name: Bluetooth & Wireless Devices + description: Mechanisms exist to prevent the usage of Bluetooth and wireless + devices (e.g., Near Field Communications (NFC)) in sensitive areas or unless + used in a Radio Frequency (RF)-screened building. + annotation: Does the organization prevent the usage of Bluetooth and wireless + devices (e.g., Near Field Communications (NFC)) in sensitive areas or unless + used in a Radio Frequency (RF)-screened building? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-14.2 + name: Infrared Communications + description: Mechanisms exist to prevent line of sight and reflected infrared + (IR) communications use in an unsecured space. + annotation: Does the organization prevent line of sight and reflected infrared + (IR) communications use in an unsecured space? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-15 + name: Tamper Protection + description: Mechanisms exist to verify logical configuration settings and the + physical integrity of critical technology assets throughout their lifecycle. + annotation: Does the organization verify logical configuration settings and + the physical integrity of critical technology assets throughout their lifecycle? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-15.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-15.1 + name: 'Inspection of Systems, Components & Devices ' + description: 'Mechanisms exist to physically and logically inspect critical + technology assets to detect evidence of tampering. ' + annotation: 'Does the organization physically and logically inspect critical + technology assets to detect evidence of tampering? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-16 + name: 'Bring Your Own Device (BYOD) Usage ' + description: Mechanisms exist to implement and govern a Bring Your Own Device + (BYOD) program to reduce risk associated with personally-owned devices in + the workplace. + annotation: Does the organization implement and govern a Bring Your Own Device + (BYOD) program to reduce risk associated with personally-owned devices in + the workplace? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-17 + name: Prohibited Equipment & Services + description: Mechanisms exist to govern Supply Chain Risk Management (SCRM) + sanctions that require the removal and prohibition of certain technology services + and/or equipment that are designated as supply chain threats by a statutory + or regulatory body. + annotation: Does the organization govern Supply Chain Risk Management (SCRM) + sanctions that require the removal and prohibition of certain technology services + and/or equipment that are designated as supply chain threats by a statutory + or regulatory body? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-18 + name: Roots of Trust Protection + description: "Mechanisms exist to provision and protect the confidentiality,\ + \ integrity and authenticity of product supplier keys and data that can be\ + \ used as a \u201Croots of trust\u201D basis for integrity verification." + annotation: "Does the organization provision and protect the confidentiality,\ + \ integrity and authenticity of product supplier keys and data that can be\ + \ used as a \u201Croots of trust\u201D basis for integrity verification?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-19 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-19 + name: Telecommunications Equipment + description: Mechanisms exist to establish usage restrictions and implementation + guidance for telecommunication equipment to prevent potential damage or unauthorized + modification and to prevent potential eavesdropping. + annotation: Does the organization establish usage restrictions and implementation + guidance for telecommunication equipment to prevent potential damage or unauthorized + modification and to prevent potential eavesdropping? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-20 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-20 + name: Video Teleconference (VTC) Security + description: Mechanisms exist to implement secure Video Teleconference (VTC) + capabilities on endpoint devices and in designated conference rooms, to prevent + potential eavesdropping. + annotation: Does the organization implement secure Video Teleconference (VTC) + capabilities on endpoint devices and in designated conference rooms, to prevent + potential eavesdropping? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-21 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-21 + name: Voice Over Internet Protocol (VoIP) Security + description: Mechanisms exist to implement secure Internet Protocol Telephony + (IPT) that logically or physically separates Voice Over Internet Protocol + (VoIP) traffic from data networks. + annotation: Does the organization implement secure Internet Protocol Telephony + (IPT) that logically or physically separates Voice Over Internet Protocol + (VoIP) traffic from data networks? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-22 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-22 + name: Microphones & Web Cameras + description: Mechanisms exist to configure assets to prohibit the use of endpoint-based + microphones and web cameras in secure areas or where sensitive/regulated information + is discussed. + annotation: Does the organization configure assets to prohibit the use of endpoint-based + microphones and web cameras in secure areas or where sensitive/regulated information + is discussed? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-23 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-23 + name: Multi-Function Devices (MFD) + description: Mechanisms exist to securely configure Multi-Function Devices (MFD) + according to industry-recognized secure practices for the type of device. + annotation: Does the organization securely configure Multi-Function Devices + (MFD) according to industry-recognized secure practices for the type of device? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-24 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-24 + name: Travel-Only Devices + description: Mechanisms exist to issue personnel travelling overseas with temporary, + loaner or "travel-only" end user technology (e.g., laptops and mobile devices) + when travelling to authoritarian countries with a higher-than average risk + for Intellectual Property (IP) theft or espionage against individuals and + private companies. + annotation: Does the organization issue personnel travelling overseas with temporary, + loaner or "travel-only" end user technology (e.g., laptops and mobile devices) + when travelling to authoritarian countries with a higher-than average risk + for Intellectual Property (IP) theft or espionage against individuals and + private companies? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-25 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-25 + name: Re-Imaging Devices After Travel + description: Mechanisms exist to re-image end user technology (e.g., laptops + and mobile devices) when returning from overseas travel to an authoritarian + country with a higher-than average risk for Intellectual Property (IP) theft + or espionage against individuals and private companies. + annotation: Does the organization re-image end user technology (e.g., laptops + and mobile devices) when returning from overseas travel to an authoritarian + country with a higher-than average risk for Intellectual Property (IP) theft + or espionage against individuals and private companies? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-26 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-26 + name: System Administrative Processes + description: Mechanisms exist to develop, implement and govern system administration + processes, with corresponding Standardized Operating Procedures (SOP), for + operating and maintaining systems, applications and services. + annotation: Does the organization develop, implement and govern system administration + processes, with corresponding Standardized Operating Procedures (SOP), for + operating and maintaining systems, applications and services? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-27 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-27 + name: Jump Server + description: Mechanisms exist to conduct remote system administrative functions + via a "jump box" or "jump server" that is located in a separate network zone + to user workstations. + annotation: Does the organization conduct remote system administrative functions + via a "jump box" or "jump server" that is located in a separate network zone + to user workstations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-28 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-28 + name: Database Administrative Processes + description: Mechanisms exist to develop, implement and govern database management + processes, with corresponding Standardized Operating Procedures (SOP), for + operating and maintaining databases. + annotation: Does the organization develop, implement and govern database management + processes, with corresponding Standardized Operating Procedures (SOP), for + operating and maintaining databases? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-28.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-28.1 + name: Database Management System (DBMS) + description: Mechanisms exist to implement and maintain Database Management + Systems (DBMSs), where applicable. + annotation: Does the organization implement and maintain Database Management + Systems (DBMSs), where applicable? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-29 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-29 + name: Radio Frequency Identification (RFID) Security + description: Mechanisms exist to securely govern Radio Frequency Identification + (RFID) deployments to ensure RFID is used safely and securely to protect the + confidentiality and integrity of data and prevent the compromise of secure + spaces. + annotation: Does the organization securely govern Radio Frequency Identification + (RFID) deployments to ensure RFID is used safely and securely to protect the + confidentiality and integrity of data and prevent the compromise of secure + spaces? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-29.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-29.1 + name: Contactless Access Control Systems + description: Mechanisms exist to securely configure contactless access control + systems incorporating contactless RFID or smart cards to protect the confidentiality + and integrity of data and prevent the compromise of secure spaces. + annotation: Does the organization securely configure contactless access control + systems incorporating contactless RFID or smart cards to protect the confidentiality + and integrity of data and prevent the compromise of secure spaces? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-30 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-30 + name: Decommissioning + description: Mechanisms exist to ensure systems, applications and services are + properly decommissioned so that data is properly transitioned to new systems + or archived in accordance with applicable organizational standards, as well + as statutory, regulatory and contractual obligations. + annotation: Does the organization ensure systems, applications and services + are properly decommissioned so that data is properly transitioned to new systems + or archived in accordance with applicable organizational standards, as well + as statutory, regulatory and contractual obligations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-31 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-31 + name: Asset Categorization + description: Mechanisms exist to categorize technology assets. + annotation: Does the organization categorize technology assets? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ast-31.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node102 + ref_id: AST-31.1 + name: Categorize Artificial Intelligence (AI)-Related Technologies + description: Mechanisms exist to categorize Artificial Intelligence (AI) and + Autonomous Technologies (AAT). + annotation: Does the organization categorize Artificial Intelligence (AI) and + Autonomous Technologies (AAT)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + assessable: false + depth: 1 + name: Business Continuity & Disaster Recovery + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-01 + name: Business Continuity Management System (BCMS) + description: Mechanisms exist to facilitate the implementation of contingency + planning controls to help ensure resilient assets and services (e.g., Continuity + of Operations Plan (COOP) or Business Continuity & Disaster Recovery (BC/DR) + playbooks). + annotation: Does the organization facilitate the implementation of contingency + planning controls to help ensure resilient assets and services (e.g., Continuity + of Operations Plan (COOP) or Business Continuity & Disaster Recovery (BC/DR) + playbooks)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-01.1 + name: 'Coordinate with Related Plans ' + description: 'Mechanisms exist to coordinate contingency plan development with + internal and external elements responsible for related plans. ' + annotation: 'Does the organization coordinate contingency plan development with + internal and external elements responsible for related plans? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-01.2 + name: Coordinate With External Service Providers + description: Mechanisms exist to coordinate internal contingency plans with + the contingency plans of external service providers to ensure that contingency + requirements can be satisfied. + annotation: Does the organization coordinate internal contingency plans with + the contingency plans of external service providers to ensure that contingency + requirements can be satisfied? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-01.3 + name: Transfer to Alternate Processing / Storage Site + description: Mechanisms exist to redeploy personnel to other roles during a + disruptive event or in the execution of a continuity plan. + annotation: Does the organization redeploy personnel to other roles during a + disruptive event or in the execution of a continuity plan? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-01.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-01.4 + name: Recovery Time / Point Objectives (RTO / RPO) + description: Mechanisms exist to facilitate recovery operations in accordance + with Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). + annotation: Does the organization facilitate recovery operations in accordance + with Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-01.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-01.5 + name: Recovery Operations Criteria + description: Mechanisms exist to define specific criteria that must be met to + initiate Business Continuity / Disaster Recover (BC/DR) plans that facilitate + business continuity operations capable of meeting applicable Recovery Time + Objectives (RTOs) and Recovery Point Objectives (RPOs). + annotation: Does the organization define specific criteria that must be met + to initiate Business Continuity / Disaster Recover (BC/DR) plans that facilitate + business continuity operations capable of meeting applicable Recovery Time + Objectives (RTOs) and Recovery Point Objectives (RPOs)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-01.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-01.6 + name: Recovery Operations Communications + description: Mechanisms exist to communicate the status of recovery activities + and progress in restoring operational capabilities to designated internal + and external stakeholders. + annotation: Does the organization communicate the status of recovery activities + and progress in restoring operational capabilities to designated internal + and external stakeholders? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-02 + name: 'Identify Critical Assets ' + description: Mechanisms exist to identify and document the critical systems, + applications and services that support essential missions and business functions. + annotation: Does the organization identify and document the critical systems, + applications and services that support essential missions and business functions? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-02.1 + name: Resume All Missions & Business Functions + description: Mechanisms exist to resume all missions and business functions + within Recovery Time Objectives (RTOs) of the contingency plan's activation. + annotation: Does the organization resume all missions and business functions + within Recovery Time Objectives (RTOs) of the contingency plan's activation? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-02.2 + name: Continue Essential Mission & Business Functions + description: Mechanisms exist to continue essential missions and business functions + with little or no loss of operational continuity and sustain that continuity + until full system restoration at primary processing and/or storage sites. + annotation: Does the organization continue essential missions and business functions + with little or no loss of operational continuity and sustain that continuity + until full system restoration at primary processing and/or storage sites? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-02.3 + name: 'Resume Essential Missions & Business Functions ' + description: 'Mechanisms exist to resume essential missions and business functions + within an organization-defined time period of contingency plan activation. ' + annotation: 'Does the organization resume essential missions and business functions + within an organization-defined time period of contingency plan activation? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-02.4 + name: Data Storage Location Reviews + description: Mechanisms exist to perform periodic security reviews of storage + locations that contain sensitive / regulated data. + annotation: Does the organization perform periodic security reviews of storage + locations that contain sensitive / regulated data? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-03 + name: Contingency Training + description: 'Mechanisms exist to adequately train contingency personnel and + applicable stakeholders in their contingency roles and responsibilities. ' + annotation: 'Does the organization adequately train contingency personnel and + applicable stakeholders in their contingency roles and responsibilities? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-03.1 + name: Simulated Events + description: Mechanisms exist to incorporate simulated events into contingency + training to facilitate effective response by personnel in crisis situations. + annotation: Does the organization incorporate simulated events into contingency + training to facilitate effective response by personnel in crisis situations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-03.2 + name: Automated Training Environments + description: Automated mechanisms exist to provide a more thorough and realistic + contingency training environment. + annotation: Does the organization use automated mechanisms to provide a more + thorough and realistic contingency training environment? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-04 + name: 'Contingency Plan Testing & Exercises ' + description: "Mechanisms exist to conduct tests and/or exercises to evaluate\ + \ the contingency plan's effectiveness and the organization\u2019s readiness\ + \ to execute the plan. " + annotation: "Does the organization conduct tests and/or exercises to evaluate\ + \ the contingency plan's effectiveness and the organization\u2019s readiness\ + \ to execute the plan? " + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-04.1 + name: 'Coordinated Testing with Related Plans ' + description: 'Mechanisms exist to coordinate contingency plan testing with internal + and external elements responsible for related plans. ' + annotation: 'Does the organization coordinate contingency plan testing with + internal and external elements responsible for related plans? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-04.2 + name: Alternate Storage & Processing Sites + description: 'Mechanisms exist to test contingency plans at alternate storage + & processing sites to both familiarize contingency personnel with the facility + and evaluate the capabilities of the alternate processing site to support + contingency operations. ' + annotation: 'Does the organization test contingency plans at alternate storage + & processing sites to both familiarize contingency personnel with the facility + and evaluate the capabilities of the alternate processing site to support + contingency operations? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-05 + name: Contingency Plan Root Cause Analysis (RCA) & Lessons Learned + description: Mechanisms exist to conduct a Root Cause Analysis (RCA) and "lessons + learned" activity every time the contingency plan is activated. + annotation: Does the organization conduct a Root Cause Analysis (RCA) and "lessons + learned" activity every time the contingency plan is activated? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-06 + name: Contingency Planning & Updates + description: Mechanisms exist to keep contingency plans current with business + needs, technology changes and feedback from contingency plan testing activities. + annotation: Does the organization keep contingency plans current with business + needs, technology changes and feedback from contingency plan testing activities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-07 + name: 'Alternative Security Measures ' + description: 'Mechanisms exist to implement alternative or compensating controls + to satisfy security functions when the primary means of implementing the security + function is unavailable or compromised. ' + annotation: 'Does the organization implement alternative or compensating controls + to satisfy security functions when the primary means of implementing the security + function is unavailable or compromised? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-08 + name: Alternate Storage Site + description: 'Mechanisms exist to establish an alternate storage site that includes + both the assets and necessary agreements to permit the storage and recovery + of system backup information. ' + annotation: 'Does the organization establish an alternate storage site that + includes both the assets and necessary agreements to permit the storage and + recovery of system backup information? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-08.1 + name: 'Separation from Primary Site ' + description: Mechanisms exist to separate the alternate storage site from the + primary storage site to reduce susceptibility to similar threats. + annotation: Does the organization separate the alternate storage site from the + primary storage site to reduce susceptibility to similar threats? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-08.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-08.2 + name: 'Accessibility ' + description: Mechanisms exist to identify and mitigate potential accessibility + problems to the alternate storage site in the event of an area-wide disruption + or disaster. + annotation: Does the organization identify and mitigate potential accessibility + problems to the alternate storage site in the event of an area-wide disruption + or disaster? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-09 + name: Alternate Processing Site + description: Mechanisms exist to establish an alternate processing site that + provides security measures equivalent to that of the primary site. + annotation: Does the organization establish an alternate processing site that + provides security measures equivalent to that of the primary site? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-09.1 + name: Separation from Primary Site + description: Mechanisms exist to separate the alternate processing site from + the primary processing site to reduce susceptibility to similar threats. + annotation: Does the organization separate the alternate processing site from + the primary processing site to reduce susceptibility to similar threats? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-09.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-09.2 + name: Accessibility + description: Mechanisms exist to identify and mitigate potential accessibility + problems to the alternate processing site and possible mitigation actions, + in the event of an area-wide disruption or disaster. + annotation: Does the organization identify and mitigate potential accessibility + problems to the alternate processing site and possible mitigation actions, + in the event of an area-wide disruption or disaster? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-09.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-09.3 + name: Alternate Site Priority of Service + description: 'Mechanisms exist to address priority-of-service provisions in + alternate processing and storage sites that support availability requirements, + including Recovery Time Objectives (RTOs). ' + annotation: 'Does the organization address priority-of-service provisions in + alternate processing and storage sites that support availability requirements, + including Recovery Time Objectives (RTOs)? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-09.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-09.4 + name: Preparation for Use + description: Mechanisms exist to prepare the alternate processing alternate + to support essential missions and business functions so that the alternate + site is capable of being used as the primary site. + annotation: Does the organization prepare the alternate processing alternate + to support essential missions and business functions so that the alternate + site is capable of being used as the primary site? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-09.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-09.5 + name: Inability to Return to Primary Site + description: Mechanisms exist to plan and prepare for both natural and manmade + circumstances that preclude returning to the primary processing site. + annotation: Does the organization plan and prepare for both natural and manmade + circumstances that preclude returning to the primary processing site? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-10 + name: Telecommunications Services Availability + description: Mechanisms exist to reduce the likelihood of a single point of + failure with primary telecommunications services. + annotation: Does the organization reduce the likelihood of a single point of + failure with primary telecommunications services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-10.1 + name: Telecommunications Priority of Service Provisions + description: 'Mechanisms exist to formalize primary and alternate telecommunications + service agreements contain priority-of-service provisions that support availability + requirements, including Recovery Time Objectives (RTOs). ' + annotation: 'Does the organization formalize primary and alternate telecommunications + service agreements contain priority-of-service provisions that support availability + requirements, including Recovery Time Objectives (RTOs)? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-10.2 + name: Separation of Primary / Alternate Providers + description: 'Mechanisms exist to obtain alternate telecommunications services + from providers that are separated from primary service providers to reduce + susceptibility to the same threats. ' + annotation: 'Does the organization obtain alternate telecommunications services + from providers that are separated from primary service providers to reduce + susceptibility to the same threats? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-10.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-10.3 + name: 'Provider Contingency Plan ' + description: Mechanisms exist to contractually-require external service providers + to have contingency plans that meet organizational contingency requirements. + annotation: Does the organization contractually-require external service providers + to have contingency plans that meet organizational contingency requirements? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-10.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-10.4 + name: Alternate Communications Paths + description: Mechanisms exist to maintain command and control capabilities via + alternate communications channels and designating alternative decision makers + if primary decision makers are unavailable. + annotation: Does the organization maintain command and control capabilities + via alternate communications channels and designating alternative decision + makers if primary decision makers are unavailable? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11 + name: Data Backups + description: Mechanisms exist to create recurring backups of data, software + and/or system images, as well as verify the integrity of these backups, to + ensure the availability of the data to satisfying Recovery Time Objectives + (RTOs) and Recovery Point Objectives (RPOs). + annotation: Does the organization create recurring backups of data, software + and/or system images, as well as verify the integrity of these backups, to + ensure the availability of the data to satisfying Recovery Time Objectives + (RTOs) and Recovery Point Objectives (RPOs)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.1 + name: 'Testing for Reliability & Integrity ' + description: 'Mechanisms exist to routinely test backups that verify the reliability + of the backup process, as well as the integrity and availability of the data. ' + annotation: 'Does the organization routinely test backups that verify the reliability + of the backup process, as well as the integrity and availability of the data? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.2 + name: 'Separate Storage for Critical Information ' + description: Mechanisms exist to store backup copies of critical software and + other security-related information in a separate facility or in a fire-rated + container that is not collocated with the system being backed up. + annotation: Does the organization store backup copies of critical software and + other security-related information in a separate facility or in a fire-rated + container that is not collocated with the system being backed up? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.3 + name: Information System Imaging + description: Mechanisms exist to reimage assets from configuration-controlled + and integrity-protected images that represent a secure, operational state. + annotation: Does the organization reimage assets from configuration-controlled + and integrity-protected images that represent a secure, operational state? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.4 + name: Cryptographic Protection + description: Cryptographic mechanisms exist to prevent the unauthorized disclosure + and/or modification of backup information. + annotation: Are cryptographic mechanisms utilized to prevent the unauthorized + disclosure and/or modification of backup information? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.5 + name: Test Restoration Using Sampling + description: 'Mechanisms exist to utilize sampling of available backups to test + recovery capabilities as part of business continuity plan testing. ' + annotation: 'Does the organization utilize sampling of available backups to + test recovery capabilities as part of business continuity plan testing? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.6 + name: Transfer to Alternate Storage Site + description: Mechanisms exist to transfer backup data to the alternate storage + site at a rate that is capable of meeting both Recovery Time Objectives (RTOs) + and Recovery Point Objectives (RPOs). + annotation: Does the organization transfer backup data to the alternate storage + site at a rate that is capable of meeting both Recovery Time Objectives (RTOs) + and Recovery Point Objectives (RPOs)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.7 + name: Redundant Secondary System + description: Mechanisms exist to maintain a failover system, which is not collocated + with the primary system, application and/or service, which can be activated + with little-to-no loss of information or disruption to operations. + annotation: Does the organization maintain a failover system, which is not collocated + with the primary system, application and/or service, which can be activated + with little-to-no loss of information or disruption to operations? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.8 + name: Dual Authorization For Backup Media Destruction + description: Mechanisms exist to implement and enforce dual authorization for + the deletion or destruction of sensitive backup media and data. + annotation: Does the organization implement and enforce dual authorization for + the deletion or destruction of sensitive backup media and data? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.9 + name: Backup Access + description: Mechanisms exist to restrict access to backups to privileged users + with assigned roles for data backup and recovery operations. + annotation: Does the organization restrict access to backups to privileged users + with assigned roles for data backup and recovery operations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-11.10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-11.10 + name: Backup Modification and/or Destruction + description: Mechanisms exist to restrict access to modify and/or delete backups + to privileged users with assigned data backup and recovery operations roles. + annotation: Does the organization restrict access to modify and/or delete backups + to privileged users with assigned data backup and recovery operations roles? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-12 + name: Information System Recovery & Reconstitution + description: Mechanisms exist to ensure the secure recovery and reconstitution + of systems to a known state after a disruption, compromise or failure. + annotation: Does the organization ensure the secure recovery and reconstitution + of systems to a known state after a disruption, compromise or failure? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-12.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-12.1 + name: Transaction Recovery + description: Mechanisms exist to utilize specialized backup mechanisms that + will allow transaction recovery for transaction-based applications and services + in accordance with Recovery Point Objectives (RPOs). + annotation: Does the organization utilize specialized backup mechanisms that + will allow transaction recovery for transaction-based applications and services + in accordance with Recovery Point Objectives (RPOs)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-12.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-12.2 + name: Failover Capability + description: Mechanisms exist to implement real-time or near-real-time failover + capability to maintain availability of critical systems, applications and/or + services. + annotation: Does the organization implement real-time or near-real-time failover + capability to maintain availability of critical systems, applications and/or + services? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-12.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-12.3 + name: Electronic Discovery (eDiscovery) + description: Mechanisms exist to utilize electronic discovery (eDiscovery) that + covers current and archived communication transactions. + annotation: Does the organization utilize electronic discovery (eDiscovery) + that covers current and archived communication transactions? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-12.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-12.4 + name: Restore Within Time Period + description: 'Mechanisms exist to restore systems, applications and/or services + within organization-defined restoration time-periods from configuration-controlled + and integrity-protected information; representing a known, operational state + for the asset. ' + annotation: 'Does the organization restore systems, applications and/or services + within organization-defined restoration time-periods from configuration-controlled + and integrity-protected information; representing a known, operational state + for the asset? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-13 + name: 'Backup & Restoration Hardware Protection ' + description: Mechanisms exist to protect backup and restoration hardware and + software. + annotation: Does the organization protect backup and restoration hardware and + software? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-13.1 + name: Restoration Integrity Verification + description: Mechanisms exist to verify the integrity of backups and other restoration + assets prior to using them for restoration. + annotation: Does the organization verify the integrity of backups and other + restoration assets prior to using them for restoration? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-14 + name: Isolated Recovery Environment + description: Mechanisms exist to utilize an isolated, non-production environment + to perform data backup and recovery operations through offline, cloud or off-site + capabilities. + annotation: Does the organization utilize an isolated, non-production environment + to perform data backup and recovery operations through offline, cloud or off-site + capabilities? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-15 + name: Reserve Hardware + description: Mechanisms exist to purchase and maintain a sufficient reserve + of spare hardware to ensure essential missions and business functions can + be maintained in the event of a supply chain disruption. + annotation: Does the organization purchase and maintain a sufficient reserve + of spare hardware to ensure essential missions and business functions can + be maintained in the event of a supply chain disruption? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:bcd-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node162 + ref_id: BCD-16 + name: AI & Autonomous Technologies Incidents + description: Mechanisms exist to handle failures or incidents with Artificial + Intelligence (AI) and Autonomous Technologies (AAT) deemed to be high-risk. + annotation: Does the organization handle failures or incidents with Artificial + Intelligence (AI) and Autonomous Technologies (AAT) deemed to be high-risk? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node219 + assessable: false + depth: 1 + name: Capacity & Performance Planning + - urn: urn:intuitem:risk:req_node:scf-2024-2:cap-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node219 + ref_id: CAP-01 + name: 'Capacity & Performance Management ' + description: Mechanisms exist to facilitate the implementation of capacity management + controls to ensure optimal system performance to meet expected and anticipated + future capacity requirements. + annotation: Does the organization facilitate the implementation of capacity + management controls to ensure optimal system performance to meet expected + and anticipated future capacity requirements? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cap-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node219 + ref_id: CAP-02 + name: Resource Priority + description: Mechanisms exist to control resource utilization of systems that + are susceptible to Denial of Service (DoS) attacks to limit and prioritize + the use of resources. + annotation: Does the organization control resource utilization of systems that + are susceptible to Denial of Service (DoS) attacks to limit and prioritize + the use of resources? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cap-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node219 + ref_id: CAP-03 + name: 'Capacity Planning ' + description: 'Mechanisms exist to conduct capacity planning so that necessary + capacity for information processing, telecommunications and environmental + support will exist during contingency operations. ' + annotation: 'Does the organization conduct capacity planning so that necessary + capacity for information processing, telecommunications and environmental + support will exist during contingency operations? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cap-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node219 + ref_id: CAP-04 + name: Performance Monitoring + description: Automated mechanisms exist to centrally-monitor and alert on the + operating state and health status of critical systems, applications and services. + annotation: Does the organization use automated mechanisms to centrally-monitor + and alert on the operating state and health status of critical systems, applications + and services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cap-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node219 + ref_id: CAP-05 + name: Elastic Expansion + description: Mechanisms exist to automatically scale the resources available + for services, as demand conditions change. + annotation: Does the organization automatically scale the resources available + for services, as demand conditions change? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cap-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node219 + ref_id: CAP-06 + name: Regional Delivery + description: Mechanisms exist to support operations that are geographically + dispersed via regional delivery of technological services. + annotation: Does the organization support operations that are geographically + dispersed via regional delivery of technological services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + assessable: false + depth: 1 + name: Change Management + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-01 + name: 'Change Management Program ' + description: Mechanisms exist to facilitate the implementation of a change management + program. + annotation: Does the organization facilitate the implementation of a change + management program? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-02 + name: 'Configuration Change Control ' + description: Mechanisms exist to govern the technical configuration change control + processes. + annotation: Does the organization govern the technical configuration change + control processes? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-02.1 + name: Prohibition Of Changes + description: Mechanisms exist to prohibit unauthorized changes, unless organization-approved + change requests are received. + annotation: Does the organization prohibit unauthorized changes, unless organization-approved + change requests are received? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-02.2 + name: 'Test, Validate & Document Changes ' + description: Mechanisms exist to appropriately test and document proposed changes + in a non-production environment before changes are implemented in a production + environment. + annotation: Does the organization appropriately test and document proposed changes + in a non-production environment before changes are implemented in a production + environment? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-02.3 + name: Cybersecurity & Data Privacy Representative for Asset Lifecycle Changes + description: Mechanisms exist to include a cybersecurity and/or data privacy + representative in the configuration change control review process. + annotation: Does the organization include a cybersecurity and/or data privacy + representative in the configuration change control review process? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-02.4 + name: Automated Security Response + description: Automated mechanisms exist to implement remediation actions upon + the detection of unauthorized baseline configurations change(s). + annotation: Does the organization use automated mechanisms to implement remediation + actions upon the detection of unauthorized baseline configurations change(s)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-02.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-02.5 + name: Cryptographic Management + description: 'Mechanisms exist to govern assets involved in providing cryptographic + protections according to the organization''s configuration management processes. ' + annotation: 'Does the organization govern assets involved in providing cryptographic + protections according to the organization''s configuration management processes? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-03 + name: 'Security Impact Analysis for Changes ' + description: Mechanisms exist to analyze proposed changes for potential security + impacts, prior to the implementation of the change. + annotation: Does the organization analyze proposed changes for potential security + impacts, prior to the implementation of the change? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-04 + name: Access Restriction For Change + description: Mechanisms exist to enforce configuration restrictions in an effort + to restrict the ability of users to conduct unauthorized changes. + annotation: Does the organization enforce configuration restrictions in an effort + to restrict the ability of users to conduct unauthorized changes? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-04.1 + name: 'Automated Access Enforcement / Auditing ' + description: Mechanisms exist to perform after-the-fact reviews of configuration + change logs to discover any unauthorized changes. + annotation: Does the organization perform after-the-fact reviews of configuration + change logs to discover any unauthorized changes? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-04.2 + name: 'Signed Components ' + description: Mechanisms exist to prevent the installation of software and firmware + components without verification that the component has been digitally signed + using an organization-approved certificate authority. + annotation: Does the organization prevent the installation of software and firmware + components without verification that the component has been digitally signed + using an organization-approved certificate authority? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-04.3 + name: Dual Authorization for Change + description: Mechanisms exist to enforce a two-person rule for implementing + changes to critical assets. + annotation: Does the organization enforce a two-person rule for implementing + changes to critical assets? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-04.4 + name: Permissions To Implement Changes + description: Mechanisms exist to limit operational privileges for implementing + changes. + annotation: Does the organization limit operational privileges for implementing + changes? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-04.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-04.5 + name: Library Privileges + description: 'Mechanisms exist to restrict software library privileges to those + individuals with a pertinent business need for access. ' + annotation: 'Does the organization restrict software library privileges to those + individuals with a pertinent business need for access? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-05 + name: 'Stakeholder Notification of Changes ' + description: 'Mechanisms exist to ensure stakeholders are made aware of and + understand the impact of proposed changes. ' + annotation: 'Does the organization ensure stakeholders are made aware of and + understand the impact of proposed changes? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-06 + name: Control Functionality Verification + description: 'Mechanisms exist to verify the functionality of cybersecurity + and/or data privacy controls following implemented changes to ensure applicable + controls operate as designed. ' + annotation: Does the organization verify the functionality of cybersecurity + and/or data privacy controls following implemented changes to ensure applicable + controls operate as designed? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:chg-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node226 + ref_id: CHG-06.1 + name: Report Verification Results + description: Mechanisms exist to report the results of cybersecurity & data + privacy function verification to appropriate organizational management. + annotation: Does the organization report the results of cybersecurity & data + privacy function verification to appropriate organizational management? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + assessable: false + depth: 1 + name: Cloud Security + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-01 + name: Cloud Services + description: 'Mechanisms exist to facilitate the implementation of cloud management + controls to ensure cloud instances are secure and in-line with industry practices. ' + annotation: 'Does the organization facilitate the implementation of cloud management + controls to ensure cloud instances are secure and in-line with industry practices? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-01.1 + name: Cloud Infrastructure Onboarding + description: Mechanisms exist to ensure cloud services are designed and configured + so systems, applications and processes are secured in accordance with applicable + organizational standards, as well as statutory, regulatory and contractual + obligations. + annotation: Does the organization ensure cloud services are designed and configured + so systems, applications and processes are secured in accordance with applicable + organizational standards, as well as statutory, regulatory and contractual + obligations? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-01.2 + name: Cloud Infrastructure Offboarding + description: Mechanisms exist to ensure cloud services are decommissioned so + that data is securely transitioned to new systems or archived in accordance + with applicable organizational standards, as well as statutory, regulatory + and contractual obligations. + annotation: Does the organization ensure cloud services are decommissioned so + that data is securely transitioned to new systems or archived in accordance + with applicable organizational standards, as well as statutory, regulatory + and contractual obligations? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-02 + name: 'Cloud Security Architecture ' + description: 'Mechanisms exist to ensure the cloud security architecture supports + the organization''s technology strategy to securely design, configure and + maintain cloud employments. ' + annotation: 'Does the organization ensure the cloud security architecture supports + the organization''s technology strategy to securely design, configure and + maintain cloud employments? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-03 + name: Cloud Infrastructure Security Subnet + description: Mechanisms exist to host security-specific technologies in a dedicated + subnet. + annotation: Does the organization host security-specific technologies in a dedicated + subnet? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-04 + name: 'Application & Program Interface (API) Security ' + description: Mechanisms exist to ensure support for secure interoperability + between components with Application & Program Interfaces (APIs). + annotation: Does the organization ensure support for secure interoperability + between components with Application & Program Interfaces (APIs)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-05 + name: 'Virtual Machine Images ' + description: 'Mechanisms exist to ensure the integrity of virtual machine images + at all times. ' + annotation: 'Does the organization ensure the integrity of virtual machine images + at all times? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-06 + name: 'Multi-Tenant Environments ' + description: Mechanisms exist to ensure multi-tenant owned or managed assets + (physical and virtual) are designed and governed such that provider and customer + (tenant) user access is appropriately segmented from other tenant users. + annotation: Does the organization ensure multi-tenant owned or managed assets + (physical and virtual) are designed and governed such that provider and customer + (tenant) user access is appropriately segmented from other tenant users? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-06.1 + name: Customer Responsibility Matrix (CRM) + description: Mechanisms exist to formally document a Customer Responsibility + Matrix (CRM), delineating assigned responsibilities for controls between the + Cloud Service Provider (CSP) and its customers. + annotation: Does the organization formally document a Customer Responsibility + Matrix (CRM), delineating assigned responsibilities for controls between the + Cloud Service Provider (CSP) and its customers? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-06.2 + name: Multi-Tenant Event Logging Capabilities + description: Mechanisms exist to ensure Multi-Tenant Service Providers (MTSP) + facilitate security event logging capabilities for its customers that are + consistent with applicable statutory, regulatory and/or contractual obligations. + annotation: Does the organization ensure Multi-Tenant Service Providers (MTSP) + facilitate security event logging capabilities for its customers that are + consistent with applicable statutory, regulatory and/or contractual obligations? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-06.3 + name: Multi-Tenant Forensics Capabilities + description: Mechanisms exist to ensure Multi-Tenant Service Providers (MTSP) + facilitate prompt forensic investigations in the event of a suspected or confirmed + security incident. + annotation: Does the organization ensure Multi-Tenant Service Providers (MTSP) + facilitate prompt forensic investigations in the event of a suspected or confirmed + security incident? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-06.4 + name: Multi-Tenant Incident Response Capabilities + description: Mechanisms exist to ensure Multi-Tenant Service Providers (MTSP) + facilitate prompt response to suspected or confirmed security incidents and + vulnerabilities, including timely notification to affected customers. + annotation: Does the organization ensure Multi-Tenant Service Providers (MTSP) + facilitate prompt response to suspected or confirmed security incidents and + vulnerabilities, including timely notification to affected customers? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-07 + name: Data Handling & Portability + description: 'Mechanisms exist to ensure cloud providers use secure protocols + for the import, export and management of data in cloud-based services. ' + annotation: 'Does the organization ensure cloud providers use secure protocols + for the import, export and management of data in cloud-based services? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-08 + name: 'Standardized Virtualization Formats ' + description: Mechanisms exist to ensure interoperability by requiring cloud + providers to use industry-recognized formats and provide documentation of + custom changes for review. + annotation: Does the organization ensure interoperability by requiring cloud + providers to use industry-recognized formats and provide documentation of + custom changes for review? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-09 + name: Geolocation Requirements for Processing, Storage and Service Locations + description: 'Mechanisms exist to control the location of cloud processing/storage + based on business requirements that includes statutory, regulatory and contractual + obligations. ' + annotation: 'Does the organization control the location of cloud processing/storage + based on business requirements that includes statutory, regulatory and contractual + obligations? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-10 + name: Sensitive Data In Public Cloud Providers + description: 'Mechanisms exist to limit and manage the storage of sensitive/regulated + data in public cloud providers. ' + annotation: 'Does the organization limit and manage the storage of sensitive/regulated + data in public cloud providers? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-11 + name: Cloud Access Security Broker (CASB) + description: Mechanisms exist to utilize a Cloud Access Security Broker (CASB), + or similar technology, to provide boundary protection and monitoring functions + that both provide access to the cloud and protect the organization from misuse + of cloud resources. + annotation: Does the organization utilize a Cloud Access Security Broker (CASB), + or similar technology, to provide boundary protection and monitoring functions + that both provide access to the cloud and protect the organization from misuse + of cloud resources? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-12 + name: Side Channel Attack Prevention + description: Mechanisms exist to prevent "side channel attacks" when using a + Content Delivery Network (CDN) by restricting access to the origin server's + IP address to the CDN and an authorized management network. + annotation: Does the organization prevent "side channel attacks" when using + a Content Delivery Network (CDN) by restricting access to the origin server's + IP address to the CDN and an authorized management network? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-13 + name: Hosted Systems, Applications & Services + description: Mechanisms exist to specify applicable cybersecurity & data protection + controls that must be implemented on external systems, consistent with the + contractual obligations established with the External Service Providers (ESP) + owning, operating and/or maintaining external systems, applications and/or + services. + annotation: Does the organization specify applicable cybersecurity & data protection + controls that must be implemented on external systems, consistent with the + contractual obligations established with the External Service Providers (ESP) + owning, operating and/or maintaining external systems, applications and/or + services? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-13.1 + name: Authorized Individuals For Hosted Systems, Applications & Services + description: Mechanisms exist to authorize specified individuals to access External + Service Providers (ESP) owned, operated and/or maintained external systems, + applications and/or services. + annotation: Does the organization authorize specified individuals to access + External Service Providers (ESP) owned, operated and/or maintained external + systems, applications and/or services? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-13.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-13.2 + name: Sensitive/Regulated Data On Hosted Systems, Applications & Services + description: Mechanisms exist to define formal processes to store, process and/or + transmit sensitive/regulated data using External Service Providers (ESP) owned, + operated and/or maintained external systems, applications and/or services + , in accordance with all applicable statutory, regulatory and/or contractual + obligations. + annotation: Does the organization define formal processes to store, process + and/or transmit sensitive/regulated data using External Service Providers + (ESP) owned, operated and/or maintained external systems, applications and/or + services , in accordance with all applicable statutory, regulatory and/or + contractual obligations? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cld-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node244 + ref_id: CLD-14 + name: Prohibition On Unverified Hosted Systems, Applications & Services + description: Mechanisms exist to prohibit access to, or usage of, hosted systems, + applications and/or services until applicable cybersecurity & data protection + control implementation is verified. + annotation: Does the organization prohibit access to, or usage of, hosted systems, + applications and/or services until applicable cybersecurity & data protection + control implementation is verified? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + assessable: false + depth: 1 + name: Compliance + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-01 + name: 'Statutory, Regulatory & Contractual Compliance ' + description: Mechanisms exist to facilitate the identification and implementation + of relevant statutory, regulatory and contractual controls. + annotation: Does the organization facilitate the identification and implementation + of relevant statutory, regulatory and contractual controls? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-01.1 + name: Non-Compliance Oversight + description: Mechanisms exist to document and review instances of non-compliance + with statutory, regulatory and/or contractual obligations to develop appropriate + risk mitigation actions. + annotation: Does the organization document and review instances of non-compliance + with statutory, regulatory and/or contractual obligations to develop appropriate + risk mitigation actions? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-01.2 + name: Compliance Scope + description: Mechanisms exist to document and validate the scope of cybersecurity + & data privacy controls that are determined to meet statutory, regulatory + and/or contractual compliance obligations. + annotation: Does the organization document and validate the scope of cybersecurity + & data privacy controls that are determined to meet statutory, regulatory + and/or contractual compliance obligations? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-02 + name: 'Cybersecurity & Data Protection Controls Oversight ' + description: Mechanisms exist to provide a cybersecurity & data protection controls + oversight function that reports to the organization's executive leadership. + annotation: Does the organization provide a cybersecurity & data protection + controls oversight function that reports to the organization's executive leadership? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-02.1 + name: Internal Audit Function + description: Mechanisms exist to implement an internal audit function that is + capable of providing senior organization management with insights into the + appropriateness of the organization's technology and information governance + processes. + annotation: Does the organization implement an internal audit function that + is capable of providing senior organization management with insights into + the appropriateness of the organization's technology and information governance + processes? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-03 + name: 'Cybersecurity & Data Protection Assessments ' + description: Mechanisms exist to ensure managers regularly review the processes + and documented procedures within their area of responsibility to adhere to + appropriate cybersecurity & data protection policies, standards and other + applicable requirements. + annotation: Does the organization ensure managers regularly review the processes + and documented procedures within their area of responsibility to adhere to + appropriate cybersecurity & data protection policies, standards and other + applicable requirements? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-03.1 + name: 'Independent Assessors ' + description: Mechanisms exist to utilize independent assessors to evaluate cybersecurity + & data protection controls at planned intervals or when the system, service + or project undergoes significant changes. + annotation: Does the organization utilize independent assessors to evaluate + cybersecurity & data protection controls at planned intervals or when the + system, service or project undergoes significant changes? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-03.2 + name: 'Functional Review Of Cybersecurity & Data Protection Controls ' + description: "Mechanisms exist to regularly review technology assets for adherence\ + \ to the organization\u2019s cybersecurity & data protection policies and\ + \ standards. " + annotation: "Does the organization regularly review technology assets for adherence\ + \ to the organization\u2019s cybersecurity & data protection policies and\ + \ standards? " + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-04 + name: 'Audit Activities ' + description: Mechanisms exist to thoughtfully plan audits by including input + from operational risk and compliance partners to minimize the impact of audit-related + activities on business operations. + annotation: Does the organization thoughtfully plan audits by including input + from operational risk and compliance partners to minimize the impact of audit-related + activities on business operations? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-05 + name: Legal Assessment of Investigative Inquires + description: Mechanisms exist to determine whether a government agency has an + applicable and valid legal basis to request data from the organization and + what further steps need to be taken, if necessary. + annotation: Does the organization determine whether a government agency has + an applicable and valid legal basis to request data from the organization + and what further steps need to be taken, if necessary? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-05.1 + name: Investigation Request Notifications + description: Mechanisms exist to notify customers about investigation request + notifications, unless the applicable legal basis for a government agency's + action prohibits notification (e.g., potential criminal prosecution). + annotation: Does the organization notify customers about investigation request + notifications, unless the applicable legal basis for a government agency's + action prohibits notification (e.g., potential criminal prosecution)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-05.2 + name: Investigation Access Restrictions + description: Mechanisms exist to support official investigations by provisioning + government investigators with "least privileges" and "least functionality" + to ensure that government investigators only have access to the data and systems + needed to perform the investigation. + annotation: Does the organization support official investigations by provisioning + government investigators with "least privileges" and "least functionality" + to ensure that government investigators only have access to the data and systems + needed to perform the investigation? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cpl-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node267 + ref_id: CPL-06 + name: Government Surveillance + description: Mechanisms exist to constrain the host government from having unrestricted + and non-monitored access to the organization's systems, applications and services + that could potentially violate other applicable statutory, regulatory and/or + contractual obligations. + annotation: Does the organization constrain the host government from having + unrestricted and non-monitored access to the organization's systems, applications + and services that could potentially violate other applicable statutory, regulatory + and/or contractual obligations? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + assessable: false + depth: 1 + name: Configuration Management + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-01 + name: Configuration Management Program + description: Mechanisms exist to facilitate the implementation of configuration + management controls. + annotation: Does the organization facilitate the implementation of configuration + management controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-01.1 + name: Assignment of Responsibility + description: Mechanisms exist to implement a segregation of duties for configuration + management that prevents developers from performing production configuration + management duties. + annotation: Does the organization implement a segregation of duties for configuration + management that prevents developers from performing production configuration + management duties? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02 + name: 'System Hardening Through Baseline Configurations ' + description: 'Mechanisms exist to develop, document and maintain secure baseline + configurations for technology platforms that are consistent with industry-accepted + system hardening standards. ' + annotation: 'Does the organization develop, document and maintain secure baseline + configurations for technology platforms that are consistent with industry-accepted + system hardening standards? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.1 + name: Reviews & Updates + description: "Mechanisms exist to review and update baseline configurations:\n\ + \ \u25AA At least annually;\n \u25AA When required due to so; or\n \u25AA\ + \ As part of system component installations and upgrades." + annotation: "Does the organization review and update baseline configurations:\n\ + \ \u25AA At least annually;\n \u25AA When required due to so; or\n \u25AA\ + \ As part of system component installations and upgrades?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.2 + name: 'Automated Central Management & Verification ' + description: Automated mechanisms exist to govern and report on baseline configurations + of systems through Continuous Diagnostics and Mitigation (CDM), or similar + technologies. + annotation: Does the organization use automated mechanisms to govern and report + on baseline configurations of systems through Continuous Diagnostics and Mitigation + (CDM), or similar technologies? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.3 + name: 'Retention Of Previous Configurations ' + description: 'Mechanisms exist to retain previous versions of baseline configuration + to support roll back. ' + annotation: 'Does the organization retain previous versions of baseline configuration + to support roll back? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.4 + name: Development & Test Environment Configurations + description: Mechanisms exist to manage baseline configurations for development + and test environments separately from operational baseline configurations + to minimize the risk of unintentional changes. + annotation: Does the organization manage baseline configurations for development + and test environments separately from operational baseline configurations + to minimize the risk of unintentional changes? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.5 + name: 'Configure Systems, Components or Services for High-Risk Areas ' + description: Mechanisms exist to configure systems utilized in high-risk areas + with more restrictive baseline configurations. + annotation: Does the organization configure systems utilized in high-risk areas + with more restrictive baseline configurations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.6 + name: Network Device Configuration File Synchronization + description: 'Mechanisms exist to configure network devices to synchronize startup + and running configuration files. ' + annotation: 'Does the organization configure network devices to synchronize + startup and running configuration files? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.7 + name: 'Approved Configuration Deviations ' + description: Mechanisms exist to document, assess risk and approve or deny deviations + to standardized configurations. + annotation: Does the organization document, assess risk and approve or deny + deviations to standardized configurations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.8 + name: 'Respond To Unauthorized Changes ' + description: 'Mechanisms exist to respond to unauthorized changes to configuration + settings as security incidents. ' + annotation: 'Does the organization respond to unauthorized changes to configuration + settings as security incidents? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-02.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-02.9 + name: Baseline Tailoring + description: "Mechanisms exist to allow baseline controls to be specialized\ + \ or customized by applying a defined set of tailoring actions that are specific\ + \ to:\n \u25AA Mission / business functions;\n \u25AA Operational environment;\n\ + \ \u25AA Specific threats or vulnerabilities; or\n \u25AA Other conditions\ + \ or situations that could affect mission / business success." + annotation: "Does the organization allow baseline controls to be specialized\ + \ or customized by applying a defined set of tailoring actions that are specific\ + \ to:\n \u25AA Mission / business functions;\n \u25AA Operational environment;\n\ + \ \u25AA Specific threats or vulnerabilities; or\n \u25AA Other conditions\ + \ or situations that could affect mission / business success?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-03 + name: Least Functionality + description: 'Mechanisms exist to configure systems to provide only essential + capabilities by specifically prohibiting or restricting the use of ports, + protocols, and/or services. ' + annotation: 'Does the organization configure systems to provide only essential + capabilities by specifically prohibiting or restricting the use of ports, + protocols, and/or services? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-03.1 + name: Periodic Review + description: Mechanisms exist to periodically review system configurations to + identify and disable unnecessary and/or non-secure functions, ports, protocols + and services. + annotation: Does the organization periodically review system configurations + to identify and disable unnecessary and/or non-secure functions, ports, protocols + and services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-03.2 + name: Prevent Unauthorized Software Execution + description: 'Mechanisms exist to configure systems to prevent the execution + of unauthorized software programs. ' + annotation: 'Does the organization configure systems to prevent the execution + of unauthorized software programs? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-03.3 + name: Explicitly Allow / Deny Applications + description: Mechanisms exist to explicitly allow (allowlist / whitelist) and/or + block (denylist / blacklist) applications that are authorized to execute on + systems. + annotation: Does the organization explicitly allow (allowlist / whitelist) and/or + block (denylist / blacklist) applications that are authorized to execute on + systems? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-03.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-03.4 + name: Split Tunneling + description: Mechanisms exist to prevent split tunneling for remote devices + unless the split tunnel is securely provisioned using organization-defined + safeguards. + annotation: 'Does the organization prevent split tunneling for remote devices + unless the split tunnel is securely provisioned using organization-defined + safeguards? + + + Prevent split tunneling for remote devices unless the split tunnel is securely + provisioned using organization-defined safeguards?' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-04 + name: 'Software Usage Restrictions ' + description: Mechanisms exist to enforce software usage restrictions to comply + with applicable contract agreements and copyright laws. + annotation: Does the organization enforce software usage restrictions to comply + with applicable contract agreements and copyright laws? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-04.1 + name: Open Source Software + description: 'Mechanisms exist to establish parameters for the secure use of + open source software. ' + annotation: 'Does the organization establish parameters for the secure use of + open source software? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-04.2 + name: 'Unsupported Internet Browsers & Email Clients ' + description: Mechanisms exist to allow only approved Internet browsers and email + clients to run on systems. + annotation: Does the organization allow only approved Internet browsers and + email clients to run on systems? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-05 + name: User-Installed Software + description: Mechanisms exist to restrict the ability of non-privileged users + to install unauthorized software. + annotation: Does the organization restrict the ability of non-privileged users + to install unauthorized software? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-05.1 + name: Unauthorized Installation Alerts + description: 'Mechanisms exist to configure systems to generate an alert when + the unauthorized installation of software is detected. ' + annotation: 'Does the organization configure systems to generate an alert when + the unauthorized installation of software is detected? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-05.2 + name: Restrict Roles Permitted To Install Software + description: Mechanisms exist to configure systems to prevent the installation + of software, unless the action is performed by a privileged user or service. + annotation: Does the organization configure systems to prevent the installation + of software, unless the action is performed by a privileged user or service? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-06 + name: Configuration Enforcement + description: Automated mechanisms exist to monitor, enforce and report on configurations + for endpoint devices. + annotation: Does the organization use automated mechanisms to monitor, enforce + and report on configurations for endpoint devices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-06.1 + name: Integrity Assurance & Enforcement (IAE) + description: Automated mechanisms exist to identify unauthorized deviations + from an approved baseline and implement automated resiliency actions to remediate + the unauthorized change. + annotation: Does the organization use automated mechanisms to identify unauthorized + deviations from an approved baseline and implement automated resiliency actions + to remediate the unauthorized change? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-07 + name: Zero-Touch Provisioning (ZTP) + description: Mechanisms exist to implement Zero-Touch Provisioning (ZTP), or + similar technology, to automatically and securely configure devices upon being + added to a network. + annotation: Does the organization implement Zero-Touch Provisioning (ZTP), or + similar technology, to automatically and securely configure devices upon being + added to a network? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-08 + name: Sensitive / Regulated Data Access Enforcement + description: Mechanisms exist to configure systems, applications and processes + to restrict access to sensitive/regulated data. + annotation: Does the organization configure systems, applications and processes + to restrict access to sensitive/regulated data? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cfg-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node281 + ref_id: CFG-08.1 + name: Sensitive / Regulated Data Actions + description: Automated mechanisms exist to generate event logs whenever sensitive/regulated + data is collected, created, updated, deleted and/or archived. + annotation: Does the organization use automated mechanisms to generate event + logs whenever sensitive/regulated data is collected, created, updated, deleted + and/or archived? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + assessable: false + depth: 1 + name: Continuous Monitoring + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01 + name: Continuous Monitoring + description: Mechanisms exist to facilitate the implementation of enterprise-wide + monitoring controls. + annotation: Does the organization facilitate the implementation of enterprise-wide + monitoring controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.1 + name: Intrusion Detection & Prevention Systems (IDS & IPS) + description: Mechanisms exist to implement Intrusion Detection / Prevention + Systems (IDS / IPS) technologies on critical systems, key network segments + and network choke points. + annotation: Does the organization implement Intrusion Detection / Prevention + Systems (IDS / IPS) technologies on critical systems, key network segments + and network choke points? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.2 + name: 'Automated Tools for Real-Time Analysis ' + description: 'Mechanisms exist to utilize a Security Incident Event Manager + (SIEM), or similar automated tool, to support near real-time analysis and + incident escalation. ' + annotation: 'Does the organization utilize a Security Incident Event Manager + (SIEM), or similar automated tool, to support near real-time analysis and + incident escalation? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.3 + name: 'Inbound & Outbound Communications Traffic ' + description: Mechanisms exist to continuously monitor inbound and outbound communications + traffic for unusual or unauthorized activities or conditions. + annotation: Does the organization continuously monitor inbound and outbound + communications traffic for unusual or unauthorized activities or conditions? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.4 + name: 'System Generated Alerts ' + description: 'Mechanisms exist to generate, generate, monitor, correlate and + respond to alerts from physical, cybersecurity, data privacy and supply chain + activities to achieve integrated situational awareness. ' + annotation: 'Does the organization generate, monitor, correlate and respond + to alerts from physical, cybersecurity, data privacy and supply chain activities + to achieve integrated situational awareness? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.5 + name: Wireless Intrusion Detection System (WIDS) + description: 'Mechanisms exist to utilize Wireless Intrusion Detection / Protection + Systems (WIDS / WIPS) to identify rogue wireless devices and to detect attack + attempts via wireless networks. ' + annotation: 'Does the organization utilize Wireless Intrusion Detection / Protection + Systems (WIDS / WIPS) to identify rogue wireless devices and to detect attack + attempts via wireless networks? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.6 + name: 'Host-Based Devices ' + description: Mechanisms exist to utilize Host-based Intrusion Detection / Prevention + Systems (HIDS / HIPS) to actively alert on or block unwanted activities and + send logs to a Security Incident Event Manager (SIEM), or similar automated + tool, to maintain situational awareness. + annotation: Does the organization utilize Host-based Intrusion Detection / Prevention + Systems (HIDS / HIPS) to actively alert on or block unwanted activities and + send logs to a Security Incident Event Manager (SIEM), or similar automated + tool, to maintain situational awareness? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.7 + name: File Integrity Monitoring (FIM) + description: 'Mechanisms exist to utilize a File Integrity Monitor (FIM), or + similar change-detection technology, on critical assets to generate alerts + for unauthorized modifications. ' + annotation: 'Does the organization utilize a File Integrity Monitor (FIM), or + similar change-detection technology, on critical assets to generate alerts + for unauthorized modifications? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.8 + name: 'Reviews & Updates ' + description: Mechanisms exist to review event logs on an ongoing basis and escalate + incidents in accordance with established timelines and procedures. + annotation: Does the organization review event logs on an ongoing basis and + escalate incidents in accordance with established timelines and procedures? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.9 + name: 'Proxy Logging ' + description: 'Mechanisms exist to log all Internet-bound requests, in order + to identify prohibited activities and assist incident handlers with identifying + potentially compromised systems. ' + annotation: 'Does the organization log all Internet-bound requests, in order + to identify prohibited activities and assist incident handlers with identifying + potentially compromised systems? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.10 + name: 'Deactivated Account Activity ' + description: Mechanisms exist to monitor deactivated accounts for attempted + usage. + annotation: Does the organization monitor deactivated accounts for attempted + usage? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.11 + name: Automated Response to Suspicious Events + description: Mechanisms exist to automatically implement pre-determined corrective + actions in response to detected events that have security incident implications. + annotation: Does the organization automatically implement pre-determined corrective + actions in response to detected events that have security incident implications? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.12 + name: Automated Alerts + description: Mechanisms exist to automatically alert incident response personnel + to inappropriate or anomalous activities that have potential security incident + implications. + annotation: Does the organization automatically alert incident response personnel + to inappropriate or anomalous activities that have potential security incident + implications? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.13 + name: Alert Threshold Tuning + description: Mechanisms exist to "tune" event monitoring technologies through + analyzing communications traffic/event patterns and developing profiles representing + common traffic patterns and/or events. + annotation: Does the organization "tune" event monitoring technologies through + analyzing communications traffic/event patterns and developing profiles representing + common traffic patterns and/or events? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.14 + name: Individuals Posing Greater Risk + description: 'Mechanisms exist to implement enhanced activity monitoring for + individuals who have been identified as posing an increased level of risk. ' + annotation: 'Does the organization implement enhanced activity monitoring for + individuals who have been identified as posing an increased level of risk? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.15 + name: Privileged User Oversight + description: Mechanisms exist to implement enhanced activity monitoring for + privileged users. + annotation: Does the organization implement enhanced activity monitoring for + privileged users? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.16 + name: Analyze and Prioritize Monitoring Requirements + description: Mechanisms exist to assess the organization's needs for monitoring + and prioritize the monitoring of assets, based on asset criticality and the + sensitivity of the data it stores, transmits and processes. + annotation: Does the organization assess the organization's needs for monitoring + and prioritize the monitoring of assets, based on asset criticality and the + sensitivity of the data it stores, transmits and processes? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-01.17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-01.17 + name: Real-Time Session Monitoring + description: Mechanisms exist to enable authorized personnel the ability to + remotely view and hear content related to an established user session in real + time, in accordance with organizational standards, as well as statutory, regulatory + and contractual obligations. + annotation: Does the organization enable authorized personnel the ability to + remotely view and hear content related to an established user session in real + time, in accordance with organizational standards, as well as statutory, regulatory + and contractual obligations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02 + name: Centralized Collection of Security Event Logs + description: Mechanisms exist to utilize a Security Incident Event Manager (SIEM), + or similar automated tool, to support the centralized collection of security-related + event logs. + annotation: Does the organization utilize a Security Incident Event Manager + (SIEM) or similar automated tool, to support the centralized collection of + security-related event logs? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02.1 + name: Correlate Monitoring Information + description: Automated mechanisms exist to correlate both technical and non-technical + information from across the enterprise by a Security Incident Event Manager + (SIEM) or similar automated tool, to enhance organization-wide situational + awareness. + annotation: Does the organization use automated mechanisms to correlate both + technical and non-technical information from across the enterprise by a Security + Incident Event Manager (SIEM) or similar automated tool, to enhance organization-wide + situational awareness? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02.2 + name: Central Review & Analysis + description: Automated mechanisms exist to centrally collect, review and analyze + audit records from multiple sources. + annotation: Does the organization use automated mechanisms to centrally collect, + review and analyze audit records from multiple sources? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02.3 + name: Integration of Scanning & Other Monitoring Information + description: Automated mechanisms exist to integrate the analysis of audit records + with analysis of vulnerability scanners, network performance, system monitoring + and other sources to further enhance the ability to identify inappropriate + or unusual activity. + annotation: Does the organization use automated mechanisms to integrate the + analysis of audit records with analysis of vulnerability scanners, network + performance, system monitoring and other sources to further enhance the ability + to identify inappropriate or unusual activity? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02.4 + name: Correlation with Physical Monitoring + description: 'Automated mechanisms exist to correlate information from audit + records with information obtained from monitoring physical access to further + enhance the ability to identify suspicious, inappropriate, unusual or malevolent + activity. ' + annotation: 'Does the organization use automated mechanisms to correlate information + from audit records with information obtained from monitoring physical access + to further enhance the ability to identify suspicious, inappropriate, unusual + or malevolent activity? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02.5 + name: Permitted Actions + description: 'Mechanisms exist to specify the permitted actions for both users + and systems associated with the review, analysis and reporting of audit information. ' + annotation: 'Does the organization specify the permitted actions for both users + and systems associated with the review, analysis and reporting of audit information? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02.6 + name: Audit Level Adjustments + description: 'Mechanisms exist to adjust the level of audit review, analysis + and reporting based on evolving threat information from law enforcement, industry + associations or other credible sources of threat intelligence. ' + annotation: 'Does the organization adjust the level of audit review, analysis + and reporting based on evolving threat information from law enforcement, industry + associations or other credible sources of threat intelligence? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02.7 + name: System-Wide / Time-Correlated Audit Trail + description: Automated mechanisms exist to compile audit records into an organization-wide + audit trail that is time-correlated. + annotation: Does the organization use automated mechanisms to compile audit + records into an organization-wide audit trail that is time-correlated? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-02.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-02.8 + name: Changes by Authorized Individuals + description: 'Mechanisms exist to provide privileged users or roles the capability + to change the auditing to be performed on specified information system components, + based on specific event criteria within specified time thresholds. ' + annotation: 'Does the organization provide privileged users or roles the capability + to change the auditing to be performed on specified information system components, + based on specific event criteria within specified time thresholds? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-03 + name: Content of Event Logs + description: "Mechanisms exist to configure systems to produce event logs that\ + \ contain sufficient information to, at a minimum:\n \u25AA Establish what\ + \ type of event occurred;\n \u25AA When (date and time) the event occurred;\n\ + \ \u25AA Where the event occurred;\n \u25AA The source of the event;\n \u25AA\ + \ The outcome (success or failure) of the event; and \n \u25AA The identity\ + \ of any user/subject associated with the event. " + annotation: "Does the organization configure systems to produce event logs that\ + \ contain sufficient information to, at a minimum:\n \u25AA Establish what\ + \ type of event occurred;\n \u25AA When (date and time) the event occurred;\n\ + \ \u25AA Where the event occurred;\n \u25AA The source of the event;\n \u25AA\ + \ The outcome (success or failure) of the event; and \n \u25AA The identity\ + \ of any user/subject associated with the event? " + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-03.1 + name: Sensitive Audit Information + description: 'Mechanisms exist to protect sensitive/regulated data contained + in log files. ' + annotation: 'Does the organization protect sensitive/regulated data contained + in log files? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-03.2 + name: Audit Trails + description: Mechanisms exist to link system access to individual users or service + accounts. + annotation: Does the organization link system access to individual users or + service accounts? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-03.3 + name: 'Privileged Functions Logging ' + description: Mechanisms exist to log and review the actions of users and/or + services with elevated privileges. + annotation: Does the organization log and review the actions of users and/or + services with elevated privileges? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-03.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-03.4 + name: 'Verbosity Logging for Boundary Devices ' + description: Mechanisms exist to verbosely log all traffic (both allowed and + blocked) arriving at network boundary devices, including firewalls, Intrusion + Detection / Prevention Systems (IDS/IPS) and inbound and outbound proxies. + annotation: Does the organization verbosely log all traffic (both allowed and + blocked) arriving at network boundary devices, including firewalls, Intrusion + Detection / Prevention Systems (IDS/IPS) and inbound and outbound proxies? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-03.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-03.5 + name: Limit Personal Data (PD) In Audit Records + description: Mechanisms exist to limit Personal Data (PD) contained in audit + records to the elements identified in the data privacy risk assessment. + annotation: Does the organization limit Personal Data (PD) contained in audit + records to the elements identified in the data privacy risk assessment? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-03.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-03.6 + name: Centralized Management of Planned Audit Record Content + description: 'Mechanisms exist to centrally manage and configure the content + required to be captured in audit records generated by organization-defined + information system components. ' + annotation: 'Does the organization centrally manage and configure the content + required to be captured in audit records generated by organization-defined + information system components? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-03.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-03.7 + name: Database Logging + description: Mechanisms exist to ensure databases produce audit records that + contain sufficient information to monitor database activities. + annotation: Does the organization ensure databases produce audit records that + contain sufficient information to monitor database activities? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-04 + name: 'Event Log Storage Capacity ' + description: 'Mechanisms exist to allocate and proactively manage sufficient + event log storage capacity to reduce the likelihood of such capacity being + exceeded. ' + annotation: 'Does the organization allocate and proactively manage sufficient + event log storage capacity to reduce the likelihood of such capacity being + exceeded? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-05 + name: Response To Event Log Processing Failures + description: Mechanisms exist to alert appropriate personnel in the event of + a log processing failure and take actions to remedy the disruption. + annotation: Does the organization alert appropriate personnel in the event of + a log processing failure and take actions to remedy the disruption? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-05.1 + name: Real-Time Alerts of Event Logging Failure + description: 'Mechanisms exist to provide 24x7x365 near real-time alerting capability + when an event log processing failure occurs. ' + annotation: 'Does the organization provide 24x7x365 near real-time alerting + capability when an event log processing failure occurs? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-05.2 + name: 'Event Log Storage Capacity Alerting ' + description: Automated mechanisms exist to alert appropriate personnel when + the allocated volume reaches an organization-defined percentage of maximum + event log storage capacity. + annotation: Does the organization use automated mechanisms to alert appropriate + personnel when the allocated volume reaches an organization-defined percentage + of maximum event log storage capacity? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-06 + name: 'Monitoring Reporting ' + description: 'Mechanisms exist to provide an event log report generation capability + to aid in detecting and assessing anomalous activities. ' + annotation: 'Does the organization provide an event log report generation capability + to aid in detecting and assessing anomalous activities? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-06.1 + name: Query Parameter Audits of Personal Data (PD) + description: Mechanisms exist to provide and implement the capability for auditing + the parameters of user query events for data sets containing Personal Data + (PD). + annotation: Does the organization provide and implement the capability for auditing + the parameters of user query events for data sets containing Personal Data + (PD)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-06.2 + name: Trend Analysis Reporting + description: Mechanisms exist to employ trend analyses to determine if security + control implementations, the frequency of continuous monitoring activities, + and/or the types of activities used in the continuous monitoring process need + to be modified based on empirical data. + annotation: Does the organization employ trend analyses to determine if security + control implementations, the frequency of continuous monitoring activities, + and/or the types of activities used in the continuous monitoring process need + to be modified based on empirical data? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-07 + name: 'Time Stamps ' + description: 'Mechanisms exist to configure systems to use an authoritative + time source to generate time stamps for event logs. ' + annotation: 'Does the organization configure systems to use an authoritative + time source to generate time stamps for event logs? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-07.1 + name: Synchronization With Authoritative Time Source + description: 'Mechanisms exist to synchronize internal system clocks with an + authoritative time source. ' + annotation: 'Does the organization synchronize internal system clocks with an + authoritative time source? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-08 + name: 'Protection of Event Logs ' + description: Mechanisms exist to protect event logs and audit tools from unauthorized + access, modification and deletion. + annotation: Does the organization protect event logs and audit tools from unauthorized + access, modification and deletion? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-08.1 + name: 'Event Log Backup on Separate Physical Systems / Components ' + description: Mechanisms exist to back up event logs onto a physically different + system or system component than the Security Incident Event Manager (SIEM) + or similar automated tool. + annotation: Does the organization back up event logs onto a physically different + system or system component than the Security Incident Event Manager (SIEM) + or similar automated tool? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-08.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-08.2 + name: 'Access by Subset of Privileged Users ' + description: Mechanisms exist to restrict access to the management of event + logs to privileged users with a specific business need. + annotation: Does the organization restrict access to the management of event + logs to privileged users with a specific business need? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-08.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-08.3 + name: Cryptographic Protection of Event Log Information + description: 'Cryptographic mechanisms exist to protect the integrity of event + logs and audit tools. ' + annotation: 'Are cryptographic mechanisms utilized to protect the integrity + of event logs and audit tools? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-08.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-08.4 + name: Dual Authorization for Event Log Movement + description: Automated mechanisms exist to enforce dual authorization for the + movement or deletion of event logs. + annotation: Does the organization use automated mechanisms to enforce dual authorization + for the movement or deletion of event logs? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-09 + name: Non-Repudiation + description: 'Mechanisms exist to utilize a non-repudiation capability to protect + against an individual falsely denying having performed a particular action. ' + annotation: 'Does the organization utilize a non-repudiation capability to protect + against an individual falsely denying having performed a particular action? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-09.1 + name: Identity Binding + description: Mechanisms exist to bind the identity of the information producer + to the information generated. + annotation: Does the organization bind the identity of the information producer + to the information generated? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-10 + name: Event Log Retention + description: 'Mechanisms exist to retain event logs for a time period consistent + with records retention requirements to provide support for after-the-fact + investigations of security incidents and to meet statutory, regulatory and + contractual retention requirements. ' + annotation: 'Does the organization retain event logs for a time period consistent + with records retention requirements to provide support for after-the-fact + investigations of security incidents and to meet statutory, regulatory and + contractual retention requirements? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-11 + name: Monitoring For Information Disclosure + description: 'Mechanisms exist to monitor for evidence of unauthorized exfiltration + or disclosure of non-public information. ' + annotation: 'Does the organization monitor for evidence of unauthorized exfiltration + or disclosure of non-public information? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-11.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-11.1 + name: Analyze Traffic for Covert Exfiltration + description: Automated mechanisms exist to analyze network traffic to detect + covert data exfiltration. + annotation: Does the organization use automated mechanisms to analyze network + traffic to detect covert data exfiltration? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-11.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-11.2 + name: Unauthorized Network Services + description: 'Automated mechanisms exist to detect unauthorized network services + and alert incident response personnel. ' + annotation: 'Does the organization use automated mechanisms to detect unauthorized + network services and alert incident response personnel? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-11.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-11.3 + name: Monitoring for Indicators of Compromise (IOC) + description: 'Automated mechanisms exist to identify and alert on Indicators + of Compromise (IoC). ' + annotation: 'Does the organization use automated mechanisms to identify and + alert on Indicators of Compromise (IoC)? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-12 + name: 'Session Audit ' + description: "Mechanisms exist to provide session audit capabilities that can:\ + \ \n \u25AA Capture and log all content related to a user session; and\n \u25AA\ + \ Remotely view all content related to an established user session in real\ + \ time." + annotation: "Does the organization provide session audit capabilities that can:\ + \ \n \u25AA Capture and log all content related to a user session; and\n \u25AA\ + \ Remotely view all content related to an established user session in real\ + \ time?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-13 + name: 'Alternate Event Logging Capability ' + description: Mechanisms exist to provide an alternate event logging capability + in the event of a failure in primary audit capability. + annotation: Does the organization provide an alternate event logging capability + in the event of a failure in primary audit capability? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-14 + name: 'Cross-Organizational Monitoring ' + description: Mechanisms exist to coordinate sanitized event logs among external + organizations to identify anomalous events when event logs are shared across + organizational boundaries, without giving away sensitive or critical business + data. + annotation: Does the organization coordinate sanitized event logs among external + organizations to identify anomalous events when event logs are shared across + organizational boundaries, without giving away sensitive or critical business + data? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-14.1 + name: Sharing of Event Logs + description: Mechanisms exist to share event logs with third-party organizations + based on specific cross-organizational sharing agreements. + annotation: Does the organization share event logs with third-party organizations + based on specific cross-organizational sharing agreements? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-15 + name: 'Covert Channel Analysis ' + description: Mechanisms exist to conduct covert channel analysis to identify + aspects of communications that are potential avenues for covert channels. + annotation: Does the organization conduct covert channel analysis to identify + aspects of communications that are potential avenues for covert channels? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-16 + name: Anomalous Behavior + description: Mechanisms exist to detect and respond to anomalous behavior that + could indicate account compromise or other malicious activities. + annotation: Does the organization detect and respond to anomalous behavior that + could indicate account compromise or other malicious activities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-16.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-16.1 + name: Insider Threats + description: Mechanisms exist to monitor internal personnel activity for potential + security incidents. + annotation: Does the organization monitor internal personnel activity for potential + security incidents? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-16.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-16.2 + name: Third-Party Threats + description: Mechanisms exist to monitor third-party personnel activity for + potential security incidents. + annotation: Does the organization monitor third-party personnel activity for + potential security incidents? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-16.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-16.3 + name: Unauthorized Activities + description: Mechanisms exist to monitor for unauthorized activities, accounts, + connections, devices and software. + annotation: Does the organization monitor for unauthorized activities, accounts, + connections, devices and software? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mon-16.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node310 + ref_id: MON-16.4 + name: Account Creation and Modification Logging + description: Automated mechanisms exist to generate event logs for permissions + changes to privileged accounts and/or groups. + annotation: Does the organization use automated mechanisms to generate event + logs for permissions changes to privileged accounts and/or groups? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + assessable: false + depth: 1 + name: 'Cryptographic Protections ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-01 + name: 'Use of Cryptographic Controls ' + description: Mechanisms exist to facilitate the implementation of cryptographic + protections controls using known public standards and trusted cryptographic + technologies. + annotation: Does the organization facilitate the implementation of cryptographic + protections controls using known public standards and trusted cryptographic + technologies? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-01.1 + name: 'Alternate Physical Protection ' + description: 'Cryptographic mechanisms exist to prevent unauthorized disclosure + of information as an alternative to physical safeguards. ' + annotation: 'Are cryptographic mechanisms utilized to prevent unauthorized disclosure + of information as an alternative to physical safeguards? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-01.2 + name: Export-Controlled Cryptography + description: Mechanisms exist to address the exporting of cryptographic technologies + in compliance with relevant statutory and regulatory requirements. + annotation: Does the organization address the exporting of cryptographic technologies + in compliance with relevant statutory and regulatory requirements? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-01.3 + name: Pre/Post Transmission Handling + description: Cryptographic mechanisms exist to ensure the confidentiality and + integrity of information during preparation for transmission and during reception. + annotation: Are cryptographic mechanisms utilized to ensure the confidentiality + and integrity of information during preparation for transmission and during + reception? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-01.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-01.4 + name: Conceal / Randomize Communications + description: Cryptographic mechanisms exist to conceal or randomize communication + patterns. + annotation: Are cryptographic mechanisms utilized to conceal or randomize communication + patterns? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-01.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-01.5 + name: Cryptographic Cipher Suites and Protocols Inventory + description: Mechanisms exist to identify, document and review deployed cryptographic + cipher suites and protocols to proactively respond to industry trends regarding + the continued viability of utilized cryptographic cipher suites and protocols. + annotation: Does the organization identify, document and review deployed cryptographic + cipher suites and protocols to proactively respond to industry trends regarding + the continued viability of utilized cryptographic cipher suites and protocols? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-02 + name: Cryptographic Module Authentication + description: Automated mechanisms exist to enable systems to authenticate to + a cryptographic module. + annotation: Does the organization use automated mechanisms to enable systems + to authenticate to a cryptographic module? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-03 + name: 'Transmission Confidentiality ' + description: 'Cryptographic mechanisms exist to protect the confidentiality + of data being transmitted. ' + annotation: 'Are cryptographic mechanisms utilized to protect the confidentiality + of data being transmitted? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-04 + name: 'Transmission Integrity ' + description: 'Cryptographic mechanisms exist to protect the integrity of data + being transmitted. ' + annotation: 'Are cryptographic mechanisms utilized to protect the integrity + of data being transmitted? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-05 + name: 'Encrypting Data At Rest ' + description: 'Cryptographic mechanisms exist to prevent unauthorized disclosure + of data at rest. ' + annotation: 'Are cryptographic mechanisms utilized to prevent unauthorized disclosure + of data at rest? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-05.1 + name: Storage Media + description: Cryptographic mechanisms exist to protect the confidentiality and + integrity of sensitive/regulated data residing on storage media. + annotation: Are cryptographic mechanisms utilized to protect the confidentiality + and integrity of sensitive/regulated data residing on storage media? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-05.2 + name: Offline Storage + description: Mechanisms exist to remove unused data from online storage and + archive it off-line in a secure location until it can be disposed of according + to data retention requirements. + annotation: Does the organization remove unused data from online storage and + archive it off-line in a secure location until it can be disposed of according + to data retention requirements? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-05.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-05.3 + name: Database Encryption + description: Mechanisms exist to ensure that database servers utilize encryption + to protect the confidentiality of the data within the databases. + annotation: Does the organization ensure that database servers utilize encryption + to protect the confidentiality of the data within the databases? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-06 + name: Non-Console Administrative Access + description: Cryptographic mechanisms exist to protect the confidentiality and + integrity of non-console administrative access. + annotation: Are cryptographic mechanisms utilized to protect the confidentiality + and integrity of non-console administrative access? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-07 + name: 'Wireless Access Authentication & Encryption ' + description: Mechanisms exist to protect wireless access via secure authentication + and encryption. + annotation: Does the organization protect wireless access via secure authentication + and encryption? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-08 + name: 'Public Key Infrastructure (PKI) ' + description: 'Mechanisms exist to securely implement an internal Public Key + Infrastructure (PKI) infrastructure or obtain PKI services from a reputable + PKI service provider. ' + annotation: 'Does the organization securely implement an internal Public Key + Infrastructure (PKI) infrastructure or obtain PKI services from a reputable + PKI service provider? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-08.1 + name: Availability + description: Resiliency mechanisms exist to ensure the availability of data + in the event of the loss of cryptographic keys. + annotation: Does the organization ensure the availability of data in the event + of the loss of cryptographic keys? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-09 + name: 'Cryptographic Key Management ' + description: Mechanisms exist to facilitate cryptographic key management controls + to protect the confidentiality, integrity and availability of keys. + annotation: Does the organization facilitate cryptographic key management controls + to protect the confidentiality, integrity and availability of keys? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-09.1 + name: Symmetric Keys + description: 'Mechanisms exist to facilitate the production and management of + symmetric cryptographic keys using Federal Information Processing Standards + (FIPS)-compliant key management technology and processes. ' + annotation: 'Does the organization facilitate the production and management + of symmetric cryptographic keys using Federal Information Processing Standards + (FIPS)-compliant key management technology and processes? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-09.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-09.2 + name: Asymmetric Keys + description: "Mechanisms exist to facilitate the production and management of\ + \ asymmetric cryptographic keys using Federal Information Processing Standards\ + \ (FIPS)-compliant key management technology and processes that protect the\ + \ user\u2019s private key. " + annotation: "Does the organization facilitate the production and management\ + \ of asymmetric cryptographic keys using Federal Information Processing Standards\ + \ (FIPS)-compliant key management technology and processes that protect the\ + \ user\u2019s private key? " + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-09.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-09.3 + name: Cryptographic Key Loss or Change + description: 'Mechanisms exist to ensure the availability of information in + the event of the loss of cryptographic keys by individual users. ' + annotation: 'Does the organization ensure the availability of information in + the event of the loss of cryptographic keys by individual users? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-09.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-09.4 + name: Control & Distribution of Cryptographic Keys + description: 'Mechanisms exist to facilitate the secure distribution of symmetric + and asymmetric cryptographic keys using industry recognized key management + technology and processes. ' + annotation: 'Does the organization facilitate the secure distribution of symmetric + and asymmetric cryptographic keys using industry recognized key management + technology and processes? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-09.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-09.5 + name: 'Assigned Owners ' + description: 'Mechanisms exist to ensure cryptographic keys are bound to individual + identities. ' + annotation: 'Does the organization ensure cryptographic keys are bound to individual + identities? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-09.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-09.6 + name: Third-Party Cryptographic Keys + description: Mechanisms exist to ensure customers are provided with appropriate + key management guidance whenever cryptographic keys are shared. + annotation: Does the organization ensure customers are provided with appropriate + key management guidance whenever cryptographic keys are shared? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-09.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-09.7 + name: External System Cryptographic Key Control + description: Mechanisms exist to maintain control of cryptographic keys for + encrypted material stored or transmitted through an external system. + annotation: Does the organization maintain control of cryptographic keys for + encrypted material stored or transmitted through an external system? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-10 + name: 'Transmission of Cybersecurity & Data Privacy Attributes ' + description: 'Mechanisms exist to ensure systems associate security attributes + with information exchanged between systems. ' + annotation: 'Does the organization ensure systems associate security attributes + with information exchanged between systems? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-11 + name: Certificate Authorities + description: Automated mechanisms exist to enable the use of organization-defined + Certificate Authorities (CAs) to facilitate the establishment of protected + sessions. + annotation: Does the organization use automated mechanisms to enable the use + of organization-defined Certificate Authorities (CAs) to facilitate the establishment + of protected sessions? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:cry-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node377 + ref_id: CRY-12 + name: Certificate Monitoring + description: Automated mechanisms exist to discover when new certificates are + issued for organization-controlled domains. + annotation: Does the organization use automated mechanisms to discover when + new certificates are issued for organization-controlled domains? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + assessable: false + depth: 1 + name: 'Data Classification & Handling ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-01 + name: 'Data Protection ' + description: 'Mechanisms exist to facilitate the implementation of data protection + controls. ' + annotation: 'Does the organization facilitate the implementation of data protection + controls? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-01.1 + name: 'Data Stewardship ' + description: 'Mechanisms exist to ensure data stewardship is assigned, documented + and communicated. ' + annotation: 'Does the organization ensure data stewardship is assigned, documented + and communicated? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-01.2 + name: Sensitive / Regulated Data Protection + description: Mechanisms exist to protect sensitive/regulated data wherever it + is stored. + annotation: Does the organization protect sensitive/regulated data wherever + it is stored? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-01.3 + name: Sensitive / Regulated Media Records + description: Mechanisms exist to ensure media records for sensitive/regulated + data contain sufficient information to determine the potential impact in the + event of a data loss incident. + annotation: Does the organization ensure media records for sensitive/regulated + data contain sufficient information to determine the potential impact in the + event of a data loss incident? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-01.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-01.4 + name: Defining Access Authorizations for Sensitive/Regulated Data + description: Mechanisms exist to explicitly define authorizations for specific + individuals and/or roles for logical and /or physical access to sensitive/regulated + data. + annotation: Does the organization explicitly define authorizations for specific + individuals and/or roles for logical and /or physical access to sensitive/regulated + data? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-02 + name: 'Data & Asset Classification ' + description: 'Mechanisms exist to ensure data and assets are categorized in + accordance with applicable statutory, regulatory and contractual requirements. ' + annotation: 'Does the organization ensure data and assets are categorized in + accordance with applicable statutory, regulatory and contractual requirements? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-02.1 + name: Highest Classification Level + description: Mechanisms exist to ensure that systems, applications and services + are classified according to the highest level of data sensitivity that is + stored, transmitted and/or processed. + annotation: Does the organization ensure that systems, applications and services + are classified according to the highest level of data sensitivity that is + stored, transmitted and/or processed? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-03 + name: 'Media Access ' + description: 'Mechanisms exist to control and restrict access to digital and + non-digital media to authorized individuals. ' + annotation: 'Does the organization control and restrict access to digital and + non-digital media to authorized individuals? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-03.1 + name: Disclosure of Information + description: Mechanisms exist to restrict the disclosure of sensitive / regulated + data to authorized parties with a need to know. + annotation: Does the organization restrict the disclosure of sensitive / regulated + data to authorized parties with a need to know? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-03.2 + name: 'Masking Displayed Data ' + description: 'Mechanisms exist to apply data masking to sensitive/regulated + information that is displayed or printed. ' + annotation: 'Does the organization apply data masking to sensitive/regulated + information that is displayed or printed? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-03.3 + name: Controlled Release + description: Automated mechanisms exist to validate cybersecurity & data privacy + attributes prior to releasing information to external systems. + annotation: Does the organization use automated mechanisms to validate cybersecurity + & data privacy attributes prior to releasing information to external systems? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-04 + name: 'Media Marking ' + description: 'Mechanisms exist to mark media in accordance with data protection + requirements so that personnel are alerted to distribution limitations, handling + caveats and applicable security requirements. ' + annotation: 'Does the organization mark media in accordance with data protection + requirements so that personnel are alerted to distribution limitations, handling + caveats and applicable security requirements? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-04.1 + name: Automated Marking + description: 'Automated mechanisms exist to mark physical media and digital + files to indicate the distribution limitations, handling requirements and + applicable security markings (if any) of the information to aid Data Loss + Prevention (DLP) technologies. ' + annotation: 'Does the organization use automated mechanisms to mark physical + media and digital files to indicate the distribution limitations, handling + requirements and applicable security markings (if any) of the information + to aid Data Loss Prevention (DLP) technologies? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05 + name: Cybersecurity & Data Privacy Attributes + description: Mechanisms exist to bind cybersecurity & data privacy attributes + to information as it is stored, transmitted and processed. + annotation: Does the organization bind cybersecurity & data privacy attributes + to information as it is stored, transmitted and processed? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.1 + name: Dynamic Attribute Association + description: Mechanisms exist to dynamically associate cybersecurity & data + privacy attributes with individuals and objects as information is created, + combined, or transformed, in accordance with organization-defined cybersecurity + and data privacy policies. + annotation: Does the organization dynamically associate cybersecurity & data + privacy attributes with individuals and objects as information is created, + combined, or transformed, in accordance with organization-defined cybersecurity + and data privacy policies? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.2 + name: Attribute Value Changes By Authorized Individuals + description: Mechanisms exist to provide authorized individuals (or processes + acting on behalf of individuals) the capability to define or change the value + of associated cybersecurity & data privacy attributes. + annotation: Does the organization provide authorized individuals (or processes + acting on behalf of individuals) the capability to define or change the value + of associated cybersecurity & data privacy attributes? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.3 + name: Maintenance of Attribute Associations By System + description: Mechanisms exist to maintain the association and integrity of cybersecurity + & data privacy attributes to individuals and objects. + annotation: Does the organization maintain the association and integrity of + cybersecurity & data privacy attributes to individuals and objects? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.4 + name: Association of Attributes By Authorized Individuals + description: Mechanisms exist to provide the capability to associate cybersecurity + & data privacy attributes with individuals and objects by authorized individuals + (or processes acting on behalf of individuals). + annotation: Does the organization provide the capability to associate cybersecurity + & data privacy attributes with individuals and objects by authorized individuals + (or processes acting on behalf of individuals)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.5 + name: Attribute Displays for Output Devices + description: Mechanisms exist to display cybersecurity & data privacy attributes + in human-readable form on each object that the system transmits to output + devices to identify special dissemination, handling or distribution instructions + using human-readable, standard naming conventions. + annotation: Does the organization display cybersecurity & data privacy attributes + in human-readable form on each object that the system transmits to output + devices to identify special dissemination, handling or distribution instructions + using human-readable, standard naming conventions? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.6 + name: Data Subject Attribute Associations + description: Mechanisms exist to require personnel to associate and maintain + the association of cybersecurity & data privacy attributes with individuals + and objects in accordance with cybersecurity and data privacy policies. + annotation: Does the organization require personnel to associate and maintain + the association of cybersecurity & data privacy attributes with individuals + and objects in accordance with cybersecurity and data privacy policies? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.7 + name: Consistent Attribute Interpretation + description: Mechanisms exist to provide a consistent, organizationally agreed + upon interpretation of cybersecurity & data privacy attributes employed in + access enforcement and flow enforcement decisions between distributed system + components. + annotation: Does the organization provide a consistent, organizationally agreed + upon interpretation of cybersecurity & data privacy attributes employed in + access enforcement and flow enforcement decisions between distributed system + components? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.8 + name: Identity Association Techniques & Technologies + description: Mechanisms exist to associate cybersecurity & data privacy attributes + to information. + annotation: Does the organization associate cybersecurity & data privacy attributes + to information? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.9 + name: Attribute Reassignment + description: Mechanisms exist to reclassify data as required, due to changing + business/technical requirements. + annotation: Does the organization reclassify data as required, due to changing + business/technical requirements? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.10 + name: Attribute Configuration By Authorized Individuals + description: Mechanisms exist to provide authorized individuals the capability + to define or change the type and value of cybersecurity & data privacy attributes + available for association with subjects and objects. + annotation: Does the organization provide authorized individuals the capability + to define or change the type and value of cybersecurity & data privacy attributes + available for association with subjects and objects? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-05.11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-05.11 + name: Audit Changes + description: Mechanisms exist to audit changes to cybersecurity & data privacy + attributes and responds to events in accordance with incident response procedures. + annotation: Does the organization audit changes to cybersecurity & data privacy + attributes and responds to events in accordance with incident response procedures? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-06 + name: Media Storage + description: "Mechanisms exist to: \n \u25AA Physically control and securely\ + \ store digital and non-digital media within controlled areas using organization-defined\ + \ security measures; and\n \u25AA Protect system media until the media are\ + \ destroyed or sanitized using approved equipment, techniques and procedures." + annotation: "Does the organization: \n \u25AA Physically control and securely\ + \ store digital and non-digital media within controlled areas using organization-defined\ + \ security measures; and\n \u25AA Protect system media until the media are\ + \ destroyed or sanitized using approved equipment, techniques and procedures?" + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-06.1 + name: Physically Secure All Media + description: Mechanisms exist to physically secure all media that contains sensitive + information. + annotation: Does the organization physically secure all media that contains + sensitive information? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-06.2 + name: Sensitive Data Inventories + description: 'Mechanisms exist to maintain inventory logs of all sensitive media + and conduct sensitive media inventories at least annually. ' + annotation: 'Does the organization maintain inventory logs of all sensitive + media and conduct sensitive media inventories at least annually? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-06.3 + name: Periodic Scans for Sensitive Data + description: 'Mechanisms exist to periodically scan unstructured data sources + for sensitive/regulated data or data requiring special protection measures + by statutory, regulatory or contractual obligations. ' + annotation: 'Does the organization periodically scan unstructured data sources + for sensitive/regulated data or data requiring special protection measures + by statutory, regulatory or contractual obligations? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-06.4 + name: Making Sensitive Data Unreadable In Storage + description: 'Mechanisms exist to ensure sensitive/regulated data is rendered + human unreadable anywhere sensitive/regulated data is stored. ' + annotation: 'Does the organization ensure sensitive/regulated data is rendered + human unreadable anywhere sensitive/regulated data is stored? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-06.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-06.5 + name: Storing Authentication Data + description: 'Mechanisms exist to prohibit the storage of sensitive transaction + authentication data after authorization. ' + annotation: 'Does the organization prohibit the storage of sensitive transaction + authentication data after authorization? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-07 + name: 'Media Transportation ' + description: Mechanisms exist to protect and control digital and non-digital + media during transport outside of controlled areas using appropriate security + measures. + annotation: Does the organization protect and control digital and non-digital + media during transport outside of controlled areas using appropriate security + measures? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-07.1 + name: Custodians + description: 'Mechanisms exist to identify custodians throughout the transport + of digital or non-digital media. ' + annotation: 'Does the organization identify custodians throughout the transport + of digital or non-digital media? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-07.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-07.2 + name: Encrypting Data In Storage Media + description: Cryptographic mechanisms exist to protect the confidentiality and + integrity of information stored on digital media during transport outside + of controlled areas. + annotation: Are cryptographic mechanisms utilized to protect the confidentiality + and integrity of information stored on digital media during transport outside + of controlled areas? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-08 + name: Physical Media Disposal + description: 'Mechanisms exist to securely dispose of media when it is no longer + required, using formal procedures. ' + annotation: 'Does the organization securely dispose of media when it is no longer + required, using formal procedures? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-09 + name: System Media Sanitization + description: Mechanisms exist to sanitize system media with the strength and + integrity commensurate with the classification or sensitivity of the information + prior to disposal, release out of organizational control or release for reuse. + annotation: Does the organization sanitize system media with the strength and + integrity commensurate with the classification or sensitivity of the information + prior to disposal, release out of organizational control or release for reuse? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-09.1 + name: System Media Sanitization Documentation + description: 'Mechanisms exist to supervise, track, document and verify system + media sanitization and disposal actions. ' + annotation: 'Does the organization supervise, track, document and verify system + media sanitization and disposal actions? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-09.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-09.2 + name: Equipment Testing + description: 'Mechanisms exist to test sanitization equipment and procedures + to verify that the intended result is achieved. ' + annotation: 'Does the organization test sanitization equipment and procedures + to verify that the intended result is achieved? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-09.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-09.3 + name: Sanitization of Personal Data (PD) + description: Mechanisms exist to facilitate the sanitization of Personal Data + (PD). + annotation: Does the organization facilitate the sanitization of Personal Data + (PD)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-09.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-09.4 + name: First Time Use Sanitization + description: Mechanisms exist to apply nondestructive sanitization techniques + to portable storage devices prior to first use. + annotation: Does the organization apply nondestructive sanitization techniques + to portable storage devices prior to first use? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-09.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-09.5 + name: Dual Authorization for Sensitive Data Destruction + description: Mechanisms exist to enforce dual authorization for the destruction, + disposal or sanitization of digital media that contains sensitive / regulated + data. + annotation: Does the organization enforce dual authorization for the destruction, + disposal or sanitization of digital media that contains sensitive / regulated + data? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-10 + name: Media Use + description: 'Mechanisms exist to restrict the use of types of digital media + on systems or system components. ' + annotation: 'Does the organization restrict the use of types of digital media + on systems or system components? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-10.1 + name: 'Limitations on Use ' + description: 'Mechanisms exist to restrict the use and distribution of sensitive + / regulated data. ' + annotation: 'Does the organization restrict the use and distribution of sensitive + / regulated data? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-10.2 + name: Prohibit Use Without Owner + description: Mechanisms exist to prohibit the use of portable storage devices + in organizational information systems when such devices have no identifiable + owner. + annotation: Does the organization prohibit the use of portable storage devices + in organizational information systems when such devices have no identifiable + owner? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-11 + name: 'Data Reclassification ' + description: Mechanisms exist to reclassify data, including associated systems, + applications and services, commensurate with the security category and/or + classification level of the information. + annotation: Does the organization reclassify data, including associated systems, + applications and services, commensurate with the security category and/or + classification level of the information? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-12 + name: Removable Media Security + description: Mechanisms exist to restrict removable media in accordance with + data handling and acceptable usage parameters. + annotation: Does the organization restrict removable media in accordance with + data handling and acceptable usage parameters? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-13 + name: 'Use of External Information Systems ' + description: 'Mechanisms exist to govern how external parties, systems and services + are used to securely store, process and transmit data. ' + annotation: 'Does the organization govern how external parties, systems and + services are used to securely store, process and transmit data? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-13.1 + name: 'Limits of Authorized Use ' + description: "Mechanisms exist to prohibit external parties, systems and services\ + \ from storing, processing and transmitting data unless authorized individuals\ + \ first: \n \u25AA Verifying the implementation of required security controls;\ + \ or\n \u25AA Retaining a processing agreement with the entity hosting the\ + \ external systems or service." + annotation: "Does the organization prohibit external parties, systems and services\ + \ from storing, processing and transmitting data unless authorized individuals\ + \ first: \n \u25AA Verifying the implementation of required security controls;\ + \ or\n \u25AA Retaining a processing agreement with the entity hosting the\ + \ external systems or service?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-13.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-13.2 + name: Portable Storage Devices + description: 'Mechanisms exist to restrict or prohibit the use of portable storage + devices by users on external systems. ' + annotation: 'Does the organization restrict or prohibit the use of portable + storage devices by users on external systems? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-13.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-13.3 + name: Protecting Sensitive Data on External Systems + description: Mechanisms exist to ensure that the requirements for the protection + of sensitive information processed, stored or transmitted on external systems, + are implemented in accordance with applicable statutory, regulatory and contractual + obligations. + annotation: Does the organization ensure that the requirements for the protection + of sensitive information processed, stored or transmitted on external systems, + are implemented in accordance with applicable statutory, regulatory and contractual + obligations? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-13.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-13.4 + name: Non-Organizationally Owned Systems / Components / Devices + description: Mechanisms exist to restrict the use of non-organizationally owned + information systems, system components or devices to process, store or transmit + organizational information. + annotation: Does the organization restrict the use of non-organizationally owned + information systems, system components or devices to process, store or transmit + organizational information? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-14 + name: 'Information Sharing ' + description: Mechanisms exist to utilize a process to assist users in making + information sharing decisions to ensure data is appropriately protected. + annotation: Does the organization utilize a process to assist users in making + information sharing decisions to ensure data is appropriately protected? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-14.1 + name: Information Search & Retrieval + description: Mechanisms exist to ensure information systems implement data search + and retrieval functions that properly enforce data protection / sharing restrictions. + annotation: Does the organization ensure information systems implement data + search and retrieval functions that properly enforce data protection / sharing + restrictions? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-14.2 + name: Transfer Authorizations + description: Mechanisms exist to verify that individuals or systems transferring + data between interconnecting systems have the requisite authorizations (e.g., + write permissions or privileges) prior to transferring said data. + annotation: Does the organization verify that individuals or systems transferring + data between interconnecting systems have the requisite authorizations (e.g., + write permissions or privileges) prior to transferring said data? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-14.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-14.3 + name: Data Access Mapping + description: Mechanisms exist to leverage data-specific Access Control Lists + (ACL) or Interconnection Security Agreements (ISAs) to generate a logical + map of the parties with whom sensitive/regulated data is shared. + annotation: Does the organization leverage data-specific Access Control Lists + (ACL) or Interconnection Security Agreements (ISAs) to generate a logical + map of the parties with whom sensitive/regulated data is shared? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-15 + name: Publicly Accessible Content + description: Mechanisms exist to control publicly-accessible content. + annotation: Does the organization control publicly-accessible content? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-16 + name: Data Mining Protection + description: 'Mechanisms exist to protect data storage objects against unauthorized + data mining and data harvesting techniques. ' + annotation: 'Does the organization protect data storage objects against unauthorized + data mining and data harvesting techniques? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-17 + name: 'Ad-Hoc Transfers ' + description: Mechanisms exist to secure ad-hoc exchanges of large digital files + with internal or external parties. + annotation: Does the organization secure ad-hoc exchanges of large digital files + with internal or external parties? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-18 + name: 'Media & Data Retention ' + description: 'Mechanisms exist to retain media and data in accordance with applicable + statutory, regulatory and contractual obligations. ' + annotation: 'Does the organization retain media and data in accordance with + applicable statutory, regulatory and contractual obligations? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-18.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-18.1 + name: Minimize Personal Data (PD) + description: Mechanisms exist to limit Personal Data (PD) being processed in + the information lifecycle to elements identified in the Data Protection Impact + Assessment (DPIA). + annotation: Does the organization limit Personal Data (PD) being processed in + the information lifecycle to elements identified in the Data Protection Impact + Assessment (DPIA)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-18.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-18.2 + name: Limit Personal Data (PD) Elements In Testing, Training & Research + description: Mechanisms exist to minimize the use of Personal Data (PD) for + research, testing, or training, in accordance with the Data Protection Impact + Assessment (DPIA). + annotation: Does the organization minimize the use of Personal Data (PD) for + research, testing, or training, in accordance with the Data Protection Impact + Assessment (DPIA)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-18.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-18.3 + name: Temporary Files Containing Personal Data (PD) + description: Mechanisms exist to perform periodic checks of temporary files + for the existence of Personal Data (PD). + annotation: Does the organization perform periodic checks of temporary files + for the existence of Personal Data (PD)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-19 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-19 + name: Geographic Location of Data + description: Mechanisms exist to inventory, document and maintain data flows + for data that is resident (permanently or temporarily) within a service's + geographically distributed applications (physical and virtual), infrastructure, + systems components and/or shared with other third-parties. + annotation: Does the organization inventory, document and maintain data flows + for data that is resident (permanently or temporarily) within a service's + geographically distributed applications (physical and virtual), infrastructure, + systems components and/or shared with other third-parties? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-20 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-20 + name: 'Archived Data Sets ' + description: 'Mechanisms exist to protect archived data in accordance with applicable + statutory, regulatory and contractual obligations. ' + annotation: 'Does the organization protect archived data in accordance with + applicable statutory, regulatory and contractual obligations? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-21 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-21 + name: Information Disposal + description: Mechanisms exist to securely dispose of, destroy or erase information. + annotation: Does the organization securely dispose of, destroy or erase information? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-22 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-22 + name: Data Quality Operations + description: Mechanisms exist to check for Redundant, Obsolete/Outdated, Toxic + or Trivial (ROTT) data to ensure the accuracy, relevance, timeliness, impact, + completeness and de-identification of information throughout the information + lifecycle. + annotation: Does the organization check for Redundant, Obsolete/Outdated, Toxic + or Trivial (ROTT) data to ensure the accuracy, relevance, timeliness, impact, + completeness and de-identification of information throughout the information + lifecycle. + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-22.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-22.1 + name: Updating & Correcting Personal Data (PD) + description: Mechanisms exist to utilize technical controls to correct Personal + Data (PD) that is inaccurate or outdated, incorrectly determined regarding + impact, or incorrectly de-identified. + annotation: Does the organization utilize technical controls to correct Personal + Data (PD) that is inaccurate or outdated, incorrectly determined regarding + impact, or incorrectly de-identified? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-22.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-22.2 + name: Data Tags + description: Mechanisms exist to utilize data tags to automate tracking of sensitive/regulated + data across the information lifecycle. + annotation: Does the organization utilize data tags to automate tracking of + sensitive/regulated data across the information lifecycle? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-22.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-22.3 + name: Primary Source Personal Data (PD) Collection + description: 'Mechanisms exist to collect Personal Data (PD) directly from the + individual. ' + annotation: 'Does the organization collect Personal Data (PD) directly from + the individual? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23 + name: De-Identification (Anonymization) + description: Mechanisms exist to anonymize data by removing Personal Data (PD) + from datasets. + annotation: Does the organization anonymize data by removing Personal Data (PD) + from datasets? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.1 + name: De-Identify Dataset Upon Collection + description: Mechanisms exist to de-identify the dataset upon collection by + not collecting Personal Data (PD). + annotation: Does the organization de-identify the dataset upon collection by + not collecting Personal Data (PD)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.2 + name: Archiving + description: Mechanisms exist to refrain from archiving Personal Data (PD) elements + if those elements in a dataset will not be needed after the dataset is archived. + annotation: Does the organization refrain from archiving Personal Data (PD) + elements if those elements in a dataset will not be needed after the dataset + is archived? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.3 + name: Release + description: Mechanisms exist to remove Personal Data (PD) elements from a dataset + prior to its release if those elements in the dataset do not need to be part + of the data release. + annotation: Does the organization remove Personal Data (PD) elements from a + dataset prior to its release if those elements in the dataset do not need + to be part of the data release? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.4 + name: Removal, Masking, Encryption, Hashing or Replacement of Direct Identifiers + description: Mechanisms exist to remove, mask, encrypt, hash or replace direct + identifiers in a dataset. + annotation: Does the organization remove, mask, encrypt, hash or replace direct + identifiers in a dataset? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.5 + name: Statistical Disclosure Control + description: Mechanisms exist to manipulate numerical data, contingency tables + and statistical findings so that no person or organization is identifiable + in the results of the analysis. + annotation: Does the organization manipulate numerical data, contingency tables + and statistical findings so that no person or organization is identifiable + in the results of the analysis? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.6 + name: Differential Data Privacy + description: Mechanisms exist to prevent disclosure of Personal Data (PD) by + adding non-deterministic noise to the results of mathematical operations before + the results are reported. + annotation: Does the organization prevent disclosure of Personal Data (PD) by + adding non-deterministic noise to the results of mathematical operations before + the results are reported? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.7 + name: Automated De-Identification of Sensitive Data + description: Mechanisms exist to perform de-identification of sensitive/regulated + data, using validated algorithms and software to implement the algorithms. + annotation: Does the organization perform de-identification of sensitive/regulated + data, using validated algorithms and software to implement the algorithms? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.8 + name: Motivated Intruder + description: Mechanisms exist to perform a motivated intruder test on the de-identified + dataset to determine if the identified data remains or if the de-identified + data can be re-identified. + annotation: Does the organization perform a motivated intruder test on the de-identified + dataset to determine if the identified data remains or if the de-identified + data can be re-identified? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-23.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-23.9 + name: Code Names + description: Mechanisms exist to use aliases to name assets, which are mission-critical + and/or contain highly-sensitive/regulated data, are unique and not readily + associated with a product, project or type of data. + annotation: Does the organization use aliases to name assets, which are mission-critical + and/or contain highly-sensitive/regulated data, are unique and not readily + associated with a product, project or type of data? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-24 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-24 + name: Information Location + description: Mechanisms exist to identify and document the location of information + and the specific system components on which the information resides. + annotation: Does the organization identify and document the location of information + and the specific system components on which the information resides? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-24.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-24.1 + name: Automated Tools to Support Information Location + description: Automated mechanisms exist to identify by data classification type + to ensure adequate cybersecurity & data privacy controls are in place to protect + organizational information and individual data privacy. + annotation: Does the organization use automated mechanisms to identify by data + classification type to ensure adequate cybersecurity & data privacy controls + are in place to protect organizational information and individual data privacy? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-25 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-25 + name: Transfer of Sensitive and/or Regulated Data + description: Mechanisms exist to restrict and govern the transfer of sensitive + and/or regulated data to third-countries or international organizations. + annotation: Does the organization restrict and govern the transfer of sensitive + and/or regulated data to third-countries or international organizations? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-25.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-25.1 + name: Transfer Activity Limits + description: Mechanisms exist to establish organization-defined "normal business + activities" to identify anomalous transaction activities that can reduce the + opportunity for sending (outbound) and/or receiving (inbound) fraudulent actions. + annotation: Does the organization establish organization-defined "normal business + activities" to identify anomalous transaction activities that can reduce the + opportunity for sending (outbound) and/or receiving (inbound) fraudulent actions? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-26 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-26 + name: Data Localization + description: Mechanisms exist to constrain the impact of "digital sovereignty + laws," that require localized data within the host country, where data and + processes may be subjected to arbitrary enforcement actions that potentially + violate other applicable statutory, regulatory and/or contractual obligations. + annotation: Does the organization constrain the impact of "digital sovereignty + laws," that require localized data within the host country, where data and + processes may be subjected to arbitrary enforcement actions that potentially + violate other applicable statutory, regulatory and/or contractual obligations? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:dch-27 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node406 + ref_id: DCH-27 + name: Data Rights Management (DRM) + description: Mechanisms exist to utilize Data Rights Management (DRM), or similar + technologies, to protect Intellectual Property (IP) rights by preventing the + unauthorized distribution and/or modification of sensitive IP. + annotation: Does the organization utilize Data Rights Management (DRM), or similar + technologies, to protect Intellectual Property (IP) rights by preventing the + unauthorized distribution and/or modification of sensitive IP? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + assessable: false + depth: 1 + name: 'Embedded Technology ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-01 + name: 'Embedded Technology Security Program ' + description: 'Mechanisms exist to facilitate the implementation of embedded + technology controls. ' + annotation: 'Does the organization facilitate the implementation of embedded + technology controls? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-02 + name: 'Internet of Things (IOT) ' + description: Mechanisms exist to proactively manage the cybersecurity & data + privacy risks associated with Internet of Things (IoT). + annotation: Does the organization proactively manage the cybersecurity & data + privacy risks associated with Internet of Things (IoT)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-03 + name: 'Operational Technology (OT) ' + description: Mechanisms exist to proactively manage the cybersecurity & data + privacy risks associated with Operational Technology (OT). + annotation: Does the organization proactively manage the cybersecurity & data + privacy risks associated with Operational Technology (OT)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-04 + name: Interface Security + description: Mechanisms exist to protect embedded devices against unauthorized + use of the physical factory diagnostic and test interface(s). + annotation: Does the organization protect embedded devices against unauthorized + use of the physical factory diagnostic and test interface(s)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-05 + name: Embedded Technology Configuration Monitoring + description: Mechanisms exist to generate log entries on embedded devices when + configuration changes or attempts to access interfaces are detected. + annotation: Does the organization generate log entries on embedded devices when + configuration changes or attempts to access interfaces are detected? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-06 + name: Prevent Alterations + description: Mechanisms exist to protect embedded devices by preventing the + unauthorized installation and execution of software. + annotation: Does the organization protect embedded devices by preventing the + unauthorized installation and execution of software? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-07 + name: Embedded Technology Maintenance + description: Mechanisms exist to securely update software and upgrade functionality + on embedded devices. + annotation: Does the organization securely update software and upgrade functionality + on embedded devices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-08 + name: Resilience To Outages + description: Mechanisms exist to configure embedded technology to be resilient + to data network and power outages. + annotation: Does the organization configure embedded technology to be resilient + to data network and power outages? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-09 + name: Power Level Monitoring + description: Automated mechanisms exist to monitor the power levels of embedded + technologies for decreased or excessive power usage, including battery drainage, + to investigate for device tampering. + annotation: Does the organization use automated mechanisms to monitor the power + levels of embedded technologies for decreased or excessive power usage, including + battery drainage, to investigate for device tampering? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-10 + name: Embedded Technology Reviews + description: Mechanisms exist to perform evaluations of deployed embedded technologies + as needed, or at least on an annual basis, to ensure that necessary updates + to mitigate the risks associated with legacy embedded technologies are identified + and implemented. + annotation: Does the organization perform evaluations of deployed embedded technologies + as needed, or at least on an annual basis, to ensure that necessary updates + to mitigate the risks associated with legacy embedded technologies are identified + and implemented? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-11 + name: Message Queuing Telemetry Transport (MQTT) Security + description: Mechanisms exist to enforce the security of Message Queuing Telemetry + Transport (MQTT) traffic. + annotation: Does the organization enforce the security of Message Queuing Telemetry + Transport (MQTT) traffic? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-12 + name: Restrict Communications + description: Mechanisms exist to require embedded technologies to initiate all + communications and drop new, incoming communications. + annotation: Does the organization require embedded technologies to initiate + all communications and drop new, incoming communications? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-13 + name: Authorized Communications + description: Mechanisms exist to restrict embedded technologies to communicate + only with authorized peers and service endpoints. + annotation: Does the organization restrict embedded technologies to communicate + only with authorized peers and service endpoints? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-14 + name: Operating Environment Certification + description: Mechanisms exist to determine if embedded technologies are certified + for secure use in the proposed operating environment. + annotation: Does the organization determine if embedded technologies are certified + for secure use in the proposed operating environment? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-15 + name: Safety Assessment + description: Mechanisms exist to evaluate the safety aspects of embedded technologies + via a fault tree analysis, or similar method, to determine possible consequences + of misuse, misconfiguration and/or failure. + annotation: Does the organization evaluate the safety aspects of embedded technologies + via a fault tree analysis, or similar method, to determine possible consequences + of misuse, misconfiguration and/or failure? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-16 + name: Certificate-Based Authentication + description: Mechanisms exist to enforce certificate-based authentication for + embedded technologies (e.g., IoT, OT, etc.) and their supporting services. + annotation: Does the organization enforce certificate-based authentication for + embedded technologies (e.g., IoT, OT, etc.) and their supporting services? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-17 + name: Chip-To-Cloud Security + description: Mechanisms exist to implement embedded technologies that utilize + pre-provisioned cloud trust anchors to support secure bootstrap and Zero Touch + Provisioning (ZTP). + annotation: Does the organization implement embedded technologies that utilize + pre-provisioned cloud trust anchors to support secure bootstrap and Zero Touch + Provisioning (ZTP)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-18 + name: Real-Time Operating System (RTOS) Security + description: Mechanisms exist to ensure embedded technologies utilize a securely + configured Real-Time Operating System (RTOS). + annotation: Does the organization ensure embedded technologies utilize a securely + configured Real-Time Operating System (RTOS)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:emb-19 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node492 + ref_id: EMB-19 + name: Safe Operations + description: Mechanisms exist to continuously validate autonomous systems that + trigger an automatic state change when safe operation is no longer assured. + annotation: Does the organization continuously validate autonomous systems that + trigger an automatic state change when safe operation is no longer assured? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + assessable: false + depth: 1 + name: Endpoint Security + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-01 + name: 'Endpoint Security ' + description: Mechanisms exist to facilitate the implementation of endpoint security + controls. + annotation: Does the organization facilitate the implementation of endpoint + security controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-02 + name: 'Endpoint Protection Measures ' + description: Mechanisms exist to protect the confidentiality, integrity, availability + and safety of endpoint devices. + annotation: Does the organization protect the confidentiality, integrity, availability + and safety of endpoint devices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-03 + name: 'Prohibit Installation Without Privileged Status ' + description: 'Automated mechanisms exist to prohibit software installations + without explicitly assigned privileged status. ' + annotation: 'Does the organization use automated mechanisms to prohibit software + installations without explicitly assigned privileged status? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-03.1 + name: Software Installation Alerts + description: 'Mechanisms exist to generate an alert when new software is detected. ' + annotation: 'Does the organization generate an alert when new software is detected? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-03.2 + name: Governing Access Restriction for Change + description: Mechanisms exist to define, document, approve and enforce access + restrictions associated with changes to systems. + annotation: Does the organization define, document, approve and enforce access + restrictions associated with changes to systems? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-04 + name: 'Malicious Code Protection (Anti-Malware) ' + description: Mechanisms exist to utilize antimalware technologies to detect + and eradicate malicious code. + annotation: Does the organization utilize antimalware technologies to detect + and eradicate malicious code? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-04.1 + name: Automatic Antimalware Signature Updates + description: 'Mechanisms exist to automatically update antimalware technologies, + including signature definitions. ' + annotation: 'Does the organization automatically update antimalware technologies, + including signature definitions? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-04.2 + name: Documented Protection Measures + description: Mechanisms exist to document antimalware technologies. + annotation: Does the organization document antimalware technologies? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-04.3 + name: Centralized Management of Antimalware Technologies + description: Mechanisms exist to centrally-manage antimalware technologies. + annotation: Does the organization centrally-manage antimalware technologies? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-04.4 + name: Heuristic / Nonsignature-Based Detection + description: Mechanisms exist to utilize heuristic / nonsignature-based antimalware + detection capabilities. + annotation: Does the organization utilize heuristic / nonsignature-based antimalware + detection capabilities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-04.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-04.5 + name: Malware Protection Mechanism Testing + description: 'Mechanisms exist to test antimalware technologies by introducing + a known benign, non-spreading test case into the system and subsequently verifying + that both detection of the test case and associated incident reporting occurs. ' + annotation: 'Does the organization test antimalware technologies by introducing + a known benign, non-spreading test case into the system and subsequently verifying + that both detection of the test case and associated incident reporting occurs? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-04.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-04.6 + name: Evolving Malware Threats + description: 'Mechanisms exist to perform periodic evaluations evolving malware + threats to assess systems that are generally not considered to be commonly + affected by malicious software. ' + annotation: 'Does the organization perform periodic evaluations evolving malware + threats to assess systems that are generally not considered to be commonly + affected by malicious software? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-04.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-04.7 + name: Always On Protection + description: 'Mechanisms exist to ensure that anti-malware technologies are + continuously running in real-time and cannot be disabled or altered by non-privileged + users, unless specifically authorized by management on a case-by-case basis + for a limited time period. ' + annotation: 'Does the organization ensure that anti-malware technologies are + continuously running in real-time and cannot be disabled or altered by non-privileged + users, unless specifically authorized by management on a case-by-case basis + for a limited time period? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-05 + name: 'Software Firewall ' + description: Mechanisms exist to utilize host-based firewall software, or a + similar technology, on all information systems, where technically feasible. + annotation: Does the organization utilize host-based firewall software, or a + similar technology, on all information systems, where technically feasible? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-06 + name: 'Endpoint File Integrity Monitoring (FIM) ' + description: Mechanisms exist to utilize File Integrity Monitor (FIM), or similar + technologies, to detect and report on unauthorized changes to selected files + and configuration settings. + annotation: Does the organization utilize File Integrity Monitor (FIM), or similar + technologies, to detect and report on unauthorized changes to selected files + and configuration settings? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-06.1 + name: 'Integrity Checks ' + description: Mechanisms exist to validate configurations through integrity checking + of software and firmware. + annotation: Does the organization validate configurations through integrity + checking of software and firmware? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-06.2 + name: Endpoint Detection & Response (EDR) + description: Mechanisms exist to detect and respond to unauthorized configuration + changes as cybersecurity incidents. + annotation: Does the organization detect and respond to unauthorized configuration + changes as cybersecurity incidents? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-06.3 + name: Automated Notifications of Integrity Violations + description: 'Automated mechanisms exist to alert incident response personnel + upon discovering discrepancies during integrity verification. ' + annotation: 'Does the organization use automated mechanisms to alert incident + response personnel upon discovering discrepancies during integrity verification? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-06.4 + name: Automated Response to Integrity Violations + description: 'Automated mechanisms exist to implement remediation actions when + integrity violations are discovered. ' + annotation: 'Does the organization use automated mechanisms to implement remediation + actions when integrity violations are discovered? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-06.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-06.5 + name: Boot Process Integrity + description: Automated mechanisms exist to verify the integrity of the boot + process of information systems. + annotation: Does the organization use automated mechanisms to verify the integrity + of the boot process of information systems? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-06.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-06.6 + name: Protection of Boot Firmware + description: Automated mechanisms exist to protect the integrity of boot firmware + in information systems. + annotation: Does the organization use automated mechanisms to protect the integrity + of boot firmware in information systems? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-06.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-06.7 + name: Binary or Machine-Executable Code + description: Mechanisms exist to prohibit the use of binary or machine-executable + code from sources with limited or no warranty and without access to source + code. + annotation: Does the organization prohibit the use of binary or machine-executable + code from sources with limited or no warranty and without access to source + code? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-07 + name: 'Host Intrusion Detection and Prevention Systems (HIDS / HIPS) ' + description: Mechanisms exist to utilize Host-based Intrusion Detection / Prevention + Systems (HIDS / HIPS), or similar technologies, to monitor for and protect + against anomalous host activity, including lateral movement across the network. + annotation: Does the organization utilize Host-based Intrusion Detection / Prevention + Systems (HIDS / HIPS), or similar technologies, to monitor for and protect + against anomalous host activity, including lateral movement across the network? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-08 + name: 'Phishing & Spam Protection ' + description: Mechanisms exist to utilize anti-phishing and spam protection technologies + to detect and take action on unsolicited messages transported by electronic + mail. + annotation: Does the organization utilize anti-phishing and spam protection + technologies to detect and take action on unsolicited messages transported + by electronic mail? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-08.1 + name: Central Management + description: Mechanisms exist to centrally-manage anti-phishing and spam protection + technologies. + annotation: Does the organization centrally-manage anti-phishing and spam protection + technologies? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-08.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-08.2 + name: Automatic Spam and Phishing Protection Updates + description: Mechanisms exist to automatically update anti-phishing and spam + protection technologies when new releases are available in accordance with + configuration and change management practices. + annotation: Does the organization automatically update anti-phishing and spam + protection technologies when new releases are available in accordance with + configuration and change management practices? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-09 + name: Trusted Path + description: Mechanisms exist to establish a trusted communications path between + the user and the security functions of the operating system. + annotation: Does the organization establish a trusted communications path between + the user and the security functions of the operating system? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-10 + name: Mobile Code + description: 'Mechanisms exist to address mobile code / operating system-independent + applications. ' + annotation: 'Does the organization address mobile code / operating system-independent + applications? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-11 + name: Thin Nodes + description: 'Mechanisms exist to configure thin nodes to have minimal functionality + and information storage. ' + annotation: 'Does the organization configure thin nodes to have minimal functionality + and information storage? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-12 + name: 'Port & Input / Output (I/O) Device Access ' + description: Mechanisms exist to physically disable or remove unnecessary connection + ports or input/output devices from sensitive systems. + annotation: Does the organization physically disable or remove unnecessary connection + ports or input/output devices from sensitive systems? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-13 + name: Sensor Capability + description: "Mechanisms exist to configure embedded sensors on systems to:\ + \ \n \u25AA Prohibit the remote activation of sensing capabilities; and\n\ + \ \u25AA Provide an explicit indication of sensor use to users." + annotation: "Does the organization configure embedded sensors on systems to:\ + \ \n \u25AA Prohibit the remote activation of sensing capabilities; and\n\ + \ \u25AA Provide an explicit indication of sensor use to users?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-13.1 + name: Authorized Use + description: Mechanisms exist to utilize organization-defined measures so that + data or information collected by sensors is only used for authorized purposes. + annotation: Does the organization utilize organization-defined measures so that + data or information collected by sensors is only used for authorized purposes? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-13.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-13.2 + name: Notice of Collection + description: Mechanisms exist to notify individuals that Personal Data (PD) + is collected by sensors. + annotation: Does the organization notify individuals that Personal Data (PD) + is collected by sensors? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-13.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-13.3 + name: Collection Minimization + description: Mechanisms exist to utilize sensors that are configured to minimize + the collection of information about individuals. + annotation: Does the organization utilize sensors that are configured to minimize + the collection of information about individuals? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-13.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-13.4 + name: Sensor Delivery Verification + description: Mechanisms exist to verify embedded technology sensors are configured + so that data collected by the sensor(s) is only reported to authorized individuals + or roles. + annotation: Does the organization verify embedded technology sensors are configured + so that data collected by the sensor(s) is only reported to authorized individuals + or roles? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-14 + name: 'Collaborative Computing Devices ' + description: "Mechanisms exist to unplug or prohibit the remote activation of\ + \ collaborative computing devices with the following exceptions: \n \u25AA\ + \ Networked whiteboards; \n \u25AA Video teleconference cameras; and \n \u25AA\ + \ Teleconference microphones. " + annotation: "Does the organization unplug or prohibit the remote activation\ + \ of collaborative computing devices with the following exceptions: \n \u25AA\ + \ Networked whiteboards; \n \u25AA Video teleconference cameras; and \n \u25AA\ + \ Teleconference microphones? " + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-14.1 + name: Disabling / Removal In Secure Work Areas + description: Mechanisms exist to disable or remove collaborative computing devices + from critical information systems and secure work areas. + annotation: Does the organization disable or remove collaborative computing + devices from critical information systems and secure work areas? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-14.2 + name: Explicitly Indicate Current Participants + description: Automated mechanisms exist to provide an explicit indication of + current participants in online meetings and teleconferences. + annotation: Does the organization use automated mechanisms to provide an explicit + indication of current participants in online meetings and teleconferences? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-14.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-14.3 + name: Participant Identity Verification + description: Mechanisms exist to verify individual identities to ensure that + access to virtual meetings is limited to appropriate individuals. + annotation: Does the organization verify individual identities to ensure that + access to virtual meetings is limited to appropriate individuals? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-14.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-14.4 + name: Participant Connection Management + description: Mechanisms exist to ensure the meeting host can positively control + an individual's participation in virtual meetings. + annotation: Does the organization ensure the meeting host can positively control + an individual's participation in virtual meetings? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-14.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-14.5 + name: Malicious Link & File Protections + description: Automated mechanisms exist to detect malicious links and/or files + in communications and prevent users from accessing those malicious links and/or + files. + annotation: Does the organization use automated mechanisms to detect malicious + links and/or files in communications and prevent users from accessing those + malicious links and/or files? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-14.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-14.6 + name: Explicit Indication Of Use + description: Mechanisms exist to configure collaborative computing devices to + provide physically-present individuals with an explicit indication of use. + annotation: Does the organization configure collaborative computing devices + to provide physically-present individuals with an explicit indication of use? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-15 + name: 'Hypervisor Access ' + description: Mechanisms exist to restrict access to hypervisor management functions + or administrative consoles for systems hosting virtualized systems. + annotation: Does the organization restrict access to hypervisor management functions + or administrative consoles for systems hosting virtualized systems? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-16 + name: Restrict Access To Security Functions + description: Mechanisms exist to ensure security functions are restricted to + authorized individuals and enforce least privilege control requirements for + necessary job functions. + annotation: Does the organization ensure security functions are restricted to + authorized individuals and enforce least privilege control requirements for + necessary job functions? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:end-16.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node512 + ref_id: END-16.1 + name: Host-Based Security Function Isolation + description: 'Mechanisms exist to implement underlying software separation mechanisms + to facilitate security function isolation. ' + annotation: 'Does the organization implement underlying software separation + mechanisms to facilitate security function isolation? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + assessable: false + depth: 1 + name: Human Resources Security + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-01 + name: Human Resources Security Management + description: Mechanisms exist to facilitate the implementation of personnel + security controls. + annotation: Does the organization facilitate the implementation of personnel + security controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-02 + name: 'Position Categorization ' + description: Mechanisms exist to manage personnel security risk by assigning + a risk designation to all positions and establishing screening criteria for + individuals filling those positions. + annotation: Does the organization manage personnel security risk by assigning + a risk designation to all positions and establishing screening criteria for + individuals filling those positions? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-02.1 + name: Users With Elevated Privileges + description: Mechanisms exist to ensure that every user accessing a system that + processes, stores, or transmits sensitive information is cleared and regularly + trained to handle the information in question. + annotation: Does the organization ensure that every user accessing a system + that processes, stores, or transmits sensitive information is cleared and + regularly trained to handle the information in question? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-02.2 + name: Probationary Periods + description: Mechanisms exist to identify newly onboarded personnel for enhanced + monitoring during their probationary period. + annotation: Does the organization identify newly onboarded personnel for enhanced + monitoring during their probationary period? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-03 + name: 'Roles & Responsibilities ' + description: 'Mechanisms exist to define cybersecurity responsibilities for + all personnel. ' + annotation: 'Does the organization define cybersecurity responsibilities for + all personnel? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-03.1 + name: 'User Awareness ' + description: Mechanisms exist to communicate with users about their roles and + responsibilities to maintain a safe and secure working environment. + annotation: Does the organization communicate with users about their roles and + responsibilities to maintain a safe and secure working environment? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-03.2 + name: Competency Requirements for Security-Related Positions + description: 'Mechanisms exist to ensure that all security-related positions + are staffed by qualified individuals who have the necessary skill set. ' + annotation: 'Does the organization ensure that all security-related positions + are staffed by qualified individuals who have the necessary skill set? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-04 + name: 'Personnel Screening ' + description: Mechanisms exist to manage personnel security risk by screening + individuals prior to authorizing access. + annotation: Does the organization manage personnel security risk by screening + individuals prior to authorizing access? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-04.1 + name: Roles With Special Protection Measures + description: Mechanisms exist to ensure that individuals accessing a system + that stores, transmits or processes information requiring special protection + satisfy organization-defined personnel screening criteria. + annotation: Does the organization ensure that individuals accessing a system + that stores, transmits or processes information requiring special protection + satisfy organization-defined personnel screening criteria? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-04.2 + name: Formal Indoctrination + description: Mechanisms exist to verify that individuals accessing a system + processing, storing, or transmitting sensitive information are formally indoctrinated + for all the relevant types of information to which they have access on the + system. + annotation: Does the organization verify that individuals accessing a system + processing, storing, or transmitting sensitive information are formally indoctrinated + for all the relevant types of information to which they have access on the + system? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-04.3 + name: Citizenship Requirements + description: Mechanisms exist to verify that individuals accessing a system + processing, storing, or transmitting sensitive information meet applicable + statutory, regulatory and/or contractual requirements for citizenship. + annotation: Does the organization verify that individuals accessing a system + processing, storing, or transmitting sensitive information meet applicable + statutory, regulatory and/or contractual requirements for citizenship? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-04.4 + name: Citizenship Identification + description: Mechanisms exist to identify foreign nationals, including by their + specific citizenship. + annotation: Does the organization identify foreign nationals, including by their + specific citizenship? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-05 + name: 'Terms of Employment ' + description: Mechanisms exist to require all employees and contractors to apply + cybersecurity & data privacy principles in their daily work. + annotation: Does the organization require all employees and contractors to apply + cybersecurity & data privacy principles in their daily work? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-05.1 + name: Rules of Behavior + description: Mechanisms exist to define acceptable and unacceptable rules of + behavior for the use of technologies, including consequences for unacceptable + behavior. + annotation: Does the organization define acceptable and unacceptable rules of + behavior for the use of technologies, including consequences for unacceptable + behavior? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-05.2 + name: Social Media & Social Networking Restrictions + description: 'Mechanisms exist to define rules of behavior that contain explicit + restrictions on the use of social media and networking sites, posting information + on commercial websites and sharing account information. ' + annotation: 'Does the organization define rules of behavior that contain explicit + restrictions on the use of social media and networking sites, posting information + on commercial websites and sharing account information? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-05.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-05.3 + name: Use of Communications Technology + description: 'Mechanisms exist to establish usage restrictions and implementation + guidance for communications technologies based on the potential to cause damage + to systems, if used maliciously. ' + annotation: 'Does the organization establish usage restrictions and implementation + guidance for communications technologies based on the potential to cause damage + to systems, if used maliciously? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-05.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-05.4 + name: 'Use of Critical Technologies ' + description: 'Mechanisms exist to govern usage policies for critical technologies. ' + annotation: 'Does the organization govern usage policies for critical technologies? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-05.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-05.5 + name: Use of Mobile Devices + description: Mechanisms exist to manage business risks associated with permitting + mobile device access to organizational resources. + annotation: Does the organization manage business risks associated with permitting + mobile device access to organizational resources? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-05.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-05.6 + name: Security-Minded Dress Code + description: Mechanisms exist to prohibit the use of oversized clothing (e.g., + baggy pants, oversized hooded sweatshirts, etc.) to prevent the unauthorized + exfiltration of data and technology assets. + annotation: Does the organization prohibit the use of oversized clothing (e.g., + baggy pants, oversized hooded sweatshirts, etc.) to prevent the unauthorized + exfiltration of data and technology assets? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-05.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-05.7 + name: Policy Familiarization & Acknowledgement + description: "Mechanisms exist to ensure personnel receive recurring familiarization\ + \ with the organization\u2019s cybersecurity & data privacy policies and provide\ + \ acknowledgement." + annotation: "Does the organization ensure personnel receive recurring familiarization\ + \ with the organization\u2019s cybersecurity & data privacy policies and provide\ + \ acknowledgement?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-06 + name: 'Access Agreements ' + description: 'Mechanisms exist to require internal and third-party users to + sign appropriate access agreements prior to being granted access. ' + annotation: 'Does the organization require internal and third-party users to + sign appropriate access agreements prior to being granted access? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-06.1 + name: Confidentiality Agreements + description: Mechanisms exist to require Non-Disclosure Agreements (NDAs) or + similar confidentiality agreements that reflect the needs to protect data + and operational details, or both employees and third-parties. + annotation: Does the organization require Non-Disclosure Agreements (NDAs) or + similar confidentiality agreements that reflect the needs to protect data + and operational details, or both employees and third-parties? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-06.2 + name: Post-Employment Obligations + description: Mechanisms exist to notify terminated individuals of applicable, + legally-binding post-employment requirements for the protection of sensitive + organizational information. + annotation: Does the organization notify terminated individuals of applicable, + legally-binding post-employment requirements for the protection of sensitive + organizational information? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-07 + name: Personnel Sanctions + description: 'Mechanisms exist to sanction personnel failing to comply with + established security policies, standards and procedures. ' + annotation: 'Does the organization sanction personnel failing to comply with + established security policies, standards and procedures? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-07.1 + name: Workplace Investigations + description: 'Mechanisms exist to conduct employee misconduct investigations + when there is reasonable assurance that a policy has been violated. ' + annotation: 'Does the organization conduct employee misconduct investigations + when there is reasonable assurance that a policy has been violated? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-08 + name: Personnel Transfer + description: Mechanisms exist to adjust logical and physical access authorizations + to systems and facilities upon personnel reassignment or transfer, in a timely + manner. + annotation: Does the organization adjust logical and physical access authorizations + to systems and facilities upon personnel reassignment or transfer, in a timely + manner? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-09 + name: 'Personnel Termination ' + description: Mechanisms exist to govern the termination of individual employment. + annotation: Does the organization govern the termination of individual employment? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-09.1 + name: Asset Collection + description: Mechanisms exist to retrieve organization-owned assets upon termination + of an individual's employment. + annotation: Does the organization retrieve organization-owned assets upon termination + of an individual's employment? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-09.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-09.2 + name: High-Risk Terminations + description: "Mechanisms exist to expedite the process of removing \"high risk\"\ + \ individual\u2019s access to systems and applications upon termination, as\ + \ determined by management." + annotation: "Does the organization expedite the process of removing \"high risk\"\ + \ individual\u2019s access to systems and applications upon termination, as\ + \ determined by management?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-09.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-09.3 + name: 'Post-Employment Requirements ' + description: Mechanisms exist to govern former employee behavior by notifying + terminated individuals of applicable, legally binding post-employment requirements + for the protection of organizational information. + annotation: Does the organization govern former employee behavior by notifying + terminated individuals of applicable, legally binding post-employment requirements + for the protection of organizational information? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-09.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-09.4 + name: Automated Employment Status Notifications + description: Automated mechanisms exist to notify Identity and Access Management + (IAM) personnel or roles upon termination of an individual employment or contract. + annotation: Does the organization use automated mechanisms to notify Identity + and Access Management (IAM) personnel or roles upon termination of an individual + employment or contract? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-10 + name: Third-Party Personnel Security + description: Mechanisms exist to govern third-party personnel by reviewing and + monitoring third-party cybersecurity & data privacy roles and responsibilities. + annotation: Does the organization govern third-party personnel by reviewing + and monitoring third-party cybersecurity & data privacy roles and responsibilities? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-11 + name: Separation of Duties (SoD) + description: Mechanisms exist to implement and maintain Separation of Duties + (SoD) to prevent potential inappropriate activity without collusion. + annotation: Does the organization implement and maintain Separation of Duties + (SoD) to prevent potential inappropriate activity without collusion? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-12 + name: 'Incompatible Roles ' + description: Mechanisms exist to avoid incompatible development-specific roles + through limiting and reviewing developer privileges to change hardware, software + and firmware components within a production/operational environment. + annotation: Does the organization avoid incompatible development-specific roles + through limiting and reviewing developer privileges to change hardware, software + and firmware components within a production/operational environment? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-12.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-12.1 + name: Two-Person Rule + description: Mechanisms exist to enforce a two-person rule for implementing + changes to sensitive systems. + annotation: Does the organization enforce a two-person rule for implementing + changes to sensitive systems? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-13 + name: Identify Critical Skills & Gaps + description: "Mechanisms exist to evaluate the critical cybersecurity & data\ + \ privacy skills needed to support the organization\u2019s mission and identify\ + \ gaps that exist." + annotation: "Does the organization evaluate the critical cybersecurity & data\ + \ privacy skills needed to support the organization\u2019s mission and identify\ + \ gaps that exist?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-13.1 + name: Remediate Identified Skills Deficiencies + description: "Mechanisms exist to remediate critical skills deficiencies necessary\ + \ to support the organization\u2019s mission and business functions." + annotation: "Does the organization remediate critical skills deficiencies necessary\ + \ to support the organization\u2019s mission and business functions?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-13.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-13.2 + name: Identify Vital Cybersecurity & Data Privacy Staff + description: Mechanisms exist to identify vital cybersecurity & data privacy + staff. + annotation: Does the organization identify vital cybersecurity & data privacy + staff? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-13.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-13.3 + name: Establish Redundancy for Vital Cybersecurity & Data Privacy Staff + description: Mechanisms exist to establish redundancy for vital cybersecurity + & data privacy staff. + annotation: Does the organization establish redundancy for vital cybersecurity + & data privacy staff? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:hrs-13.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node558 + ref_id: HRS-13.4 + name: Perform Succession Planning + description: Mechanisms exist to perform succession planning for vital cybersecurity + & data privacy roles. + annotation: Does the organization perform succession planning for vital cybersecurity + & data privacy roles? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + assessable: false + depth: 1 + name: Identification & Authentication + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-01 + name: 'Identity & Access Management (IAM) ' + description: Mechanisms exist to facilitate the implementation of identification + and access management controls. + annotation: Does the organization facilitate the implementation of identification + and access management controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-01.1 + name: Retain Access Records + description: Mechanisms exist to retain a record of personnel accountability + to ensure there is a record of all access granted to an individual (system + and application-wise), who provided the authorization, when the authorization + was granted and when the access was last reviewed. + annotation: Does the organization retain a record of personnel accountability + to ensure there is a record of all access granted to an individual (system + and application-wise), who provided the authorization, when the authorization + was granted and when the access was last reviewed? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-01.2 + name: Authenticate, Authorize and Audit (AAA) + description: Mechanisms exist to strictly govern the use of Authenticate, Authorize + and Audit (AAA) solutions, both on-premises and those hosted by an External + Service Provider (ESP). + annotation: Does the organization strictly govern the use of Authenticate, Authorize + and Audit (AAA) solutions, both on-premises and those hosted by an External + Service Provider (ESP)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-02 + name: 'Identification & Authentication for Organizational Users ' + description: 'Mechanisms exist to uniquely identify and centrally Authenticate, + Authorize and Audit (AAA) organizational users and processes acting on behalf + of organizational users. ' + annotation: 'Does the organization uniquely identify and centrally Authenticate, + Authorize and Audit (AAA) organizational users and processes acting on behalf + of organizational users? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-02.1 + name: 'Group Authentication ' + description: 'Mechanisms exist to require individuals to be authenticated with + an individual authenticator when a group authenticator is utilized. ' + annotation: 'Does the organization require individuals to be authenticated with + an individual authenticator when a group authenticator is utilized? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-02.2 + name: Replay-Resistant Authentication + description: Automated mechanisms exist to employ replay-resistant authentication. + annotation: Does the organization use automated mechanisms to employ replay-resistant + authentication? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-02.3 + name: 'Acceptance of PIV Credentials ' + description: 'Mechanisms exist to accept and electronically verify organizational + Personal Identity Verification (PIV) credentials. ' + annotation: 'Does the organization accept and electronically verify organizational + Personal Identity Verification (PIV) credentials? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-02.4 + name: 'Out-of-Band Authentication (OOBA) ' + description: 'Mechanisms exist to implement Out-of-Band Authentication (OOBA) + under specific conditions. ' + annotation: 'Does the organization implement Out-of-Band Authentication (OOBA) + under specific conditions? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-03 + name: 'Identification & Authentication for Non-Organizational Users ' + description: Mechanisms exist to uniquely identify and centrally Authenticate, + Authorize and Audit (AAA) third-party users and processes that provide services + to the organization. + annotation: Does the organization uniquely identify and centrally Authenticate, + Authorize and Audit (AAA) third-party users and processes that provide services + to the organization? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-03.1 + name: 'Acceptance of PIV Credentials from Other Organizations ' + description: Mechanisms exist to accept and electronically verify Personal Identity + Verification (PIV) credentials from third-parties. + annotation: Does the organization accept and electronically verify Personal + Identity Verification (PIV) credentials from third-parties? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-03.2 + name: Acceptance of Third-Party Credentials + description: 'Automated mechanisms exist to accept Federal Identity, Credential + and Access Management (FICAM)-approved third-party credentials. ' + annotation: 'Does the organization use automated mechanisms to accept Federal + Identity, Credential and Access Management (FICAM)-approved third-party credentials? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-03.3 + name: Use of FICAM-Issued Profiles + description: 'Mechanisms exist to conform systems to Federal Identity, Credential + and Access Management (FICAM)-issued profiles. ' + annotation: 'Does the organization conform systems to Federal Identity, Credential + and Access Management (FICAM)-issued profiles? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-03.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-03.4 + name: Disassociability + description: Mechanisms exist to disassociate user attributes or credential + assertion relationships among individuals, credential service providers and + relying parties. + annotation: Does the organization disassociate user attributes or credential + assertion relationships among individuals, credential service providers and + relying parties? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-03.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-03.5 + name: Acceptance of External Authenticators + description: Mechanisms exist to restrict the use of external authenticators + to those that are National Institute of Standards and Technology (NIST)-compliant + and maintain a list of accepted external authenticators. + annotation: Does the organization restrict the use of external authenticators + to those that are National Institute of Standards and Technology (NIST)-compliant + and maintain a list of accepted external authenticators? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-04 + name: Identification & Authentication for Devices + description: Mechanisms exist to uniquely identify and centrally Authenticate, + Authorize and Audit (AAA) devices before establishing a connection using bidirectional + authentication that is cryptographically- based and replay resistant. + annotation: Does the organization uniquely identify and centrally Authenticate, + Authorize and Audit (AAA) devices before establishing a connection using bidirectional + authentication that is cryptographically- based and replay resistant? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-04.1 + name: Device Attestation + description: Mechanisms exist to ensure device identification and authentication + is accurate by centrally-managing the joining of systems to the domain as + part of the initial asset configuration management process. + annotation: Does the organization ensure device identification and authentication + is accurate by centrally-managing the joining of systems to the domain as + part of the initial asset configuration management process? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-04.2 + name: Device Authorization Enforcement + description: Mechanisms exist to enforce cryptographic communications keys to + prevent one key from being used to access multiple devices. + annotation: Does the organization enforce cryptographic communications keys + to prevent one key from being used to access multiple devices? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-05 + name: Identification & Authentication for Third Party Systems & Services + description: Mechanisms exist to identify and authenticate third-party systems + and services. + annotation: Does the organization identify and authenticate third-party systems + and services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-05.1 + name: Sharing Identification & Authentication Information + description: Mechanisms exist to ensure external service providers provide current + and accurate information for any third-party user with access to the organization's + data or assets. + annotation: Does the organization ensure external service providers provide + current and accurate information for any third-party user with access to the + organization's data or assets? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-05.2 + name: Privileged Access by Non-Organizational Users + description: Mechanisms exist to prohibit privileged access by non-organizational + users. + annotation: Does the organization prohibit privileged access by non-organizational + users? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-06 + name: Multi-Factor Authentication (MFA) + description: "Automated mechanisms exist to enforce Multi-Factor Authentication\ + \ (MFA) for:\n \u25AA Remote network access; \n \u25AA Third-party systems,\ + \ applications and/or services; and/ or\n \u25AA Non-console access to critical\ + \ systems or systems that store, transmit and/or process sensitive/regulated\ + \ data." + annotation: "Does the organization use automated mechanisms to enforce Multi-Factor\ + \ Authentication (MFA) for:\n \u25AA Remote network access; \n \u25AA Third-party\ + \ systems, applications and/or services; and/ or\n \u25AA Non-console access\ + \ to critical systems or systems that store, transmit and/or process sensitive/regulated\ + \ data?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-06.1 + name: Network Access to Privileged Accounts + description: 'Mechanisms exist to utilize Multi-Factor Authentication (MFA) + to authenticate network access for privileged accounts. ' + annotation: 'Does the organization utilize Multi-Factor Authentication (MFA) + to authenticate network access for privileged accounts? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-06.2 + name: 'Network Access to Non-Privileged Accounts ' + description: 'Mechanisms exist to utilize Multi-Factor Authentication (MFA) + to authenticate network access for non-privileged accounts. ' + annotation: 'Does the organization utilize Multi-Factor Authentication (MFA) + to authenticate network access for non-privileged accounts? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-06.3 + name: 'Local Access to Privileged Accounts ' + description: 'Mechanisms exist to utilize Multi-Factor Authentication (MFA) + to authenticate local access for privileged accounts. ' + annotation: 'Does the organization utilize Multi-Factor Authentication (MFA) + to authenticate local access for privileged accounts? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-06.4 + name: 'Out-of-Band Multi-Factor Authentication ' + description: 'Mechanisms exist to implement Multi-Factor Authentication (MFA) + for access to privileged and non-privileged accounts such that one of the + factors is independently provided by a device separate from the system being + accessed. ' + annotation: 'Does the organization implements Multi-Factor Authentication (MFA) + for access to privileged and non-privileged accounts such that one of the + factors is securely provided by a device separate from the system gaining + access? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-07 + name: 'User Provisioning & De-Provisioning ' + description: 'Mechanisms exist to utilize a formal user registration and de-registration + process that governs the assignment of access rights. ' + annotation: 'Does the organization utilize a formal user registration and de-registration + process that governs the assignment of access rights? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-07.1 + name: Change of Roles & Duties + description: 'Mechanisms exist to revoke user access rights following changes + in personnel roles and duties, if no longer necessary or permitted. ' + annotation: 'Does the organization revoke user access rights following changes + in personnel roles and duties, if no longer necessary or permitted? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-07.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-07.2 + name: Termination of Employment + description: Mechanisms exist to revoke user access rights in a timely manner, + upon termination of employment or contract. + annotation: Does the organization revoke user access rights in a timely manner, + upon termination of employment or contract? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-08 + name: 'Role-Based Access Control (RBAC) ' + description: Mechanisms exist to enforce a Role-Based Access Control (RBAC) + policy over users and resources that applies need-to-know and fine-grained + access control for sensitive/regulated data access. + annotation: Does the organization enforce a Role-Based Access Control (RBAC) + policy over users and resources that applies need-to-know and fine-grained + access control for sensitive/regulated data access? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-09 + name: Identifier Management (User Names) + description: Mechanisms exist to govern naming standards for usernames and systems. + annotation: Does the organization govern naming standards for usernames and + systems? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-09.1 + name: 'User Identity (ID) Management ' + description: 'Mechanisms exist to ensure proper user identification management + for non-consumer users and administrators. ' + annotation: 'Does the organization ensure proper user identification management + for non-consumer users and administrators? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-09.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-09.2 + name: Identity User Status + description: 'Mechanisms exist to identify contractors and other third-party + users through unique username characteristics. ' + annotation: 'Does the organization identify contractors and other third-party + users through unique username characteristics? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-09.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-09.3 + name: Dynamic Management + description: 'Mechanisms exist to dynamically manage usernames and system identifiers. ' + annotation: 'Does the organization dynamically manage usernames and system identifiers? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-09.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-09.4 + name: Cross-Organization Management + description: 'Mechanisms exist to coordinate username identifiers with external + organizations for cross-organization management of identifiers. ' + annotation: 'Does the organization coordinate username identifiers with external + organizations for cross-organization management of identifiers? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-09.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-09.5 + name: Privileged Account Identifiers + description: Mechanisms exist to uniquely manage privileged accounts to identify + the account as a privileged user or service. + annotation: Does the organization uniquely manage privileged accounts to identify + the account as a privileged user or service? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-09.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-09.6 + name: Pairwise Pseudonymous Identifiers (PPID) + description: Mechanisms exist to generate pairwise pseudonymous identifiers + with no identifying information about a data subject to discourage activity + tracking and profiling of the data subject. + annotation: Does the organization generate pairwise pseudonymous identifiers + with no identifying information about a data subject to discourage activity + tracking and profiling of the data subject? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10 + name: Authenticator Management + description: Mechanisms exist to securely manage authenticators for users and + devices. + annotation: Does the organization securely manage authenticators for users and + devices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.1 + name: 'Password-Based Authentication ' + description: Mechanisms exist to enforce complexity, length and lifespan considerations + to ensure strong criteria for password-based authentication. + annotation: Does the organization enforce complexity, length and lifespan considerations + to ensure strong criteria for password-based authentication? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.2 + name: PKI-Based Authentication + description: Automated mechanisms exist to validate certificates by constructing + and verifying a certification path to an accepted trust anchor including checking + certificate status information for PKI-based authentication. + annotation: Does the organization use automated mechanisms to validate certificates + by constructing and verifying a certification path to an accepted trust anchor + including checking certificate status information for PKI-based authentication? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.3 + name: In-Person or Trusted Third-Party Registration + description: Mechanisms exist to conduct in-person or trusted third-party identify + verification before user accounts for third-parties are created. + annotation: Does the organization conduct in-person or trusted third-party identify + verification before user accounts for third-parties are created? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.4 + name: Automated Support For Password Strength + description: 'Automated mechanisms exist to determine if password authenticators + are sufficiently strong enough to satisfy organization-defined password length + and complexity requirements. ' + annotation: 'Does the organization use automated mechanisms to determine if + password authenticators are sufficiently strong enough to satisfy organization-defined + password length and complexity requirements? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.5 + name: Protection of Authenticators + description: 'Mechanisms exist to protect authenticators commensurate with the + sensitivity of the information to which use of the authenticator permits access. ' + annotation: 'Does the organization protect authenticators commensurate with + the sensitivity of the information to which use of the authenticator permits + access? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.6 + name: No Embedded Unencrypted Static Authenticators + description: 'Mechanisms exist to ensure that unencrypted, static authenticators + are not embedded in applications, scripts or stored on function keys. ' + annotation: 'Does the organization ensure that unencrypted, static authenticators + are not embedded in applications, scripts or stored on function keys? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.7 + name: Hardware Token-Based Authentication + description: Automated mechanisms exist to ensure organization-defined token + quality requirements are satisfied for hardware token-based authentication. + annotation: Does the organization use automated mechanisms to ensure organization-defined + token quality requirements are satisfied for hardware token-based authentication? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.8 + name: Vendor-Supplied Defaults + description: Mechanisms exist to ensure vendor-supplied defaults are changed + as part of the installation process. + annotation: Does the organization ensure vendor-supplied defaults are changed + as part of the installation process? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.9 + name: Multiple Information System Accounts + description: Mechanisms exist to implement security safeguards to manage the + risk of compromise due to individuals having accounts on multiple information + systems. + annotation: Does the organization implement security safeguards to manage the + risk of compromise due to individuals having accounts on multiple information + systems? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.10 + name: Expiration of Cached Authenticators + description: Automated mechanisms exist to prohibit the use of cached authenticators + after organization-defined time period. + annotation: Does the organization use automated mechanisms to prohibit the use + of cached authenticators after organization-defined time period? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.11 + name: Password Managers + description: Mechanisms exist to protect and store passwords via a password + manager tool. + annotation: Does the organization protect and store passwords via a password + manager tool? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-10.12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-10.12 + name: Biometric Authentication + description: Mechanisms exist to ensure biometric-based authentication satisfies + organization-defined biometric quality requirements for false positives and + false negatives. + annotation: Does the organization ensure biometric-based authentication satisfies + organization-defined biometric quality requirements for false positives and + false negatives? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-11 + name: Authenticator Feedback + description: 'Mechanisms exist to obscure the feedback of authentication information + during the authentication process to protect the information from possible + exploitation/use by unauthorized individuals. ' + annotation: 'Does the organization obscure the feedback of authentication information + during the authentication process to protect the information from possible + exploitation/use by unauthorized individuals? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-12 + name: 'Cryptographic Module Authentication ' + description: Mechanisms exist to ensure cryptographic modules adhere to applicable + statutory, regulatory and contractual requirements for security strength. + annotation: Does the organization ensure cryptographic modules adhere to applicable + statutory, regulatory and contractual requirements for security strength? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-12.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-12.1 + name: Hardware Security Modules (HSM) + description: 'Automated mechanisms exist to utilize Hardware Security Modules + (HSM) to protect authenticators on which the component relies. ' + annotation: 'Does the organization use automated mechanisms to utilize Hardware + Security Modules (HSM) to protect authenticators on which the component relies? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-13 + name: 'Adaptive Identification & Authentication ' + description: Mechanisms exist to allow individuals to utilize alternative methods + of authentication under specific circumstances or situations. + annotation: Does the organization allow individuals to utilize alternative methods + of authentication under specific circumstances or situations? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-13.1 + name: Single Sign-On (SSO) Transparent Authentication + description: Mechanisms exist to provide a transparent authentication (e.g., + Single Sign-On (SSO)) capability to the organization's systems and services. + annotation: Does the organization provide a Single Sign-On (SSO) capability + to the organization's systems and services? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-13.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-13.2 + name: Federated Credential Management + description: Mechanisms exist to federate credentials to allow cross-organization + authentication of individuals and devices. + annotation: Does the organization federate credentials to allow cross-organization + authentication of individuals and devices? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-13.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-13.3 + name: Continuous Authentication + description: Automated mechanisms exist to enable continuous re-authentication + through the lifecycle of entity interactions. + annotation: Does the organization use automated mechanisms to enable continuous + re-authentication through the lifecycle of entity interactions? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-14 + name: 'Re-Authentication ' + description: 'Mechanisms exist to force users and devices to re-authenticate + according to organization-defined circumstances that necessitate re-authentication. ' + annotation: 'Does the organization force users and devices to re-authenticate + according to organization-defined circumstances that necessitate re-authentication? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15 + name: 'Account Management ' + description: Mechanisms exist to proactively govern account management of individual, + group, system, service, application, guest and temporary accounts. + annotation: Does the organization proactively govern account management of individual, + group, system, service, application, guest and temporary accounts? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.1 + name: 'Automated System Account Management (Directory Services) ' + description: 'Automated mechanisms exist to support the management of system + accounts (e.g., directory services). ' + annotation: 'Does the organization use automated mechanisms to support the management + of system accounts? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.2 + name: Removal of Temporary / Emergency Accounts + description: 'Automated mechanisms exist to disable or remove temporary and + emergency accounts after an organization-defined time period for each type + of account. ' + annotation: 'Does the organization use automated mechanisms to disable or remove + temporary and emergency accounts after an organization-defined time period + for each type of account? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.3 + name: Disable Inactive Accounts + description: 'Automated mechanisms exist to disable inactive accounts after + an organization-defined time period. ' + annotation: 'Does the organization use automated mechanisms to disable inactive + accounts after an organization-defined time period? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.4 + name: Automated Audit Actions + description: 'Automated mechanisms exist to audit account creation, modification, + enabling, disabling and removal actions and notify organization-defined personnel + or roles. ' + annotation: 'Does the organization use automated mechanisms to audit account + creation, modification, enabling, disabling and removal actions and notify + organization-defined personnel or roles? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.5 + name: Restrictions on Shared Groups / Accounts + description: Mechanisms exist to authorize the use of shared/group accounts + only under certain organization-defined conditions. + annotation: Does the organization authorize the use of shared/group accounts + only under certain organization-defined conditions? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.6 + name: Account Disabling for High Risk Individuals + description: Mechanisms exist to disable accounts immediately upon notification + for users posing a significant risk to the organization. + annotation: Does the organization disable accounts immediately upon notification + for users posing a significant risk to the organization? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.7 + name: System Account Reviews + description: 'Mechanisms exist to review all system accounts and disable any + account that cannot be associated with a business process and owner. ' + annotation: 'Does the organization review all system accounts and disables any + account that cannot be associated with a business process and owner? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.8 + name: Usage Conditions + description: Automated mechanisms exist to enforce usage conditions for users + and/or roles. + annotation: Does the organization use automated mechanisms to enforce usage + conditions for users and/or roles? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-15.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-15.9 + name: Emergency Accounts + description: Mechanisms exist to establish and control "emergency access only" + accounts. + annotation: Does the organization establish and control "emergency access only" + accounts? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-16 + name: 'Privileged Account Management (PAM) ' + description: Mechanisms exist to restrict and control privileged access rights + for users and services. + annotation: Does the organization restrict and control privileged access rights + for users and services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-16.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-16.1 + name: 'Privileged Account Inventories ' + description: 'Mechanisms exist to inventory all privileged accounts and validate + that each person with elevated privileges is authorized by the appropriate + level of organizational management. ' + annotation: 'Does the organization inventory all privileged accounts and validate + that each person with elevated privileges is authorized by the appropriate + level of organizational management? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-16.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-16.2 + name: 'Privileged Account Separation ' + description: Mechanisms exist to separate privileged accounts between infrastructure + environments to reduce the risk of a compromise in one infrastructure environment + from laterally affecting other infrastructure environments. + annotation: Does the organization separate privileged accounts between infrastructure + environments to reduce the risk of a compromise in one infrastructure environment + from laterally affecting other infrastructure environments? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-17 + name: Periodic Review of Account Privileges + description: Mechanisms exist to periodically-review the privileges assigned + to individuals and service accounts to validate the need for such privileges + and reassign or remove unnecessary privileges, as necessary. + annotation: Does the organization periodically-review the privileges assigned + to individuals and service accounts to validate the need for such privileges + and reassign or remove unnecessary privileges, as necessary? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-18 + name: User Responsibilities for Account Management + description: 'Mechanisms exist to compel users to follow accepted practices + in the use of authentication mechanisms (e.g., passwords, passphrases, physical + or logical security tokens, smart cards, certificates, etc.). ' + annotation: 'Does the organization compel users to follow accepted practices + in the use of authentication mechanisms (e.g., passwords, passphrases, physical + or logical security tokens, smart cards, certificates, etc.)? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-19 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-19 + name: 'Credential Sharing ' + description: Mechanisms exist to prevent the sharing of generic IDs, passwords + or other generic authentication methods. + annotation: Does the organization prevent the sharing of generic IDs, passwords + or other generic authentication methods? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-20 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-20 + name: Access Enforcement + description: Mechanisms exist to enforce Logical Access Control (LAC) permissions + that conform to the principle of "least privilege." + annotation: Does the organization enforce Logical Access Control (LAC) permissions + that conform to the principle of "least privilege?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-20.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-20.1 + name: Access To Sensitive / Regulated Data + description: 'Mechanisms exist to limit access to sensitive/regulated data to + only those individuals whose job requires such access. ' + annotation: 'Does the organization limit access to sensitive/regulated data + to only those individuals whose job requires such access? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-20.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-20.2 + name: Database Access + description: 'Mechanisms exist to restrict access to databases containing sensitive/regulated + data to only necessary services or those individuals whose job requires such + access. ' + annotation: Does the organization restrict access to databases containing sensitive/regulated + data to only necessary services or those individuals whose job requires such + access? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-20.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-20.3 + name: Use of Privileged Utility Programs + description: Mechanisms exist to restrict and tightly control utility programs + that are capable of overriding system and application controls. + annotation: Does the organization restrict and tightly control utility programs + that are capable of overriding system and application controls? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-20.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-20.4 + name: Dedicated Administrative Machines + description: Mechanisms exist to restrict executing administrative tasks or + tasks requiring elevated access to a dedicated machine. + annotation: Does the organization restrict executing administrative tasks or + tasks requiring elevated access to a dedicated machine? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-20.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-20.5 + name: Dual Authorization for Privileged Commands + description: Automated mechanisms exist to enforce dual authorization for privileged + commands. + annotation: Does the organization use automated mechanisms to enforce dual authorization + for privileged commands? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-20.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-20.6 + name: Revocation of Access Authorizations + description: Mechanisms exist to revoke logical and physical access authorizations. + annotation: Does the organization revoke logical and physical access authorizations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-20.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-20.7 + name: Authorized System Accounts + description: Mechanisms exist to define and document the types of accounts allowed + and prohibited on systems, applications and services. + annotation: Does the organization define and document the types of accounts + allowed and prohibited on systems, applications and services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-21 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-21 + name: 'Least Privilege ' + description: 'Mechanisms exist to utilize the concept of least privilege, allowing + only authorized access to processes necessary to accomplish assigned tasks + in accordance with organizational business functions. ' + annotation: 'Does the organization utilize the concept of least privilege, allowing + only authorized access to processes necessary to accomplish assigned tasks + in accordance with organizational business functions? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-21.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-21.1 + name: 'Authorize Access to Security Functions ' + description: Mechanisms exist to limit access to security functions to explicitly-authorized + privileged users. + annotation: Does the organization limit access to security functions to explicitly-authorized + privileged users? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-21.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-21.2 + name: 'Non-Privileged Access for Non-Security Functions ' + description: "Mechanisms exist to prohibit privileged users from using privileged\ + \ accounts, while performing non-security functions. \n" + annotation: "Does the organization prohibit privileged users from using privileged\ + \ accounts, while performing non-security functions? \n" + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-21.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-21.3 + name: 'Privileged Accounts ' + description: Mechanisms exist to restrict the assignment of privileged accounts + to management-approved personnel and/or roles. + annotation: Does the organization restrict the assignment of privileged accounts + to management-approved personnel and/or roles? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-21.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-21.4 + name: 'Auditing Use of Privileged Functions ' + description: 'Mechanisms exist to audit the execution of privileged functions. ' + annotation: 'Does the organization audit the execution of privileged functions? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-21.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-21.5 + name: 'Prohibit Non-Privileged Users from Executing Privileged Functions ' + description: 'Mechanisms exist to prevent non-privileged users from executing + privileged functions to include disabling, circumventing or altering implemented + security safeguards / countermeasures. ' + annotation: 'Does the organization prevent non-privileged users from executing + privileged functions to include disabling, circumventing or altering implemented + security safeguards / countermeasures? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-21.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-21.6 + name: Network Access to Privileged Commands + description: Mechanisms exist to authorize remote access to perform privileged + commands on critical systems or where sensitive/regulated data is stored, + transmitted and/or processed only for compelling operational needs. + annotation: Does the organization authorize remote access to perform privileged + commands on critical systems or where sensitive/regulated data is stored, + transmitted and/or processed only for compelling operational needs? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-21.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-21.7 + name: Privilege Levels for Code Execution + description: 'Automated mechanisms exist to prevent applications from executing + at higher privilege levels than the user''s privileges. ' + annotation: 'Does the organization use automated mechanisms to prevent applications + from executing at higher privilege levels than the user''s privileges? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-22 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-22 + name: 'Account Lockout ' + description: Mechanisms exist to enforce a limit for consecutive invalid login + attempts by a user during an organization-defined time period and automatically + locks the account when the maximum number of unsuccessful attempts is exceeded. + annotation: Does the organization enforce a limit for consecutive invalid login + attempts by a user during an organization-defined time period and automatically + locks the account when the maximum number of unsuccessful attempts is exceeded? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-23 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-23 + name: Concurrent Session Control + description: 'Mechanisms exist to limit the number of concurrent sessions for + each system account. ' + annotation: 'Does the organization limit the number of concurrent sessions for + each system account? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-24 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-24 + name: 'Session Lock ' + description: Mechanisms exist to initiate a session lock after an organization-defined + time period of inactivity, or upon receiving a request from a user and retain + the session lock until the user reestablishes access using established identification + and authentication methods. + annotation: Does the organization initiate a session lock after an organization-defined + time period of inactivity, or upon receiving a request from a user and retain + the session lock until the user reestablishes access using established identification + and authentication methods? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-24.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-24.1 + name: 'Pattern-Hiding Displays ' + description: 'Mechanisms exist to implement pattern-hiding displays to conceal + information previously visible on the display during the session lock. ' + annotation: 'Does the organization implement pattern-hiding displays to conceal + information previously visible on the display during the session lock? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-25 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-25 + name: 'Session Termination ' + description: 'Automated mechanisms exist to log out users, both locally on the + network and for remote sessions, at the end of the session or after an organization-defined + period of inactivity. ' + annotation: 'Does the organization use automated mechanisms to log out users, + both locally on the network and for remote sessions, at the end of the session + or after an organization-defined period of inactivity? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-25.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-25.1 + name: User-Initiated Logouts / Message Displays + description: 'Mechanisms exist to provide a logout capability and display an + explicit logout message to users indicating the reliable termination of the + session. ' + annotation: 'Does the organization provide a logout capability and display an + explicit logout message to users indicating the reliable termination of the + session? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-26 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-26 + name: Permitted Actions Without Identification or Authorization + description: Mechanisms exist to identify and document the supporting rationale + for specific user actions that can be performed on a system without identification + or authentication. + annotation: Does the organization identify and document the supporting rationale + for specific user actions that can be performed on a system without identification + or authentication? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-27 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-27 + name: Reference Monitor + description: Mechanisms exist to implement a reference monitor that is tamperproof, + always-invoked, small enough to be subject to analysis / testing and the completeness + of which can be assured. + annotation: Does the organization implement a reference monitor that is tamperproof, + always-invoked, small enough to be subject to analysis / testing and the completeness + of which can be assured? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-28 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-28 + name: Identity Proofing (Identity Verification) + description: Mechanisms exist to verify the identity of a user before issuing + authenticators or modifying access permissions. + annotation: Does the organization verify the identity of a user before issuing + authenticators or modifying access permissions? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-28.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-28.1 + name: Management Approval For New or Changed Accounts + description: Mechanisms exist to ensure management approvals are required for + new accounts or changes in permissions to existing accounts. + annotation: Does the organization ensure management approvals are required for + new accounts or changes in permissions to existing accounts? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-28.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-28.2 + name: Identity Evidence + description: Mechanisms exist to require evidence of individual identification + to be presented to the registration authority. + annotation: Does the organization require evidence of individual identification + to be presented to the registration authority? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-28.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-28.3 + name: Identity Evidence Validation & Verification + description: Mechanisms exist to require that the presented identity evidence + be validated and verified through organizational-defined methods of validation + and verification. + annotation: Does the organization require that the presented identity evidence + be validated and verified through organizational-defined methods of validation + and verification? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-28.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-28.4 + name: In-Person Validation & Verification + description: Mechanisms exist to require that the validation and verification + of identity evidence be conducted in person before a designated registration + authority. + annotation: Does the organization require that the validation and verification + of identity evidence be conducted in person before a designated registration + authority? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-28.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-28.5 + name: Address Confirmation + description: Mechanisms exist to require that a notice of proofing be delivered + through an out-of-band channel to verify the user's address (physical or digital). + annotation: Does the organization require that a notice of proofing be delivered + through an out-of-band channel to verify the user's address (physical or digital)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iac-29 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node599 + ref_id: IAC-29 + name: 'Attribute-Based Access Control (ABAC) ' + description: Mechanisms exist to enforce Attribute-Based Access Control (ABAC) + for policy-driven, dynamic authorizations that supports the secure sharing + of information. + annotation: Does the organization enforce Attribute-Based Access Control (ABAC) + for policy-driven, dynamic authorizations that supports the secure sharing + of information? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + assessable: false + depth: 1 + name: Incident Response + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-01 + name: Incident Response Operations + description: Mechanisms exist to implement and govern processes and documentation + to facilitate an organization-wide response capability for cybersecurity & + data privacy-related incidents. + annotation: Does the organization implement and govern processes and documentation + to facilitate an organization-wide response capability for cybersecurity & + data privacy-related incidents? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-02 + name: 'Incident Handling ' + description: Mechanisms exist to cover the preparation, automated detection + or intake of incident reporting, analysis, containment, eradication and recovery. + annotation: Does the organization cover the preparation, automated detection + or intake of incident reporting, analysis, containment, eradication and recovery? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-02.1 + name: Automated Incident Handling Processes + description: 'Automated mechanisms exist to support the incident handling process. ' + annotation: 'Does the organization use automated mechanisms to support the incident + handling process? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-02.2 + name: Insider Threat Response Capability + description: 'Mechanisms exist to implement and govern an insider threat program. ' + annotation: 'Does the organization implement and govern an insider threat program? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-02.3 + name: Dynamic Reconfiguration + description: 'Automated mechanisms exist to dynamically reconfigure information + system components as part of the incident response capability. ' + annotation: 'Does the organization use automated mechanisms to dynamically reconfigure + information system components as part of the incident response capability? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-02.4 + name: Incident Classification & Prioritization + description: Mechanisms exist to identify classes of incidents and actions to + take to ensure the continuation of organizational missions and business functions. + annotation: Does the organization identify classes of incidents and actions + to take to ensure the continuation of organizational missions and business + functions? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-02.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-02.5 + name: Correlation with External Organizations + description: 'Mechanisms exist to coordinate with approved third-parties to + achieve a cross-organization perspective on incident awareness and more effective + incident responses. ' + annotation: 'Does the organization coordinate with approved third-parties to + achieve a cross-organization perspective on incident awareness and more effective + incident responses? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-02.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-02.6 + name: Automatic Disabling of System + description: Mechanisms exist to automatically disable systems, upon detection + of a possible incident that meets organizational criteria, which allows for + forensic analysis to be performed. + annotation: Does the organization automatically disable systems, upon detection + of a possible incident that meets organizational criteria, which allows for + forensic analysis to be performed? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-03 + name: Indicators of Compromise (IOC) + description: Mechanisms exist to define specific Indicators of Compromise (IOC) + to identify the signs of potential cybersecurity events. + annotation: Does the organization define specific Indicators of Compromise (IOC) + to identify the signs of potential cybersecurity events? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-04 + name: 'Incident Response Plan (IRP) ' + description: Mechanisms exist to maintain and make available a current and viable + Incident Response Plan (IRP) to all stakeholders. + annotation: Does the organization maintain and make available a current and + viable Incident Response Plan (IRP) to all stakeholders? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-04.1 + name: Data Breach + description: 'Mechanisms exist to address data breaches, or other incidents + involving the unauthorized disclosure of sensitive or regulated data, according + to applicable laws, regulations and contractual obligations. ' + annotation: 'Does the organization address data breaches, or other incidents + involving the unauthorized disclosure of sensitive or regulated data, according + to applicable laws, regulations and contractual obligations? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-04.2 + name: IRP Update + description: Mechanisms exist to regularly review and modify incident response + practices to incorporate lessons learned, business process changes and industry + developments, as necessary. + annotation: Does the organization regularly review and modify incident response + practices to incorporate lessons learned, business process changes and industry + developments, as necessary? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-04.3 + name: Continuous Incident Response Improvements + description: "Mechanisms exist to use qualitative and quantitative data from\ + \ incident response testing to: \n\u25AADetermine the effectiveness of incident\ + \ response processes;\n\u25AAContinuously improve incident response processes;\ + \ and\n\u25AAProvide incident response measures and metrics that are accurate,\ + \ consistent, and in a reproducible format." + annotation: "Does the organization use qualitative and quantitative data from\ + \ incident response testing to: \n\u25AADetermine the effectiveness of incident\ + \ response processes;\n\u25AAContinuously improve incident response processes;\ + \ and\n\u25AAProvide incident response measures and metrics that are accurate,\ + \ consistent, and in a reproducible format?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-05 + name: 'Incident Response Training ' + description: Mechanisms exist to train personnel in their incident response + roles and responsibilities. + annotation: Does the organization train personnel in their incident response + roles and responsibilities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-05.1 + name: Simulated Incidents + description: Mechanisms exist to incorporate simulated events into incident + response training to facilitate effective response by personnel in crisis + situations. + annotation: Does the organization incorporate simulated events into incident + response training to facilitate effective response by personnel in crisis + situations? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-05.2 + name: Automated Incident Response Training Environments + description: Automated mechanisms exist to provide a more thorough and realistic + incident response training environment. + annotation: Does the organization use automated mechanisms to provide a more + thorough and realistic incident response training environment? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-06 + name: Incident Response Testing + description: Mechanisms exist to formally test incident response capabilities + through realistic exercises to determine the operational effectiveness of + those capabilities. + annotation: Does the organization formally test incident response capabilities + through realistic exercises to determine the operational effectiveness of + those capabilities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-06.1 + name: 'Coordination with Related Plans ' + description: 'Mechanisms exist to coordinate incident response testing with + organizational elements responsible for related plans. ' + annotation: 'Does the organization coordinate incident response testing with + organizational elements responsible for related plans? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-07 + name: Integrated Security Incident Response Team (ISIRT) + description: Mechanisms exist to establish an integrated team of cybersecurity, + IT and business function representatives that are capable of addressing cybersecurity + & data privacy incident response operations. + annotation: Does the organization establish an integrated team of cybersecurity, + IT and business function representatives that are capable of addressing cybersecurity + & data privacy incident response operations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-08 + name: Chain of Custody & Forensics + description: Mechanisms exist to perform digital forensics and maintain the + integrity of the chain of custody, in accordance with applicable laws, regulations + and industry-recognized secure practices. + annotation: Does the organization perform digital forensics and maintain the + integrity of the chain of custody, in accordance with applicable laws, regulations + and industry-recognized secure practices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-09 + name: Situational Awareness For Incidents + description: Mechanisms exist to document, monitor and report the status of + cybersecurity & data privacy incidents to internal stakeholders all the way + through the resolution of the incident. + annotation: Does the organization document, monitor and report the status of + cybersecurity & data privacy incidents to internal stakeholders all the way + through the resolution of the incident? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-09.1 + name: Automated Tracking, Data Collection & Analysis + description: Automated mechanisms exist to assist in the tracking, collection + and analysis of information from actual and potential cybersecurity & data + privacy incidents. + annotation: Does the organization use automated mechanisms to assist in the + tracking, collection and analysis of information from actual and potential + cybersecurity & data privacy incidents? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-10 + name: 'Incident Stakeholder Reporting ' + description: "Mechanisms exist to timely-report incidents to applicable:\n \u25AA\ + \ Internal stakeholders; \n \u25AA Affected clients & third-parties; and\n\ + \ \u25AA Regulatory authorities." + annotation: "Does the organization timely-report incidents to applicable:\n\ + \ \u25AA Internal stakeholders; \n \u25AA Affected clients & third-parties;\ + \ and\n \u25AA Regulatory authorities?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-10.1 + name: Automated Reporting + description: Automated mechanisms exist to assist in the reporting of cybersecurity + & data privacy incidents. + annotation: Does the organization use automated mechanisms to assist in the + reporting of cybersecurity & data privacy incidents? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-10.2 + name: Cyber Incident Reporting for Sensitive Data + description: Mechanisms exist to report sensitive/regulated data incidents in + a timely manner. + annotation: Does the organization report sensitive/regulated data incidents + in a timely manner? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-10.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-10.3 + name: Vulnerabilities Related To Incidents + description: Mechanisms exist to report system vulnerabilities associated with + reported cybersecurity & data privacy incidents to organization-defined personnel + or roles. + annotation: Does the organization report system vulnerabilities associated with + reported cybersecurity & data privacy incidents to organization-defined personnel + or roles? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-10.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-10.4 + name: Supply Chain Coordination + description: Mechanisms exist to provide cybersecurity & data privacy incident + information to the provider of the product or service and other organizations + involved in the supply chain for systems or system components related to the + incident. + annotation: Does the organization provide cybersecurity & data privacy incident + information to the provider of the product or service and other organizations + involved in the supply chain for systems or system components related to the + incident? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-11 + name: 'Incident Reporting Assistance ' + description: 'Mechanisms exist to provide incident response advice and assistance + to users of systems for the handling and reporting of actual and potential + cybersecurity & data privacy incidents. ' + annotation: 'Does the organization provide incident response advice and assistance + to users of systems for the handling and reporting of actual and potential + cybersecurity & data privacy incidents? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-11.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-11.1 + name: 'Automation Support of Availability of Information / Support ' + description: 'Automated mechanisms exist to increase the availability of incident + response-related information and support. ' + annotation: 'Does the organization use automated mechanisms to increase the + availability of incident response-related information and support? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-11.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-11.2 + name: Coordination With External Providers + description: Mechanisms exist to establish a direct, cooperative relationship + between the organization's incident response capability and external service + providers. + annotation: Does the organization establish a direct, cooperative relationship + between the organization's incident response capability and external service + providers? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-12 + name: Information Spillage Response + description: Mechanisms exist to respond to sensitive information spills. + annotation: Does the organization respond to sensitive information spills? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-12.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-12.1 + name: Responsible Personnel + description: 'Mechanisms exist to formally assign personnel or roles with responsibility + for responding to sensitive information spills. ' + annotation: 'Does the organization formally assign personnel or roles with responsibility + for responding to sensitive information spills? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-12.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-12.2 + name: Training + description: Mechanisms exist to ensure incident response training material + provides coverage for sensitive information spillage response. + annotation: Does the organization ensure incident response training material + provides coverage for sensitive information spillage response? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-12.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-12.3 + name: Post-Spill Operations + description: 'Mechanisms exist to ensure that organizational personnel impacted + by sensitive information spills can continue to carry out assigned tasks while + contaminated systems are undergoing corrective actions. ' + annotation: 'Does the organization ensure that organizational personnel impacted + by sensitive information spills can continue to carry out assigned tasks while + contaminated systems are undergoing corrective actions? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-12.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-12.4 + name: Exposure to Unauthorized Personnel + description: 'Mechanisms exist to address security safeguards for personnel + exposed to sensitive information that is not within their assigned access + authorizations. ' + annotation: 'Does the organization address security safeguards for personnel + exposed to sensitive information that is not within their assigned access + authorizations? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-13 + name: Root Cause Analysis (RCA) & Lessons Learned + description: 'Mechanisms exist to incorporate lessons learned from analyzing + and resolving cybersecurity & data privacy incidents to reduce the likelihood + or impact of future incidents. ' + annotation: 'Does the organization incorporate lessons learned from analyzing + and resolving cybersecurity & data privacy incidents to reduce the likelihood + or impact of future incidents? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-14 + name: 'Regulatory & Law Enforcement Contacts ' + description: 'Mechanisms exist to maintain incident response contacts with applicable + regulatory and law enforcement agencies. ' + annotation: 'Does the organization maintain incident response contacts with + applicable regulatory and law enforcement agencies? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-15 + name: Detonation Chambers (Sandboxes) + description: Mechanisms exist to utilize a detonation chamber capability to + detect and/or block potentially-malicious files and email attachments. + annotation: Does the organization utilize a detonation chamber capability to + detect and/or block potentially-malicious files and email attachments? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iro-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node704 + ref_id: IRO-16 + name: Public Relations & Reputation Repair + description: Mechanisms exist to proactively manage public relations associated + with incidents and employ appropriate measures to prevent further reputational + damage and develop plans to repair any damage to the organization's reputation. + annotation: Does the organization proactively manage public relations associated + with incidents and employ appropriate measures to prevent further reputational + damage and develop plans to repair any damage to the organization's reputation? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + assessable: false + depth: 1 + name: 'Information Assurance ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-01 + name: Information Assurance (IA) Operations + description: 'Mechanisms exist to facilitate the implementation of cybersecurity + & data privacy assessment and authorization controls. ' + annotation: 'Does the organization facilitate the implementation of cybersecurity + & data privacy assessment and authorization controls? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-01.1 + name: Assessment Boundaries + description: Mechanisms exist to establish the scope of assessments by defining + the assessment boundary, according to people, processes and technology that + directly or indirectly impact the confidentiality, integrity, availability + and safety of the data and systems under review. + annotation: Does the organization establish the scope of assessments by defining + the assessment boundary, according to people, processes and technology that + directly or indirectly impact the confidentiality, integrity, availability + and safety of the data and systems under review? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-02 + name: 'Assessments ' + description: Mechanisms exist to formally assess the cybersecurity & data privacy + controls in systems, applications and services through Information Assurance + Program (IAP) activities to determine the extent to which the controls are + implemented correctly, operating as intended and producing the desired outcome + with respect to meeting expected requirements. + annotation: Does the organization formally assess the cybersecurity & data privacy + controls in systems, applications and services through Information Assurance + Program (IAP) activities to determine the extent to which the controls are + implemented correctly, operating as intended and producing the desired outcome + with respect to meeting expected requirements? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-02.1 + name: Assessor Independence + description: 'Mechanisms exist to ensure assessors or assessment teams have + the appropriate independence to conduct cybersecurity & data privacy control + assessments. ' + annotation: 'Does the organization ensure assessors or assessment teams have + the appropriate independence to conduct cybersecurity & data privacy control + assessments? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-02.2 + name: Specialized Assessments + description: "Mechanisms exist to conduct specialized assessments for: \n \u25AA\ + \ Statutory, regulatory and contractual compliance obligations;\n \u25AA Monitoring\ + \ capabilities; \n \u25AA Mobile devices;\n \u25AA Databases;\n \u25AA Application\ + \ security;\n \u25AA Embedded technologies (e.g., IoT, OT, etc.);\n \u25AA\ + \ Vulnerability management; \n \u25AA Malicious code; \n \u25AA Insider threats\ + \ and\n \u25AA Performance/load testing. " + annotation: "Does the organization conduct specialized assessments for: \n \u25AA\ + \ Statutory, regulatory and contractual compliance obligations;\n \u25AA Monitoring\ + \ capabilities; \n \u25AA Mobile devices;\n \u25AA Databases;\n \u25AA Application\ + \ security;\n \u25AA Embedded technologies (e.g., IoT, OT, etc.);\n \u25AA\ + \ Vulnerability management; \n \u25AA Malicious code; \n \u25AA Insider threats\ + \ and\n \u25AA Performance/load testing? " + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-02.3 + name: Third-Party Assessments + description: 'Mechanisms exist to accept and respond to the results of external + assessments that are performed by impartial, external organizations. ' + annotation: 'Does the organization accept and respond to the results of external + assessments that are performed by impartial, external organizations? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-02.4 + name: Security Assessment Report (SAR) + description: Mechanisms exist to produce a Security Assessment Report (SAR) + at the conclusion of a security assessment to certify the results of the assessment + and assist with any remediation actions. + annotation: Does the organization produce a Security Assessment Report (SAR) + at the conclusion of a security assessment to certify the results of the assessment + and assist with any remediation actions? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-03 + name: System Security & Privacy Plan (SSPP) + description: Mechanisms exist to generate System Security & Privacy Plans (SSPPs), + or similar document repositories, to identify and maintain key architectural + information on each critical system, application or service, as well as influence + inputs, entities, systems, applications and processes, providing a historical + record of the data and its origins. + annotation: Does the organization generate System Security & Privacy Plans (SSPPs), + or similar document repositories, to identify and maintain key architectural + information on each critical system, application or service, as well as influence + inputs, entities, systems, applications and processes, providing a historical + record of the data and its origins? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-03.1 + name: Plan / Coordinate with Other Organizational Entities + description: 'Mechanisms exist to plan and coordinate Information Assurance + Program (IAP) activities with affected stakeholders before conducting such + activities in order to reduce the potential impact on operations. ' + annotation: 'Does the organization plan and coordinate Information Assurance + Program (IAP) activities with affected stakeholders before conducting such + activities in order to reduce the potential impact on operations? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-03.2 + name: Adequate Security for Sensitive / Regulated Data In Support of Contracts + description: 'Mechanisms exist to protect sensitive / regulated data that is + collected, developed, received, transmitted, used or stored in support of + the performance of a contract. ' + annotation: 'Does the organization protect sensitive / regulated data that is + collected, developed, received, transmitted, used or stored in support of + the performance of a contract? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-04 + name: Threat Analysis & Flaw Remediation During Development + description: Mechanisms exist to require system developers and integrators to + create and execute a Security Test and Evaluation (ST&E) plan to identify + and remediate flaws during development. + annotation: Does the organization require system developers and integrators + to create and execute a Security Test and Evaluation (ST&E) plan to identify + and remediate flaws during development? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-05 + name: Plan of Action & Milestones (POA&M) + description: Mechanisms exist to generate a Plan of Action and Milestones (POA&M), + or similar risk register, to document planned remedial actions to correct + weaknesses or deficiencies noted during the assessment of the security controls + and to reduce or eliminate known vulnerabilities. + annotation: Does the organization generate a Plan of Action and Milestones (POA&M), + or similar risk register, to document planned remedial actions to correct + weaknesses or deficiencies noted during the assessment of the security controls + and to reduce or eliminate known vulnerabilities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-05.1 + name: Plan of Action & Milestones (POA&M) Automation + description: Automated mechanisms exist to help ensure the Plan of Action and + Milestones (POA&M), or similar risk register, is accurate, up-to-date and + readily-available. + annotation: Does the organization use automated mechanisms to help ensure the + Plan of Action and Milestones (POA&M), or similar risk register, is accurate, + up-to-date and readily-available? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-06 + name: Technical Verification + description: Mechanisms exist to perform Information Assurance Program (IAP) + activities to evaluate the design, implementation and effectiveness of technical + cybersecurity & data privacy controls. + annotation: Does the organization perform Information Assurance Program (IAP) + activities to evaluate the design, implementation and effectiveness of technical + cybersecurity & data privacy controls? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:iao-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node744 + ref_id: IAO-07 + name: 'Security Authorization ' + description: Mechanisms exist to ensure systems, projects and services are officially + authorized prior to "go live" in a production environment. + annotation: Does the organization ensure systems, projects and services are + officially authorized prior to "go live" in a production environment? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + assessable: false + depth: 1 + name: Maintenance + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-01 + name: 'Maintenance Operations ' + description: Mechanisms exist to develop, disseminate, review & update procedures + to facilitate the implementation of maintenance controls across the enterprise. + annotation: Does the organization develop, disseminate, review & update procedures + to facilitate the implementation of maintenance controls across the enterprise? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-02 + name: 'Controlled Maintenance ' + description: Mechanisms exist to conduct controlled maintenance activities throughout + the lifecycle of the system, application or service. + annotation: Does the organization conduct controlled maintenance activities + throughout the lifecycle of the system, application or service? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-02.1 + name: Automated Maintenance Activities + description: Automated mechanisms exist to schedule, conduct and document maintenance + and repairs. + annotation: Does the organization use automated mechanisms to schedule, conduct + and document maintenance and repairs? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-03 + name: Timely Maintenance + description: Mechanisms exist to obtain maintenance support and/or spare parts + for systems within a defined Recovery Time Objective (RTO). + annotation: Does the organization obtain maintenance support and/or spare parts + for systems within a defined Recovery Time Objective (RTO)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-03.1 + name: Preventative Maintenance + description: Mechanisms exist to perform preventive maintenance on critical + systems, applications and services. + annotation: Does the organization perform preventive maintenance on critical + systems, applications and services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-03.2 + name: Predictive Maintenance + description: Mechanisms exist to perform predictive maintenance on critical + systems, applications and services. + annotation: Does the organization perform predictive maintenance on critical + systems, applications and services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-03.3 + name: Automated Support For Predictive Maintenance + description: Automated mechanisms exist to transfer predictive maintenance data + to a computerized maintenance management system. + annotation: Does the organization use automated mechanisms to transfer predictive + maintenance data to a computerized maintenance management system? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-04 + name: Maintenance Tools + description: 'Mechanisms exist to control and monitor the use of system maintenance + tools. ' + annotation: 'Does the organization control and monitor the use of system maintenance + tools? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-04.1 + name: 'Inspect Tools ' + description: 'Mechanisms exist to inspect maintenance tools carried into a facility + by maintenance personnel for improper or unauthorized modifications. ' + annotation: 'Does the organization inspect maintenance tools carried into a + facility by maintenance personnel for improper or unauthorized modifications? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-04.2 + name: 'Inspect Media ' + description: 'Mechanisms exist to check media containing diagnostic and test + programs for malicious code before the media are used. ' + annotation: 'Does the organization check media containing diagnostic and test + programs for malicious code before the media are used? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-04.3 + name: 'Prevent Unauthorized Removal ' + description: Mechanisms exist to prevent or control the removal of equipment + undergoing maintenance that containing organizational information. + annotation: Does the organization prevent or control the removal of equipment + undergoing maintenance that containing organizational information? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-04.4 + name: Restrict Tool Usage + description: Automated mechanisms exist to restrict the use of maintenance tools + to authorized maintenance personnel and/or roles. + annotation: Does the organization use automated mechanisms to restrict the use + of maintenance tools to authorized maintenance personnel and/or roles? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-05 + name: Remote Maintenance + description: Mechanisms exist to authorize, monitor and control remote, non-local + maintenance and diagnostic activities. + annotation: Does the organization authorize, monitor and control remote, non-local + maintenance and diagnostic activities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-05.1 + name: Auditing Remote Maintenance + description: 'Mechanisms exist to audit remote, non-local maintenance and diagnostic + sessions, as well as review the maintenance action performed during remote + maintenance sessions. ' + annotation: 'Does the organization audit remote, non-local maintenance and diagnostic + sessions, as well as review the maintenance action performed during remote + maintenance sessions? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-05.2 + name: Remote Maintenance Notifications + description: Mechanisms exist to require maintenance personnel to notify affected + stakeholders when remote, non-local maintenance is planned (e.g., date/time). + annotation: Does the organization require maintenance personnel to notify affected + stakeholders when remote, non-local maintenance is planned (e.g., date/time)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-05.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-05.3 + name: Remote Maintenance Cryptographic Protection + description: 'Cryptographic mechanisms exist to protect the integrity and confidentiality + of remote, non-local maintenance and diagnostic communications. ' + annotation: 'Are cryptographic mechanisms utilized to protect the integrity + and confidentiality of remote, non-local maintenance and diagnostic communications? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-05.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-05.4 + name: Remote Maintenance Disconnect Verification + description: Mechanisms exist to provide remote disconnect verification to ensure + remote, non-local maintenance and diagnostic sessions are properly terminated. + annotation: Does the organization provide remote disconnect verification to + ensure remote, non-local maintenance and diagnostic sessions are properly + terminated? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-05.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-05.5 + name: Remote Maintenance Pre-Approval + description: Mechanisms exist to require maintenance personnel to obtain pre-approval + and scheduling for remote, non-local maintenance sessions. + annotation: Does the organization require maintenance personnel to obtain pre-approval + and scheduling for remote, non-local maintenance sessions? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-05.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-05.6 + name: Remote Maintenance Comparable Security & Sanitization + description: Mechanisms exist to require systems performing remote, non-local + maintenance and / or diagnostic services implement a security capability comparable + to the capability implemented on the system being serviced. + annotation: Does the organization require systems performing remote, non-local + maintenance and / or diagnostic services implement a security capability comparable + to the capability implemented on the system being serviced? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-05.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-05.7 + name: Separation of Maintenance Sessions + description: Mechanisms exist to protect maintenance sessions through replay-resistant + sessions that are physically or logically separated communications paths from + other network sessions. + annotation: Does the organization protect maintenance sessions through replay-resistant + sessions that are physically or logically separated communications paths from + other network sessions? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-06 + name: Authorized Maintenance Personnel + description: Mechanisms exist to maintain a current list of authorized maintenance + organizations or personnel. + annotation: Does the organization maintain a current list of authorized maintenance + organizations or personnel? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-06.1 + name: 'Maintenance Personnel Without Appropriate Access ' + description: Mechanisms exist to ensure the risks associated with maintenance + personnel who do not have appropriate access authorizations, clearances or + formal access approvals are appropriately mitigated. + annotation: Does the organization ensure the risks associated with maintenance + personnel who do not have appropriate access authorizations, clearances or + formal access approvals are appropriately mitigated? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-06.2 + name: Non-System Related Maintenance + description: Mechanisms exist to ensure that non-escorted personnel performing + non-IT maintenance activities in the physical proximity of IT systems have + required access authorizations. + annotation: Does the organization ensure that non-escorted personnel performing + non-IT maintenance activities in the physical proximity of IT systems have + required access authorizations? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-07 + name: Maintain Configuration Control During Maintenance + description: Mechanisms exist to maintain proper physical security and configuration + control over technology assets awaiting service or repair. + annotation: Does the organization maintain proper physical security and configuration + control over technology assets awaiting service or repair? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-08 + name: Field Maintenance + description: Mechanisms exist to securely conduct field maintenance on geographically + deployed assets. + annotation: Does the organization securely conduct field maintenance on geographically + deployed assets? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-09 + name: Off-Site Maintenance + description: Mechanisms exist to ensure off-site maintenance activities are + conducted securely and the asset(s) undergoing maintenance actions are secured + during physical transfer and storage while off-site. + annotation: Does the organization ensure off-site maintenance activities are + conducted securely and the asset(s) undergoing maintenance actions are secured + during physical transfer and storage while off-site? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-10 + name: Maintenance Validation + description: Mechanisms exist to validate maintenance activities were appropriately + performed according to the work order and that security controls are operational. + annotation: Does the organization validate maintenance activities were appropriately + performed according to the work order and that security controls are operational? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mnt-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node760 + ref_id: MNT-11 + name: Maintenance Monitoring + description: Mechanisms exist to maintain situational awareness of the quality + and reliability of systems and components through tracking maintenance activities + and component failure rates. + annotation: Does the organization maintain situational awareness of the quality + and reliability of systems and components through tracking maintenance activities + and component failure rates? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + assessable: false + depth: 1 + name: Mobile Device Management + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-01 + name: 'Centralized Management Of Mobile Devices ' + description: Mechanisms exist to implement and govern Mobile Device Management + (MDM) controls. + annotation: Does the organization implement and govern Mobile Device Management + (MDM) controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-02 + name: Access Control For Mobile Devices + description: 'Mechanisms exist to enforce access control requirements for the + connection of mobile devices to organizational systems. ' + annotation: 'Does the organization enforce access control requirements for the + connection of mobile devices to organizational systems? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-03 + name: 'Full Device & Container-Based Encryption ' + description: Cryptographic mechanisms exist to protect the confidentiality and + integrity of information on mobile devices through full-device or container + encryption. + annotation: Are cryptographic mechanisms utilized to protect the confidentiality + and integrity of information on mobile devices through full-device or container + encryption? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-04 + name: Mobile Device Tampering + description: "Mechanisms exist to protect mobile devices from tampering through\ + \ inspecting devices returning from locations that the organization deems\ + \ to be of significant risk, prior to the device being connected to the organization\u2019\ + s network." + annotation: "Does the organization protect mobile devices from tampering through\ + \ inspecting devices returning from locations that the organization deems\ + \ to be of significant risk, prior to the device being connected to the organization\u2019\ + s network?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-05 + name: Remote Purging + description: 'Mechanisms exist to remotely purge selected information from mobile + devices. ' + annotation: 'Does the organization remotely purge selected information from + mobile devices? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-06 + name: 'Personally-Owned Mobile Devices ' + description: 'Mechanisms exist to restrict the connection of personally-owned, + mobile devices to organizational systems and networks. ' + annotation: 'Does the organization restrict the connection of personally-owned, + mobile devices to organizational systems and networks? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-07 + name: 'Organization-Owned Mobile Devices ' + description: Mechanisms exist to prohibit the installation of non-approved applications + or approved applications not obtained through the organization-approved application + store. + annotation: Does the organization prohibit the installation of non-approved + applications or approved applications not obtained through the organization-approved + application store? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-08 + name: Mobile Device Data Retention Limitations + description: Mechanisms exist to limit data retention on mobile devices to the + smallest usable dataset and timeframe. + annotation: Does the organization limit data retention on mobile devices to + the smallest usable dataset and timeframe? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-09 + name: Mobile Device Geofencing + description: Mechanisms exist to restrict the functionality of mobile devices + based on geographic location. + annotation: Does the organization restrict the functionality of mobile devices + based on geographic location? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-10 + name: Separate Mobile Device Profiles + description: 'Mechanisms exist to enforce a separate device workspace on applicable + mobile devices to separate work-related and personal-related applications + and data. ' + annotation: 'Does the organization enforce a separate device workspace on applicable + mobile devices to separate work-related and personal-related applications + and data? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:mdm-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node789 + ref_id: MDM-11 + name: Restricting Access To Authorized Devices + description: Mechanisms exist to restrict the connectivity of unauthorized mobile + devices from communicating with systems, applications and services. + annotation: Does the organization restrict the connectivity of unauthorized + mobile devices from communicating with systems, applications and services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + assessable: false + depth: 1 + name: Network Security + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-01 + name: Network Security Controls (NSC) + description: Mechanisms exist to develop, govern & update procedures to facilitate + the implementation of Network Security Controls (NSC). + annotation: Does the organization develop, govern & update procedures to facilitate + the implementation of Network Security Controls (NSC)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-01.1 + name: Zero Trust Architecture (ZTA) + description: Mechanisms exist to treat all users and devices as potential threats + and prevent access to data and resources until the users can be properly authenticated + and their access authorized. + annotation: Does the organization treat all users and devices as potential threats + and prevent access to data and resources until the users can be properly authenticated + and their access authorized? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-02 + name: 'Layered Network Defenses ' + description: 'Mechanisms exist to implement security functions as a layered + structure that minimizes interactions between layers of the design and avoids + any dependence by lower layers on the functionality or correctness of higher + layers. ' + annotation: 'Does the organization implement security functions as a layered + structure that minimizes interactions between layers of the design and avoids + any dependence by lower layers on the functionality or correctness of higher + layers? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-02.1 + name: Denial of Service (DoS) Protection + description: 'Automated mechanisms exist to protect against or limit the effects + of denial of service attacks. ' + annotation: 'Does the organization use automated mechanisms to protect against + or limit the effects of denial of service attacks? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-02.2 + name: Guest Networks + description: 'Mechanisms exist to implement and manage a secure guest network. ' + annotation: 'Does the organization implement and manage a secure guest network? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-02.3 + name: Cross Domain Solution (CDS) + description: Mechanisms exist to implement a Cross Domain Solution (CDS) to + mitigate the specific security risks of accessing or transferring information + between security domains. + annotation: Does the organization implement a Cross Domain Solution (CDS) to + mitigate the specific security risks of accessing or transferring information + between security domains? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03 + name: 'Boundary Protection ' + description: Mechanisms exist to monitor and control communications at the external + network boundary and at key internal boundaries within the network. + annotation: Does the organization monitor and control communications at the + external network boundary and at key internal boundaries within the network? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03.1 + name: Limit Network Connections + description: 'Mechanisms exist to limit the number of concurrent external network + connections to its systems. ' + annotation: 'Does the organization limit the number of concurrent external network + connections to its systems? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03.2 + name: 'External Telecommunications Services ' + description: Mechanisms exist to maintain a managed interface for each external + telecommunication service that protects the confidentiality and integrity + of the information being transmitted across each interface. + annotation: Does the organization maintain a managed interface for each external + telecommunication service that protects the confidentiality and integrity + of the information being transmitted across each interface? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03.3 + name: Prevent Discovery of Internal Information + description: 'Mechanisms exist to prevent the public disclosure of internal + network information. ' + annotation: 'Does the organization prevent the public disclosure of internal + network information? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03.4 + name: Personal Data (PD) + description: Mechanisms exist to apply network-based processing rules to data + elements of Personal Data (PD). + annotation: Does the organization apply network-based processing rules to data + elements of Personal Data (PD)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03.5 + name: Prevent Unauthorized Exfiltration + description: 'Automated mechanisms exist to prevent the unauthorized exfiltration + of sensitive/regulated data across managed interfaces. ' + annotation: 'Does the organization use automated mechanisms to prevent the unauthorized + exfiltration of sensitive/regulated data across managed interfaces? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03.6 + name: Dynamic Isolation & Segregation (Sandboxing) + description: 'Automated mechanisms exist to dynamically isolate (e.g., sandbox) + untrusted components during runtime, where the component is isolated in a + fault-contained environment but it can still collaborate with the application. ' + annotation: 'Does the organization use automated mechanisms to dynamically isolate + (e.g., sandbox) untrusted components during runtime, where the component is + isolated in a fault-contained environment but it can still collaborate with + the application? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03.7 + name: Isolation of Information System Components + description: 'Mechanisms exist to employ boundary protections to isolate systems, + services and processes that support critical missions and/or business functions. ' + annotation: 'Does the organization employ boundary protections to isolate systems, + services and processes that support critical missions and/or business functions? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-03.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-03.8 + name: Separate Subnet for Connecting to Different Security Domains + description: Mechanisms exist to implement separate network addresses (e.g., + different subnets) to connect to systems in different security domains. + annotation: Does the organization implement separate network addresses (e.g., + different subnets) to connect to systems in different security domains? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04 + name: "Data Flow Enforcement \u2013 Access Control Lists (ACLs)" + description: Mechanisms exist to implement and govern Access Control Lists (ACLs) + to provide data flow enforcement that explicitly restrict network traffic + to only what is authorized. + annotation: 'Does the organization implement and govern Access Control Lists + (ACLs) to provide data flow enforcement that explicitly restrict network traffic + to only what is authorized? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.1 + name: Deny Traffic by Default & Allow Traffic by Exception + description: 'Mechanisms exist to configure firewall and router configurations + to deny network traffic by default and allow network traffic by exception + (e.g., deny all, permit by exception). ' + annotation: 'Does the organization configure firewall and router configurations + to deny network traffic by default and allow network traffic by exception + (e.g., deny all, permit by exception)? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.2 + name: 'Object Security Attributes ' + description: 'Mechanisms exist to associate security attributes with information, + source and destination objects to enforce defined information flow control + configurations as a basis for flow control decisions. ' + annotation: 'Does the organization associate security attributes with information, + source and destination objects to enforce defined information flow control + configurations as a basis for flow control decisions? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.3 + name: Content Check for Encrypted Data + description: 'Mechanisms exist to prevent encrypted data from bypassing content-checking + mechanisms. ' + annotation: 'Does the organization prevent encrypted data from bypassing content-checking + mechanisms? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.4 + name: Embedded Data Types + description: 'Mechanisms exist to enforce limitations on embedding data within + other data types. ' + annotation: 'Does the organization enforce limitations on embedding data within + other data types? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.5 + name: 'Metadata ' + description: 'Mechanisms exist to enforce information flow controls based on + metadata. ' + annotation: 'Does the organization enforce information flow controls based on + metadata? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.6 + name: Human Reviews + description: 'Mechanisms exist to enforce the use of human reviews for Access + Control Lists (ACLs) and similar rulesets on a routine basis. ' + annotation: 'Does the organization enforce the use of human reviews for Access + Control Lists (ACLs) and similar rulesets on a routine basis? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.7 + name: Security Policy Filters + description: Automated mechanisms exist to enforce information flow control + using security policy filters as a basis for flow control decisions. + annotation: Does the organization use automated mechanisms to enforce information + flow control using security policy filters as a basis for flow control decisions? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.8 + name: Data Type Identifiers + description: Automated mechanisms exist to utilize data type identifiers to + validate data essential for information flow decisions when transferring information + between different security domains. + annotation: Does the organization use automated mechanisms to utilize data type + identifiers to validate data essential for information flow decisions when + transferring information between different security domains? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.9 + name: Decomposition Into Policy-Related Subcomponents + description: Automated mechanisms exist to decompose information into policy-relevant + subcomponents for submission to policy enforcement mechanisms, when transferring + information between different security domains. + annotation: Does the organization use automated mechanisms to decompose information + into policy-relevant subcomponents for submission to policy enforcement mechanisms, + when transferring information between different security domains? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.10 + name: Detection of Unsanctioned Information + description: Automated mechanisms exist to implement security policy filters + requiring fully enumerated formats that restrict data structure and content, + when transferring information between different security domains. + annotation: Does the organization use automated mechanisms to implement security + policy filters requiring fully enumerated formats that restrict data structure + and content, when transferring information between different security domains? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.11 + name: Approved Solutions + description: Automated mechanisms exist to examine information for the presence + of unsanctioned information and prohibits the transfer of such information, + when transferring information between different security domains. + annotation: Does the organization use automated mechanisms to examine information + for the presence of unsanctioned information and prohibits the transfer of + such information, when transferring information between different security + domains? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.12 + name: Cross Domain Authentication + description: Automated mechanisms exist to uniquely identify and authenticate + source and destination points for information transfer. + annotation: Does the organization use automated mechanisms to uniquely identify + and authenticate source and destination points for information transfer? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-04.13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-04.13 + name: Metadata Validation + description: Automated mechanisms exist to apply cybersecurity and/or data privacy + filters on metadata. + annotation: Does the organization use automated mechanisms to apply cybersecurity + and/or data privacy filters on metadata? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-05 + name: Interconnection Security Agreements (ISAs) + description: Mechanisms exist to authorize connections from systems to other + systems using Interconnection Security Agreements (ISAs), or similar methods, + that document, for each interconnection, the interface characteristics, cybersecurity + & data privacy requirements and the nature of the information communicated. + annotation: Does the organization authorize connections from systems to other + systems using Interconnection Security Agreements (ISAs), or similar methods, + that document, for each interconnection, the interface characteristics, cybersecurity + & data privacy requirements and the nature of the information communicated? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-05.1 + name: External System Connections + description: 'Mechanisms exist to prohibit the direct connection of a sensitive + system to an external network without the use of an organization-defined boundary + protection device. ' + annotation: 'Does the organization prohibit the direct connection of a sensitive + system to an external network without the use of an organization-defined boundary + protection device? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-05.2 + name: Internal System Connections + description: Mechanisms exist to control internal system connections through + authorizing internal connections of systems and documenting, for each internal + connection, the interface characteristics, security requirements and the nature + of the information communicated. + annotation: Does the organization control internal system connections through + authorizing internal connections of systems and documenting, for each internal + connection, the interface characteristics, security requirements and the nature + of the information communicated? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-06 + name: Network Segmentation (macrosegementation) + description: Mechanisms exist to ensure network architecture utilizes network + segmentation to isolate systems, applications and services that protections + from other network resources. + annotation: Does the organization ensure network architecture utilizes network + segmentation to isolate systems, applications and services that protections + from other network resources? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-06.1 + name: Security Management Subnets + description: 'Mechanisms exist to implement security management subnets to isolate + security tools and support components from other internal system components + by implementing separate subnetworks with managed interfaces to other components + of the system. ' + annotation: 'Does the organization implement security management subnets to + isolate security tools and support components from other internal system components + by implementing separate subnetworks with managed interfaces to other components + of the system? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-06.2 + name: Virtual Local Area Network (VLAN) Separation + description: 'Mechanisms exist to enable Virtual Local Area Networks (VLANs) + to limit the ability of devices on a network to directly communicate with + other devices on the subnet and limit an attacker''s ability to laterally + move to compromise neighboring systems. ' + annotation: 'Does the organization enable Virtual Local Area Networks (VLANs) + to limit the ability of devices on a network to directly communicate with + other devices on the subnet and limit an attacker''s ability to laterally + move to compromise neighboring systems? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-06.3 + name: Sensitive / Regulated Data Enclave (Secure Zone) + description: 'Mechanisms exist to implement segmentation controls to restrict + inbound and outbound connectivity for sensitive / regulated data enclaves + (secure zones). ' + annotation: 'Does the organization implement segmentation controls to restrict + inbound and outbound connectivity for sensitive / regulated data enclaves + (secure zones)? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-06.4 + name: Segregation From Enterprise Services + description: Mechanisms exist to isolate sensitive / regulated data enclaves + (secure zones) from corporate-provided IT resources by providing enclave-specific + IT services (e.g., directory services, DNS, NTP, ITAM, antimalware, patch + management, etc.) to those isolated network segments. + annotation: Does the organization isolate sensitive / regulated data enclaves + (secure zones) from corporate-provided IT resources by providing enclave-specific + IT services (e.g., directory services, DNS, NTP, ITAM, antimalware, patch + management, etc.) to those isolated network segments? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-06.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-06.5 + name: Direct Internet Access Restrictions + description: Mechanisms exist to prohibit, or strictly-control, Internet access + from sensitive / regulated data enclaves (secure zones). + annotation: Does the organization prohibit, or strictly-control, Internet access + from sensitive / regulated data enclaves (secure zones)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-06.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-06.6 + name: Microsegmentation + description: Automated mechanisms exist to enable microsegmentation, either + physically or virtually, to divide the network according to application and + data workflows communications needs. + annotation: Does the organization use automated mechanisms to enable microsegmentation, + either physically or virtually, to divide the network according to application + and data workflows communications needs? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-07 + name: Network Connection Termination + description: 'Mechanisms exist to terminate network connections at the end of + a session or after an organization-defined time period of inactivity. ' + annotation: 'Does the organization terminate network connections at the end + of a session or after an organization-defined time period of inactivity? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-08 + name: Network Intrusion Detection / Prevention Systems (NIDS / NIPS) + description: 'Mechanisms exist to employ Network Intrusion Detection / Prevention + Systems (NIDS/NIPS) to detect and/or prevent intrusions into the network. ' + annotation: 'Does the organization employ Network Intrusion Detection / Prevention + Systems (NIDS/NIPS) to detect and/or prevent intrusions into the network? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-08.1 + name: DMZ Networks + description: Mechanisms exist to monitor De-Militarized Zone (DMZ) network segments + to separate untrusted networks from trusted networks. + annotation: Does the organization monitor De-Militarized Zone (DMZ) network + segments to separate untrusted networks from trusted networks? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-08.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-08.2 + name: Wireless Intrusion Detection / Prevention Systems (WIDS / WIPS) + description: Mechanisms exist to monitor wireless network segments to implement + Wireless Intrusion Detection / Prevention Systems (WIDS/WIPS) technologies. + annotation: Does the organization monitor wireless network segments to implement + Wireless Intrusion Detection / Prevention Systems (WIDS/WIPS) technologies? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-08.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-08.3 + name: Host Containment + description: "Automated mechanisms exist to enforce host containment protections\ + \ that revoke or quarantine a host\u2019s access to the network." + annotation: "Does the organization use automated mechanisms to enforce host\ + \ containment protections that revoke or quarantine a host\u2019s access to\ + \ the network?" + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-08.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-08.4 + name: Resource Containment + description: "Automated mechanisms exist to enforce resource containment protections\ + \ that remove or quarantine a resource\u2019s access to other resources." + annotation: "Does the organization use automated mechanisms to enforce resource\ + \ containment protections that remove or quarantine a resource\u2019s access\ + \ to other resources?" + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-09 + name: 'Session Integrity ' + description: 'Mechanisms exist to protect the authenticity and integrity of + communications sessions. ' + annotation: 'Does the organization protect the authenticity and integrity of + communications sessions? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-09.1 + name: Invalidate Session Identifiers at Logout + description: 'Automated mechanisms exist to invalidate session identifiers upon + user logout or other session termination. ' + annotation: 'Does the organization use automated mechanisms to invalidate session + identifiers upon user logout or other session termination? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-09.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-09.2 + name: Unique System-Generated Session Identifiers + description: Automated mechanisms exist to generate and recognize unique session + identifiers for each session. + annotation: Does the organization use automated mechanisms to generate and recognize + unique session identifiers for each session? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-10 + name: 'Domain Name Service (DNS) Resolution ' + description: Mechanisms exist to ensure Domain Name Service (DNS) resolution + is designed, implemented and managed to protect the security of name / address + resolution. + annotation: Does the organization ensure Domain Name Service (DNS) resolution + is designed, implemented and managed to protect the security of name / address + resolution? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-10.1 + name: Architecture & Provisioning for Name / Address Resolution Service + description: 'Mechanisms exist to ensure systems that collectively provide Domain + Name Service (DNS) resolution service are fault-tolerant and implement internal/external + role separation. ' + annotation: 'Does the organization ensure systems that collectively provide + Domain Name Service (DNS) resolution service are fault-tolerant and implement + internal/external role separation? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-10.2 + name: Secure Name / Address Resolution Service (Recursive or Caching Resolver) + description: 'Mechanisms exist to perform data origin authentication and data + integrity verification on the Domain Name Service (DNS) resolution responses + received from authoritative sources when requested by client systems. ' + annotation: 'Does the organization perform data origin authentication and data + integrity verification on the Domain Name Service (DNS) resolution responses + received from authoritative sources when requested by client systems? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-10.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-10.3 + name: Sender Policy Framework (SPF) + description: Mechanisms exist to validate the legitimacy of email communications + through configuring a Domain Naming Service (DNS) Sender Policy Framework + (SPF) record to specify the IP addresses and/or hostnames that are authorized + to send email from the specified domain. + annotation: Does the organization validate the legitimacy of email communications + through configuring a Domain Naming Service (DNS) Sender Policy Framework + (SPF) record to specify the IP addresses and/or hostnames that are authorized + to send email from the specified domain? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-10.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-10.4 + name: Domain Registrar Security + description: "Mechanisms exist to lock the domain name registrar to prevent\ + \ a denial of service caused by unauthorized deletion, transfer or other unauthorized\ + \ modification of a domain\u2019s registration details." + annotation: "Does the organization lock the domain name registrar to prevent\ + \ a denial of service caused by unauthorized deletion, transfer or other unauthorized\ + \ modification of a domain\u2019s registration details?" + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-11 + name: 'Out-of-Band Channels ' + description: 'Mechanisms exist to utilize out-of-band channels for the electronic + transmission of information and/or the physical shipment of system components + or devices to authorized individuals. ' + annotation: 'Does the organization utilize out-of-band channels for the electronic + transmission of information and/or the physical shipment of system components + or devices to authorized individuals? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-12 + name: 'Safeguarding Data Over Open Networks ' + description: 'Cryptographic mechanisms exist to implement strong cryptography + and security protocols to safeguard sensitive/regulated data during transmission + over open, public networks. ' + annotation: 'Are cryptographic mechanisms utilized to implement strong cryptography + and security protocols to safeguard sensitive/regulated data during transmission + over open, public networks? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-12.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-12.1 + name: Wireless Link Protection + description: Mechanisms exist to protect external and internal wireless links + from signal parameter attacks through monitoring for unauthorized wireless + connections, including scanning for unauthorized wireless access points and + taking appropriate action, if an unauthorized connection is discovered. + annotation: Does the organization protect external and internal wireless links + from signal parameter attacks through monitoring for unauthorized wireless + connections, including scanning for unauthorized wireless access points and + taking appropriate action, if an unauthorized connection is discovered? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-12.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-12.2 + name: End-User Messaging Technologies + description: 'Mechanisms exist to prohibit the transmission of unprotected sensitive/regulated + data by end-user messaging technologies. ' + annotation: 'Does the organization prohibit the transmission of unprotected + sensitive/regulated data by end-user messaging technologies? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-13 + name: Electronic Messaging + description: Mechanisms exist to protect the confidentiality, integrity and + availability of electronic messaging communications. + annotation: Does the organization protect the confidentiality, integrity and + availability of electronic messaging communications? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14 + name: 'Remote Access ' + description: Mechanisms exist to define, control and review organization-approved, + secure remote access methods. + annotation: Does the organization define, control and review organization-approved, + secure remote access methods? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14.1 + name: 'Automated Monitoring & Control ' + description: 'Automated mechanisms exist to monitor and control remote access + sessions. ' + annotation: 'Does the organization use automated mechanisms to monitor and control + remote access sessions? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14.2 + name: Protection of Confidentiality / Integrity Using Encryption + description: 'Cryptographic mechanisms exist to protect the confidentiality + and integrity of remote access sessions (e.g., VPN). ' + annotation: 'Are cryptographic mechanisms utilized to protect the confidentiality + and integrity of remote access sessions (e.g., VPN)? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14.3 + name: Managed Access Control Points + description: Mechanisms exist to route all remote accesses through managed network + access control points (e.g., VPN concentrator). + annotation: Does the organization route all remote accesses through managed + network access control points (e.g., VPN concentrator)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14.4 + name: Remote Privileged Commands & Sensitive Data Access + description: 'Mechanisms exist to restrict the execution of privileged commands + and access to security-relevant information via remote access only for compelling + operational needs. ' + annotation: 'Does the organization restrict the execution of privileged commands + and access to security-relevant information via remote access only for compelling + operational needs? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14.5 + name: Work From Anywhere (WFA) - Telecommuting Security + description: 'Mechanisms exist to define secure telecommuting practices and + govern remote access to systems and data for remote workers. ' + annotation: 'Does the organization define secure telecommuting practices and + govern remote access to systems and data for remote workers? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14.6 + name: Third-Party Remote Access Governance + description: Mechanisms exist to proactively control and monitor third-party + accounts used to access, support, or maintain system components via remote + access. + annotation: Does the organization proactively control and monitor third-party + accounts used to access, support, or maintain system components via remote + access? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14.7 + name: 'Endpoint Security Validation ' + description: Automated mechanisms exist to validate the security posture of + the endpoint devices (e.g., software versions, patch levels, etc.) prior to + allowing devices to connect to organizational technology assets. + annotation: 'Does the organization validate the security posture of the endpoint + devices (e.g., software versions, patch levels, etc.) prior to allowing devices + to connect to organizational technology assets? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-14.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-14.8 + name: 'Expeditious Disconnect / Disable Capability ' + description: Mechanisms exist to provide the capability to expeditiously disconnect + or disable a user's remote access session. + annotation: Does the organization provide the capability to expeditiously disconnect + or disable a user's remote access session? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-15 + name: 'Wireless Networking ' + description: Mechanisms exist to control authorized wireless usage and monitor + for unauthorized wireless access. + annotation: Does the organization control authorized wireless usage and monitor + for unauthorized wireless access? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-15.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-15.1 + name: Authentication & Encryption + description: 'Mechanisms exist to protect wireless access through authentication + and strong encryption. ' + annotation: 'Does the organization protect wireless access through authentication + and strong encryption? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-15.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-15.2 + name: Disable Wireless Networking + description: 'Mechanisms exist to disable unnecessary wireless networking capabilities + that are internally embedded within system components prior to issuance to + end users. ' + annotation: 'Does the organization disable unnecessary wireless networking capabilities + that are internally embedded within system components prior to issuance to + end users? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-15.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-15.3 + name: Restrict Configuration By Users + description: 'Mechanisms exist to identify and explicitly authorize users who + are allowed to independently configure wireless networking capabilities. ' + annotation: 'Does the organization identify and explicitly authorize users who + are allowed to independently configure wireless networking capabilities? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-15.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-15.4 + name: Wireless Boundaries + description: 'Mechanisms exist to confine wireless communications to organization-controlled + boundaries. ' + annotation: 'Does the organization confine wireless communications to organization-controlled + boundaries? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-15.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-15.5 + name: Rogue Wireless Detection + description: 'Mechanisms exist to test for the presence of Wireless Access Points + (WAPs) and identify all authorized and unauthorized WAPs within the facility(ies). ' + annotation: 'Does the organization test for the presence of Wireless Access + Points (WAPs) and identify all authorized and unauthorized WAPs within the + facility(ies)? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-16 + name: Intranets + description: "Mechanisms exist to establish trust relationships with other organizations\ + \ owning, operating, and/or maintaining intranet systems, allowing authorized\ + \ individuals to: \n \u25AA Access the intranet from external systems; and\n\ + \ \u25AA Process, store, and/or transmit organization-controlled information\ + \ using the external systems." + annotation: "Does the organization establish trust relationships with other\ + \ organizations owning, operating, and/or maintaining intranet systems, allowing\ + \ authorized individuals to: \n \u25AA Access the intranet from external systems;\ + \ and\n \u25AA Process, store, and/or transmit organization-controlled information\ + \ using the external systems?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-17 + name: 'Data Loss Prevention (DLP) ' + description: Automated mechanisms exist to implement Data Loss Prevention (DLP) + to protect sensitive information as it is stored, transmitted and processed. + annotation: Does the organization use automated mechanisms to implement Data + Loss Prevention (DLP) to protect sensitive information as it is stored, transmitted + and processed? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18 + name: DNS & Content Filtering + description: Mechanisms exist to force Internet-bound network traffic through + a proxy device (e.g., Policy Enforcement Point (PEP)) for URL content filtering + and DNS filtering to limit a user's ability to connect to dangerous or prohibited + Internet sites. + annotation: Does the organization force Internet-bound network traffic through + a proxy device (e.g., Policy Enforcement Point (PEP)) for URL content filtering + and DNS filtering to limit a user's ability to connect to dangerous or prohibited + Internet sites? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.1 + name: Route Traffic to Proxy Servers + description: 'Mechanisms exist to route internal communications traffic to external + networks through organization-approved proxy servers at managed interfaces. ' + annotation: 'Does the organization route internal communications traffic to + external networks through organization-approved proxy servers at managed interfaces? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.2 + name: Visibility of Encrypted Communications + description: Mechanisms exist to configure the proxy to make encrypted communications + traffic visible to monitoring tools and mechanisms. + annotation: Does the organization configure the proxy to make encrypted communications + traffic visible to monitoring tools and mechanisms? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.3 + name: Route Privileged Network Access + description: Automated mechanisms exist to route networked, privileged accesses + through a dedicated, managed interface for purposes of access control and + auditing. + annotation: Does the organization use automated mechanisms to route networked, + privileged accesses through a dedicated, managed interface for purposes of + access control and auditing? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.4 + name: Protocol Compliance Enforcement + description: Automated mechanisms exist to ensure network traffic complies with + Internet Engineering Task Force (IETF) protocol specifications. + annotation: Does the organization use automated mechanisms to ensure network + traffic complies with Internet Engineering Task Force (IETF) protocol specifications? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.5 + name: Domain Name Verification + description: Mechanisms exist to ensure that domain name lookups, whether for + internal or external domains, are validated according to Domain Name System + Security Extensions (DNSSEC). + annotation: Does the organization ensure that domain name lookups, whether for + internal or external domains, are validated according to Domain Name System + Security Extensions (DNSSEC)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.6 + name: Internet Address Denylisting + description: Mechanisms exist to implement Internet address denylisting protections + that blocks traffic received from or destined to a denylisted Internet address. + annotation: Does the organization implement Internet address denylisting protections + that blocks traffic received from or destined to a denylisted Internet address? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.7 + name: Bandwidth Control + description: Mechanisms exist to implement bandwidth control technologies to + limit the amount of bandwidth used by categories of domains that are bandwidth-intensive. + annotation: Does the organization implement bandwidth control technologies to + limit the amount of bandwidth used by categories of domains that are bandwidth-intensive? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.8 + name: Authenticated Proxy + description: Mechanisms exist to force systems and processes to authenticate + Internet-bound traffic with a proxy to enable user, group and/or location-aware + security controls. + annotation: Does the organization force systems and processes to authenticate + Internet-bound traffic with a proxy to enable user, group and/or location-aware + security controls? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-18.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-18.9 + name: Certificate Denylisting + description: Mechanisms exist to prevent communication with systems and/or services + that use a set of known bad certificates. + annotation: Does the organization prevent communication with systems and/or + services that use a set of known bad certificates? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-19 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-19 + name: Content Disarm and Reconstruction (CDR) + description: Automated Content Disarm and Reconstruction (CDR) mechanisms exist + to detect the presence of unapproved active content and facilitate its removal, + resulting in content with only known safe elements. + annotation: Automated Content Disarm and Reconstruction (CDR) mechanisms exist + to detect the presence of unapproved active content and facilitate its removal, + resulting in content with only known safe elements? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20 + name: Email Content Protections + description: Mechanisms exist to implement an email filtering security service + to detect malicious attachments in emails and prevent users from accessing + them. + annotation: Does the organization implement an email filtering security service + to detect malicious attachments in emails and prevent users from accessing + them? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.1 + name: Email Domain Reputation Protections + description: "Mechanisms exist to monitor the organization's email domain\u2019\ + s reputation and protect the email domain\u2019s reputation." + annotation: "Does the organization monitor the organization's email domain\u2019\ + s reputation and protect the email domain\u2019s reputation?" + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.2 + name: Sender Denylisting + description: Mechanisms exist to implement sender denylisting protections that + prevent the reception of email from denylisted senders, domains and/or email + servers. + annotation: Does the organization implement sender denylisting protections that + prevent the reception of email from denylisted senders, domains and/or email + servers? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.3 + name: Authenticated Received Chain (ARC) + description: "Mechanisms exist to utilize an authenticated received chain that\ + \ allows for an intermediary to sign its own authentication of the original\ + \ email, allowing downstream entities to accept the intermediary\u2019s authentication\ + \ even if the email was changed." + annotation: "Does the organization utilize an authenticated received chain that\ + \ allows for an intermediary to sign its own authentication of the original\ + \ email, allowing downstream entities to accept the intermediary\u2019s authentication\ + \ even if the email was changed?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.4 + name: Domain-Based Message Authentication Reporting and Conformance (DMARC) + description: 'Mechanisms exist to implement domain signature verification protections + that authenticate incoming email according to the Domain-based Message Authentication + Reporting and Conformance (DMARC). + + ' + annotation: 'Does the organization implement domain signature verification protections + that authenticate incoming email according to the Domain-based Message Authentication + Reporting and Conformance (DMARC)? + + ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.5 + name: User Digital Signatures for Outgoing Email + description: "Mechanisms exist to enable users to digitally sign their emails,\ + \ allowing external parties to authenticate the email\u2019s sender and its\ + \ contents according to the Domain-based Message Authentication Reporting\ + \ and Conformance (DMARC) email authentication protocol." + annotation: "Does the organization enable users to digitally sign their emails,\ + \ allowing external parties to authenticate the email\u2019s sender and its\ + \ contents according to the Domain-based Message Authentication Reporting\ + \ and Conformance (DMARC) email authentication protocol?" + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.6 + name: Encryption for Outgoing Email + description: Mechanisms exist to enable the encryption of outgoing emails using + organization-approved cryptographic means. + annotation: Does the organization enable the encryption of outgoing emails using + organization-approved cryptographic means? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.7 + name: Adaptive Email Protections + description: Mechanisms exist to utilize adaptive email protections that involve + employing risk-based analysis in the application and enforcement of email + protections. + annotation: Does the organization utilize adaptive email protections that involve + employing risk-based analysis in the application and enforcement of email + protections? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.8 + name: Email Labeling + description: Automated mechanisms exist to implement email labeling that apply + organization-defined tags to incoming or outgoing email. + annotation: Does the organization use automated mechanisms to implement email + labeling that apply organization-defined tags to incoming or outgoing email? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:net-20.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node801 + ref_id: NET-20.9 + name: User Threat Reporting + description: Mechanisms exist to incorporate submissions from users of phishing + attempts, spam or otherwise malicious actions to better protect the organization. + annotation: Does the organization incorporate submissions from users of phishing + attempts, spam or otherwise malicious actions to better protect the organization? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + assessable: false + depth: 1 + name: 'Physical & Environmental Security ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-01 + name: Physical & Environmental Protections + description: 'Mechanisms exist to facilitate the operation of physical and environmental + protection controls. ' + annotation: 'Does the organization facilitate the operation of physical and + environmental protection controls? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-01.1 + name: Site Security Plan (SitePlan) + description: Mechanisms exist to document a Site Security Plan (SitePlan) for + each server and communications room to summarize the implemented security + controls to protect physical access to technology assets, as well as applicable + risks and threats. + annotation: Does the organization document a Site Security Plan (SitePlan) for + each server and communications room to summarize the implemented security + controls to protect physical access to technology assets, as well as applicable + risks and threats? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-02 + name: 'Physical Access Authorizations ' + description: Physical access control mechanisms exist to maintain a current + list of personnel with authorized access to organizational facilities (except + for those areas within the facility officially designated as publicly accessible). + annotation: Does the organization maintain a current list of personnel with + authorized access to organizational facilities (except for those areas within + the facility officially designated as publicly accessible)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-02.1 + name: Role-Based Physical Access + description: Physical access control mechanisms exist to authorize physical + access to facilities based on the position or role of the individual. + annotation: Does the organization authorize physical access to facilities based + on the position or role of the individual? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-02.2 + name: Dual Authorization for Physical Access + description: Mechanisms exist to enforce a "two-person rule" for physical access + by requiring two authorized individuals with separate access cards, keys or + PINs, to access highly-sensitive areas (e.g., safe, high-security cage, etc.). + annotation: Does the organization enforce a "two-person rule" for physical access + by requiring two authorized individuals with separate access cards, keys or + PINs, to access highly-sensitive areas (e.g., safe, high-security cage, etc.)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-03 + name: 'Physical Access Control ' + description: Physical access control mechanisms exist to enforce physical access + authorizations for all physical access points (including designated entry/exit + points) to facilities (excluding those areas within the facility officially + designated as publicly accessible). + annotation: Does the organization enforce physical access authorizations for + all physical access points (including designated entry/exit points) to facilities + (excluding those areas within the facility officially designated as publicly + accessible)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-03.1 + name: Controlled Ingress & Egress Points + description: Physical access control mechanisms exist to limit and monitor physical + access through controlled ingress and egress points. + annotation: Does the organization limit and monitor physical access through + controlled ingress and egress points? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-03.2 + name: Lockable Physical Casings + description: 'Physical access control mechanisms exist to protect system components + from unauthorized physical access (e.g., lockable physical casings). ' + annotation: 'Does the organization protect system components from unauthorized + physical access (e.g., lockable physical casings)? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-03.3 + name: 'Physical Access Logs ' + description: Physical access control mechanisms generate a log entry for each + access attempt through controlled ingress and egress points. + annotation: Does the organization generate a log entry for each access attempt + through controlled ingress and egress points? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-03.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-03.4 + name: Access To Information Systems + description: Physical access control mechanisms exist to enforce physical access + to critical information systems or sensitive/regulated data, in addition to + the physical access controls for the facility. + annotation: Does the organization enforce physical access to critical information + systems or sensitive/regulated data, in addition to the physical access controls + for the facility? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-04 + name: Physical Security of Offices, Rooms & Facilities + description: 'Mechanisms exist to identify systems, equipment and respective + operating environments that require limited physical access so that appropriate + physical access controls are designed and implemented for offices, rooms and + facilities. ' + annotation: 'Does the organization identify systems, equipment and respective + operating environments that require limited physical access so that appropriate + physical access controls are designed and implemented for offices, rooms and + facilities? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-04.1 + name: Working in Secure Areas + description: 'Physical security mechanisms exist to allow only authorized personnel + access to secure areas. ' + annotation: 'Does the organization allow only authorized personnel access to + secure areas? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-04.2 + name: Searches + description: Physical access control mechanisms exist to inspect personnel and + their personal effects (e.g., personal property ordinarily worn or carried + by the individual, including vehicles) to prevent the unauthorized exfiltration + of data and technology assets. + annotation: Does the organization inspect personnel and their personal effects + (e.g., personal property ordinarily worn or carried by the individual, including + vehicles) to prevent the unauthorized exfiltration of data and technology + assets? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-04.3 + name: Temporary Storage + description: Physical access control mechanisms exist to temporarily store undelivered + packages or deliveries in a dedicated, secure area (e.g., security cage, secure + room) that is locked, access-controlled and monitored with surveillance cameras + and/or security guards. + annotation: Does the organization temporarily store undelivered packages or + deliveries in a dedicated, secure area (e.g., security cage, secure room) + that is locked, access-controlled and monitored with surveillance cameras + and/or security guards? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-05 + name: Monitoring Physical Access + description: Physical access control mechanisms exist to monitor for, detect + and respond to physical security incidents. + annotation: Does the organization monitor for, detect and respond to physical + security incidents? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-05.1 + name: 'Intrusion Alarms / Surveillance Equipment ' + description: 'Physical access control mechanisms exist to monitor physical intrusion + alarms and surveillance equipment. ' + annotation: 'Does the organization monitor physical intrusion alarms and surveillance + equipment? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-05.2 + name: Monitoring Physical Access To Information Systems + description: Facility security mechanisms exist to monitor physical access to + critical information systems or sensitive/regulated data, in addition to the + physical access monitoring of the facility. + annotation: Does the organization monitor physical access to critical information + systems or sensitive/regulated data, in addition to the physical access monitoring + of the facility? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-06 + name: Visitor Control + description: 'Physical access control mechanisms exist to identify, authorize + and monitor visitors before allowing access to the facility (other than areas + designated as publicly accessible). ' + annotation: 'Does the organization identify, authorize and monitor visitors + before allowing access to the facility (other than areas designated as publicly + accessible)? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-06.1 + name: Distinguish Visitors from On-Site Personnel + description: 'Physical access control mechanisms exist to easily distinguish + between onsite personnel and visitors, especially in areas where sensitive/regulated + data is accessible. ' + annotation: 'Does the organization easily distinguish between onsite personnel + and visitors, especially in areas where sensitive/regulated data is accessible? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-06.2 + name: Identification Requirement + description: Physical access control mechanisms exist to requires at least one + (1) form of government-issued or organization-issued photo identification + to authenticate individuals before they can gain access to the facility. + annotation: Does the organization require at least one (1) form of government-issued + or organization-issued photo identification to authenticate individuals before + they can gain access to the facility? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-06.3 + name: Restrict Unescorted Access + description: 'Physical access control mechanisms exist to restrict unescorted + access to facilities to personnel with required security clearances, formal + access authorizations and validate the need for access. ' + annotation: 'Does the organization restrict unescorted access to facilities + to personnel with required security clearances, formal access authorizations + and validate the need for access? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-06.4 + name: Automated Records Management & Review + description: Automated mechanisms exist to facilitate the maintenance and review + of visitor access records. + annotation: Does the organization use automated mechanisms to facilitate the + maintenance and review of visitor access records? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-06.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-06.5 + name: Minimize Visitor Personal Data (PD) + description: Mechanisms exist to minimize the collection of Personal Data (PD) + contained in visitor access records. + annotation: Does the organization minimize the collection of Personal Data (PD) + contained in visitor access records? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-06.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-06.6 + name: Visitor Access Revocation + description: Mechanisms exist to ensure visitor badges, or other issued identification, + are surrendered before visitors leave the facility or are deactivated at a + pre-determined time/date of expiration. + annotation: Does the organization ensure visitor badges, or other issued identification, + are surrendered before visitors leave the facility or are deactivated at a + pre-determined time/date of expiration? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-07 + name: 'Supporting Utilities ' + description: 'Facility security mechanisms exist to protect power equipment + and power cabling for the system from damage and destruction. ' + annotation: 'Does the organization protect power equipment and power cabling + for the system from damage and destruction? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-07.1 + name: Automatic Voltage Controls + description: 'Facility security mechanisms exist to utilize automatic voltage + controls for critical system components. ' + annotation: 'Does the organization utilize automatic voltage controls for critical + system components? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-07.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-07.2 + name: Emergency Shutoff + description: "Facility security mechanisms exist to shut off power in emergency\ + \ situations by:\n \u25AA Placing emergency shutoff switches or devices in\ + \ close proximity to systems or system components to facilitate safe and easy\ + \ access for personnel; and\n \u25AA Protecting emergency power shutoff capability\ + \ from unauthorized activation." + annotation: "Does the organization shut off power in emergency situations by:\n\ + \ \u25AA Placing emergency shutoff switches or devices in close proximity\ + \ to systems or system components to facilitate safe and easy access for personnel;\ + \ and\n \u25AA Protecting emergency power shutoff capability from unauthorized\ + \ activation?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-07.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-07.3 + name: Emergency Power + description: Facility security mechanisms exist to supply alternate power, capable + of maintaining minimally-required operational capability, in the event of + an extended loss of the primary power source. + annotation: Does the organization supply alternate power, capable of maintaining + minimally-required operational capability, in the event of an extended loss + of the primary power source? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-07.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-07.4 + name: Emergency Lighting + description: 'Facility security mechanisms exist to utilize and maintain automatic + emergency lighting that activates in the event of a power outage or disruption + and that covers emergency exits and evacuation routes within the facility. ' + annotation: 'Does the organization utilize and maintain automatic emergency + lighting that activates in the event of a power outage or disruption and that + covers emergency exits and evacuation routes within the facility? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-07.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-07.5 + name: Water Damage Protection + description: 'Facility security mechanisms exist to protect systems from damage + resulting from water leakage by providing master shutoff valves that are accessible, + working properly and known to key personnel. ' + annotation: 'Does the organization protect systems from damage resulting from + water leakage by providing master shutoff valves that are accessible, working + properly and known to key personnel? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-07.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-07.6 + name: Automation Support for Water Damage Protection + description: 'Facility security mechanisms exist to detect the presence of water + in the vicinity of critical information systems and alert facility maintenance + and IT personnel. ' + annotation: 'Does the organization detect the presence of water in the vicinity + of critical information systems and alert facility maintenance and IT personnel? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-07.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-07.7 + name: Redundant Cabling + description: Mechanisms exist to employ redundant power cabling paths that are + physically separated to ensure that power continues to flow in the event one + of the cables is cut or otherwise damaged. + annotation: Does the organization employ redundant power cabling paths that + are physically separated to ensure that power continues to flow in the event + one of the cables is cut or otherwise damaged? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-08 + name: Fire Protection + description: 'Facility security mechanisms exist to utilize and maintain fire + suppression and detection devices/systems for the system that are supported + by an independent energy source. ' + annotation: 'Does the organization utilize and maintain fire suppression and + detection devices/systems for the system that are supported by an independent + energy source? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-08.1 + name: Fire Detection Devices + description: 'Facility security mechanisms exist to utilize and maintain fire + detection devices/systems that activate automatically and notify organizational + personnel and emergency responders in the event of a fire. ' + annotation: 'Does the organization utilize and maintain fire detection devices/systems + that activate automatically and notify organizational personnel and emergency + responders in the event of a fire? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-08.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node898 + ref_id: PES-08.2 + name: Fire Suppression Devices + description: 'Facility security mechanisms exist to utilize fire suppression + devices/systems that provide automatic notification of any activation to organizational + personnel and emergency responders. ' + annotation: 'Does the organization utilize fire suppression devices/systems + that provide automatic notification of any activation to organizational personnel + and emergency responders? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node934 + assessable: false + depth: 1 + name: Physical & Environmental Security + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-08.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node934 + ref_id: PES-08.3 + name: Automatic Fire Suppression + description: Facility security mechanisms exist to employ an automatic fire + suppression capability for critical information systems when the facility + is not staffed on a continuous basis. + annotation: Does the organization employ an automatic fire suppression capability + for critical information systems when the facility is not staffed on a continuous + basis? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + assessable: false + depth: 1 + name: 'Physical & Environmental Security ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-09 + name: Temperature & Humidity Controls + description: Facility security mechanisms exist to maintain and monitor temperature + and humidity levels within the facility. + annotation: Does the organization maintain and monitor temperature and humidity + levels within the facility? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-09.1 + name: Monitoring with Alarms / Notifications + description: 'Facility security mechanisms exist to trigger an alarm or notification + of temperature and humidity changes that be potentially harmful to personnel + or equipment. ' + annotation: 'Does the organization trigger an alarm or notification of temperature + and humidity changes that be potentially harmful to personnel or equipment? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-10 + name: 'Delivery & Removal ' + description: 'Physical security mechanisms exist to isolate information processing + facilities from points such as delivery and loading areas and other points + to avoid unauthorized access. ' + annotation: 'Does the organization isolate information processing facilities + from points such as delivery and loading areas and other points to avoid unauthorized + access? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-11 + name: Alternate Work Site + description: Physical security mechanisms exist to utilize appropriate management, + operational and technical controls at alternate work sites. + annotation: Does the organization utilize appropriate management, operational + and technical controls at alternate work sites? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-12 + name: 'Equipment Siting & Protection ' + description: 'Physical security mechanisms exist to locate system components + within the facility to minimize potential damage from physical and environmental + hazards and to minimize the opportunity for unauthorized access. ' + annotation: 'Does the organization locate system components within the facility + to minimize potential damage from physical and environmental hazards and to + minimize the opportunity for unauthorized access? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-12.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-12.1 + name: Transmission Medium Security + description: 'Physical security mechanisms exist to protect power and telecommunications + cabling carrying data or supporting information services from interception, + interference or damage. ' + annotation: 'Does the organization protect power and telecommunications cabling + carrying data or supporting information services from interception, interference + or damage? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-12.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-12.2 + name: Access Control for Output Devices + description: 'Physical security mechanisms exist to restrict access to printers + and other system output devices to prevent unauthorized individuals from obtaining + the output. ' + annotation: 'Does the organization restrict access to printers and other system + output devices to prevent unauthorized individuals from obtaining the output? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-13 + name: Information Leakage Due To Electromagnetic Signals Emanations + description: 'Facility security mechanisms exist to protect the system from + information leakage due to electromagnetic signals emanations. ' + annotation: 'Does the organization protect the system from information leakage + due to electromagnetic signals emanations? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-14 + name: Asset Monitoring and Tracking + description: Physical security mechanisms exist to employ asset location technologies + that track and monitor the location and movement of organization-defined assets + within organization-defined controlled areas. + annotation: Does the organization employ asset location technologies that track + and monitor the location and movement of organization-defined assets within + organization-defined controlled areas? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-15 + name: Electromagnetic Pulse (EMP) Protection + description: Physical security mechanisms exist to employ safeguards against + Electromagnetic Pulse (EMP) damage for systems and system components. + annotation: Does the organization employ safeguards against Electromagnetic + Pulse (EMP) damage for systems and system components? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-16 + name: Component Marking + description: Physical security mechanisms exist to mark system hardware components + indicating the impact or classification level of the information permitted + to be processed, stored or transmitted by the hardware component. + annotation: Does the organization mark system hardware components indicating + the impact or classification level of the information permitted to be processed, + stored or transmitted by the hardware component? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-17 + name: 'Proximity Sensor ' + description: Automated mechanisms exist to monitor physical proximity to robotic + or autonomous platforms to reduce applied force or stop the operation when + sensors indicate a potentially dangerous scenario. + annotation: Does the organization use automated mechanisms to monitor physical + proximity to robotic or autonomous platforms to reduce applied force or stop + the operation when sensors indicate a potentially dangerous scenario? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pes-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node936 + ref_id: PES-18 + name: On-Site Client Segregation + description: Mechanisms exist to ensure client-specific Intellectual Property + (IP) is isolated from other data when client-specific IP is processed or stored + within multi-client workspaces. + annotation: Does the organization ensure client-specific Intellectual Property + (IP) is isolated from other data when client-specific IP is processed or stored + within multi-client workspaces? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + assessable: false + depth: 1 + name: Data Privacy + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-01 + name: Data Privacy Program + description: 'Mechanisms exist to facilitate the implementation and operation + of data privacy controls. ' + annotation: 'Does the organization facilitate the implementation and operation + of data privacy controls? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-01.1 + name: Chief Privacy Officer (CPO) + description: Mechanisms exist to appoints a Chief Privacy Officer (CPO) or similar + role, with the authority, mission, accountability and resources to coordinate, + develop and implement, applicable data privacy requirements and manage data + privacy risks through the organization-wide data privacy program. + annotation: Does the organization appoints a Chief Privacy Officer (CPO) or + similar role, with the authority, mission, accountability and resources to + coordinate, develop and implement, applicable data privacy requirements and + manage data privacy risks through the organization-wide data privacy program? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-01.2 + name: Privacy Act Statements + description: "Mechanisms exist to provide additional formal notice to individuals\ + \ from whom the information is being collected that includes:\n \u25AA Notice\ + \ of the authority of organizations to collect Personal Data (PD); \n \u25AA\ + \ Whether providing Personal Data (PD) is mandatory or optional; \n \u25AA\ + \ The principal purpose or purposes for which the Personal Data (PD) is to\ + \ be used; \n \u25AA The intended disclosures or routine uses of the information;\ + \ and \n \u25AA The consequences of not providing all or some portion of the\ + \ information requested." + annotation: "Does the organization provide additional formal notice to individuals\ + \ from whom the information is being collected that includes:\n \u25AA Notice\ + \ of the authority of organizations to collect Personal Data (PD); \n \u25AA\ + \ Whether providing Personal Data (PD) is mandatory or optional; \n \u25AA\ + \ The principal purpose or purposes for which the Personal Data (PD) is to\ + \ be used; \n \u25AA The intended disclosures or routine uses of the information;\ + \ and \n \u25AA The consequences of not providing all or some portion of the\ + \ information requested?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-01.3 + name: 'Dissemination of Data Privacy Program Information ' + description: "Mechanisms exist to: \n \u25AA Ensure that the public has access\ + \ to information about organizational data privacy activities and can communicate\ + \ with its Chief Privacy Officer (CPO) or similar role;\n \u25AA Ensure that\ + \ organizational data privacy practices are publicly available through organizational\ + \ websites or document repositories; \n \u25AA Utilize publicly facing email\ + \ addresses and/or phone lines to enable the public to provide feedback and/or\ + \ direct questions to data privacy office(s) regarding data privacy practices;\ + \ and\n \u25AA Inform data subjects when changes are made to the privacy notice\ + \ and the nature of such changes." + annotation: "Does the organization: \n \u25AA Ensure that the public has access\ + \ to information about organizational data privacy activities and can communicate\ + \ with its Chief Privacy Officer (CPO) or similar role;\n \u25AA Ensure that\ + \ organizational data privacy practices are publicly available through organizational\ + \ websites or document repositories; \n \u25AA Utilize publicly facing email\ + \ addresses and/or phone lines to enable the public to provide feedback and/or\ + \ direct questions to data privacy office(s) regarding data privacy practices;\ + \ and\n \u25AA Inform data subjects when changes are made to the privacy notice\ + \ and the nature of such changes?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-01.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-01.4 + name: Data Protection Officer (DPO) + description: "Mechanisms exist to appoint a Data Protection Officer (DPO):\n\ + \ \u25AA Based on the basis of professional qualities; and\n \u25AA To be\ + \ involved in all issues related to the protection of personal data." + annotation: "Does the organization appoint a Data Protection Officer (DPO):\n\ + \ \u25AA Based on the basis of professional qualities; and\n \u25AA To be\ + \ involved in all issues related to the protection of personal data?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-01.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-01.5 + name: Binding Corporate Rules (BCR) + description: Mechanisms exist to implement and manage Binding Corporate Rules + (BCR) (e.g., data sharing agreement) to legally-bind all parties engaged in + a joint economic activity that contractually states enforceable rights on + data subjects with regard to the processing of their personal data. + annotation: Does the organization implement and manage Binding Corporate Rules + (BCR) (e.g., data sharing agreement) to legally-bind all parties engaged in + a joint economic activity that contractually states enforceable rights on + data subjects with regard to the processing of their personal data? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-01.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-01.6 + name: Security of Personal Data + description: Mechanisms exist to ensure Personal Data (PD) is protected by security + safeguards that are sufficient and appropriately scoped to protect the confidentiality + and integrity of the PD. + annotation: Does the organization ensure Personal Data (PD) is protected by + security safeguards that are sufficient and appropriately scoped to protect + the confidentiality and integrity of the PD? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-01.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-01.7 + name: Limiting Personal Data Disclosures + description: Mechanisms exist to limit the disclosure of Personal Data (PD) + to authorized parties for the sole purpose for which the PD was obtained. + annotation: Does the organization limit the disclosure of Personal Data (PD) + to authorized parties for the sole purpose for which the PD was obtained? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-02 + name: Data Privacy Notice + description: "Mechanisms exist to:\n\u25AA Make data privacy notice(s) available\ + \ to individuals upon first interacting with an organization and subsequently\ + \ as necessary; \n\u25AA Ensure that data privacy notices are clear and easy-to-understand,\ + \ expressing information about Personal Data (PD) processing in plain language\ + \ that meets all legal obligations; \n\u25AA Define the scope of PD processing\ + \ activities, including the geographic locations and third-party recipients\ + \ that process the PD within the scope of the data privacy notice;\n\u25AA\ + \ Content of the privacy notice is periodically reviewed and updates made\ + \ as necessary; and\n\u25AA Retain prior versions of the privacy notice, in\ + \ accordance with data retention requirements." + annotation: "Does the organization:\n\u25AA Make data privacy notice(s) available\ + \ to individuals upon first interacting with an organization and subsequently\ + \ as necessary; \n\u25AA Ensures that data privacy notices are clear and easy-to-understand,\ + \ expressing information about Personal Data (PD) processing in plain language\ + \ that meets all legal obligations; \n\u25AA Defines the scope of PD processing\ + \ activities, including the geographic locations and third-party recipients\ + \ that process the PD within the scope of the data privacy notice;\n\u25AA\ + \ Content of the privacy notice is periodically reviewed and updates made\ + \ as necessary; and\n\u25AA Prior versions of the privacy notice are retained\ + \ in accordance with data retention requirements?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-02.1 + name: Purpose Specification + description: Mechanisms exist to identify and document the purpose(s) for which + Personal Data (PD) is collected, used, maintained and shared in its data privacy + notices. + annotation: Does the organization identify and document the purpose(s) for which + Personal Data (PD) is collected, used, maintained and shared in its data privacy + notices? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-02.2 + name: Automated Data Management Processes + description: Automated mechanisms exist to adjust data that is able to be collected, + created, used, disseminated, maintained, retained and/or disclosed, based + on updated data subject authorization(s). + annotation: Does the organization use automated mechanisms to adjust data that + is able to be collected, created, used, disseminated, maintained, retained + and/or disclosed, based on updated data subject authorization(s)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-02.3 + name: 'Computer Matching Agreements (CMA) ' + description: Mechanisms exist to publish Computer Matching Agreements (CMA) + on the public website of the organization. + annotation: Does the organization publish Computer Matching Agreements (CMA) + on the public website of the organization? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-02.4 + name: System of Records Notice (SORN) + description: Mechanisms exist to draft, publish and keep System of Records Notices + (SORN) updated in accordance with regulatory guidance. + annotation: Does the organization draft, publish and keep System of Records + Notices (SORN) updated in accordance with regulatory guidance? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-02.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-02.5 + name: System of Records Notice (SORN) Review Process + description: Mechanisms exist to review all routine uses of data published in + the System of Records Notices (SORN) to ensure continued accuracy and to ensure + that routine uses continue to be compatible with the purpose for which the + information was collected. + annotation: Does the organization review all routine uses of data published + in the System of Records Notices (SORN) to ensure continued accuracy and to + ensure that routine uses continue to be compatible with the purpose for which + the information was collected? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-02.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-02.6 + name: Privacy Act Exemptions + description: Mechanisms exist to review all Privacy Act exemptions claimed for + the System of Records Notices (SORN) to ensure they remain appropriate and + accurate. + annotation: Does the organization review all Privacy Act exemptions claimed + for the System of Records Notices (SORN) to ensure they remain appropriate + and accurate? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-02.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-02.7 + name: Real-Time or Layered Notice + description: Mechanisms exist to provide real-time and/or layered notice when + Personal Data (PD) is collected that provides data subjects with a summary + of key points or more detailed information that is specific to the organization's + data privacy notice. + annotation: Does the organization provide real-time and/or layered notice when + Personal Data (PD) is collected that provides data subjects with a summary + of key points or more detailed information that is specific to the organization's + data privacy notice? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03 + name: Choice & Consent + description: "Mechanisms exist to authorize the processing of their Personal\ + \ Data (PD) prior to its collection that:\n\u25AA Uses plain language and\ + \ provide examples to illustrate the potential data privacy risks of the authorization;\ + \ and\n\u25AA Provides a means for users to decline the authorization.\n" + annotation: "Does the organization authorize the processing of their Personal\ + \ Data (PD) prior to its collection that:\n\u25AA Uses plain language and\ + \ provide examples to illustrate the potential data privacy risks of the authorization;\ + \ and\n\u25AA Provides a means for users to decline the authorization?\n" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03.1 + name: Tailored Consent + description: Mechanisms exist to allow data subjects to modify the use permissions + to selected attributes of their Personal Data (PD). + annotation: Does the organization allow data subjects to modify the use permissions + to selected attributes of their Personal Data (PD)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03.2 + name: Just-In-Time Notice & Updated Consent + description: "Mechanisms exist to present authorizations to process Personal\ + \ Data (PD) in conjunction with the data action, when:\n\u25AA The original\ + \ circumstances under which an individual gave consent have changed; or\n\u25AA\ + \ A significant amount of time has passed since an individual gave consent." + annotation: "Does the organization present authorizations to process Personal\ + \ Data (PD) in conjunction with the data action, when:\n\u25AA The original\ + \ circumstances under which an individual gave consent have changed; or\n\u25AA\ + \ A significant amount of time has passed since an individual gave consent?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03.3 + name: Prohibition Of Selling or Sharing Personal Data + description: Mechanisms exist to prevent the sale or sharing of Personal Data + (PD) when instructed by the data subject. + annotation: Does the organization prevent the sale or sharing of Personal Data + (PD) when instructed by the data subject? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03.4 + name: Revoke Consent + description: Mechanisms exist to allow data subjects to revoke consent to the + processing of their Personal Data (PD). + annotation: Does the organization allow data subjects to revoke consent to the + processing of their Personal Data (PD)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03.5 + name: Product or Service Delivery Restrictions + description: Mechanisms exist to prohibit the refusal of products and/or services + on the grounds that a data subject does not agree to the processing of Personal + Data (PD) or withdraws consent. + annotation: Does the organization prohibit the refusal of products and/or services + on the grounds that a data subject does not agree to the processing of Personal + Data (PD) or withdraws consent? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03.6 + name: Authorized Agent + description: Mechanisms exist to allow data subjects to authorize another person + or entity, acting on the data subject's behalf, to make Personal Data (PD) + processing decisions. + annotation: Does the organization allow data subjects to authorize another person + or entity, acting on the data subject's behalf, to make Personal Data (PD) + processing decisions? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03.7 + name: Active Participation By Data Subjects + description: Mechanisms exist to compel data subjects to select the level of + consent deemed appropriate by the data subject for the relevant business purpose + (e.g., opt-in, opt-out, accept all cookies, etc.). + annotation: Does the organization compel data subjects to select the level of + consent deemed appropriate by the data subject for the relevant business purpose + (e.g., opt-in, opt-out, accept all cookies, etc.)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-03.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-03.8 + name: Global Privacy Control (GPC) + description: Automated mechanisms exist to provide data subjects with functionality + to exercise pre-selected opt-out preferences (e.g., opt-out signal). + annotation: Does the organization use automated mechanisms to provide data subjects + with functionality to exercise pre-selected opt-out preferences (e.g., opt-out + signal)? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-04 + name: Restrict Collection To Identified Purpose + description: Mechanisms exist to collect Personal Data (PD) only for the purposes + identified in the data privacy notice and includes protections against collecting + PD from minors without appropriate parental, or legal guardian, consent. + annotation: Does the organization collect Personal Data (PD) only for the purposes + identified in the data privacy notice and includes protections against collecting + PD from minors without appropriate parental, or legal guardian, consent? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-04.1 + name: Authority To Collect, Use, Maintain & Share Personal Data + description: Mechanisms exist to determine and document the legal authority + that permits the collection, use, maintenance and sharing of Personal Data + (PD), either generally or in support of a specific program or system need. + annotation: Does the organization determine and document the legal authority + that permits the collection, use, maintenance and sharing of Personal Data + (PD), either generally or in support of a specific program or system need? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-04.2 + name: Primary Sources + description: Mechanisms exist to ensure information is directly collected from + the data subject, whenever possible. + annotation: Does the organization ensure information is directly collected from + the data subject, whenever possible? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-04.3 + name: Identifiable Image Collection + description: Mechanisms exist to restrict the collection, processing, storage + and sharing of photographic and/or video surveillance image collection that + can identify individuals to legitimate business needs. + annotation: Does the organization restrict the collection, processing, storage + and sharing of photographic and/or video surveillance image collection that + can identify individuals to legitimate business needs? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-04.4 + name: Acquired Personal Data + description: Mechanisms exist to promptly inform data subjects of the utilization + purpose when their Personal Data (PD) is acquired and not received directly + from the data subject, except where that utilization purpose was disclosed + in advance to the data subject. + annotation: Does the organization promptly inform data subjects of the utilization + purpose when their Personal Data (PD) is acquired and not received directly + from the data subject, except where that utilization purpose was disclosed + in advance to the data subject? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-04.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-04.5 + name: Validate Collected Personal Data + description: Mechanisms exist to ensure that the data subject, or authorized + representative, validate Personal Data (PD) during the collection process. + annotation: Does the organization ensure that the data subject, or authorized + representative, validate Personal Data (PD) during the collection process? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-04.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-04.6 + name: Re-Validate Collected Personal Data + description: Mechanisms exist to ensure that the data subject, or authorized + representative, re-validate that Personal Data (PD) acquired during the collection + process is still accurate. + annotation: Does the organization ensure that the data subject, or authorized + representative, re-validate that Personal Data (PD) acquired during the collection + process is still accurate? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-05 + name: Personal Data Retention & Disposal + description: "Mechanisms exist to: \n \u25AA Retain Personal Data (PD), including\ + \ metadata, for an organization-defined time period to fulfill the purpose(s)\ + \ identified in the notice or as required by law;\n \u25AA Dispose of, destroys,\ + \ erases, and/or anonymizes the PD, regardless of the method of storage; and\n\ + \ \u25AA Use organization-defined techniques or methods to ensure secure deletion\ + \ or destruction of PD (including originals, copies and archived records)." + annotation: "Does the organization: \n \u25AA Retain Personal Data (PD), including\ + \ metadata, for an organization-defined time period to fulfill the purpose(s)\ + \ identified in the notice or as required by law;\n \u25AA Dispose of, destroys,\ + \ erases, and/or anonymizes the PD, regardless of the method of storage; and\n\ + \ \u25AA Use organization-defined techniques or methods to ensure secure deletion\ + \ or destruction of PD (including originals, copies and archived records)?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-05.1 + name: Internal Use of Personal Data For Testing, Training and Research + description: "Mechanisms exist to address the use of Personal Data (PD) for\ + \ internal testing, training and research that:\n \u25AA Takes measures to\ + \ limit or minimize the amount of PD used for internal testing, training and\ + \ research purposes; and\n \u25AA Authorizes the use of PD when such information\ + \ is required for internal testing, training and research." + annotation: "Does the organization address the use of Personal Data (PD) for\ + \ internal testing, training and research that:\n \u25AA Takes measures to\ + \ limit or minimize the amount of PD used for internal testing, training and\ + \ research purposes; and\n \u25AA Authorizes the use of PD when such information\ + \ is required for internal testing, training and research?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-05.2 + name: Personal Data Accuracy & Integrity + description: Mechanisms exist to confirm the accuracy and relevance of Personal + Data (PD) throughout the information lifecycle. + annotation: Does the organization confirm the accuracy and relevance of Personal + Data (PD) throughout the information lifecycle? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-05.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-05.3 + name: Data Masking + description: Mechanisms exist to mask sensitive/regulated data through data + anonymization, pseudonymization, redaction or de-identification. + annotation: Does the organization mask sensitive/regulated data through data + anonymization, pseudonymization, redaction or de-identification? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-05.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-05.4 + name: Usage Restrictions of Sensitive Personal Data + description: 'Mechanisms exist to restrict the use of Personal Data (PD) to + only the authorized purpose(s) consistent with applicable laws, regulations + and in data privacy notices. ' + annotation: 'Does the organization restrict the use of Personal Data (PD) to + only the authorized purpose(s) consistent with applicable laws, regulations + and in data privacy notices? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-05.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-05.5 + name: Inventory of Personal Data + description: 'Mechanisms exist to establish, maintain and update an inventory + that contains a listing of all programs and systems identified as collecting, + using, maintaining, or sharing Personal Data (PD). ' + annotation: 'Does the organization establish, maintain and update an inventory + that contains a listing of all programs and systems identified as collecting, + using, maintaining, or sharing Personal Data (PD)? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-05.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-05.6 + name: Personal Data Inventory Automation Support + description: Automated mechanisms exist to determine if Personal Data (PD) is + maintained in electronic form. + annotation: Does the organization use automated mechanisms to determine if Personal + Data (PD) is maintained in electronic form? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-05.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-05.7 + name: Personal Data Categories + description: Mechanisms exist to define and implement data handling and protection + requirements for specific categories of sensitive Personal Data (PD). + annotation: Does the organization define and implement data handling and protection + requirements for specific categories of sensitive Personal Data (PD)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-06 + name: Data Subject Access + description: Mechanisms exist to provide data subjects the ability to access + their Personal Data (PD) maintained in organizational systems of records. + annotation: Does the organization provide data subjects the ability to access + their Personal Data (PD) maintained in organizational systems of records? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-06.1 + name: Correcting Inaccurate Personal Data + description: "Mechanisms exist to establish and implement a process for:\n \u25AA\ + \ Data subjects to have inaccurate Personal Data (PD) maintained by the organization\ + \ corrected or amended; and\n \u25AA Disseminating corrections or amendments\ + \ of PD to other authorized users of the PD." + annotation: "Does the organization establish and implement a process for:\n\ + \ \u25AA Data subjects to have inaccurate Personal Data (PD) maintained by\ + \ the organization corrected or amended; and\n \u25AA Disseminating corrections\ + \ or amendments of PD to other authorized users of the PD?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-06.2 + name: Notice of Correction or Processing Change + description: Mechanisms exist to notify affected data subjects if their Personal + Data (PD) has been corrected or amended. + annotation: Does the organization notify affected data subjects if their Personal + Data (PD) has been corrected or amended? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-06.3 + name: Appeal Adverse Decision + description: Mechanisms exist to provide an organization-defined process for + data subjects to appeal an adverse decision and have incorrect information + amended. + annotation: Does the organization provide an organization-defined process for + data subjects to appeal an adverse decision and have incorrect information + amended? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-06.4 + name: User Feedback Management + description: Mechanisms exist to implement a process for receiving and responding + to complaints, concerns or questions from data subjects about the organizational + data privacy practices. + annotation: Does the organization implement a process for receiving and responding + to complaints, concerns or questions from data subjects about the organizational + data privacy practices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-06.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-06.5 + name: Right to Erasure + description: Mechanisms exist to erase Personal Data (PD) of a data subject + without delay. + annotation: Does the organization erase Personal Data (PD) of a data subject + without delay? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-06.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-06.6 + name: Data Portability + description: Mechanisms exist to export Personal Data (PD) in a structured, + commonly used and machine-readable format that allows the data subject to + transmit the data to another controller without hindrance. + annotation: Does the organization export Personal Data (PD) in a structured, + commonly used and machine-readable format that allows the data subject to + transmit the data to another controller without hindrance? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-06.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-06.7 + name: Personal Data Exportability + description: Mechanisms exist to digitally export Personal Data (PD) in a secure + manner upon request by the data subject. + annotation: Does the organization digitally export Personal Data (PD) in a secure + manner upon request by the data subject? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-07 + name: Information Sharing With Third Parties + description: 'Mechanisms exist to disclose Personal Data (PD) to third-parties + only for the purposes identified in the data privacy notice and with the implicit + or explicit consent of the data subject. ' + annotation: 'Does the organization disclose Personal Data (PD) to third-parties + only for the purposes identified in the data privacy notice and with the implicit + or explicit consent of the data subject? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-07.1 + name: 'Data Privacy Requirements for Contractors & Service Providers ' + description: 'Mechanisms exist to include data privacy requirements in contracts + and other acquisition-related documents that establish data privacy roles + and responsibilities for contractors and service providers. ' + annotation: 'Does the organization include data privacy requirements in contracts + and other acquisition-related documents that establish data privacy roles + and responsibilities for contractors and service providers? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-07.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-07.2 + name: Joint Processing of Personal Data + description: 'Mechanisms exist to clearly define and communicate the organization''s + role in processing Personal Data (PD) in the data processing ecosystem. ' + annotation: 'Does the organization clearly define and communicate the organization''s + role in processing Personal Data (PD) in the data processing ecosystem? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-07.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-07.3 + name: Obligation To Inform Third-Parties + description: Mechanisms exist to inform applicable third-parties of any modification, + deletion or other change that affects shared Personal Data (PD). + annotation: Does the organization inform applicable third-parties of any modification, + deletion or other change that affects shared Personal Data (PD)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-07.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-07.4 + name: Reject Unauthorized Disclosure Requests + description: Mechanisms exist to reject unauthorized disclosure requests. + annotation: Does the organization reject unauthorized disclosure requests? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-08 + name: Testing, Training & Monitoring + description: 'Mechanisms exist to conduct cybersecurity & data privacy testing, + training and monitoring activities + + ' + annotation: 'Does the organization conduct cybersecurity & data privacy testing, + training and monitoring activities + + ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-09 + name: Personal Data Lineage + description: Mechanisms exist to utilize a record of processing activities to + maintain a record of Personal Data (PD) that is stored, transmitted and/or + processed under the organization's responsibility. + annotation: Does the organization utilize a record of processing activities + to maintain a record of Personal Data (PD) that is stored, transmitted and/or + processed under the organization's responsibility? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-10 + name: Data Quality Management + description: Mechanisms exist to manage the quality, utility, objectivity, integrity + and impact determination and de-identification of sensitive/regulated data + across the information lifecycle. + annotation: Does the organization manage the quality, utility, objectivity, + integrity and impact determination and de-identification of sensitive/regulated + data across the information lifecycle? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-10.1 + name: Automation + description: Automated mechanisms exist to support the evaluation of data quality + across the information lifecycle. + annotation: Does the organization use automated mechanisms to support the evaluation + of data quality across the information lifecycle? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-10.2 + name: Data Analytics Bias + description: Mechanisms exist to evaluate its analytical processes for potential + bias. + annotation: Does the organization evaluate its analytical processes for potential + bias? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-11 + name: Data Tagging + description: Mechanisms exist to issue data modeling guidelines to support tagging + of sensitive/regulated data. + annotation: Does the organization issue data modeling guidelines to support + tagging of sensitive/regulated data? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-12 + name: Updating Personal Data (PD) + description: Mechanisms exist to develop processes to identify and record the + method under which Personal Data (PD) is updated and the frequency that such + updates occur. + annotation: Does the organization develop processes to identify and record the + method under which Personal Data (PD) is updated and the frequency that such + updates occur? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-13 + name: Data Management Board + description: Mechanisms exist to establish a written charter for a Data Management + Board (DMB) and assigned organization-defined roles to the DMB. + annotation: Does the organization establish a written charter for a Data Management + Board (DMB) and assigned organization-defined roles to the DMB? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-14 + name: Data Privacy Records & Reporting + description: Mechanisms exist to maintain data privacy-related records and develop, + disseminate and update reports to internal senior management, as well as external + oversight bodies, as appropriate, to demonstrate accountability with specific + statutory and regulatory data privacy program mandates. + annotation: Does the organization maintain data privacy-related records and + develop, disseminate and update reports to internal senior management, as + well as external oversight bodies, as appropriate, to demonstrate accountability + with specific statutory and regulatory data privacy program mandates? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-14.1 + name: Accounting of Disclosures + description: Mechanisms exist to develop and maintain an accounting of disclosures + of Personal Data (PD) held by the organization and make the accounting of + disclosures available to the person named in the record, upon request. + annotation: Does the organization develop and maintain an accounting of disclosures + of Personal Data (PD) held by the organization and make the accounting of + disclosures available to the person named in the record, upon request? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-14.2 + name: Notification of Disclosure Request To Data Subject + description: Mechanisms exist to notify data subjects of applicable legal requests + to disclose Personal Data (PD). + annotation: Does the organization notify data subjects of applicable legal requests + to disclose Personal Data (PD)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-15 + name: Register As A Data Controller and/or Data Processor + description: Mechanisms exist to register as a data controller and/or data processor, + including registering databases containing Personal Data (PD) with the appropriate + Data Authority, when necessary. + annotation: Does the organization register as a data controller and/or data + processor, including registering databases containing Personal Data (PD) with + the appropriate Data Authority, when necessary? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-16 + name: Potential Human Rights Abuses + description: Mechanisms exist to constrain the supply of physical and/or digital + activity logs to the host government that can directly lead to contravention + of the Universal Declaration of Human Rights (UDHR), as well as other applicable + statutory, regulatory and/or contractual obligations. + annotation: Does the organization constrain the supply of physical and/or digital + activity logs to the host government that can directly lead to contravention + of the Universal Declaration of Human Rights (UDHR), as well as other applicable + statutory, regulatory and/or contractual obligations? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-17 + name: Data Subject Communications + description: Mechanisms exist to craft disclosures and communications to data + subjects such that the material is readily accessible and written in a manner + that is concise, unambiguous and understandable by a reasonable person. + annotation: Does the organization craft disclosures and communications to data + subjects such that the material is readily accessible and written in a manner + that is concise, unambiguous and understandable by a reasonable person? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-17.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-17.1 + name: Conspicuous Link To Data Privacy Notice + description: Mechanisms exist to include a conspicuous link to the organization's + data privacy notice on all consumer-facing websites and mobile applications. + annotation: Does the organization include a conspicuous link to the organization's + data privacy notice on all consumer-facing websites and mobile applications? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-17.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-17.2 + name: Notice of Financial Incentive + description: Mechanisms exist to provide data subjects with a Notice of Financial + Incentive that explains the material terms of a financial incentive, price + or service difference so the data subject can make an informed decision about + whether to participate. + annotation: Does the organization provide data subjects with a Notice of Financial + Incentive that explains the material terms of a financial incentive, price + or service difference so the data subject can make an informed decision about + whether to participate? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:pri-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node950 + ref_id: PRI-18 + name: Data Controller Communications + description: "Mechanisms exist to receive and process data controller communications\ + \ pertaining to:\n \u25AA Receiving and responding to data subject requests;\n\ + \ \u25AA Updating/correcting Personal Data (PD); \n \u25AA Accounting for\ + \ disclosures of PD; and\n \u25AA Accounting for PD that is stored, processed\ + \ and/or transmitted on behalf of the data controller. " + annotation: "Does the organization receive and process data controller communications\ + \ pertaining to:\n \u25AA Receiving and responding to data subject requests;\n\ + \ \u25AA Updating/correcting Personal Data (PD); \n \u25AA Accounting for\ + \ disclosures of PD; and\n \u25AA Accounting for PD that is stored, processed\ + \ and/or transmitted on behalf of the data controller?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + assessable: false + depth: 1 + name: Project & Resource Management + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-01 + name: Cybersecurity & Data Privacy Portfolio Management + description: Mechanisms exist to facilitate the implementation of cybersecurity + & data privacy-related resource planning controls that define a viable plan + for achieving cybersecurity & data privacy objectives. + annotation: Does the organization facilitate the implementation of cybersecurity + & data privacy-related resource planning controls that define a viable plan + for achieving cybersecurity & data privacy objectives? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-01.1 + name: Strategic Plan & Objectives + description: Mechanisms exist to establish a strategic cybersecurity & data + privacy-specific business plan and set of objectives to achieve that plan. + annotation: Does the organization establish a strategic cybersecurity & data + privacy-specific business plan and set of objectives to achieve that plan? + implementation_groups: + - tier1 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-01.2 + name: Targeted Capability Maturity Levels + description: Mechanisms exist to define and identify targeted capability maturity + levels. + annotation: Does the organization define and identify targeted capability maturity + levels? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-02 + name: Cybersecurity & Data Privacy Resource Management + description: 'Mechanisms exist to address all capital planning and investment + requests, including the resources needed to implement the cybersecurity & + data privacy programs and document all exceptions to this requirement. ' + annotation: 'Does the organization address all capital planning and investment + requests, including the resources needed to implement the cybersecurity & + data privacy programs and document all exceptions to this requirement? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-03 + name: 'Allocation of Resources ' + description: Mechanisms exist to identify and allocate resources for management, + operational, technical and data privacy requirements within business process + planning for projects / initiatives. + annotation: Does the organization identify and allocate resources for management, + operational, technical and data privacy requirements within business process + planning for projects / initiatives? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-04 + name: 'Cybersecurity & Data Privacy In Project Management ' + description: Mechanisms exist to assess cybersecurity & data privacy controls + in system project development to determine the extent to which the controls + are implemented correctly, operating as intended and producing the desired + outcome with respect to meeting the requirements. + annotation: Does the organization assess cybersecurity & data privacy controls + in system project development to determine the extent to which the controls + are implemented correctly, operating as intended and producing the desired + outcome with respect to meeting the requirements? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-05 + name: Cybersecurity & Data Privacy Requirements Definition + description: 'Mechanisms exist to identify critical system components and functions + by performing a criticality analysis for critical systems, system components + or services at pre-defined decision points in the Secure Development Life + Cycle (SDLC). ' + annotation: 'Does the organization identify critical system components and functions + by performing a criticality analysis for critical systems, system components + or services at pre-defined decision points in the Secure Development Life + Cycle (SDLC)? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-06 + name: 'Business Process Definition ' + description: "Mechanisms exist to define business processes with consideration\ + \ for cybersecurity & data privacy that determines: \n \u25AA The resulting\ + \ risk to organizational operations, assets, individuals and other organizations;\ + \ and\n \u25AA Information protection needs arising from the defined business\ + \ processes and revises the processes as necessary, until an achievable set\ + \ of protection needs is obtained." + annotation: "Does the organization define business processes with consideration\ + \ for cybersecurity & data privacy that determines: \n \u25AA The resulting\ + \ risk to organizational operations, assets, individuals and other organizations;\ + \ and\n \u25AA Information protection needs arising from the defined business\ + \ processes and revises the processes as necessary, until an achievable set\ + \ of protection needs is obtained?" + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-07 + name: Secure Development Life Cycle (SDLC) Management + description: 'Mechanisms exist to ensure changes to systems within the Secure + Development Life Cycle (SDLC) are controlled through formal change control + procedures. ' + annotation: 'Does the organization ensure changes to systems within the Secure + Development Life Cycle (SDLC) are controlled through formal change control + procedures? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:prm-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1021 + ref_id: PRM-08 + name: Manage Organizational Knowledge + description: Mechanisms exist to manage the organizational knowledge of the + cybersecurity & data privacy staff. + annotation: Does the organization manage the organizational knowledge of the + cybersecurity & data privacy staff? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + assessable: false + depth: 1 + name: Risk Management + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-01 + name: 'Risk Management Program ' + description: Mechanisms exist to facilitate the implementation of strategic, + operational and tactical risk management controls. + annotation: Does the organization facilitate the implementation of strategic, + operational and tactical risk management controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-01.1 + name: Risk Framing + description: "Mechanisms exist to identify:\n \u25AA Assumptions affecting risk\ + \ assessments, risk response and risk monitoring;\n \u25AA Constraints affecting\ + \ risk assessments, risk response and risk monitoring;\n \u25AA The organizational\ + \ risk tolerance; and\n \u25AA Priorities, benefits and trade-offs considered\ + \ by the organization for managing risk." + annotation: "Does the organization identify:\n \u25AA Assumptions affecting\ + \ risk assessments, risk response and risk monitoring;\n \u25AA Constraints\ + \ affecting risk assessments, risk response and risk monitoring;\n \u25AA\ + \ The organizational risk tolerance; and\n \u25AA Priorities, benefits and\ + \ trade-offs considered by the organization for managing risk?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-01.2 + name: 'Risk Management Resourcing ' + description: Mechanisms exist to reduce the magnitude or likelihood of potential + impacts by resourcing the capability required to manage technology-related + risks. + annotation: Does the organization reduce the magnitude or likelihood of potential + impacts by resourcing the capability required to manage technology-related + risks? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-01.3 + name: Risk Tolerance + description: Mechanisms exist to define organizational risk tolerance, the specified + range of acceptable results. + annotation: Does the organization define organizational risk tolerance, the + specified range of acceptable results? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-01.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-01.4 + name: Risk Threshold + description: Mechanisms exist to define organizational risk threshold, the level + of risk exposure above which risks are addressed and below which risks may + be accepted. + annotation: Does the organization define organizational risk threshold, the + level of risk exposure above which risks are addressed and below which risks + may be accepted? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-01.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-01.5 + name: Risk Appetite + description: Mechanisms exist to define organizational risk appetite, the degree + of uncertainty the organization is willing to accept in anticipation of a + reward. + annotation: Does the organization define organizational risk appetite, the degree + of uncertainty the organization is willing to accept in anticipation of a + reward? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-02 + name: 'Risk-Based Security Categorization ' + description: "Mechanisms exist to categorize systems and data in accordance\ + \ with applicable local, state and Federal laws that:\n \u25AA Document the\ + \ security categorization results (including supporting rationale) in the\ + \ security plan for systems; and\n \u25AA Ensure the security categorization\ + \ decision is reviewed and approved by the asset owner." + annotation: "Does the organization categorize systems and data in accordance\ + \ with applicable local, state and Federal laws that:\n \u25AA Document the\ + \ security categorization results (including supporting rationale) in the\ + \ security plan for systems; and\n \u25AA Ensure the security categorization\ + \ decision is reviewed and approved by the asset owner?" + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-02.1 + name: Impact-Level Prioritization + description: Mechanisms exist to prioritize the impact level for systems, applications + and/or services to prevent potential disruptions. + annotation: Does the organization prioritize the impact level for systems, applications + and/or services to prevent potential disruptions? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-03 + name: Risk Identification + description: 'Mechanisms exist to identify and document risks, both internal + and external. ' + annotation: 'Does the organization identify and document risks, both internal + and external? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-03.1 + name: Risk Catalog + description: Mechanisms exist to develop and keep current a catalog of applicable + risks associated with the organization's business operations and technologies + in use. + annotation: Does the organization develop and keep current a catalog of applicable + risks associated with the organization's business operations and technologies + in use? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-04 + name: 'Risk Assessment ' + description: Mechanisms exist to conduct recurring assessments of risk that + includes the likelihood and magnitude of harm, from unauthorized access, use, + disclosure, disruption, modification or destruction of the organization's + systems and data. + annotation: Does the organization conduct recurring assessments of risk that + includes the likelihood and magnitude of harm, from unauthorized access, use, + disclosure, disruption, modification or destruction of the organization's + systems and data? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-04.1 + name: Risk Register + description: Mechanisms exist to maintain a risk register that facilitates monitoring + and reporting of risks. + annotation: Does the organization maintain a risk register that facilitates + monitoring and reporting of risks? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-05 + name: 'Risk Ranking ' + description: 'Mechanisms exist to identify and assign a risk ranking to newly + discovered security vulnerabilities that is based on industry-recognized practices. ' + annotation: 'Does the organization identify and assign a risk ranking to newly + discovered security vulnerabilities that is based on industry-recognized practices? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-06 + name: 'Risk Remediation ' + description: 'Mechanisms exist to remediate risks to an acceptable level. ' + annotation: 'Does the organization remediate risks to an acceptable level? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-06.1 + name: Risk Response + description: Mechanisms exist to respond to findings from cybersecurity & data + privacy assessments, incidents and audits to ensure proper remediation has + been performed. + annotation: Does the organization respond to findings from cybersecurity & data + privacy assessments, incidents and audits to ensure proper remediation has + been performed? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-06.2 + name: Compensating Countermeasures + description: Mechanisms exist to identify and implement compensating countermeasures + to reduce risk and exposure to threats. + annotation: Does the organization identify and implement compensating countermeasures + to reduce risk and exposure to threats? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-07 + name: Risk Assessment Update + description: 'Mechanisms exist to routinely update risk assessments and react + accordingly upon identifying new security vulnerabilities, including using + outside sources for security vulnerability information. ' + annotation: 'Does the organization routinely update risk assessments and react + accordingly upon identifying new security vulnerabilities, including using + outside sources for security vulnerability information? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-08 + name: 'Business Impact Analysis (BIA) ' + description: Mechanisms exist to conduct a Business Impact Analysis (BIA) to + identify and assess cybersecurity and data protection risks. + annotation: Does the organization conduct a Business Impact Analysis (BIA) to + identify and assess cybersecurity and data protection risks? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-09 + name: Supply Chain Risk Management (SCRM) Plan + description: Mechanisms exist to develop a plan for Supply Chain Risk Management + (SCRM) associated with the development, acquisition, maintenance and disposal + of systems, system components and services, including documenting selected + mitigating actions and monitoring performance against those plans. + annotation: Does the organization develop a plan for Supply Chain Risk Management + (SCRM) associated with the development, acquisition, maintenance and disposal + of systems, system components and services, including documenting selected + mitigating actions and monitoring performance against those plans? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-09.1 + name: Supply Chain Risk Assessment + description: Mechanisms exist to periodically assess supply chain risks associated + with systems, system components and services. + annotation: Does the organization periodically assess supply chain risks associated + with systems, system components and services? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-09.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-09.2 + name: AI & Autonomous Technologies Supply Chain Impacts + description: Mechanisms exist to address Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related risks and benefits arising from the organization's + supply chain, including third-party software and data. + annotation: Does the organization address Artificial Intelligence (AI) and Autonomous + Technologies (AAT)-related risks and benefits arising from the organization's + supply chain, including third-party software and data? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-10 + name: 'Data Protection Impact Assessment (DPIA) ' + description: Mechanisms exist to conduct a Data Protection Impact Assessment + (DPIA) on systems, applications and services that store, process and/or transmit + Personal Data (PD) to identify and remediate reasonably-expected risks. + annotation: Does the organization conduct a Data Protection Impact Assessment + (DPIA) on systems, applications and services that store, process and/or transmit + Personal Data (PD) to identify and remediate reasonably-expected risks? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-11 + name: Risk Monitoring + description: Mechanisms exist to ensure risk monitoring as an integral part + of the continuous monitoring strategy that includes monitoring the effectiveness + of cybersecurity & data privacy controls, compliance and change management. + annotation: Does the organization ensure risk monitoring as an integral part + of the continuous monitoring strategy that includes monitoring the effectiveness + of cybersecurity & data privacy controls, compliance and change management? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:rsk-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1032 + ref_id: RSK-12 + name: Risk Culture + description: Mechanisms exist to ensure teams are committed to a culture that + considers and communicates technology-related risk. + annotation: Does the organization ensure teams are committed to a culture that + considers and communicates technology-related risk? + implementation_groups: + - tier1 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + assessable: false + depth: 1 + name: 'Secure Engineering & Architecture ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-01 + name: 'Secure Engineering Principles ' + description: Mechanisms exist to facilitate the implementation of industry-recognized + cybersecurity & data privacy practices in the specification, design, development, + implementation and modification of systems and services. + annotation: Does the organization facilitate the implementation of industry-recognized + cybersecurity & data privacy practices in the specification, design, development, + implementation and modification of systems and services? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-01.1 + name: Centralized Management of Cybersecurity & Data Privacy Controls + description: Mechanisms exist to centrally-manage the organization-wide management + and implementation of cybersecurity & data privacy controls and related processes. + annotation: Does the organization centrally-manage the organization-wide management + and implementation of cybersecurity & data privacy controls and related processes? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-01.2 + name: Achieving Resilience Requirements + description: Mechanisms exist to achieve resilience requirements in normal and + adverse situations. + annotation: Does the organization achieve resilience requirements in normal + and adverse situations? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-02 + name: 'Alignment With Enterprise Architecture ' + description: 'Mechanisms exist to develop an enterprise architecture, aligned + with industry-recognized leading practices, with consideration for cybersecurity + & data privacy principles that addresses risk to organizational operations, + assets, individuals, other organizations. ' + annotation: 'Does the organization develop an enterprise architecture, aligned + with industry-recognized leading practices, with consideration for cybersecurity + & data privacy principles that addresses risk to organizational operations, + assets, individuals, other organizations? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-02.1 + name: Standardized Terminology + description: 'Mechanisms exist to standardize technology and process terminology + to reduce confusion amongst groups and departments. ' + annotation: 'Does the organization standardize technology and process terminology + to reduce confusion amongst groups and departments? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-02.2 + name: Outsourcing Non-Essential Functions or Services + description: Mechanisms exist to identify non-essential functions or services + that are capable of being outsourced to external service providers and align + with the organization's enterprise architecture and security standards. + annotation: Does the organization identify non-essential functions or services + that are capable of being outsourced to external service providers and align + with the organization's enterprise architecture and security standards? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-02.3 + name: Technical Debt Reviews + description: "Mechanisms exist to conduct ongoing \u201Ctechnical debt\u201D\ + \ reviews of hardware and software technologies to remediate outdated and/or\ + \ unsupported technologies." + annotation: "Does the organization conduct ongoing \u201Ctechnical debt\u201D\ + \ reviews of hardware and software technologies to remediate outdated and/or\ + \ unsupported technologies?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-03 + name: Defense-In-Depth (DiD) Architecture + description: 'Mechanisms exist to implement security functions as a layered + structure minimizing interactions between layers of the design and avoiding + any dependence by lower layers on the functionality or correctness of higher + layers. ' + annotation: 'Does the organization implement security functions as a layered + structure minimizing interactions between layers of the design and avoiding + any dependence by lower layers on the functionality or correctness of higher + layers? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-03.1 + name: 'System Partitioning ' + description: 'Mechanisms exist to partition systems so that partitions reside + in separate physical domains or environments. ' + annotation: 'Does the organization partition systems so that partitions reside + in separate physical domains or environments? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-03.2 + name: Application Partitioning + description: 'Mechanisms exist to separate user functionality from system management + functionality. ' + annotation: 'Does the organization separate user functionality from system management + functionality? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-04 + name: 'Process Isolation ' + description: 'Mechanisms exist to implement a separate execution domain for + each executing process. ' + annotation: 'Does the organization implement a separate execution domain for + each executing process? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-04.1 + name: Security Function Isolation + description: 'Mechanisms exist to isolate security functions from non-security + functions. ' + annotation: 'Does the organization isolate security functions from non-security + functions? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-04.2 + name: Hardware Separation + description: 'Mechanisms exist to implement underlying hardware separation mechanisms + to facilitate process separation. ' + annotation: 'Does the organization implement underlying hardware separation + mechanisms to facilitate process separation? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-04.3 + name: Thread Separation + description: 'Mechanisms exist to maintain a separate execution domain for each + thread in multi-threaded processing. ' + annotation: 'Does the organization maintain a separate execution domain for + each thread in multi-threaded processing? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-04.4 + name: System Privileges Isolation + description: Mechanisms exist to isolate, or logically separate, any application, + service and/or process running with system privileges. + annotation: Does the organization isolate, or logically separate, any application, + service and/or process running with system privileges? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-05 + name: 'Information In Shared Resources ' + description: 'Mechanisms exist to prevent unauthorized and unintended information + transfer via shared system resources. ' + annotation: 'Does the organization prevent unauthorized and unintended information + transfer via shared system resources? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-06 + name: Prevent Program Execution + description: 'Automated mechanisms exist to prevent the execution of unauthorized + software programs. ' + annotation: 'Does the organization use automated mechanisms to prevent the execution + of unauthorized software programs? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-07 + name: 'Predictable Failure Analysis ' + description: Mechanisms exist to determine the Mean Time to Failure (MTTF) for + system components in specific environments of operation. + annotation: Does the organization determine the Mean Time to Failure (MTTF) + for system components in specific environments of operation? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-07.1 + name: Technology Lifecycle Management + description: 'Mechanisms exist to manage the usable lifecycles of technology + assets. ' + annotation: 'Does the organization manage the usable lifecycles of technology + assets? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-07.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-07.2 + name: Fail Secure + description: 'Mechanisms exist to enable systems to fail to an organization-defined + known-state for types of failures, preserving system state information in + failure. ' + annotation: 'Does the organization enable systems to fail to an organization-defined + known-state for types of failures, preserving system state information in + failure? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-07.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-07.3 + name: Fail Safe + description: 'Mechanisms exist to implement fail-safe procedures when failure + conditions occur. ' + annotation: 'Does the organization implement fail-safe procedures when failure + conditions occur? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-08 + name: 'Non-Persistence ' + description: 'Mechanisms exist to implement non-persistent system components + and services that are initiated in a known state and terminated upon the end + of the session of use or periodically at an organization-defined frequency. ' + annotation: 'Does the organization implement non-persistent system components + and services that are initiated in a known state and terminated upon the end + of the session of use or periodically at an organization-defined frequency? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-08.1 + name: Refresh from Trusted Sources + description: Mechanisms exist to ensure that software and data needed for information + system component and service refreshes are obtained from trusted sources. + annotation: Does the organization ensure that software and data needed for information + system component and service refreshes are obtained from trusted sources? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-09 + name: 'Information Output Filtering ' + description: 'Mechanisms exist to validate information output from software + programs and/or applications to ensure that the information is consistent + with the expected content. ' + annotation: 'Does the organization validate information output from software + programs and/or applications to ensure that the information is consistent + with the expected content? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-09.1 + name: Limit Personal Data (PD) Dissemination + description: Mechanisms exist to limit the dissemination of Personal Data (PD) + to organization-defined elements identified in the Data Protection Impact + Assessment (DPIA) and consistent with authorized purposes. + annotation: Does the organization limit the dissemination of Personal Data (PD) + to organization-defined elements identified in the Data Protection Impact + Assessment (DPIA) and consistent with authorized purposes? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-10 + name: 'Memory Protection ' + description: 'Mechanisms exist to implement security safeguards to protect system + memory from unauthorized code execution. ' + annotation: 'Does the organization implement security safeguards to protect + system memory from unauthorized code execution? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-11 + name: 'Honeypots ' + description: 'Mechanisms exist to utilize honeypots that are specifically designed + to be the target of malicious attacks for the purpose of detecting, deflecting + and analyzing such attacks. ' + annotation: 'Does the organization utilize honeypots that are specifically designed + to be the target of malicious attacks for the purpose of detecting, deflecting + and analyzing such attacks? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-12 + name: 'Honeyclients ' + description: 'Mechanisms exist to utilize honeyclients that proactively seek + to identify malicious websites and/or web-based malicious code. ' + annotation: 'Does the organization utilize honeyclients that proactively seek + to identify malicious websites and/or web-based malicious code? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-13 + name: 'Heterogeneity ' + description: 'Mechanisms exist to utilize a diverse set of technologies for + system components to reduce the impact of technical vulnerabilities from the + same Original Equipment Manufacturer (OEM). ' + annotation: 'Does the organization utilize a diverse set of technologies for + system components to reduce the impact of technical vulnerabilities from the + same Original Equipment Manufacturer (OEM)? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-13.1 + name: 'Virtualization Techniques ' + description: Mechanisms exist to utilize virtualization techniques to support + the employment of a diversity of operating systems and applications. + annotation: Does the organization utilize virtualization techniques to support + the employment of a diversity of operating systems and applications? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-14 + name: 'Concealment & Misdirection ' + description: 'Mechanisms exist to utilize concealment and misdirection techniques + for systems to confuse and mislead adversaries. ' + annotation: 'Does the organization utilize concealment and misdirection techniques + for systems to confuse and mislead adversaries? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-14.1 + name: Randomness + description: Automated mechanisms exist to introduce randomness into organizational + operations and assets. + annotation: Does the organization use automated mechanisms to introduce randomness + into organizational operations and assets? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-14.2 + name: Change Processing & Storage Locations + description: Automated mechanisms exist to change the location of processing + and/or storage at random time intervals. + annotation: Does the organization use automated mechanisms to change the location + of processing and/or storage at random time intervals? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-15 + name: 'Distributed Processing & Storage ' + description: 'Mechanisms exist to distribute processing and storage across multiple + physical locations. ' + annotation: 'Does the organization distribute processing and storage across + multiple physical locations? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-16 + name: 'Non-Modifiable Executable Programs ' + description: Mechanisms exist to utilize non-modifiable executable programs + that load and execute the operating environment and applications from hardware-enforced, + read-only media. + annotation: Does the organization utilize non-modifiable executable programs + that load and execute the operating environment and applications from hardware-enforced, + read-only media? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-17 + name: 'Secure Log-On Procedures ' + description: Mechanisms exist to utilize a trusted communications path between + the user and the security functions of the system. + annotation: Does the organization utilize a trusted communications path between + the user and the security functions of the system? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-18 + name: System Use Notification (Logon Banner) + description: Mechanisms exist to utilize system use notification / logon banners + that display an approved system use notification message or banner before + granting access to the system that provides cybersecurity & data privacy notices. + annotation: Does the organization utilize system use notification / logon banners + that display an approved system use notification message or banner before + granting access to the system that provides cybersecurity & data privacy notices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-18.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-18.1 + name: Standardized Microsoft Windows Banner + description: Mechanisms exist to configure Microsoft Windows-based systems to + display an approved logon banner before granting access to the system that + provides cybersecurity & data privacy notices. + annotation: Does the organization configure Microsoft Windows-based systems + to display an approved logon banner before granting access to the system that + provides cybersecurity & data privacy notices? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-18.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-18.2 + name: Truncated Banner + description: Mechanisms exist to utilize a truncated system use notification + / logon banner on systems not capable of displaying a logon banner from a + centralized source, such as Active Directory. + annotation: Does the organization utilize a truncated system use notification + / logon banner on systems not capable of displaying a logon banner from a + centralized source, such as Active Directory? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-19 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-19 + name: Previous Logon Notification + description: Mechanisms exist to configure systems that process, store or transmit + sensitive/regulated data to notify the user, upon successful logon, of the + number of unsuccessful logon attempts since the last successful logon. + annotation: Does the organization configure systems that process, store or transmit + sensitive/regulated data to notify the user, upon successful logon, of the + number of unsuccessful logon attempts since the last successful logon? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-20 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-20 + name: Clock Synchronization + description: 'Mechanisms exist to utilize time-synchronization technology to + synchronize all critical system clocks. ' + annotation: 'Does the organization utilize time-synchronization technology to + synchronize all critical system clocks? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sea-21 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1057 + ref_id: SEA-21 + name: Application Container + description: Mechanisms exist to utilize an application container (virtualization + approach) to isolate to a known set of dependencies, access methods and interfaces. + annotation: Does the organization utilize an application container (virtualization + approach) to isolate to a known set of dependencies, access methods and interfaces? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + assessable: false + depth: 1 + name: Security Operations + - urn: urn:intuitem:risk:req_node:scf-2024-2:ops-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + ref_id: OPS-01 + name: 'Operations Security ' + description: Mechanisms exist to facilitate the implementation of operational + security controls. + annotation: Does the organization facilitate the implementation of operational + security controls? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ops-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + ref_id: OPS-01.1 + name: Standardized Operating Procedures (SOP) + description: Mechanisms exist to identify and document Standardized Operating + Procedures (SOP), or similar documentation, to enable the proper execution + of day-to-day / assigned tasks. + annotation: Does the organization identify and document Standardized Operating + Procedures (SOP), or similar documentation, to enable the proper execution + of day-to-day / assigned tasks? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ops-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + ref_id: OPS-02 + name: 'Security Concept Of Operations (CONOPS) ' + description: 'Mechanisms exist to develop a security Concept of Operations (CONOPS), + or a similarly-defined plan for achieving cybersecurity objectives, that documents + management, operational and technical measures implemented to apply defense-in-depth + techniques that is communicated to all appropriate stakeholders. ' + annotation: 'Does the organization develop a security Concept of Operations + (CONOPS), or a similarly-defined plan for achieving cybersecurity objectives, + that documents management, operational and technical measures implemented + to apply defense-in-depth techniques that is communicated to all appropriate + stakeholders? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ops-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + ref_id: OPS-03 + name: 'Service Delivery + + (Business Process Support) ' + description: Mechanisms exist to define supporting business processes and implement + appropriate governance and service management to ensure appropriate planning, + delivery and support of the organization's technology capabilities supporting + business functions, workforce, and/or customers based on industry-recognized + standards to achieve the specific goals of the process area. + annotation: Does the organization define supporting business processes and implement + appropriate governance and service management to ensure appropriate planning, + delivery and support of the organization's technology capabilities supporting + business functions, workforce, and/or customers based on industry-recognized + standards to achieve the specific goals of the process area? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ops-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + ref_id: OPS-04 + name: Security Operations Center (SOC) + description: Mechanisms exist to establish and maintain a Security Operations + Center (SOC) that facilitates a 24x7 response capability. + annotation: Does the organization establish and maintain a Security Operations + Center (SOC) that facilitates a 24x7 response capability? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ops-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + ref_id: OPS-05 + name: Secure Practices Guidelines + description: Mechanisms exist to provide guidelines and recommendations for + the secure use of products and/or services to assist in the configuration, + installation and use of the product and/or service. + annotation: Does the organization provide guidelines and recommendations for + the secure use of products and/or services to assist in the configuration, + installation and use of the product and/or service? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ops-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + ref_id: OPS-06 + name: Security Orchestration, Automation, and Response (SOAR) + description: Mechanisms exist to utilize Security Orchestration, Automation + and Response (SOAR) tools to define, prioritize and automate the response + to security incidents. + annotation: Does the organization utilize Security Orchestration, Automation + and Response (SOAR) tools to define, prioritize and automate the response + to security incidents? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:ops-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1100 + ref_id: OPS-07 + name: Shadow Information Technology Detection + description: Mechanisms exist to detect the presence of unauthorized software, + systems and services in use by the organization. + annotation: Does the organization detect the presence of unauthorized software, + systems and services in use by the organization? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + assessable: false + depth: 1 + name: 'Security Awareness & Training ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-01 + name: 'Cybersecurity & Data Privacy-Minded Workforce ' + description: 'Mechanisms exist to facilitate the implementation of security + workforce development and awareness controls. ' + annotation: 'Does the organization facilitate the implementation of security + workforce development and awareness controls? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-02 + name: Cybersecurity & Data Privacy Awareness Training + description: 'Mechanisms exist to provide all employees and contractors appropriate + awareness education and training that is relevant for their job function. ' + annotation: 'Does the organization provide all employees and contractors appropriate + awareness education and training that is relevant for their job function? ' + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-02.1 + name: Simulated Cyber Attack Scenario Training + description: Mechanisms exist to include simulated actual cyber-attacks through + practical exercises that are aligned with current threat scenarios. + annotation: Does the organization include simulated actual cyber-attacks through + practical exercises that are aligned with current threat scenarios? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-02.2 + name: Social Engineering & Mining + description: Mechanisms exist to include awareness training on recognizing and + reporting potential and actual instances of social engineering and social + mining. + annotation: Does the organization include awareness training on recognizing + and reporting potential and actual instances of social engineering and social + mining? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03 + name: 'Role-Based Cybersecurity & Data Privacy Training ' + description: "Mechanisms exist to provide role-based cybersecurity & data privacy-related\ + \ training: \n \u25AA Before authorizing access to the system or performing\ + \ assigned duties; \n \u25AA When required by system changes; and \n \u25AA\ + \ Annually thereafter." + annotation: "Does the organization provide role-based cybersecurity & data privacy-related\ + \ training: \n \u25AA Before authorizing access to the system or performing\ + \ assigned duties; \n \u25AA When required by system changes; and \n \u25AA\ + \ Annually thereafter?" + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.1 + name: 'Practical Exercises ' + description: Mechanisms exist to include practical exercises in cybersecurity + & data privacy training that reinforce training objectives. + annotation: Does the organization include practical exercises in cybersecurity + & data privacy training that reinforce training objectives? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.2 + name: Suspicious Communications & Anomalous System Behavior + description: Mechanisms exist to provide training to personnel on organization-defined + indicators of malware to recognize suspicious communications and anomalous + behavior. + annotation: Does the organization provide training to personnel on organization-defined + indicators of malware to recognize suspicious communications and anomalous + behavior? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.3 + name: Sensitive Information Storage, Handling & Processing + description: Mechanisms exist to ensure that every user accessing a system processing, + storing or transmitting sensitive information is formally trained in data + handling requirements. + annotation: Does the organization ensure that every user accessing a system + processing, storing or transmitting sensitive information is formally trained + in data handling requirements? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.4 + name: Vendor Cybersecurity & Data Privacy Training + description: 'Mechanisms exist to incorporate vendor-specific security training + in support of new technology initiatives. ' + annotation: 'Does the organization incorporate vendor-specific security training + in support of new technology initiatives? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.5 + name: Privileged Users + description: 'Mechanisms exist to provide specific training for privileged users + to ensure privileged users understand their unique roles and responsibilities ' + annotation: 'Does the organization provide specific training for privileged + users to ensure privileged users understand their unique roles and responsibilities ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.6 + name: Cyber Threat Environment + description: Mechanisms exist to provide role-based cybersecurity & data privacy + awareness training that is current and relevant to the cyber threats that + users might encounter in day-to-day business operations. + annotation: Does the organization provide role-based cybersecurity & data privacy + awareness training that is current and relevant to the cyber threats that + users might encounter in day-to-day business operations? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.7 + name: Continuing Professional Education (CPE) - Cybersecurity & Data Privacy + Personnel + description: Mechanisms exist to ensure cybersecurity & data privacy personnel + receive Continuing Professional Education (CPE) training to maintain currency + and proficiency with industry-recognized secure practices that are pertinent + to their assigned roles and responsibilities. + annotation: Does the organization ensure cybersecurity & data privacy personnel + receive Continuing Professional Education (CPE) training to maintain currency + and proficiency with industry-recognized secure practices that are pertinent + to their assigned roles and responsibilities? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.8 + name: Continuing Professional Education (CPE) - DevOps Personnel + description: Mechanisms exist to ensure application development and operations + (DevOps) personnel receive Continuing Professional Education (CPE) training + on Secure Software Development Practices (SSDP) to appropriately address evolving + threats. + annotation: Does the organization ensure application development and operations + (DevOps) personnel receive Continuing Professional Education (CPE) training + on Secure Software Development Practices (SSDP) to appropriately address evolving + threats? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-03.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-03.9 + name: Counterintelligence Training + description: Mechanisms exist to provide specialized counterintelligence awareness + training that enables personnel to collect, interpret and act upon a range + of data sources that may signal the presence of a hostile actor. + annotation: Does the organization provide specialized counterintelligence awareness + training that enables personnel to collect, interpret and act upon a range + of data sources that may signal the presence of a hostile actor? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:sat-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1109 + ref_id: SAT-04 + name: 'Cybersecurity & Data Privacy Training Records ' + description: Mechanisms exist to document, retain and monitor individual training + activities, including basic cybersecurity & data privacy awareness training, + ongoing awareness training and specific-system training. + annotation: Does the organization document, retain and monitor individual training + activities, including basic cybersecurity & data privacy awareness training, + ongoing awareness training and specific-system training? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + assessable: false + depth: 1 + name: Technology Development & Acquisition + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-01 + name: Technology Development & Acquisition + description: Mechanisms exist to facilitate the implementation of tailored development + and acquisition strategies, contract tools and procurement methods to meet + unique business needs. + annotation: Does the organization facilitate the implementation of tailored + development and acquisition strategies, contract tools and procurement methods + to meet unique business needs? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-01.1 + name: Product Management + description: Mechanisms exist to design and implement product management processes + to update products, including systems, software and services, to improve functionality + and correct security deficiencies. + annotation: Does the organization design and implement product management processes + to update products, including systems, software and services, to improve functionality + and correct security deficiencies? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-01.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-01.2 + name: 'Integrity Mechanisms for Software / Firmware Updates ' + description: Mechanisms exist to utilize integrity validation mechanisms for + security updates. + annotation: Does the organization utilize integrity validation mechanisms for + security updates? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-01.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-01.3 + name: 'Malware Testing Prior to Release ' + description: Mechanisms exist to utilize at least one (1) malware detection + tool to identify if any known malware exists in the final binaries of the + product or security update. + annotation: Does the organization utilize at least one (1) malware detection + tool to identify if any known malware exists in the final binaries of the + product or security update? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-02 + name: 'Minimum Viable Product (MVP) Security Requirements ' + description: Mechanisms exist to ensure risk-based technical and functional + specifications are established to define a Minimum Viable Product (MVP). + annotation: Does the organization ensure risk-based technical and functional + specifications are established to define a Minimum Viable Product (MVP)? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-02.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-02.1 + name: Ports, Protocols & Services In Use + description: 'Mechanisms exist to require the developers of systems, system + components or services to identify early in the Secure Development Life Cycle + (SDLC), the functions, ports, protocols and services intended for use. ' + annotation: 'Does the organization require the developers of systems, system + components or services to identify early in the Secure Development Life Cycle + (SDLC), the functions, ports, protocols and services intended for use? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-02.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-02.2 + name: Information Assurance Enabled Products + description: Mechanisms exist to limit the use of commercially-provided Information + Assurance (IA) and IA-enabled IT products to those products that have been + successfully evaluated against a National Information Assurance partnership + (NIAP)-approved Protection Profile or the cryptographic module is FIPS-validated + or NSA-approved. + annotation: Does the organization limit the use of commercially-provided Information + Assurance (IA) and IA-enabled IT products to those products that have been + successfully evaluated against a National Information Assurance partnership + (NIAP)-approved Protection Profile or the cryptographic module is FIPS-validated + or NSA-approved? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-02.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-02.3 + name: Development Methods, Techniques & Processes + description: Mechanisms exist to require software developers to ensure that + their software development processes employ industry-recognized secure practices + for secure programming, engineering methods, quality control processes and + validation techniques to minimize flawed and/or malformed software. + annotation: Does the organization require software developers to ensure that + their software development processes employ industry-recognized secure practices + for secure programming, engineering methods, quality control processes and + validation techniques to minimize flawed and/or malformed software? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-02.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-02.4 + name: Pre-Established Secure Configurations + description: "Mechanisms exist to ensure vendors / manufacturers:\n \u25AA Deliver\ + \ the system, component, or service with a pre-established, secure configuration\ + \ implemented; and\n \u25AA Use the pre-established, secure configuration\ + \ as the default for any subsequent system, component, or service reinstallation\ + \ or upgrade." + annotation: "Does the organization ensure vendors / manufacturers:\n \u25AA\ + \ Deliver the system, component, or service with a pre-established, secure\ + \ configuration implemented; and\n \u25AA Use the pre-established, secure\ + \ configuration as the default for any subsequent system, component, or service\ + \ reinstallation or upgrade?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-02.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-02.5 + name: Identification & Justification of Ports, Protocols & Services + description: 'Mechanisms exist to require process owners to identify, document + and justify the business need for the ports, protocols and other services + necessary to operate their technology solutions. ' + annotation: 'Does the organization require process owners to identify, document + and justify the business need for the ports, protocols and other services + necessary to operate their technology solutions? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-02.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-02.6 + name: Insecure Ports, Protocols & Services + description: 'Mechanisms exist to mitigate the risk associated with the use + of insecure ports, protocols and services necessary to operate technology + solutions. ' + annotation: 'Does the organization mitigate the risk associated with the use + of insecure ports, protocols and services necessary to operate technology + solutions? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-02.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-02.7 + name: Cybersecurity & Data Privacy Representatives For Product Changes + description: Mechanisms exist to include appropriate cybersecurity & data privacy + representatives in the product feature and/or functionality change control + review process. + annotation: Does the organization include appropriate cybersecurity & data privacy + representatives in the product feature and/or functionality change control + review process? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-03 + name: 'Commercial Off-The-Shelf (COTS) Security Solutions ' + description: 'Mechanisms exist to utilize only Commercial Off-the-Shelf (COTS) + security products. ' + annotation: 'Does the organization utilize only Commercial Off-the-Shelf (COTS) + security products? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-03.1 + name: Supplier Diversity + description: Mechanisms exist to obtain cybersecurity & data privacy technologies + from different suppliers to minimize supply chain risk. + annotation: Does the organization obtain cybersecurity & data privacy technologies + from different suppliers to minimize supply chain risk? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-04 + name: Documentation Requirements + description: "Mechanisms exist to obtain, protect and distribute administrator\ + \ documentation for systems that describe:\n \u25AA Secure configuration,\ + \ installation and operation of the system;\n \u25AA Effective use and maintenance\ + \ of security features/functions; and\n \u25AA Known vulnerabilities regarding\ + \ configuration and use of administrative (e.g., privileged) functions." + annotation: "Does the organization obtain, protect and distribute administrator\ + \ documentation for systems that describe:\n \u25AA Secure configuration,\ + \ installation and operation of the system;\n \u25AA Effective use and maintenance\ + \ of security features/functions; and\n \u25AA Known vulnerabilities regarding\ + \ configuration and use of administrative (e.g., privileged) functions?" + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-04.1 + name: 'Functional Properties ' + description: 'Mechanisms exist to require software developers to provide information + describing the functional properties of the security controls to be utilized + within systems, system components or services in sufficient detail to permit + analysis and testing of the controls. ' + annotation: 'Does the organization require software developers to provide information + describing the functional properties of the security controls to be utilized + within systems, system components or services in sufficient detail to permit + analysis and testing of the controls? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-04.2 + name: Software Bill of Materials (SBOM) + description: Mechanisms exist to generate, or obtain, a Software Bill of Materials + (SBOM) for systems, applications and services that lists software packages + in use, including versions and applicable licenses. + annotation: Does the organization generate, or obtain, a Software Bill of Materials + (SBOM) for systems, applications and services that lists software packages + in use, including versions and applicable licenses? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-05 + name: 'Developer Architecture & Design ' + description: "Mechanisms exist to require the developers of systems, system\ + \ components or services to produce a design specification and security architecture\ + \ that: \n \u25AA Is consistent with and supportive of the organization\u2019\ + s security architecture which is established within and is an integrated part\ + \ of the organization\u2019s enterprise architecture;\n \u25AA Accurately\ + \ and completely describes the required security functionality and the allocation\ + \ of security controls among physical and logical components; and\n \u25AA\ + \ Expresses how individual security functions, mechanisms and services work\ + \ together to provide required security capabilities and a unified approach\ + \ to protection." + annotation: "Does the organization require the developers of systems, system\ + \ components or services to produce a design specification and security architecture\ + \ that: \n \u25AA Is consistent with and supportive of the organization\u2019\ + s security architecture which is established within and is an integrated part\ + \ of the organization\u2019s enterprise architecture;\n \u25AA Accurately\ + \ and completely describes the required security functionality and the allocation\ + \ of security controls among physical and logical components; and\n \u25AA\ + \ Expresses how individual security functions, mechanisms and services work\ + \ together to provide required security capabilities and a unified approach\ + \ to protection?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-05.1 + name: Physical Diagnostic & Test Interfaces + description: Mechanisms exist to secure physical diagnostic and test interfaces + to prevent misuse. + annotation: Does the organization secure physical diagnostic and test interfaces + to prevent misuse? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-05.2 + name: Diagnostic & Test Interface Monitoring + description: Mechanisms exist to enable endpoint devices to log events and generate + alerts for attempts to access diagnostic and test interfaces. + annotation: Does the organization enable endpoint devices to log events and + generate alerts for attempts to access diagnostic and test interfaces? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-06 + name: 'Secure Coding ' + description: 'Mechanisms exist to develop applications based on secure coding + principles. ' + annotation: 'Does the organization develop applications based on secure coding + principles? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-06.1 + name: Criticality Analysis + description: Mechanisms exist to require the developer of the system, system + component or service to perform a criticality analysis at organization-defined + decision points in the Secure Development Life Cycle (SDLC). + annotation: Does the organization require the developer of the system, system + component or service to perform a criticality analysis at organization-defined + decision points in the Secure Development Life Cycle (SDLC)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-06.2 + name: Threat Modeling + description: Mechanisms exist to perform threat modelling and other secure design + techniques, to ensure that threats to software and solutions are identified + and accounted for. + annotation: Does the organization perform threat modelling and other secure + design techniques, to ensure that threats to software and solutions are identified + and accounted for? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-06.3 + name: Software Assurance Maturity Model (SAMM) + description: Mechanisms exist to utilize a Software Assurance Maturity Model + (SAMM) to govern a secure development lifecycle for the development of systems, + applications and services. + annotation: Does the organization utilize a Software Assurance Maturity Model + (SAMM) to govern a secure development lifecycle for the development of systems, + applications and services? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-06.4 + name: Supporting Toolchain + description: Automated mechanisms exist to improve the accuracy, consistency + and comprehensiveness of secure practices throughout the asset's lifecycle. + annotation: Does the organization use automated mechanisms to improve the accuracy, + consistency and comprehensiveness of secure practices throughout the asset's + lifecycle? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-06.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-06.5 + name: Software Design Review + description: Mechanisms exist to have an independent review of the software + design to confirm that all cybersecurity & data privacy requirements are met + and that any identified risks are satisfactorily addressed. + annotation: Does the organization have an independent review of the software + design to confirm that all cybersecurity & data privacy requirements are met + and that any identified risks are satisfactorily addressed? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-07 + name: 'Secure Development Environments ' + description: 'Mechanisms exist to maintain a segmented development network to + ensure a secure development environment. ' + annotation: 'Does the organization maintain a segmented development network + to ensure a secure development environment? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-08 + name: 'Separation of Development, Testing and Operational Environments ' + description: Mechanisms exist to manage separate development, testing and operational + environments to reduce the risks of unauthorized access or changes to the + operational environment and to ensure no impact to production systems. + annotation: Does the organization manage separate development, testing and operational + environments to reduce the risks of unauthorized access or changes to the + operational environment and to ensure no impact to production systems? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-08.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-08.1 + name: Secure Migration Practices + description: Mechanisms exist to ensure secure migration practices purge systems, + applications and services of test/development/staging data and accounts before + it is migrated into a production environment. + annotation: Does the organization ensure secure migration practices purge systems, + applications and services of test/development/staging data and accounts before + it is migrated into a production environment? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-09 + name: 'Cybersecurity & Data Privacy Testing Throughout Development ' + description: "Mechanisms exist to require system developers/integrators consult\ + \ with cybersecurity & data privacy personnel to: \n \u25AA Create and implement\ + \ a Security Test and Evaluation (ST&E) plan;\n \u25AA Implement a verifiable\ + \ flaw remediation process to correct weaknesses and deficiencies identified\ + \ during the security testing and evaluation process; and\n \u25AA Document\ + \ the results of the security testing/evaluation and flaw remediation processes." + annotation: "Does the organization require system developers/integrators consult\ + \ with cybersecurity & data privacy personnel to: \n \u25AA Create and implement\ + \ a Security Test and Evaluation (ST&E) plan;\n \u25AA Implement a verifiable\ + \ flaw remediation process to correct weaknesses and deficiencies identified\ + \ during the security testing and evaluation process; and\n \u25AA Document\ + \ the results of the security testing/evaluation and flaw remediation processes?" + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-09.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-09.1 + name: Continuous Monitoring Plan + description: 'Mechanisms exist to require the developers of systems, system + components or services to produce a plan for the continuous monitoring of + cybersecurity & data privacy control effectiveness. ' + annotation: 'Does the organization require the developers of systems, system + components or services to produce a plan for the continuous monitoring of + cybersecurity & data privacy control effectiveness? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-09.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-09.2 + name: Static Code Analysis + description: 'Mechanisms exist to require the developers of systems, system + components or services to employ static code analysis tools to identify and + remediate common flaws and document the results of the analysis. ' + annotation: 'Does the organization require the developers of systems, system + components or services to employ static code analysis tools to identify and + remediate common flaws and document the results of the analysis? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-09.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-09.3 + name: 'Dynamic Code Analysis ' + description: 'Mechanisms exist to require the developers of systems, system + components or services to employ dynamic code analysis tools to identify and + remediate common flaws and document the results of the analysis. ' + annotation: 'Does the organization require the developers of systems, system + components or services to employ dynamic code analysis tools to identify and + remediate common flaws and document the results of the analysis? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-09.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-09.4 + name: Malformed Input Testing + description: Mechanisms exist to utilize testing methods to ensure systems, + services and products continue to operate as intended when subject to invalid + or unexpected inputs on its interfaces. + annotation: Does the organization utilize testing methods to ensure systems, + services and products continue to operate as intended when subject to invalid + or unexpected inputs on its interfaces? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-09.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-09.5 + name: Application Penetration Testing + description: Mechanisms exist to perform application-level penetration testing + of custom-made applications and services. + annotation: Does the organization perform application-level penetration testing + of custom-made applications and services? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-09.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-09.6 + name: Secure Settings By Default + description: Mechanisms exist to implement secure configuration settings by + default to reduce the likelihood of software being deployed with weak security + settings that would put the asset at a greater risk of compromise. + annotation: Does the organization implement secure configuration settings by + default to reduce the likelihood of software being deployed with weak security + settings that would put the asset at a greater risk of compromise? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-09.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-09.7 + name: Manual Code Review + description: "Mechanisms exist to require the developers of systems, system\ + \ components or services to employ a manual code review process to identify\ + \ and remediate unique flaws that require knowledge of the application\u2019\ + s requirements and design." + annotation: "Does the organization require the developers of systems, system\ + \ components or services to employ a manual code review process to identify\ + \ and remediate unique flaws that require knowledge of the application\u2019\ + s requirements and design?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-10 + name: 'Use of Live Data ' + description: Mechanisms exist to approve, document and control the use of live + data in development and test environments. + annotation: Does the organization approve, document and control the use of live + data in development and test environments? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-10.1 + name: Test Data Integrity + description: Mechanisms exist to ensure the integrity of test data through existing + cybersecurity & data privacy controls. + annotation: Does the organization ensure the integrity of test data through + existing cybersecurity & data privacy controls? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-11 + name: Product Tampering and Counterfeiting (PTC) + description: Mechanisms exist to maintain awareness of component authenticity + by developing and implementing Product Tampering and Counterfeiting (PTC) + practices that include the means to detect and prevent counterfeit components. + annotation: Does the organization maintain awareness of component authenticity + by developing and implementing Product Tampering and Counterfeiting (PTC) + practices that include the means to detect and prevent counterfeit components? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-11.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-11.1 + name: Anti-Counterfeit Training + description: 'Mechanisms exist to train personnel to detect counterfeit system + components, including hardware, software and firmware. ' + annotation: 'Does the organization train personnel to detect counterfeit system + components, including hardware, software and firmware? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-11.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-11.2 + name: Component Disposal + description: '[deprecated - incorporated into AST-09] + + Mechanisms exist to dispose of system components using organization-defined + techniques and methods to prevent such components from entering the gray market. ' + annotation: '[deprecated - incorporated into AST-09] + + Does the organization dispose of system components using organization-defined + techniques and methods to prevent such components from entering the gray market? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-12 + name: 'Customized Development of Critical Components ' + description: Mechanisms exist to custom-develop critical system components, + when Commercial Off The Shelf (COTS) solutions are unavailable. + annotation: Does the organization custom-develop critical system components, + when Commercial Off The Shelf (COTS) solutions are unavailable? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-13 + name: 'Developer Screening ' + description: Mechanisms exist to ensure that the developers of systems, applications + and/or services have the requisite skillset and appropriate access authorizations. + annotation: Does the organization ensure that the developers of systems, applications + and/or services have the requisite skillset and appropriate access authorizations? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-14 + name: 'Developer Configuration Management ' + description: Mechanisms exist to require system developers and integrators to + perform configuration management during system design, development, implementation + and operation. + annotation: Does the organization require system developers and integrators + to perform configuration management during system design, development, implementation + and operation? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-14.1 + name: Software / Firmware Integrity Verification + description: 'Mechanisms exist to require developer of systems, system components + or services to enable integrity verification of software and firmware components. ' + annotation: 'Does the organization require developer of systems, system components + or services to enable integrity verification of software and firmware components? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-14.2 + name: Hardware Integrity Verification + description: Mechanisms exist to require developer of systems, system components + or services to enable integrity verification of hardware components. + annotation: Does the organization require developer of systems, system components + or services to enable integrity verification of hardware components? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-15 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-15 + name: Developer Threat Analysis & Flaw Remediation + description: 'Mechanisms exist to require system developers and integrators + to create a Security Test and Evaluation (ST&E) plan and implement the plan + under the witness of an independent party. ' + annotation: 'Does the organization require system developers and integrators + to create a Security Test and Evaluation (ST&E) plan and implement the plan + under the witness of an independent party? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-16 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-16 + name: 'Developer-Provided Training ' + description: Mechanisms exist to require the developers of systems, system components + or services to provide training on the correct use and operation of the system, + system component or service. + annotation: Does the organization require the developers of systems, system + components or services to provide training on the correct use and operation + of the system, system component or service? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-17 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-17 + name: 'Unsupported Systems ' + description: "Mechanisms exist to prevent unsupported systems by:\n \u25AA Replacing\ + \ systems when support for the components is no longer available from the\ + \ developer, vendor or manufacturer; and\n \u25AA Requiring justification\ + \ and documented approval for the continued use of unsupported system components\ + \ required to satisfy mission/business needs." + annotation: "Does the organization prevent unsupported systems by:\n \u25AA\ + \ Replacing systems when support for the components is no longer available\ + \ from the developer, vendor or manufacturer; and\n \u25AA Requiring justification\ + \ and documented approval for the continued use of unsupported system components\ + \ required to satisfy mission/business needs?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-17.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-17.1 + name: Alternate Sources for Continued Support + description: 'Mechanisms exist to provide in-house support or contract external + providers for support with unsupported system components. ' + annotation: 'Does the organization provide in-house support or contract external + providers for support with unsupported system components? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-18 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-18 + name: 'Input Data Validation ' + description: 'Mechanisms exist to check the validity of information inputs. ' + annotation: 'Does the organization check the validity of information inputs? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-19 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-19 + name: 'Error Handling ' + description: "Mechanisms exist to handle error conditions by: \n \u25AA Identifying\ + \ potentially security-relevant error conditions;\n \u25AA Generating error\ + \ messages that provide information necessary for corrective actions without\ + \ revealing sensitive or potentially harmful information in error logs and\ + \ administrative messages that could be exploited; and\n \u25AA Revealing\ + \ error messages only to authorized personnel." + annotation: "Does the organization handle error conditions by: \n \u25AA Identifying\ + \ potentially security-relevant error conditions;\n \u25AA Generating error\ + \ messages that provide information necessary for corrective actions without\ + \ revealing sensitive or potentially harmful information in error logs and\ + \ administrative messages that could be exploited; and\n \u25AA Revealing\ + \ error messages only to authorized personnel?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-20 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-20 + name: 'Access to Program Source Code ' + description: 'Mechanisms exist to limit privileges to change software resident + within software libraries. ' + annotation: 'Does the organization limit privileges to change software resident + within software libraries? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-20.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-20.1 + name: Software Release Integrity Verification + description: Mechanisms exist to publish integrity verification information + for software releases. + annotation: Does the organization publish integrity verification information + for software releases? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-20.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-20.2 + name: Archiving Software Releases + description: Mechanisms exist to archive software releases and all of their + components (e.g., code, package files, third-party libraries, documentation) + to maintain integrity verification information. + annotation: Does the organization archive software releases and all of their + components (e.g., code, package files, third-party libraries, documentation) + to maintain integrity verification information? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tda-20.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1125 + ref_id: TDA-20.3 + name: Software Escrow + description: 'Mechanisms exist to escrow source code and supporting documentation + to ensure software availability in the event the software provider goes out + of business or is unable to provide support. ' + annotation: 'Does the organization escrow source code and supporting documentation + to ensure software availability in the event the software provider goes out + of business or is unable to provide support? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + assessable: false + depth: 1 + name: 'Third-Party Management ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-01 + name: 'Third-Party Management ' + description: Mechanisms exist to facilitate the implementation of third-party + management controls. + annotation: Does the organization facilitate the implementation of third-party + management controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-01.1 + name: 'Third-Party Inventories ' + description: Mechanisms exist to maintain a current, accurate and complete list + of External Service Providers (ESPs) that can potentially impact the Confidentiality, + Integrity, Availability and/or Safety (CIAS) of the organization's systems, + applications, services and data. + annotation: Does the organization maintain a current, accurate and complete + list of External Service Providers (ESPs) that can potentially impact the + Confidentiality, Integrity, Availability and/or Safety (CIAS) of the organization's + systems, applications, services and data? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-02 + name: Third-Party Criticality Assessments + description: Mechanisms exist to identify, prioritize and assess suppliers and + partners of critical systems, components and services using a supply chain + risk assessment process relative to their importance in supporting the delivery + of high-value services. + annotation: Does the organization identify, prioritize and assess suppliers + and partners of critical systems, components and services using a supply chain + risk assessment process relative to their importance in supporting the delivery + of high-value services? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-03 + name: Supply Chain Protection + description: 'Mechanisms exist to evaluate security risks associated with the + services and product supply chain. ' + annotation: 'Does the organization evaluate security risks associated with the + services and product supply chain? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-03.1 + name: Acquisition Strategies, Tools & Methods + description: Mechanisms exist to utilize tailored acquisition strategies, contract + tools and procurement methods for the purchase of unique systems, system components + or services. + annotation: Does the organization utilize tailored acquisition strategies, contract + tools and procurement methods for the purchase of unique systems, system components + or services? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-03.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-03.2 + name: Limit Potential Harm + description: 'Mechanisms exist to utilize security safeguards to limit harm + from potential adversaries who identify and target the organization''s supply + chain. ' + annotation: 'Does the organization utilize security safeguards to limit harm + from potential adversaries who identify and target the organization''s supply + chain? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-03.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-03.3 + name: Processes To Address Weaknesses or Deficiencies + description: 'Mechanisms exist to address identified weaknesses or deficiencies + in the security of the supply chain ' + annotation: 'Does the organization address identified weaknesses or deficiencies + in the security of the supply chain ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-03.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-03.4 + name: Adequate Supply + description: 'Mechanisms exist to develop and implement a spare parts strategy + to ensure that an adequate supply of critical components is available to meet + operational needs. ' + annotation: Does the organization develop and implement a spare parts strategy + to ensure that an adequate supply of critical components is available to meet + operational needs? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-04 + name: 'Third-Party Services ' + description: "Mechanisms exist to mitigate the risks associated with third-party\ + \ access to the organization\u2019s systems and data." + annotation: "Does the organization mitigate the risks associated with third-party\ + \ access to the organization\u2019s systems and data?" + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-04.1 + name: Third-Party Risk Assessments & Approvals + description: Mechanisms exist to conduct a risk assessment prior to the acquisition + or outsourcing of technology-related services. + annotation: Does the organization conduct a risk assessment prior to the acquisition + or outsourcing of technology-related services? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-04.2 + name: External Connectivity Requirements - Identification of Ports, Protocols + & Services + description: Mechanisms exist to require External Service Providers (ESPs) to + identify and document the business need for ports, protocols and other services + it requires to operate its processes and technologies. + annotation: Does the organization require External Service Providers (ESPs) + to identify and document the business need for ports, protocols and other + services it requires to operate its processes and technologies? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-04.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-04.3 + name: Conflict of Interests + description: Mechanisms exist to ensure that the interests of external service + providers are consistent with and reflect organizational interests. + annotation: Does the organization ensure that the interests of external service + providers are consistent with and reflect organizational interests? + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-04.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-04.4 + name: Third-Party Processing, Storage and Service Locations + description: 'Mechanisms exist to restrict the location of information processing/storage + based on business requirements. ' + annotation: 'Does the organization restrict the location of information processing/storage + based on business requirements? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05 + name: Third-Party Contract Requirements + description: "Mechanisms exist to require contractual requirements for cybersecurity\ + \ & data privacy requirements with third-parties, reflecting the organization\u2019\ + s needs to protect its systems, processes and data." + annotation: "Does the organization require contractual requirements for cybersecurity\ + \ & data privacy requirements with third-parties, reflecting the organization\u2019\ + s needs to protect its systems, processes and data?" + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05.1 + name: Security Compromise Notification Agreements + description: Mechanisms exist to compel External Service Providers (ESPs) to + provide notification of actual or potential compromises in the supply chain + that can potentially affect or have adversely affected systems, applications + and/or services that the organization utilizes. + annotation: Does the organization compel External Service Providers (ESPs) to + provide notification of actual or potential compromises in the supply chain + that can potentially affect or have adversely affected systems, applications + and/or services that the organization utilizes? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05.2 + name: Contract Flow-Down Requirements + description: Mechanisms exist to ensure cybersecurity & data privacy requirements + are included in contracts that flow-down to applicable sub-contractors and + suppliers. + annotation: Does the organization ensure cybersecurity & data privacy requirements + are included in contracts that flow-down to applicable sub-contractors and + suppliers? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05.3 + name: Third-Party Authentication Practices + description: Mechanisms exist to ensure External Service Providers (ESPs) use + unique authentication factors for each of its customers. + annotation: Does the organization ensure External Service Providers (ESPs) use + unique authentication factors for each of its customers? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05.4 + name: Responsible, Accountable, Supportive, Consulted & Informed (RASCI) Matrix + description: 'Mechanisms exist to document and maintain a Responsible, Accountable, + Supportive, Consulted & Informed (RASCI) matrix, or similar documentation, + to delineate assignment for cybersecurity & data privacy controls between + internal stakeholders and External Service Providers (ESPs). ' + annotation: 'Does the organization document and maintain a Responsible, Accountable, + Supportive, Consulted & Informed (RASCI) matrix, or similar documentation, + to delineate assignment for cybersecurity & data privacy controls between + internal stakeholders and External Service Providers (ESPs)? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05.5 + name: Third-Party Scope Review + description: 'Mechanisms exist to perform recurring validation of the Responsible, + Accountable, Supportive, Consulted & Informed (RASCI) matrix, or similar documentation, + to ensure cybersecurity & data privacy control assignments accurately reflect + current business practices, compliance obligations, technologies and stakeholders. ' + annotation: 'Does the organization perform recurring validation of the Responsible, + Accountable, Supportive, Consulted & Informed (RASCI) matrix, or similar documentation, + to ensure cybersecurity & data privacy control assignments accurately reflect + current business practices, compliance obligations, technologies and stakeholders? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05.6 + name: First-Party Declaration (1PD) + description: 'Mechanisms exist to obtain a First-Party Declaration (1PD) from + applicable External Service Providers (ESPs) that provides assurance of compliance + with specified statutory, regulatory and contractual obligations for cybersecurity + & data privacy controls, including any flow-down requirements to subcontractors. ' + annotation: 'Does the organization obtain a First-Party Declaration (1PD) from + applicable External Service Providers (ESPs) that provides assurance of compliance + with specified statutory, regulatory and contractual obligations for cybersecurity + & data privacy controls, including any flow-down requirements to subcontractors? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05.7 + name: Break Clauses + description: Mechanisms exist to include "break clauses" within contracts for + failure to meet contract criteria for cybersecurity and/or data privacy controls. + annotation: Does the organization include "break clauses" within contracts for + failure to meet contract criteria for cybersecurity and/or data privacy controls? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-05.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-05.8 + name: Third-Party Attestation + description: Mechanisms exist to obtain an attestation from an independent Third-Party + Assessment Organization (3PAO) that provides assurance of conformity with + specified statutory, regulatory and contractual obligations for cybersecurity + & data privacy controls, including any flow-down requirements to contractors + and subcontractors. + annotation: Does the organization obtain an attestation from an independent + Third-Party Assessment Organization (3PAO) that provides assurance of conformity + with specified statutory, regulatory and contractual obligations for cybersecurity + & data privacy controls, including any flow-down requirements to contractors + and subcontractors? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-06 + name: 'Third-Party Personnel Security ' + description: Mechanisms exist to control personnel security requirements including + security roles and responsibilities for third-party providers. + annotation: Does the organization control personnel security requirements including + security roles and responsibilities for third-party providers? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-07 + name: 'Monitoring for Third-Party Information Disclosure ' + description: 'Mechanisms exist to monitor for evidence of unauthorized exfiltration + or disclosure of organizational information. ' + annotation: 'Does the organization monitor for evidence of unauthorized exfiltration + or disclosure of organizational information? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-08 + name: Review of Third-Party Services + description: 'Mechanisms exist to monitor, regularly review and audit External + Service Providers (ESPs) for compliance with established contractual requirements + for cybersecurity & data privacy controls. ' + annotation: 'Does the organization monitor, regularly review and audit External + Service Providers (ESPs) for compliance with established contractual requirements + for cybersecurity & data privacy controls? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-09 + name: 'Third-Party Deficiency Remediation ' + description: 'Mechanisms exist to address weaknesses or deficiencies in supply + chain elements identified during independent or organizational assessments + of such elements. ' + annotation: 'Does the organization address weaknesses or deficiencies in supply + chain elements identified during independent or organizational assessments + of such elements? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-10 + name: Managing Changes To Third-Party Services + description: Mechanisms exist to control changes to services by suppliers, taking + into account the criticality of business information, systems and processes + that are in scope by the third-party. + annotation: Does the organization control changes to services by suppliers, + taking into account the criticality of business information, systems and processes + that are in scope by the third-party? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:tpm-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1183 + ref_id: TPM-11 + name: Third-Party Incident Response & Recovery Capabilities + description: 'Mechanisms exist to ensure response/recovery planning and testing + are conducted with critical suppliers/providers. ' + annotation: 'Does the organization ensure response/recovery planning and testing + are conducted with critical suppliers/providers? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + assessable: false + depth: 1 + name: Threat Management + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-01 + name: Threat Intelligence Program + description: Mechanisms exist to implement a threat intelligence program that + includes a cross-organization information-sharing capability that can influence + the development of the system and security architectures, selection of security + solutions, monitoring, threat hunting, response and recovery activities. + annotation: Does the organization implement a threat intelligence program that + includes a cross-organization information-sharing capability that can influence + the development of the system and security architectures, selection of security + solutions, monitoring, threat hunting, response and recovery activities? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-02 + name: Indicators of Exposure (IOE) + description: 'Mechanisms exist to develop Indicators of Exposure (IOE) to understand + the potential attack vectors that attackers could use to attack the organization. ' + annotation: 'Does the organization develop Indicators of Exposure (IOE) to understand + the potential attack vectors that attackers could use to attack the organization? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-03 + name: Threat Intelligence + description: Mechanisms exist to maintain situational awareness of evolving + threats by leveraging the knowledge of attacker tactics, techniques and procedures + to facilitate the implementation of preventative and compensating controls. + annotation: Does the organization maintain situational awareness of evolving + threats by leveraging the knowledge of attacker tactics, techniques and procedures + to facilitate the implementation of preventative and compensating controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-03.1 + name: Threat Intelligence Reporting + description: Mechanisms exist to utilize external threat intelligence feeds + to generate and disseminate organization-specific security alerts, advisories + and/or directives. + annotation: Does the organization utilize external threat intelligence feeds + to generate and disseminate organization-specific security alerts, advisories + and/or directives? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-04 + name: 'Insider Threat Program ' + description: 'Mechanisms exist to implement an insider threat program that includes + a cross-discipline insider threat incident handling team. ' + annotation: 'Does the organization implement an insider threat program that + includes a cross-discipline insider threat incident handling team? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-05 + name: Insider Threat Awareness + description: Mechanisms exist to utilize security awareness training on recognizing + and reporting potential indicators of insider threat. + annotation: Does the organization utilize security awareness training on recognizing + and reporting potential indicators of insider threat? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-06 + name: Vulnerability Disclosure Program (VDP) + description: Mechanisms exist to establish a Vulnerability Disclosure Program + (VDP) to assist with the secure development and maintenance of products and + services that receives unsolicited input from the public about vulnerabilities + in organizational systems, services and processes. + annotation: Does the organization establish a Vulnerability Disclosure Program + (VDP) to assist with the secure development and maintenance of products and + services that receives unsolicited input from the public about vulnerabilities + in organizational systems, services and processes? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-07 + name: Threat Hunting + description: Mechanisms exist to perform cyber threat hunting that uses Indicators + of Compromise (IoC) to detect, track and disrupt threats that evade existing + security controls. + annotation: Does the organization perform cyber threat hunting that uses Indicators + of Compromise (IoC) to detect, track and disrupt threats that evade existing + security controls? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-08 + name: Tainting + description: Mechanisms exist to embed false data or steganographic data in + files to enable the organization to determine if data has been exfiltrated + and provide a means to identify the individual(s) involved. + annotation: Does the organization embed false data or steganographic data in + files to enable the organization to determine if data has been exfiltrated + and provide a means to identify the individual(s) involved? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-09 + name: Threat Catalog + description: Mechanisms exist to develop and keep current a catalog of applicable + internal and external threats to the organization, both natural and manmade. + annotation: Does the organization develop and keep current a catalog of applicable + internal and external threats to the organization, both natural and manmade? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-10 + name: Threat Analysis + description: Mechanisms exist to identify, assess, prioritize and document the + potential impact(s) and likelihood(s) of applicable internal and external + threats. + annotation: Does the organization identify, assess, prioritize and document + the potential impact(s) and likelihood(s) of applicable internal and external + threats? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:thr-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1212 + ref_id: THR-11 + name: Behavioral Baselining + description: Automated mechanisms exist to establish behavioral baselines that + capture information about user and entity behavior to enable dynamic threat + discovery. + annotation: Does the organization use automated mechanisms to establish behavioral + baselines that capture information about user and entity behavior to enable + dynamic threat discovery? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + assessable: false + depth: 1 + name: 'Vulnerability & Patch Management ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-01 + name: Vulnerability & Patch Management Program (VPMP) + description: Mechanisms exist to facilitate the implementation and monitoring + of vulnerability management controls. + annotation: Does the organization facilitate the implementation and monitoring + of vulnerability management controls? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-01.1 + name: Attack Surface Scope + description: Mechanisms exist to define and manage the scope for its attack + surface management activities. + annotation: Does the organization define and manage the scope for its attack + surface management activities? + implementation_groups: + - tier1 + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-02 + name: 'Vulnerability Remediation Process ' + description: Mechanisms exist to ensure that vulnerabilities are properly identified, + tracked and remediated. + annotation: Does the organization ensure that vulnerabilities are properly identified, + tracked and remediated? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-03 + name: 'Vulnerability Ranking ' + description: 'Mechanisms exist to identify and assign a risk ranking to newly + discovered security vulnerabilities using reputable outside sources for security + vulnerability information. ' + annotation: 'Does the organization identify and assign a risk ranking to newly + discovered security vulnerabilities using reputable outside sources for security + vulnerability information? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-03.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-03.1 + name: Vulnerability Exploitation Analysis + description: Mechanisms exist to identify, assess, prioritize and document the + potential impact(s) and likelihood(s) of applicable internal and external + threats exploiting known vulnerabilities. + annotation: Does the organization identify, assess, prioritize and document + the potential impact(s) and likelihood(s) of applicable internal and external + threats exploiting known vulnerabilities? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-04 + name: Continuous Vulnerability Remediation Activities + description: 'Mechanisms exist to address new threats and vulnerabilities on + an ongoing basis and ensure assets are protected against known attacks. ' + annotation: 'Does the organization address new threats and vulnerabilities on + an ongoing basis and ensure assets are protected against known attacks? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-04.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-04.1 + name: Stable Versions + description: Mechanisms exist to install the latest stable version of any software + and/or security-related updates on all applicable systems. + annotation: Does the organization install the latest stable version of any software + and/or security-related updates on all applicable systems? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-04.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-04.2 + name: Flaw Remediation with Personal Data (PD) + description: Mechanisms exist to identify and correct flaws related to the collection, + usage, processing or dissemination of Personal Data (PD). + annotation: Does the organization identify and correct flaws related to the + collection, usage, processing or dissemination of Personal Data (PD)? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-05 + name: Software & Firmware Patching + description: Mechanisms exist to conduct software patching for all deployed + operating systems, applications and firmware. + annotation: Does the organization conduct software patching for all deployed + operating systems, applications and firmware? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-05.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-05.1 + name: Centralized Management of Flaw Remediation Processes + description: 'Mechanisms exist to centrally-manage the flaw remediation process. ' + annotation: 'Does the organization centrally-manage the flaw remediation process? ' + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-05.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-05.2 + name: Automated Remediation Status + description: 'Automated mechanisms exist to determine the state of system components + with regard to flaw remediation. ' + annotation: 'Does the organization use automated mechanisms to determine the + state of system components with regard to flaw remediation? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-05.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-05.3 + name: Time To Remediate / Benchmarks For Corrective Action + description: Mechanisms exist to track the effectiveness of remediation operations + through metrics reporting. + annotation: Does the organization track the effectiveness of remediation operations + through metrics reporting? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-05.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-05.4 + name: Automated Software & Firmware Updates + description: Automated mechanisms exist to install the latest stable versions + of security-relevant software and firmware updates. + annotation: Does the organization use automated mechanisms to install the latest + stable versions of security-relevant software and firmware updates? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-05.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-05.5 + name: Removal of Previous Versions + description: 'Mechanisms exist to remove old versions of software and firmware + components after updated versions have been installed. ' + annotation: 'Does the organization remove old versions of software and firmware + components after updated versions have been installed? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06 + name: 'Vulnerability Scanning ' + description: Mechanisms exist to detect vulnerabilities and configuration errors + by routine vulnerability scanning of systems and applications. + annotation: Does the organization detect vulnerabilities and configuration errors + by routine vulnerability scanning of systems and applications? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.1 + name: Update Tool Capability + description: Mechanisms exist to update vulnerability scanning tools. + annotation: Does the organization update vulnerability scanning tools? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.2 + name: 'Breadth / Depth of Coverage ' + description: 'Mechanisms exist to identify the breadth and depth of coverage + for vulnerability scanning that define the system components scanned and types + of vulnerabilities that are checked for. ' + annotation: 'Does the organization identify the breadth and depth of coverage + for vulnerability scanning that define the system components scanned and types + of vulnerabilities that are checked for? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.3 + name: Privileged Access + description: 'Mechanisms exist to implement privileged access authorization + for selected vulnerability scanning activities. ' + annotation: 'Does the organization implement privileged access authorization + for selected vulnerability scanning activities? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.4 + name: Trend Analysis + description: 'Automated mechanisms exist to compare the results of vulnerability + scans over time to determine trends in system vulnerabilities. ' + annotation: 'Does the organization use automated mechanisms to compare the results + of vulnerability scans over time to determine trends in system vulnerabilities? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.5 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.5 + name: Review Historical event logs + description: 'Mechanisms exist to review historical event logs to determine + if identified vulnerabilities have been previously exploited. ' + annotation: 'Does the organization review historical event logs to determine + if identified vulnerabilities have been previously exploited? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.6 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.6 + name: External Vulnerability Assessment Scans + description: "Mechanisms exist to perform quarterly external vulnerability scans\ + \ (outside the organization's network looking inward) via a reputable vulnerability\ + \ service provider, which include rescans until passing results are obtained\ + \ or all \u201Chigh\u201D vulnerabilities are resolved, as defined by the\ + \ Common Vulnerability Scoring System (CVSS)." + annotation: "Does the organization perform quarterly external vulnerability\ + \ scans (outside the organization's network looking inward) via a reputable\ + \ vulnerability service provider, which include rescans until passing results\ + \ are obtained or all \u201Chigh\u201D vulnerabilities are resolved, as defined\ + \ by the Common Vulnerability Scoring System (CVSS)?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.7 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.7 + name: Internal Vulnerability Assessment Scans + description: "Mechanisms exist to perform quarterly internal vulnerability scans,\ + \ which includes all segments of the organization's internal network, as well\ + \ as rescans until passing results are obtained or all \u201Chigh\u201D vulnerabilities\ + \ are resolved, as defined by the Common Vulnerability Scoring System (CVSS)." + annotation: "Does the organization perform quarterly internal vulnerability\ + \ scans, which includes all segments of the organization's internal network,\ + \ as well as rescans until passing results are obtained or all \u201Chigh\u201D\ + \ vulnerabilities are resolved, as defined by the Common Vulnerability Scoring\ + \ System (CVSS)?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.8 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.8 + name: Acceptable Discoverable Information + description: Mechanisms exist to define what information is allowed to be discoverable + by adversaries and take corrective actions to remediated non-compliant systems. + annotation: Does the organization define what information is allowed to be discoverable + by adversaries and take corrective actions to remediated non-compliant systems? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-06.9 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-06.9 + name: Correlate Scanning Information + description: Automated mechanisms exist to correlate the output from vulnerability + scanning tools to determine the presence of multi-vulnerability/multi-hop + attack vectors. + annotation: Does the organization use automated mechanisms to correlate the + output from vulnerability scanning tools to determine the presence of multi-vulnerability/multi-hop + attack vectors? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-07 + name: 'Penetration Testing ' + description: Mechanisms exist to conduct penetration testing on systems and + web applications. + annotation: Does the organization conduct penetration testing on systems and + web applications? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-07.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-07.1 + name: Independent Penetration Agent or Team + description: Mechanisms exist to utilize an independent assessor or penetration + team to perform penetration testing. + annotation: Does the organization utilize an independent assessor or penetration + team to perform penetration testing? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-08 + name: 'Technical Surveillance Countermeasures Security ' + description: Mechanisms exist to utilize a technical surveillance countermeasures + survey. + annotation: Does the organization utilize a technical surveillance countermeasures + survey? + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-09 + name: Reviewing Vulnerability Scanner Usage + description: 'Mechanisms exist to monitor logs associated with scanning activities + and associated administrator accounts to ensure that those activities are + limited to the timeframes of legitimate scans. ' + annotation: 'Does the organization monitor logs associated with scanning activities + and associated administrator accounts to ensure that those activities are + limited to the timeframes of legitimate scans? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:vpm-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1225 + ref_id: VPM-10 + name: Red Team Exercises + description: 'Mechanisms exist to utilize "red team" exercises to simulate attempts + by adversaries to compromise systems and applications in accordance with organization-defined + rules of engagement. ' + annotation: 'Does the organization utilize "red team" exercises to simulate + attempts by adversaries to compromise systems and applications in accordance + with organization-defined rules of engagement? ' + implementation_groups: + - tier2 + - urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + assessable: false + depth: 1 + name: 'Web Security ' + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-01 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-01 + name: Web Security + description: Mechanisms exist to facilitate the implementation of an enterprise-wide + web management policy, as well as associated standards, controls and procedures. + annotation: Does the organization facilitate the implementation of an enterprise-wide + web management policy, as well as associated standards, controls and procedures? + implementation_groups: + - tier1 + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-01.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-01.1 + name: Unauthorized Code + description: "Mechanisms exist to prevent unauthorized code from being present\ + \ in a secure page as it is rendered in a client\u2019s browser." + annotation: "Does the organization prevent unauthorized code from being present\ + \ in a secure page as it is rendered in a client\u2019s browser?" + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-02 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-02 + name: Use of Demilitarized Zones (DMZ) + description: Mechanisms exist to utilize a Demilitarized Zone (DMZ) to restrict + inbound traffic to authorized devices on certain services, protocols and ports. + annotation: Does the organization utilize a Demilitarized Zone (DMZ) to restrict + inbound traffic to authorized devices on certain services, protocols and ports? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-03 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-03 + name: Web Application Firewall (WAF) + description: 'Mechanisms exist to deploy Web Application Firewalls (WAFs) to + provide defense-in-depth protection for application-specific threats. ' + annotation: 'Does the organization deploy Web Application Firewalls (WAFs) to + provide defense-in-depth protection for application-specific threats? ' + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-04 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-04 + name: Client-Facing Web Services + description: Mechanisms exist to deploy reasonably-expected security controls + to protect the confidentiality and availability of client data that is stored, + transmitted or processed by the Internet-based service. + annotation: Does the organization deploy reasonably-expected security controls + to protect the confidentiality and availability of client data that is stored, + transmitted or processed by the Internet-based service? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-05 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-05 + name: Cookie Management + description: Mechanisms exist to provide individuals with clear and precise + information about cookies, in accordance with applicable legal requirements + for cookie management. + annotation: Does the organization provide individuals with clear and precise + information about cookies, in accordance with applicable legal requirements + for cookie management? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-06 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-06 + name: Strong Customer Authentication (SCA) + description: Mechanisms exist to implement Strong Customer Authentication (SCA) + for consumers to reasonably prove their identity. + annotation: Does the organization implement Strong Customer Authentication (SCA) + for consumers to reasonably prove their identity? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-07 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-07 + name: Web Security Standard + description: Mechanisms exist to ensure the Open Web Application Security Project + (OWASP) Application Security Verification Standard is incorporated into the + organization's Secure Systems Development Lifecycle (SSDLC) process. + annotation: Does the organization ensure the Open Web Application Security Project + (OWASP) Application Security Verification Standard is incorporated into the + organization's Secure Systems Development Lifecycle (SSDLC) process? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-08 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-08 + name: Web Application Framework + description: Mechanisms exist to ensure a robust Web Application Framework is + used to aid in the development of secure web applications, including web services, + web resources and web APIs. + annotation: Does the organization ensure a robust Web Application Framework + is used to aid in the development of secure web applications, including web + services, web resources and web APIs? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-09 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-09 + name: Validation & Sanitization + description: Mechanisms exist to ensure all input handled by a web application + is validated and/or sanitized. + annotation: Does the organization ensure all input handled by a web application + is validated and/or sanitized? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-10 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-10 + name: Secure Web Traffic + description: Mechanisms exist to ensure all web application content is delivered + using cryptographic mechanisms (e.g., TLS). + annotation: Does the organization ensure all web application content is delivered + using cryptographic mechanisms (e.g., TLS)? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-11 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-11 + name: Output Encoding + description: Mechanisms exist to ensure output encoding is performed on all + content produced by a web application to reduce the likelihood of cross-site + scripting and other injection attacks. + annotation: Does the organization ensure output encoding is performed on all + content produced by a web application to reduce the likelihood of cross-site + scripting and other injection attacks? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-12 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-12 + name: Web Browser Security + description: Mechanisms exist to ensure web applications implement Content-Security-Policy, + HSTS and X-Frame-Options response headers to protect both the web application + and its users. + annotation: Does the organization ensure web applications implement Content-Security-Policy, + HSTS and X-Frame-Options response headers to protect both the web application + and its users? + implementation_groups: + - tier2 + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-13 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-13 + name: Website Change Detection + description: 'Mechanisms exist to detect and respond to Indicators of Compromise + (IoC) for unauthorized alterations, additions, deletions or changes on websites + that store, process and/or transmit sensitive / regulated data. ' + annotation: 'Does the organization detect and respond to Indicators of Compromise + (IoC) for unauthorized alterations, additions, deletions or changes on websites + that store, process and/or transmit sensitive / regulated data? ' + implementation_groups: + - tier3 + - urn: urn:intuitem:risk:req_node:scf-2024-2:web-14 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:scf-2024-2:node1255 + ref_id: WEB-14 + name: Publicly Accessible Content Reviews + description: Mechanisms exist to routinely review the content on publicly accessible + systems for sensitive/regulated data and remove such information, if discovered. + annotation: Does the organization routinely review the content on publicly accessible + systems for sensitive/regulated data and remove such information, if discovered? + implementation_groups: + - tier2 diff --git a/backend/library/utils.py b/backend/library/utils.py index 6c0ae0cda..721df94bc 100644 --- a/backend/library/utils.py +++ b/backend/library/utils.py @@ -4,7 +4,7 @@ from pathlib import Path import re from typing import List, Union -from django.core.exceptions import SuspiciousFileOperation +from django.core.exceptions import SuspiciousFileOperation, ValidationError from django.http import Http404 import yaml @@ -13,6 +13,8 @@ from ciso_assistant import settings from core.models import ( Framework, + RequirementMapping, + RequirementMappingSet, StoredLibrary, LoadedLibrary, RequirementNode, @@ -82,6 +84,107 @@ def import_requirement_node(self, framework_object: Framework): ) +class RequirementMappingImporter: + REQUIRED_FIELDS = { + "target_requirement_urn", + "relationship", + "source_requirement_urn", + } + + def __init__(self, data: dict): + self.data = data + + def is_valid(self) -> bool: + if missing_fields := self.REQUIRED_FIELDS - set(self.data.keys()): + raise ValueError( + "Missing the following fields : {}".format(", ".join(missing_fields)) + ) + return True + + def load( + self, + mapping_set: RequirementMappingSet, + ): + try: + target_requirement = RequirementNode.objects.get( + urn=self.data["target_requirement_urn"], default_locale=True + ) + except RequirementNode.DoesNotExist: + raise Http404( + "ERROR: target requirement with URN {} does not exist".format( + self.data["target_requirement"] + ) + ) + + try: + source_requirement = RequirementNode.objects.get( + urn=self.data["source_requirement_urn"], default_locale=True + ) + except RequirementNode.DoesNotExist: + raise Http404( + "ERROR: source requirement with URN {} does not exist".format( + self.data["source_requirement"] + ) + ) + return RequirementMapping.objects.create( + mapping_set=mapping_set, + target_requirement=target_requirement, + source_requirement=source_requirement, + relationship=self.data["relationship"], + annotation=self.data.get("annotation"), + strength_of_relationship=self.data.get("strength_of_relationship"), + rationale=self.data.get("rationale"), + ) + + +class RequirementMappingSetImporter: + REQUIRED_FIELDS = {"urn", "name", "mapping"} + OBJECT_FIELDS = {"requirement_mappings"} + + def __init__(self, data: dict): + self.data = data + self._requirement_mappings = [] + + def init_requirement_mappings( + self, requirement_mappings: List[dict] + ) -> list[RequirementMappingImporter]: + requirement_mapping_importers: list[RequirementMappingImporter] = [] + for mapping in requirement_mappings: + importer = RequirementMappingImporter(data=mapping) + try: + if importer.is_valid(): + requirement_mapping_importers.append(importer) + except ValidationError: + raise ValueError("Invalid requirement mapping data: {}".format(mapping)) + self._requirement_mappings = requirement_mapping_importers + return requirement_mapping_importers + + def load( + self, + library_object: LoadedLibrary, + ): + self.init_requirement_mappings(self.data["requirement_mappings"]) + _target_framework = Framework.objects.get( + urn=self.data["target_framework_urn"], default_locale=True + ) + _source_framework = Framework.objects.get( + urn=self.data["source_framework_urn"], default_locale=True + ) + mapping_set = RequirementMappingSet.objects.create( + name=self.data["name"], + urn=self.data["urn"], + target_framework=_target_framework, + source_framework=_source_framework, + library=library_object, + ) + for mapping in self._requirement_mappings: + mapping.load(mapping_set) + return mapping_set + + def init(self): + return None + + # The couple (URN, locale) is unique. ===> Check it in the future class FrameworkImporter: REQUIRED_FIELDS = {"ref_id", "urn"} @@ -295,7 +398,13 @@ class LibraryImporter: # The word "import" must be replaced by "load" in all classes/methods/variables declared in this file. REQUIRED_FIELDS = {"ref_id", "urn", "locale", "objects", "version"} - OBJECT_FIELDS = ["threats", "reference_controls", "risk_matrix", "framework"] + OBJECT_FIELDS = [ + "threats", + "reference_controls", + "risk_matrix", + "framework", + "requirement_mapping_set", + ] def __init__(self, library: StoredLibrary): self._library = library @@ -303,6 +412,7 @@ def __init__(self, library: StoredLibrary): self._threats = [] self._reference_controls = [] self._risk_matrices = [] + self._requirement_mapping_set = None def init_threats(self, threats: List[dict]) -> Union[str, None]: threat_importers = [] @@ -377,6 +487,10 @@ def init_risk_matrices(self, risk_matrices: List[dict]) -> Union[str, None]: invalid_risk_matrix_error, ) + def init_requirement_mapping_set(self, data: dict): + self._requirement_mapping_set = RequirementMappingSetImporter(data) + return self._requirement_mapping_set.init() + def init_framework(self, framework_data: dict) -> Union[str, None]: self._framework_importer = FrameworkImporter(framework_data) return self._framework_importer.init() @@ -405,6 +519,10 @@ def init(self) -> Union[str, None]: print("framework_import_error", framework_import_error) return framework_import_error + if "requirement_mapping_set" in library_objects: + requirement_mapping_set_data = library_objects["requirement_mapping_set"] + self.init_requirement_mapping_set(requirement_mapping_set_data) + if "threats" in library_objects: threat_data = library_objects["threats"] if (threat_import_error := self.init_threats(threat_data)) is not None: @@ -491,6 +609,9 @@ def import_objects(self, library_object): if self._framework_importer is not None: self._framework_importer.import_framework(library_object) + if self._requirement_mapping_set is not None: + self._requirement_mapping_set.load(library_object) + @transaction.atomic def _import_library(self): library_object = self.create_or_update_library() diff --git a/backend/library/views.py b/backend/library/views.py index e40991451..5bc657ec3 100644 --- a/backend/library/views.py +++ b/backend/library/views.py @@ -107,8 +107,6 @@ def import_library(self, request, pk): return Response(status=HTTP_403_FORBIDDEN) try: key = "urn" if pk.startswith("urn:") else "id" - for _ in range(10): - print(f"Looking for {key} {pk}") libraries = StoredLibrary.objects.filter( # The get method raise an exception if multiple objects are found **{key: pk} ) # This is only fetching the lib by URN without caring about the locale or the version, this must change in the future. @@ -126,9 +124,9 @@ def import_library(self, request, pk): status=HTTP_400_BAD_REQUEST, ) # This can cause translation issues return Response({"status": "success"}) - except Exception as e: + except Exception: return Response( - {"error": f"Failed to load library ({e})"}, # This must translated + {"error": "Failed to load library"}, # This must translated status=HTTP_422_UNPROCESSABLE_ENTITY, ) diff --git a/backend/requirements.txt b/backend/requirements.txt index 2d1495209..1c8233100 100644 --- a/backend/requirements.txt +++ b/backend/requirements.txt @@ -1,16 +1,16 @@ -django==5.0.6 -weasyprint==62.2 +django==5.0.7 +weasyprint==62.3 psycopg2-binary==2.9.9 gunicorn==22.0.0 pytest-django==4.8.0 pytest-html==4.1.1 django-filter==24.2 -whitenoise==6.6.0 +whitenoise==6.7.0 argon2-cffi==23.1.0 -typing-extensions==4.12.1 -djangorestframework==3.15.1 +typing-extensions==4.12.2 +djangorestframework==3.15.2 django-stubs==5.0.2 -coverage==7.5.3 +coverage==7.5.4 django-tailwind==3.8.0 pyyaml==6.0.1 django-structlog==8.1.0 @@ -18,7 +18,7 @@ structlog==24.2.0 python-dotenv==1.0.1 drf-spectacular==0.27.2 django-rest-knox==4.2.0 -django-allauth[socialaccount]==0.63.3 +django-allauth[socialaccount]==0.63.5 pre-commit==3.7.1 -django-allauth[saml]==0.63.3 -django-allauth==0.63.3 +django-allauth[saml]==0.63.5 +django-allauth==0.63.5 diff --git a/docker-compose-remote.sh b/docker-compose-remote.sh new file mode 100755 index 000000000..049673110 --- /dev/null +++ b/docker-compose-remote.sh @@ -0,0 +1,16 @@ +#! /usr/bin/env bash + +if [ -f db/ciso-assistant.sqlite3 ] ; then + echo "the database seems already created" + echo "you should launch docker compose -f docker-compose-remote.yml up -d" + echo "for clean start, you can remove the database file, run docker compose down and then docker compose rm and start again" +else + docker rmi ghcr.io/intuitem/ciso-assistant-community/backend:latest ghcr.io/intuitem/ciso-assistant-community/frontend:latest 2> /dev/null + docker compose -f docker-compose-remote.yml up -d + echo "Giving sometime for the database to be ready, please wait ..." + sleep 20 + echo "initialize your superuser account..." + docker compose exec backend python manage.py createsuperuser + echo "connect to ciso assistant on https://cool-vm:8443" + echo "for successive runs you can now use docker compose up" +fi diff --git a/docker-compose-remote.yml b/docker-compose-remote.yml new file mode 100644 index 000000000..3c139f59d --- /dev/null +++ b/docker-compose-remote.yml @@ -0,0 +1,47 @@ +version: "3.9" + +services: + backend: + container_name: backend + image: ghcr.io/intuitem/ciso-assistant-community/backend:latest + restart: always + environment: + - ALLOWED_HOSTS=backend,cool-vm + - CISO_ASSISTANT_URL=https://cool-vm:8443 + - DJANGO_DEBUG=True + - AUTH_TOKEN_TTL=7200 + volumes: + - ./db:/code/db + + frontend: + container_name: frontend + environment: + - PUBLIC_BACKEND_API_URL=http://backend:8000/api + - PUBLIC_BACKEND_API_EXPOSED_URL=https://cool-vm:8443/api + - PROTOCOL_HEADER=x-forwarded-proto + - HOST_HEADER=x-forwarded-host + + image: ghcr.io/intuitem/ciso-assistant-community/frontend:latest + depends_on: + - backend + + caddy: + container_name: caddy + image: caddy:2.7.6 + environment: + - CISO_ASSISTANT_URL=https://cool-vm:8443 + depends_on: + - frontend + restart: unless-stopped + ports: + - 8443:8443 + volumes: + - ./caddy_data:/data + command: | + sh -c 'echo $$CISO_ASSISTANT_URL "{ + reverse_proxy /api/iam/sso/redirect/ backend:8000 + reverse_proxy /api/accounts/saml/0/acs/ backend:8000 + reverse_proxy /api/accounts/saml/0/acs/finish/ backend:8000 + reverse_proxy /* frontend:3000 + tls internal + }" > Caddyfile && caddy run' diff --git a/docker-compose.yml b/docker-compose.yml index e1abef3ff..093fa7d6e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -39,7 +39,7 @@ services: - ./caddy_data:/data command: | sh -c 'echo $$CISO_ASSISTANT_URL "{ - reverse_proxy /api/iam/sso/redirect backend:8000 + reverse_proxy /api/iam/sso/redirect/ backend:8000 reverse_proxy /api/accounts/saml/0/acs/ backend:8000 reverse_proxy /api/accounts/saml/0/acs/finish/ backend:8000 reverse_proxy /* frontend:3000 diff --git a/documentation/architecture/data-model.md b/documentation/architecture/data-model.md index 29589a907..c2ae508e3 100644 --- a/documentation/architecture/data-model.md +++ b/documentation/architecture/data-model.md @@ -72,13 +72,13 @@ erDiagram ```mermaid erDiagram - LOADED_LIBRARY |o--o{ REFERENCE_CONTROL: contains - LOADED_LIBRARY |o--o{ THREAT : contains - LOADED_LIBRARY ||--o{ FRAMEWORK : contains - LOADED_LIBRARY ||--o{ RISK_MATRIX : contains - LOADED_LIBRARY ||--o{ MAPPING : contains - LOADED_LIBRARY2 }o--o{ LOADED_LIBRARY : depends_on - LIBRARY_TRANSLATION }o--|| LOADED_LIBRARY: translates + LOADED_LIBRARY |o--o{ REFERENCE_CONTROL : contains + LOADED_LIBRARY |o--o{ THREAT : contains + LOADED_LIBRARY ||--o{ FRAMEWORK : contains + LOADED_LIBRARY ||--o{ RISK_MATRIX : contains + LOADED_LIBRARY ||--o{ REQUIREMMENT_MAPPING_SET : contains + LOADED_LIBRARY2 }o--o{ LOADED_LIBRARY : depends_on + LIBRARY_TRANSLATION }o--|| LOADED_LIBRARY : translates LIBRARY_TRANSLATION { string locale @@ -183,6 +183,7 @@ erDiagram string name string description string annotation + string provider urn parent_urn int order_id @@ -200,6 +201,7 @@ erDiagram string provider string category + string function } APPLIED_CONTROL { @@ -207,6 +209,7 @@ erDiagram string description string category + string function string status date eta date expiration @@ -251,7 +254,7 @@ erDiagram string description string business_value - string category + string type asset parent_asset } @@ -269,6 +272,8 @@ erDiagram json target_risk_vector string strength_of_knowledge string justification + + principal[] owner } RISK_ACCEPTANCE { @@ -299,28 +304,23 @@ erDiagram ``` -### Mappings +### Requirement mappings ```mermaid erDiagram - REFERENCE_REQUIREMENT ||--o{ MAPPING : referenced_by - MAPPING }o--|| FOCAL_REQUIREMENT: maps_to + REQUIREMENT_MAPPING_SET }o--|| SOURCE_FRAMEWORK : contains + REQUIREMENT_MAPPING_SET }o--|| TARGET_FRAMEWORK : contains - MAPPING { - string urn - string locale - string ref_id - string name - string description - string annotation - string provider + REQUIREMENT_MAPPING_SET { + string urn + string locale + string ref_id + string name + string description + string annotation + string provider - string reference_urn - string focal_urn - string rationale - string relationship - boolean fulfilled_by - int strength + json mapping_rules } @@ -536,7 +536,7 @@ namespace ReferentialObjects { class Mapping { +CharField reference_urn - +CharField focal_urn + +CharField target_urn +CharField rationale +CharField relationship +BooleanField fulfilled_by @@ -695,7 +695,7 @@ Projects have the following fields: Assets are context objects defined by the entity using CISO Assistant. They are optional, assessments can be done without using them. -Assets are of category primary or support. A primary asset has no parent, a support asset can have parent assets (primary or support), but not itself. +Assets are of type primary or support. A primary asset has no parent, a support asset can have parent assets (primary or support), but not itself. ## Frameworks @@ -740,6 +740,8 @@ Reference controls are templates for Applied controls. They facilitate the creat Reference controls have a category within the following possibilities: --/Policy/Process/Technical/Physical. +Reference controls have a function within the following possibilities: --/Govern/Identify/Protect/Detect/Respond/Recover. + ## Applied controls Applied controls are fundamental objects for compliance and remediation. They can derive from a reference control, which provides better consistency, or be independent. @@ -757,7 +759,7 @@ When a applied control derives from a reference control, the same category is pr ## Compliance and risk assessments -Both types of assessments have common points: +Both types of assessments have common fields: - a name - a description - a version (defined by the analyst) @@ -780,11 +782,10 @@ The state of a review can be: created/submitted/validated/changes requested/depr When a compliance assessment is created, each requirement of the corresponding framework is linked to a requirement assessment object. To cover a requirement, the assessor shall link it to Applied controls. Here are the specific fields for requirement assessments: -- status: --/to do/in progress/done. -- result: --/compliant/non-compliant minor/non-compliant major/not applicable +- result: --/compliant/partially compliant/non-compliant/not applicable - score: --/. -- ETA (Estimated Time of Arrival) date -- due date. This is for example useful to organize an audit plan. +- a status: (todo/in progress/in review/done) that facilitates reporting. + The compliance assessment score is a read-only field which is calculated when at least one requirement assessment is scored. We calculate the average of scored requriement assessments (ignoring requirement assessments with an undefined score or with status not-applicable). @@ -803,26 +804,28 @@ Compliance assessments have a score scale (min_score, max_score, score definitio - 0-5 (0-5, no score definition) - 0-10 (0-10, no score definition) -### Mappings +### Requirement Mapping set + +Requirement mapping sets are referential objects that describe relations between requirements from a source framework to a target framework. The definition of requirement mapping sets is based on NIST OLIR program (see https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8278r1.ipd.pdf). -Mappings are referential objects that describe relations between requirements from a reference framework to a focal framework. The definition of mappings is based on NIST OLIR program (see https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8278r1.ipd.pdf). +A requirement mapping set contains a unique specific attribute in json format called mapping_rules. -A mapping is defined by the following specific attributes: -- a reference requirement URN -- a focal requirement URN -- a rationale giving the explanation for why a Reference Document Element and a Focal Document Element are related. This will be syntactic, semantic, or functional. -- a relationship that provides the type of logical relationship that the OLIR Developer asserts the Reference Document Element has compared to the Focal Document Element. The Developer conducting the assertion should focus on the perceived intent of each of the Elements. This will be one of the following: subset of, intersects with, equal to, superset of, or not related to. -- a strength of relationship, optionally providing the extent to which a Reference Document Element and a Focal Document Element are similar. It is typically between 0 (no relation) to 10 (equal). +A mapping_rules is a list of elements containing: +- a source requirement URN +- a target requirement URN +- a rationale giving the explanation for why a Source Document Element and a Target Document Element are related. This will be syntactic, semantic, or functional. +- a relationship that provides the type of logical relationship that the OLIR Developer asserts the Source Document Element has compared to the Target Document Element. The Developer conducting the assertion should focus on the perceived intent of each of the Elements. This will be one of the following: subset of, intersects with, equal to, superset of, or not related to. +- a strength of relationship, optionally providing the extent to which a Source Document Element and a Target Document Element are similar. It is typically between 0 (no relation) to 10 (equal). -Mappings are used to automatically generate a draft compliance assessment for a focal framework, given existing reference assessments. +Requirement mapping rules are used to automatically generate a draft compliance assessment for a target framework, given existing source assessments. The following inference rules are used: - there is an order relation in results: compliant > non-compliant minor > non-compliant major -- N/A or -- in reference makes the mapping not usable. -- when several mappings exist for a focal requirement, the strongest inference result is used to determine the compliance result. -- all mappings are described in the mapping_inference field. -- a superset or equal mapping pushes the reference result to the focal result. -- an subset mapping pushes a most a partial compliance result to the focal result +- N/A or -- in source makes the mapping not usable. +- when several mappings exist for a target requirement, the strongest inference result is used to determine the compliance result. +- all requirement mappings are described in the mapping_inference field. +- a superset or equal mapping pushes the source result to the target result. +- an subset mapping pushes a partial compliance result to the target result ### Risk assessments and risk matrices @@ -888,6 +891,7 @@ Libraries can contain: - threats - reference controls - risk matrices +- requirement mapping sets It is recommended that libraries be modular, with only one type of object, but this is not mandatory. @@ -948,10 +952,10 @@ When a several locales are loaded for a same library (same URN), the first one i The translation JSON field contains a dictionary with urn as key and a dictionary of (field_name, value) as value. -Example: +Example: ``` { - "urn:intuitem:risk:req_node:iso27001-2022:4": [["name","Contexte de l'organisation"],["description","..."],["annotation","..."]], + "urn:intuitem:risk:req_node:iso27001-2022:4": [["name","Contexte de l'organisation"],["description","..."],["annotation","..."]], "urn:intuitem:risk:req_node:iso27001-2022:4.3", ... } ``` @@ -1042,4 +1046,4 @@ Names of built-in objects can be internationalized. A user can be authenticated either locally or with SSO. A boolean is_sso indicates if the user is local or SSO. -SSO Settings are defined in a dedicated object SSO_SETTINGS. \ No newline at end of file +SSO Settings are defined in a dedicated object SSO_SETTINGS. diff --git a/features.png b/features.png new file mode 100644 index 000000000..73763ce57 Binary files /dev/null and b/features.png differ diff --git a/frontend/.prettierrc b/frontend/.prettierrc index a77fddea9..95730232b 100644 --- a/frontend/.prettierrc +++ b/frontend/.prettierrc @@ -4,6 +4,5 @@ "trailingComma": "none", "printWidth": 100, "plugins": ["prettier-plugin-svelte"], - "pluginSearchDirs": ["."], "overrides": [{ "files": "*.svelte", "options": { "parser": "svelte" } }] } diff --git a/frontend/Dockerfile b/frontend/Dockerfile index 0ee1a8a52..f54bb47b7 100644 --- a/frontend/Dockerfile +++ b/frontend/Dockerfile @@ -5,9 +5,10 @@ ENV PUBLIC_BACKEND_API_URL=foo COPY package*.json ./ COPY . . -RUN npm ci -RUN npm run build -RUN npm prune --production +RUN npm install -g pnpm +RUN pnpm install --frozen-lockfile +RUN pnpm run build +RUN pnpm prune FROM node:21-alpine WORKDIR /app diff --git a/frontend/README.md b/frontend/README.md index 9cb0a11bf..884a024f3 100644 --- a/frontend/README.md +++ b/frontend/README.md @@ -16,13 +16,14 @@ export PUBLIC_BACKEND_API_URL=http://127.0.0.1:8000/api 3. Install dependencies ```bash -npm install +npm install -g pnpm +pnpm install ``` 4. Start a development server (ensure that the django app is running) ```bash -npm run dev +pnpm run dev ``` ## Building @@ -30,9 +31,9 @@ npm run dev To create a production version of your app: ```bash -npm run build +pnpm run build ``` -You can preview the production build with `npm run preview`. +You can preview the production build with `pnpm run preview`. > To deploy your app, you may need to install an [adapter](https://kit.svelte.dev/docs/adapters) for your target environment. diff --git a/frontend/messages/de.json b/frontend/messages/de.json index 2e9317e2b..e00a4b722 100644 --- a/frontend/messages/de.json +++ b/frontend/messages/de.json @@ -47,13 +47,16 @@ "analytics": "Analytics", "calendar": "Kalender", "threats": "Bedrohungen", + "threatsColon": "Bedrohungen:", "referenceControls": "Referenzkontrollen", + "referenceControlsColon": "Referenzkontrollen:", "appliedControls": "Angewendete Kontrollen", "assets": "Assets", "asset": "Asset", "policy": "Richtlinie", "policies": "Richtlinien", "riskMatrices": "Risikomatrizen", + "riskMatricesColon": "Risikomatrizen:", "riskAssessments": "Risikobewertungen", "riskScenarios": "Risikoszenarien", "riskScenario": "Risikoszenario", @@ -64,6 +67,7 @@ "evidences": "Beweise", "evidence": "Beweis", "frameworks": "Frameworks", + "frameworksColon": "Rahmenbedingungen:", "domains": "Domรคnen", "projects": "Projekte", "users": "Benutzer", @@ -92,6 +96,7 @@ "referenceControl": "Referenzkontrolle", "appliedControl": "Angewendete Kontrolle", "provider": "Anbieter", + "providerColon": "Anbieter:", "domain": "Domรคne", "urn": "URN", "id": "ID", @@ -99,11 +104,13 @@ "currentLevel": "Aktuelles Niveau", "residualLevel": "Restrisiko-Niveau", "riskMatrix": "Risikomatrix", + "riskMatrixColon": "Risikomatrix:", "project": "Projekt", "folder": "Ordner", "riskAssessment": "Risikobewertung", "threat": "Bedrohung", "framework": "Framework", + "frameworkColon": "Rahmen:", "file": "Datei", "language": "Sprache", "builtin": "Eingebaut", @@ -115,6 +122,7 @@ "noEntriesFound": "Keine Eintrรคge gefunden", "rowCount": "Zeige {start} bis {end} von {total}", "status": "Status", + "result": "Ergebnis", "effort": "Aufwand", "impact": "Auswirkung", "expiryDate": "Ablaufdatum", @@ -145,6 +153,7 @@ "isActive": "Ist aktiv", "dateJoined": "Beitrittsdatum", "version": "Version", + "versionColon": "Ausfรผhrung:", "treatment": "Behandlung", "currentProba": "Aktuelle Wahrscheinlichkeit", "currentImpact": "Aktuelle Auswirkung", @@ -346,6 +355,7 @@ "loadingLibraryUploadButton": "Bibliotheks-Upload-Button wird geladen", "errorOccuredWhileLoadingLibrary": "Beim Laden des Bibliotheksformulars ist der folgende Fehler aufgetreten", "packager": "Paketierer", + "packagerColon": "Packager:", "dependencies": "Abhรคngigkeiten", "copyright": "Urheberrecht", "addYourLibrary": "Fรผgen Sie Ihre eigene Bibliothek hinzu", @@ -454,13 +464,17 @@ "deprecated": "Veraltet", "done": "Erledigt", "nonCompliant": "Nicht konform", + "nonCompliantMinor": "Nicht konformer Minderjรคhriger", + "nonCompliantMajor": "Nicht konformes Hauptfach", "partiallyCompliant": "Teilweise konform", "compliant": "Konform", "notApplicable": "Nicht anwendbar", + "notAssessed": "Nicht beurteilt", "administrator": "Administrator", "domainManager": "Domรคnen-Manager", "analyst": "Analyst", "successfullyCreatedObject": "Das {object} Objekt wurde erfolgreich erstellt", + "successfullyDuplicateObject": "Das Objekt {object} wurde erfolgreich dupliziert", "successfullyUpdatedObject": "Das {object} Objekt wurde erfolgreich aktualisiert", "successfullySavedObject": "Das {object} Objekt wurde erfolgreich gespeichert", "successfullyDeletedObject": "Das {object} Objekt wurde erfolgreich gelรถscht", @@ -536,6 +550,7 @@ "asZIP": "als ZIP", "incoming": "Eingehend", "outdated": "Veraltet", + "flashMode": "Blitzmodus", "goBackToAudit": "Zurรผck zum Audit", "exportBackupDescription": "Dies wird die Datenbank serialisieren und ein Backup erstellen, einschlieรŸlich Benutzer und RBAC. Beweise und andere Dateien sind im Backup nicht enthalten.", "importBackupDescription": "Dies wird die Datenbank aus einem Backup deserialisieren und wiederherstellen. Dies wird alle vorhandenen Daten, einschlieรŸlich Benutzer und RBAC, รผberschreiben und kann nicht rรผckgรคngig gemacht werden.", @@ -566,11 +581,37 @@ "advancedSettings": "Erweiterte Einstellungen", "enableSSO": "Aktivieren von SSO", "failedSSO": "SSO-Authentifizierung fehlgeschlagen, bitte wenden Sie sich an Ihren Administrator", + "UserDoesNotExist": "Benutzer nicht deklariert, bitte kontaktieren Sie Ihren Administrator", "loginSSO": "Melden Sie sich bei SSO an", "or": "oder", "errorImportingLibrary": "Fehler beim Importieren der Bibliothek", "libraryImportError": "Beim Importieren Ihrer Bibliothek ist ein Fehler aufgetreten.", "ssoSettingsupdated": "SSO-Einstellungen aktualisiert", "ssoSettings": "SSO-Einstellungen", - "ssoSettingsDescription": "Konfigurieren Sie hier Ihre Single Sign-On-Einstellungen." + "ssoSettingsDescription": "Konfigurieren Sie hier Ihre Single Sign-On-Einstellungen.", + "sso": "SSO", + "isSso": "Ist SSO", + "suggestion": "Anregung", + "suggestionColon": "Anregung:", + "annotationColon": "Anmerkung:", + "mappingInference": "Abbildungsinferenz", + "mappingInferenceTip": "Fรผr diese Anforderung ist ein Mapping-Vorschlag verfรผgbar", + "additionalInformation": "Weitere Informationen", + "requirementMapping": "Anforderungszuordnung", + "requirementMappings": "Anforderungszuordnungen", + "sourceFramework": "Quellrahmen", + "targetFramework": "Zielrahmen", + "baseline": "Ausgangslage", + "createAuditFromBaseline": "Erstellen eines Audits aus einer Basis", + "coverageColon": "Abdeckung:", + "full": "Voll", + "partial": "Teilweise", + "noResultFound": "Keine Eintrรคge gefunden", + "filters": "Filter", + "notApplicableScore": "Sie kรถnnen keine Punkte erzielen, wenn die Anforderungsbewertung nicht anwendbar ist", + "maturity": "Reife", + "progress": "Fortschreiten", + "back": "Zurรผckkehren", + "duplicate": "Duplikat", + "duplicateRiskAssessment": "Duplizieren Sie die Risikobewertung" } diff --git a/frontend/messages/en.json b/frontend/messages/en.json index d998426fc..1ee895b2b 100644 --- a/frontend/messages/en.json +++ b/frontend/messages/en.json @@ -47,13 +47,16 @@ "analytics": "Analytics", "calendar": "Calendar", "threats": "Threats", + "threatsColon": "Threats:", "referenceControls": "Reference controls", + "referenceControlsColon": "Reference controls:", "appliedControls": "Applied controls", "assets": "Assets", "asset": "Asset", "policy": "Policy", "policies": "Policies", "riskMatrices": "Risk matrices", + "riskMatricesColon": "Risk matrices:", "riskAssessments": "Risk assessments", "riskScenarios": "Risk scenarios", "riskScenario": "Risk scenario", @@ -64,6 +67,7 @@ "evidences": "Evidences", "evidence": "Evidence", "frameworks": "Frameworks", + "frameworksColon": "Frameworks:", "domains": "Domains", "projects": "Projects", "users": "Users", @@ -92,6 +96,7 @@ "referenceControl": "Reference control", "appliedControl": "Applied control", "provider": "Provider", + "providerColon": "Provider:", "domain": "Domain", "urn": "URN", "id": "ID", @@ -99,11 +104,13 @@ "currentLevel": "Current level", "residualLevel": "Residual level", "riskMatrix": "Risk matrix", + "riskMatrixColon": "Risk matrix:", "project": "Project", "folder": "Folder", "riskAssessment": "Risk assessment", "threat": "Threat", "framework": "Framework", + "frameworkColon": "Framework:", "file": "File", "language": "Language", "builtin": "Builtin", @@ -115,6 +122,7 @@ "noEntriesFound": "No entries found", "rowCount": "Showing {start} to {end} of {total}", "status": "Status", + "result": "Result", "effort": "Effort", "impact": "Impact", "expiryDate": "Expiry date", @@ -145,6 +153,7 @@ "isActive": "Is active", "dateJoined": "Date joined", "version": "Version", + "versionColon": "Version:", "treatment": "Treatment", "currentProba": "Current probability", "currentImpact": "Current impact", @@ -346,6 +355,7 @@ "loadingLibraryUploadButton": "Loading the library upload button", "errorOccuredWhileLoadingLibrary": "The following error occurred while loading the library form", "packager": "Packager", + "packagerColon": "Packager:", "dependencies": "Dependencies", "copyright": "Copyright", "addYourLibrary": "Add your own library", @@ -409,7 +419,7 @@ "riskAcceptanceJusitficationHelpText": "Justification for the risk acceptance. Only the approver can edit this field.", "approverHelpText": "Risk owner and approver identity", "riskAcceptanceRiskScenariosHelpText": "The risk scenarios that are accepted", - "attachmentHelpText": "File for evidence (eg. screenshot, log file, etc.)", + "attachmentHelpText": "File for evidence (eg. screenshot, log file, etc.). When selected, you can paste screenshots directly from your clipboard.", "attachmentWarningText": "WARNING: Uploading a new file will overwrite the existing one", "isActiveHelpText": "Designates whether this user should be treated as active", "helloThere": "Hello there ๐Ÿ‘‹", @@ -454,13 +464,17 @@ "deprecated": "Deprecated", "done": "Done", "nonCompliant": "Non compliant", + "nonCompliantMinor": "Non compliant minor", + "nonCompliantMajor": "Non compliant major", "partiallyCompliant": "Partially compliant", "compliant": "Compliant", "notApplicable": "Not applicable", + "notAssessed": "Not assessed", "administrator": "Administrator", "domainManager": "Domain manager", "analyst": "Analyst", "successfullyCreatedObject": "The {object} object has been successfully created", + "successfullyDuplicateObject": "The {object} object has been successfully duplicated", "successfullyUpdatedObject": "The {object} object has been successfully updated", "successfullySavedObject": "The {object} object has been successfully saved", "successfullyDeletedObject": "The {object} object has been successfully deleted", @@ -613,5 +627,32 @@ "ssoSettings": "SSO settings", "ssoSettingsDescription": "Configure your Single Sign-On settings here.", "sso": "SSO", - "isSso": "Is SSO" + "isSso": "Is SSO", + "suggestion": "Suggestion", + "suggestionColon": "Suggestion:", + "annotationColon": "Annotation:", + "mapping": "Mapping", + "mappingInference": "Mapping inference", + "mappingInferenceTip": "Mapping suggestion is available for this requirement", + "additionalInformation": "Additional information", + "requirementMappingSet": "Mapping", + "requirementMappingSetColon": "Mapping:", + "requirementMappingSets": "Mappings", + "requirementMapping": "Requirement mapping", + "requirementMappings": "Requirement mappings", + "sourceFramework": "Source framework", + "targetFramework": "Target framework", + "baseline": "Baseline", + "createAuditFromBaseline": "Create audit from baseline", + "coverageColon": "Coverage:", + "full": "Full", + "partial": "Partial", + "noResultFound": "No result found", + "filters": "Filters", + "notApplicableScore": "You cannot score if the requirement assessment is not applicable", + "maturity": "Maturity", + "progress": "Progress", + "back": "Back", + "duplicate": "Duplicate", + "duplicateRiskAssessment": "Duplicate the risk assessment" } diff --git a/frontend/messages/es.json b/frontend/messages/es.json index 911a72402..8d9416e11 100644 --- a/frontend/messages/es.json +++ b/frontend/messages/es.json @@ -47,13 +47,16 @@ "analytics": "Analรญticas", "calendar": "Calendario", "threats": "Amenazas", + "threatsColon": "Amenazas:", "referenceControls": "Controles de referencia", + "referenceControlsColon": "Controles de referencia:", "appliedControls": "Controles aplicados", "assets": "Activos", "asset": "Activo", "policy": "Polรญtica", "policies": "Polรญticas", "riskMatrices": "Matrices de riesgo", + "riskMatricesColon": "Matrices de riesgo:", "riskAssessments": "Evaluaciones de riesgos", "riskScenarios": "Escenarios de riesgo", "riskScenario": "Escenario de riesgo", @@ -64,6 +67,7 @@ "evidences": "Evidencias", "evidence": "Evidencia", "frameworks": "Marcos", + "frameworksColon": "Marcos:", "domains": "Dominios", "projects": "Proyectos", "users": "Usuarios", @@ -92,6 +96,7 @@ "referenceControl": "Control de referencia", "appliedControl": "Control aplicado", "provider": "Proveedor", + "providerColon": "Proveedor:", "domain": "Dominio", "urn": "URN", "id": "ID", @@ -99,11 +104,13 @@ "currentLevel": "Nivel actual", "residualLevel": "Nivel residual", "riskMatrix": "Matriz de riesgos", + "riskMatrixColon": "Matriz de riesgo:", "project": "Proyecto", "folder": "Carpeta", "riskAssessment": "Evaluaciรณn de riesgos", "threat": "Amenaza", "framework": "Marco", + "frameworkColon": "Estructura:", "file": "Archivo", "language": "Idioma", "builtin": "Integrado", @@ -115,6 +122,7 @@ "noEntriesFound": "No se encontraron entradas", "rowCount": "Mostrando {start} a {end} de {total}", "status": "Estado", + "result": "Resultado", "effort": "Esfuerzo", "impact": "Impacto", "expiryDate": "Fecha de caducidad", @@ -145,6 +153,7 @@ "isActive": "Estรก activo", "dateJoined": "Fecha de ingreso", "version": "Versiรณn", + "versionColon": "Versiรณn:", "treatment": "Tratamiento", "currentProba": "Probabilidad actual", "currentImpact": "Impacto actual", @@ -346,6 +355,7 @@ "loadingLibraryUploadButton": "Cargando botรณn de carga de la biblioteca", "errorOccuredWhileLoadingLibrary": "Se produjo el siguiente error al cargar el formulario de la biblioteca", "packager": "Empaquetador", + "packagerColon": "Empaquetador:", "dependencies": "Dependencias", "copyright": "Derechos de autor", "addYourLibrary": "Agrega tu propia biblioteca", @@ -454,13 +464,17 @@ "deprecated": "Obsoleto", "done": "Hecho", "nonCompliant": "No conforme", + "nonCompliantMinor": "Menor no conforme", + "nonCompliantMajor": "Mayor no conforme", "partiallyCompliant": "Parcialmente conforme", "compliant": "Conforme", "notApplicable": "No aplicable", + "notAssessed": "No evaluado", "administrator": "Administrador", "domainManager": "Gerente de dominio", "analyst": "Analista", "successfullyCreatedObject": "El objeto {object} se ha creado con รฉxito", + "successfullyDuplicateObject": "El objeto {object} se ha duplicado correctamente", "successfullyUpdatedObject": "El objeto {object} se ha actualizado con รฉxito", "successfullySavedObject": "El objeto {object} se ha guardado con รฉxito", "successfullyDeletedObject": "El objeto {object} se ha eliminado con รฉxito", @@ -536,6 +550,7 @@ "asZIP": "como ZIP", "incoming": "Entrante", "outdated": "Desactualizado", + "flashMode": "Modo destello", "goBackToAudit": "Volver a la auditorรญa", "exportBackupDescription": "Esto serializarรก y crearรก una copia de seguridad de la base de datos, incluidos los usuarios y RBAC. Las pruebas y otros archivos no se incluyen en la copia de seguridad.", "importBackupDescription": "Esto deserializarรก y restaurarรก la base de datos desde una copia de seguridad. Esto sobrescribirรก todos los datos existentes, incluidos los usuarios y RBAC, y no se puede deshacer.", @@ -566,11 +581,37 @@ "advancedSettings": "Ajustes avanzados", "enableSSO": "Habilitar SSO", "failedSSO": "La autenticaciรณn SSO fallรณ; comunรญquese con su administrador", + "UserDoesNotExist": "Usuario no declarado, por favor contacte a su administrador", "loginSSO": "Inicie sesiรณn en SSO", "or": "o", "errorImportingLibrary": "Error al importar la biblioteca", "libraryImportError": "Ocurriรณ un error durante la importaciรณn de su biblioteca.", "ssoSettingsupdated": "Configuraciรณn de SSO actualizada", "ssoSettings": "Configuraciรณn de inicio de sesiรณn รบnico", - "ssoSettingsDescription": "Configure sus ajustes de inicio de sesiรณn รบnico aquรญ." + "ssoSettingsDescription": "Configure sus ajustes de inicio de sesiรณn รบnico aquรญ.", + "sso": "SSO", + "isSso": "es SSO", + "suggestion": "Sugerencia", + "suggestionColon": "Sugerencia:", + "annotationColon": "Anotaciรณn:", + "mappingInference": "Inferencia de mapeo", + "mappingInferenceTip": "La sugerencia de mapeo estรก disponible para este requisito.", + "additionalInformation": "Informaciรณn adicional", + "requirementMapping": "Mapeo de requisitos", + "requirementMappings": "Asignaciones de requisitos", + "sourceFramework": "Marco de trabajo", + "targetFramework": "Marco de destino", + "baseline": "Base", + "createAuditFromBaseline": "Crear auditorรญa desde una base", + "coverageColon": "Cobertura:", + "full": "Lleno", + "partial": "Parcial", + "noResultFound": "No se han encontrado resultados", + "filters": "Filtros", + "notApplicableScore": "No se puede puntuar si la evaluaciรณn de requisitos no es aplicable", + "maturity": "Madurez", + "progress": "Progresiรณn", + "back": "Devolver", + "duplicate": "Duplicar", + "duplicateRiskAssessment": "Duplicar la evaluaciรณn de riesgo" } diff --git a/frontend/messages/fr.json b/frontend/messages/fr.json index bbe6a8c07..6827e998f 100644 --- a/frontend/messages/fr.json +++ b/frontend/messages/fr.json @@ -47,13 +47,16 @@ "analytics": "Analytiques", "calendar": "Calendrier", "threats": "Menaces", + "threatsColon": "Menaces :", "referenceControls": "Mesures de rรฉfรฉrence", + "referenceControlsColon": "Contrรดles de rรฉfรฉrenceย :", "appliedControls": "Mesures appliquรฉes", "assets": "Biens sensibles", "asset": "Bien sensible", "policy": "Politique", "policies": "Politiques", "riskMatrices": "Matrices de risque", + "riskMatricesColon": "Matrices de risquesย :", "riskAssessments": "ร‰valuations de risque", "riskScenarios": "Scรฉnarios de risque", "riskScenario": "Scรฉnario de risque", @@ -64,6 +67,7 @@ "evidences": "Preuves", "evidence": "Preuve", "frameworks": "Rรฉfรฉrentiels", + "frameworksColon": "Rรฉfรฉrentielsย :", "domains": "Domaines", "projects": "Projets", "users": "Utilisateurs", @@ -92,6 +96,7 @@ "referenceControl": "Mesure de rรฉfรฉrence", "appliedControl": "Mesure appliquรฉe", "provider": "Fournisseur", + "providerColon": "Fournisseur :", "domain": "Domaine", "urn": "URN", "id": "ID", @@ -99,11 +104,13 @@ "currentLevel": "Niveau courant", "residualLevel": "Niveau rรฉsiduel", "riskMatrix": "Matrice de risque", + "riskMatrixColon": "Matrice des risquesย :", "project": "Projet", "folder": "Domaine", "riskAssessment": "ร‰valuation de risque", "threat": "Menace", "framework": "Rรฉfรฉrentiel", + "frameworkColon": "Rรฉfรฉrentiel :", "file": "Fichier", "language": "Langue", "builtin": "Intรฉgrรฉ", @@ -115,6 +122,7 @@ "noEntriesFound": "Aucune entrรฉe trouvรฉe", "rowCount": "Affichage de {start} ร  {end} sur {total}", "status": "Statut", + "result": "Rรฉsultat", "effort": "Effort", "impact": "Impact", "expiryDate": "Date d'expiration", @@ -145,6 +153,7 @@ "isActive": "Actif", "dateJoined": "Date d'adhรฉsion", "version": "Version", + "versionColon": "Version :", "treatment": "Traitement", "currentProba": "Probabilitรฉ courante", "currentImpact": "Impact courant", @@ -346,6 +355,7 @@ "loadingLibraryUploadButton": "Chargement du bouton de tรฉlรฉchargement de la bibliothรจque", "errorOccuredWhileLoadingLibrary": "L'erreur suivante s'est produite lors du chargement du formulaire de bibliothรจque", "packager": "ร‰diteur", + "packagerColon": "Fournisseurย :", "dependencies": "Dรฉpendances", "copyright": "Copyright", "addYourLibrary": "Ajouter votre propre bibliothรจque", @@ -409,7 +419,7 @@ "riskAcceptanceJusitficationHelpText": "Justification de l'acceptation du risque. Seul l'approbateur peut modifier ce champ.", "approverHelpText": "Identitรฉ du propriรฉtaire du risque et de lโ€™approbateur", "riskAcceptanceRiskScenariosHelpText": "Les scรฉnarios de risques acceptรฉs", - "attachmentHelpText": "Fichier de preuve (ex. capture d'รฉcran, fichier journal, etc.)", + "attachmentHelpText": "Fichier de preuve (ex. capture d'รฉcran, fichier journal, etc.). Quand le champ est sรฉlectionnรฉ, vous pouvez y coller une copie d'รฉcran de votre presse-papiers.", "attachmentWarningText": "ATTENTION :ย le tรฉlรฉchargement d'un nouveau fichier รฉcrasera celui existant", "isActiveHelpText": "Dรฉsigne si cet utilisateur doit รชtre traitรฉ comme actif", "helloThere": "Bonjour ๐Ÿ‘‹", @@ -454,13 +464,17 @@ "deprecated": "Dรฉprรฉciรฉ", "done": "Terminรฉ", "nonCompliant": "Non conforme", + "nonCompliantMinor": "Mineur non conforme", + "nonCompliantMajor": "Majeure non conforme", "partiallyCompliant": "Partiellement conforme", "compliant": "Conforme", "notApplicable": "Non applicable", + "notAssessed": "Non รฉvaluรฉe", "administrator": "Administrateur", "domainManager": "Gestionnaire de domaine", "analyst": "Analyste", "successfullyCreatedObject": "L'objet {object} a รฉtรฉ crรฉรฉ avec succรจs", + "successfullyDuplicateObject": "L'objet {object} a รฉtรฉ dupliquรฉ avec succรจs", "successfullyUpdatedObject": "L'objet {object} a รฉtรฉ mis ร  jour avec succรจs", "successfullySavedObject": "L'objet {object} a รฉtรฉ enregistrรฉ avec succรจs", "successfullyDeletedObject": "L'objet {object} a รฉtรฉ supprimรฉ avec succรจs", @@ -536,6 +550,7 @@ "asZIP": "en ZIP", "incoming": "En approche", "outdated": "Dรฉpassรฉ", + "flashMode": "Mode flash", "goBackToAudit": "Retour ร  l'audit", "exportBackupDescription": "Cela va sรฉrialiser et crรฉer une sauvegarde de la base de donnรฉes, y compris les utilisateurs et RBAC. Les preuves et autres fichiers ne sont pas inclus dans la sauvegarde.", "importBackupDescription": "Cela va dรฉsรฉrialiser et restaurer la base de donnรฉes ร  partir d'une sauvegarde. Cela va รฉcraser toutes les donnรฉes existantes, y compris les utilisateurs et RBAC. Cette action est irrรฉversible.", @@ -566,11 +581,37 @@ "advancedSettings": "Rรฉglages avancรฉs", "enableSSO": "Activer le SSO", "failedSSO": "L'authentification SSO a รฉchouรฉ, veuillez contacter votre administrateur", + "UserDoesNotExist": "Utilisateur non dรฉclarรฉ, merci de contacter votre administrateur", "loginSSO": "Connectez-vous en SSO", "or": "ou", "errorImportingLibrary": "Erreur lors de l'importation de la bibliothรจque", "libraryImportError": "Une erreur s'est produite lors de l'importation de la bibliothรจque", "ssoSettingsupdated": "Paramรจtres SSO mis ร  jour", "ssoSettings": "Paramรจtres SSO", - "ssoSettingsDescription": "Configurez vos paramรจtres d'authentification unique ici." + "ssoSettingsDescription": "Configurez vos paramรจtres d'authentification unique ici.", + "sso": "SSO", + "isSso": "Est SSO", + "suggestion": "Suggestion", + "suggestionColon": "Suggestion :", + "annotationColon": "Annotation :", + "mappingInference": "Infรฉrence de mapping", + "mappingInferenceTip": "Une suggestion de mappage est disponible pour cette exigence", + "additionalInformation": "Informations Complรฉmentaires", + "requirementMapping": "Cartographie des exigences", + "requirementMappings": "Cartographies des exigences", + "sourceFramework": "Rรฉfรฉrentiel source", + "targetFramework": "Rรฉfรฉrentiel cible", + "baseline": "Rรฉfรฉrence de base", + "createAuditFromBaseline": "Crรฉer un audit ร  partir d'une base", + "coverageColon": "Couverture :", + "full": "Complรจte", + "partial": "Partielle", + "noResultFound": "Aucun rรฉsultat trouvรฉ", + "filters": "Filtres", + "notApplicableScore": "Vous ne pouvez pas scorer si l'รฉvaluation des exigences n'est pas applicable", + "maturity": "Maturitรฉ", + "progress": "Progression", + "back": "Retour", + "duplicate": "Dupliquer", + "duplicateRiskAssessment": "Dupliquer lโ€™รฉvaluation de risque" } diff --git a/frontend/messages/it.json b/frontend/messages/it.json index 07585312c..0c55986b4 100644 --- a/frontend/messages/it.json +++ b/frontend/messages/it.json @@ -47,13 +47,16 @@ "analytics": "Analisi", "calendar": "Calendario", "threats": "Minacce", + "threatsColon": "Minacce:", "referenceControls": "Controlli di riferimento", + "referenceControlsColon": "Controlli di riferimento:", "appliedControls": "Controlli applicati", "assets": "Risorse", "asset": "Risorsa", "policy": "Politica", "policies": "Politiche", "riskMatrices": "Matrici di rischio", + "riskMatricesColon": "Matrici di rischio:", "riskAssessments": "Valutazioni del rischio", "riskScenarios": "Scenari di rischio", "riskScenario": "Scenario di rischio", @@ -64,6 +67,7 @@ "evidences": "Prove", "evidence": "Prova", "frameworks": "Framework", + "frameworksColon": "Quadri:", "domains": "Domini", "projects": "Progetti", "users": "Utenti", @@ -92,6 +96,7 @@ "referenceControl": "Controllo di riferimento", "appliedControl": "Controllo applicato", "provider": "Fornitore", + "providerColon": "Fornitore:", "domain": "Dominio", "urn": "URN", "id": "ID", @@ -99,11 +104,13 @@ "currentLevel": "Livello attuale", "residualLevel": "Livello residuo", "riskMatrix": "Matrice di rischio", + "riskMatrixColon": "Matrice del rischio:", "project": "Progetto", "folder": "Cartella", "riskAssessment": "Valutazione del rischio", "threat": "Minaccia", "framework": "Framework", + "frameworkColon": "Struttura:", "file": "File", "language": "Lingua", "builtin": "Integrato", @@ -115,6 +122,7 @@ "noEntriesFound": "Nessuna voce trovata", "rowCount": "Mostra da {start} a {end} di {total}", "status": "Stato", + "result": "Risultato", "effort": "Sforzo", "impact": "Impatto", "expiryDate": "Data di scadenza", @@ -145,6 +153,7 @@ "isActive": "รˆ attivo", "dateJoined": "Data di adesione", "version": "Versione", + "versionColon": "Versione:", "treatment": "Trattamento", "currentProba": "Probabilitร  attuale", "currentImpact": "Impatto attuale", @@ -346,6 +355,7 @@ "loadingLibraryUploadButton": "Caricamento pulsante di caricamento della biblioteca", "errorOccuredWhileLoadingLibrary": "Si รจ verificato il seguente errore durante il caricamento del modulo della biblioteca", "packager": "Impacchettatore", + "packagerColon": "Confezionatore:", "dependencies": "Dipendenze", "copyright": "Copyright", "addYourLibrary": "Aggiungi la tua biblioteca", @@ -454,13 +464,17 @@ "deprecated": "Deprecato", "done": "Fatto", "nonCompliant": "Non conforme", + "nonCompliantMinor": "Minore non conforme", + "nonCompliantMajor": "Maggiore non conforme", "partiallyCompliant": "Parzialmente conforme", "compliant": "Conforme", "notApplicable": "Non applicabile", + "notAssessed": "Non valutato", "administrator": "Amministratore", "domainManager": "Manager di dominio", "analyst": "Analista", "successfullyCreatedObject": "L'oggetto {object} รจ stato creato con successo", + "successfullyDuplicateObject": "L'oggetto {object} รจ stato duplicato con successo", "successfullyUpdatedObject": "L'oggetto {object} รจ stato aggiornato con successo", "successfullySavedObject": "L'oggetto {object} รจ stato salvato con successo", "successfullyDeletedObject": "L'oggetto {object} รจ stato eliminato con successo", @@ -536,6 +550,7 @@ "asZIP": "come ZIP", "incoming": "In arrivo", "outdated": "Obsoleto", + "flashMode": "Modalitร  flash", "goBackToAudit": "Torniamo all'audit", "exportBackupDescription": "Questo serializzerร  e creerร  un backup del database, inclusi utenti e RBAC. Le prove e altri file non sono inclusi nel backup.", "importBackupDescription": "Questo deserializzerร  e ripristinerร  il database da un backup. Questo sovrascriverร  tutti i dati esistenti, inclusi utenti e RBAC, e non puรฒ essere annullato.", @@ -566,11 +581,37 @@ "advancedSettings": "Impostazioni avanzate", "enableSSO": "Abilita SSO", "failedSSO": "Autenticazione SSO non riuscita, contatta il tuo amministratore", + "UserDoesNotExist": "Utente non dichiarato, contatta il tuo amministratore", "loginSSO": "Accedi a SSO", "or": "O", "errorImportingLibrary": "Errore durante l'importazione della biblioteca", "libraryImportError": "Si รจ verificato un errore durante l'importazione della tua biblioteca.", "ssoSettingsupdated": "Impostazioni SSO aggiornate", "ssoSettings": "Impostazioni SSO", - "ssoSettingsDescription": "Configura qui le tue impostazioni Single Sign-On." + "ssoSettingsDescription": "Configura qui le tue impostazioni Single Sign-On.", + "sso": "SSO", + "isSso": "รˆ SSO", + "suggestion": "Suggerimento", + "suggestionColon": "Suggerimento:", + "annotationColon": "Annotazione:", + "mappingInference": "Inferenza di mappatura", + "mappingInferenceTip": "Per questo requisito รจ disponibile un suggerimento di mappatura", + "additionalInformation": "Informazioni aggiuntive", + "requirementMapping": "Mappatura dei requisiti", + "requirementMappings": "Mappature dei requisiti", + "sourceFramework": "Quadro di origine", + "targetFramework": "Quadro di destinazione", + "baseline": "Linea di base", + "createAuditFromBaseline": "Crea audit da una base", + "coverageColon": "Copertura:", + "full": "Pieno", + "partial": "Parziale", + "noResultFound": "nessun risultato trovato", + "filters": "Filtri", + "notApplicableScore": "Non รจ possibile ottenere un punteggio se la valutazione dei requisiti non รจ applicabile", + "maturity": "Scadenza", + "progress": "Progressione", + "back": "Ritorno", + "duplicate": "Duplicare", + "duplicateRiskAssessment": "Duplicare la valutazione del rischio" } diff --git a/frontend/messages/nl.json b/frontend/messages/nl.json index 25b81b885..ce1a4bb30 100644 --- a/frontend/messages/nl.json +++ b/frontend/messages/nl.json @@ -47,13 +47,16 @@ "analytics": "Analytics", "calendar": "Kalender", "threats": "Bedreigingen", + "threatsColon": "Gevaren:", "referenceControls": "Referentiecontroles", + "referenceControlsColon": "Referentiecontroles:", "appliedControls": "Toegepaste controles", "assets": "Middelen", "asset": "Middel", "policy": "Beleid", "policies": "Beleiden", "riskMatrices": "Risicomatrices", + "riskMatricesColon": "Risicomatrices:", "riskAssessments": "Risicobeoordelingen", "riskScenarios": "Risicoscenario's", "riskScenario": "Risicoscenario", @@ -64,6 +67,7 @@ "evidences": "Bewijzen", "evidence": "Bewijs", "frameworks": "Kaders", + "frameworksColon": "Kaders:", "domains": "Domeinen", "projects": "Projecten", "users": "Gebruikers", @@ -92,6 +96,7 @@ "referenceControl": "Referentiecontrole", "appliedControl": "Toegepaste controle", "provider": "Provider", + "providerColon": "Aanbieder:", "domain": "Domein", "urn": "URN", "id": "ID", @@ -99,11 +104,13 @@ "currentLevel": "Huidig niveau", "residualLevel": "Restniveau", "riskMatrix": "Risicomatrix", + "riskMatrixColon": "Risicomatrix:", "project": "Project", "folder": "Map", "riskAssessment": "Risicobeoordeling", "threat": "Bedreiging", "framework": "Kader", + "frameworkColon": "Kader:", "file": "Bestand", "language": "Taal", "builtin": "Ingebouwd", @@ -115,6 +122,7 @@ "noEntriesFound": "Geen ingangen gevonden", "rowCount": "Toont {start} tot {end} van {total}", "status": "Status", + "result": "Resultaat", "effort": "Inspanning", "impact": "Impact", "expiryDate": "Vervaldatum", @@ -145,6 +153,7 @@ "isActive": "Is actief", "dateJoined": "Datum toegevoegd", "version": "Versie", + "versionColon": "Versie:", "treatment": "Behandeling", "currentProba": "Huidige waarschijnlijkheid", "currentImpact": "Huidige impact", @@ -346,6 +355,7 @@ "loadingLibraryUploadButton": "Bibliotheek uploadknop laden", "errorOccuredWhileLoadingLibrary": "De volgende fout deed zich voor tijdens het laden van het bibliotheekformulier", "packager": "Pakkageerder", + "packagerColon": "Verpakker:", "dependencies": "Afhankelijkheden", "copyright": "Auteursrecht", "addYourLibrary": "Voeg je eigen bibliotheek toe", @@ -454,13 +464,17 @@ "deprecated": "Verouderd", "done": "Gedaan", "nonCompliant": "Niet compliant", + "nonCompliantMinor": "Niet-conforme minor", + "nonCompliantMajor": "Niet-conforme majoor", "partiallyCompliant": "Gedeeltelijk compliant", "compliant": "Compliant", "notApplicable": "Niet van toepassing", + "notAssessed": "Niet beoordeeld", "administrator": "Beheerder", "domainManager": "Domeinbeheerder", "analyst": "Analist", "successfullyCreatedObject": "Het {object} object is succesvol aangemaakt", + "successfullyDuplicateObject": "Het object {object} is succesvol gedupliceerd", "successfullyUpdatedObject": "Het {object} object is succesvol bijgewerkt", "successfullySavedObject": "Het {object} object is succesvol opgeslagen", "successfullyDeletedObject": "Het {object} object is succesvol verwijderd", @@ -536,6 +550,7 @@ "asZIP": "als ZIP", "incoming": "Binnenkomend", "outdated": "Verouderd", + "flashMode": "Flash-modus", "goBackToAudit": "Ga terug naar de controle", "exportBackupDescription": "Dit zal de database serialiseren en een back-up maken, inclusief gebruikers en RBAC. Bewijzen en andere bestanden zijn niet inbegrepen in de back-up.", "importBackupDescription": "Dit zal de database deserialiseren en herstellen vanaf een back-up. Dit zal alle bestaande gegevens, inclusief gebruikers en RBAC, overschrijven en kan niet ongedaan worden gemaakt.", @@ -566,11 +581,37 @@ "advancedSettings": "Geavanceerde instellingen", "enableSSO": "SSO inschakelen", "failedSSO": "SSO-authenticatie mislukt. Neem contact op met uw beheerder", + "UserDoesNotExist": "Gebruiker niet aangegeven. Neem contact op met uw beheerder", "loginSSO": "Log in op SSO", "or": "of", "errorImportingLibrary": "Fout bij het importeren van de bibliotheek", "libraryImportError": "Er is een fout opgetreden tijdens het importeren van je bibliotheek.", "ssoSettingsupdated": "SSO-instellingen bijgewerkt", "ssoSettings": "SSO-instellingen", - "ssoSettingsDescription": "Configureer hier uw Single Sign-On-instellingen." + "ssoSettingsDescription": "Configureer hier uw Single Sign-On-instellingen.", + "sso": "SSO", + "isSso": "Is SSO", + "suggestion": "Suggestie", + "suggestionColon": "Suggestie:", + "annotationColon": "Annotatie:", + "mappingInference": "Inferentie in kaart brengen", + "mappingInferenceTip": "Voor deze vereiste is een mappingsuggestie beschikbaar", + "additionalInformation": "Extra informatie", + "requirementMapping": "Vereisten in kaart brengen", + "requirementMappings": "Vereistentoewijzingen", + "sourceFramework": "Bronkader", + "targetFramework": "Doelkader", + "baseline": "Basislijn", + "createAuditFromBaseline": "Creรซer audit vanuit een basis", + "coverageColon": "Dekking:", + "full": "Vol", + "partial": "Gedeeltelijk", + "noResultFound": "geen resultaat gevonden", + "filters": "Filters", + "notApplicableScore": "U kunt niet scoren als de eisenbeoordeling niet van toepassing is", + "maturity": "Volwassenheid", + "progress": "Progressie", + "back": "Opbrengst", + "duplicate": "Duplicaat", + "duplicateRiskAssessment": "Dupliceer de risicobeoordeling" } diff --git a/frontend/messages/pl.json b/frontend/messages/pl.json index a1e281136..1d36173e8 100644 --- a/frontend/messages/pl.json +++ b/frontend/messages/pl.json @@ -47,13 +47,16 @@ "analytics": "Analizy", "calendar": "Kalendarz", "threats": "Zagroลผenia", + "threatsColon": "Zagroลผenia:", "referenceControls": "Kontrole referencyjne", + "referenceControlsColon": "Kontrole referencyjne:", "appliedControls": "Zastosowane kontrole", "assets": "Zasoby", "asset": "Zasรณb", "policy": "Polityka", "policies": "Polityki", "riskMatrices": "Macierze ryzyka", + "riskMatricesColon": "Matryce ryzyka:", "riskAssessments": "Oceny ryzyka", "riskScenarios": "Scenariusze ryzyka", "riskScenario": "Scenariusz ryzyka", @@ -64,6 +67,7 @@ "evidences": "Dowody", "evidence": "Dowรณd", "frameworks": "Ramy", + "frameworksColon": "Ramy:", "domains": "Domeny", "projects": "Projekty", "users": "Uลผytkownicy", @@ -92,6 +96,7 @@ "referenceControl": "Kontrola referencyjna", "appliedControl": "Zastosowana kontrola", "provider": "Dostawca", + "providerColon": "Dostawca:", "domain": "Domena", "urn": "URN", "id": "ID", @@ -99,11 +104,13 @@ "currentLevel": "Obecny poziom", "residualLevel": "Poziom resztkowy", "riskMatrix": "Macierz ryzyka", + "riskMatrixColon": "Matryca ryzyka:", "project": "Projekt", "folder": "Folder", "riskAssessment": "Ocena ryzyka", "threat": "Zagroลผenie", "framework": "Ramy", + "frameworkColon": "Struktura:", "file": "Plik", "language": "Jฤ™zyk", "builtin": "Wbudowany", @@ -115,6 +122,7 @@ "noEntriesFound": "Nie znaleziono wpisรณw", "rowCount": "Pokazano {start} do {end} z {total}", "status": "Status", + "result": "Wynik", "effort": "Wysiล‚ek", "impact": "Wpล‚yw", "expiryDate": "Data wygaล›niฤ™cia", @@ -145,6 +153,7 @@ "isActive": "Aktywny", "dateJoined": "Data doล‚ฤ…czenia", "version": "Wersja", + "versionColon": "Wersja:", "treatment": "Leczenie", "currentProba": "Obecne prawdopodobieล„stwo", "currentImpact": "Obecny wpล‚yw", @@ -346,6 +355,7 @@ "loadingLibraryUploadButton": "ลadowanie przycisku przesyล‚ania biblioteki", "errorOccuredWhileLoadingLibrary": "Wystฤ…piล‚ nastฤ™pujฤ…cy bล‚ฤ…d podczas ล‚adowania formularza biblioteki", "packager": "Paker", + "packagerColon": "Pakowacz:", "dependencies": "Zaleลผnoล›ci", "copyright": "Prawa autorskie", "addYourLibrary": "Dodaj wล‚asnฤ… bibliotekฤ™", @@ -454,13 +464,17 @@ "deprecated": "Przestarzaล‚y", "done": "Zrobione", "nonCompliant": "Niezgodny", + "nonCompliantMinor": "Niezgodny nieletni", + "nonCompliantMajor": "Major niezgodny", "partiallyCompliant": "Czฤ™ล›ciowo zgodny", "compliant": "Zgodny", "notApplicable": "Nie dotyczy", + "notAssessed": "Nie oceniane", "administrator": "Administrator", "domainManager": "Menadลผer domeny", "analyst": "Analityk", "successfullyCreatedObject": "Obiekt {object} zostaล‚ pomyล›lnie utworzony", + "successfullyDuplicateObject": "Obiekt {object} zostaล‚ pomyล›lnie zduplikowany", "successfullyUpdatedObject": "Obiekt {object} zostaล‚ pomyล›lnie zaktualizowany", "successfullySavedObject": "Obiekt {object} zostaล‚ pomyล›lnie zapisany", "successfullyDeletedObject": "Obiekt {object} zostaล‚ pomyล›lnie usuniฤ™ty", @@ -613,5 +627,28 @@ "ssoSettings": "Ustawienia SSO", "ssoSettingsDescription": "Skonfiguruj ustawienia Single Sign-On tutaj.", "sso": "SSO", - "isSso": "Czy SSO" + "isSso": "Czy SSO", + "suggestion": "Sugestia", + "suggestionColon": "Sugestia:", + "annotationColon": "Adnotacja:", + "mappingInference": "Wnioskowanie mapujฤ…ce", + "mappingInferenceTip": "Dla tego wymagania dostฤ™pna jest sugestia mapowania", + "additionalInformation": "Dodatkowe informacje", + "requirementMapping": "Mapowanie wymagaล„", + "requirementMappings": "Mapowania wymagaล„", + "sourceFramework": "Ramy ลบrรณdล‚owa", + "targetFramework": "Ramy docelowa", + "baseline": "Linia bazowa", + "createAuditFromBaseline": "Utwรณrz audyt od poziomu bazowego", + "coverageColon": "Zasiฤ™g:", + "full": "Peล‚ny", + "partial": "Czฤ™ล›ciowy", + "noResultFound": "nie znaleziono ลผadnych wynikรณw", + "filters": "Filtry", + "notApplicableScore": "Nie moลผesz zdobyฤ‡ punktรณw, jeล›li ocena wymagaล„ nie ma zastosowania", + "maturity": "Dojrzaล‚oล›ฤ‡", + "progress": "Postฤ™p", + "back": "Powrรณt", + "duplicate": "Duplikowaฤ‡", + "duplicateRiskAssessment": "Powieliฤ‡ ocenฤ™ ryzyka" } diff --git a/frontend/messages/pt.json b/frontend/messages/pt.json index 8aff26c50..fe5bc885b 100644 --- a/frontend/messages/pt.json +++ b/frontend/messages/pt.json @@ -47,13 +47,16 @@ "analytics": "Anรกlises", "calendar": "Calendรกrio", "threats": "Ameaรงas", + "threatsColon": "Ameaรงas:", "referenceControls": "Controles de referรชncia", + "referenceControlsColon": "Controles de referรชncia:", "appliedControls": "Controles aplicados", "assets": "Ativos", "asset": "Ativo", "policy": "Polรญtica", "policies": "Polรญticas", "riskMatrices": "Matrizes de risco", + "riskMatricesColon": "Matrizes de risco:", "riskAssessments": "Avaliaรงรตes de risco", "riskScenarios": "Cenรกrios de risco", "riskScenario": "Cenรกrio de risco", @@ -64,6 +67,7 @@ "evidences": "Evidรชncias", "evidence": "Evidรชncia", "frameworks": "Frameworks", + "frameworksColon": "Estruturas:", "domains": "Domรญnios", "projects": "Projetos", "users": "Usuรกrios", @@ -92,6 +96,7 @@ "referenceControl": "Controle de referรชncia", "appliedControl": "Controle aplicado", "provider": "Fornecedor", + "providerColon": "Fornecedor:", "domain": "Domรญnio", "urn": "URN", "id": "ID", @@ -99,11 +104,13 @@ "currentLevel": "Nรญvel atual", "residualLevel": "Nรญvel residual", "riskMatrix": "Matriz de risco", + "riskMatrixColon": "Matriz de risco:", "project": "Projeto", "folder": "Pasta", "riskAssessment": "Avaliaรงรฃo de risco", "threat": "Ameaรงa", "framework": "Framework", + "frameworkColon": "Estrutura:", "file": "Arquivo", "language": "Idioma", "builtin": "Integrado", @@ -115,6 +122,7 @@ "noEntriesFound": "Nenhuma entrada encontrada", "rowCount": "Mostrando {start} a {end} de {total}", "status": "Status", + "result": "Resultado", "effort": "Esforรงo", "impact": "Impacto", "expiryDate": "Data de expiraรงรฃo", @@ -145,6 +153,7 @@ "isActive": "Estรก ativo", "dateJoined": "Data de adesรฃo", "version": "Versรฃo", + "versionColon": "Versรฃo:", "treatment": "Tratamento", "currentProba": "Probabilidade atual", "currentImpact": "Impacto atual", @@ -346,6 +355,7 @@ "loadingLibraryUploadButton": "Carregando o botรฃo de upload de biblioteca", "errorOccuredWhileLoadingLibrary": "O seguinte erro ocorreu ao carregar o formulรกrio da biblioteca", "packager": "Empacotador", + "packagerColon": "Empacotador:", "dependencies": "Dependรชncias", "copyright": "Direitos autorais", "addYourLibrary": "Adicione sua prรณpria biblioteca", @@ -454,13 +464,17 @@ "deprecated": "Descontinuado", "done": "Concluรญdo", "nonCompliant": "Nรฃo conforme", + "nonCompliantMinor": "Menor nรฃo conforme", + "nonCompliantMajor": "Major nรฃo conforme", "partiallyCompliant": "Parcialmente conforme", "compliant": "Conforme", "notApplicable": "Nรฃo aplicรกvel", + "notAssessed": "Nรฃo avaliado", "administrator": "Administrador", "domainManager": "Gerente de domรญnio", "analyst": "Analista", "successfullyCreatedObject": "O objeto {object} foi criado com sucesso", + "successfullyDuplicateObject": "O objeto {object} foi duplicado com sucesso", "successfullyUpdatedObject": "O objeto {object} foi atualizado com sucesso", "successfullySavedObject": "O objeto {object} foi salvo com sucesso", "successfullyDeletedObject": "O objeto {object} foi excluรญdo com sucesso", @@ -536,6 +550,7 @@ "asZIP": "em ZIP", "incoming": "aproximaรงรฃo", "outdated": "Desatualizado", + "flashMode": "Modo de flash", "goBackToAudit": "Volte para a auditoria", "exportBackupDescription": "Isso irรก serializar e criar um backup do banco de dados, incluindo usuรกrios e RBAC. Evidรชncias e outros arquivos nรฃo estรฃo incluรญdos no backup.", "importBackupDescription": "Isso irรก desserializar e restaurar o banco de dados a partir de um backup. Isso substituirรก todos os dados existentes, incluindo usuรกrios e RBAC, e nรฃo poderรก ser desfeito.", @@ -566,11 +581,37 @@ "advancedSettings": "Configuraรงรตes avanรงadas", "enableSSO": "Habilitar SSO", "failedSSO": "Falha na autenticaรงรฃo SSO. Entre em contato com seu administrador", + "UserDoesNotExist": "Usuรกrio nรฃo declarado, entre em contato com seu administrador", "loginSSO": "Faรงa login no SSO", "or": "ou", "errorImportingLibrary": "Erro durante a importaรงรฃo da biblioteca", "libraryImportError": "Ocorreu um erro durante a importaรงรฃo da biblioteca", "ssoSettingsupdated": "Configuraรงรตes de SSO atualizadas", "ssoSettings": "Configuraรงรตes de SSO", - "ssoSettingsDescription": "Defina suas configuraรงรตes de logon รบnico aqui." + "ssoSettingsDescription": "Defina suas configuraรงรตes de logon รบnico aqui.", + "sso": "SSO", + "isSso": "ร‰ SSO", + "suggestion": "Sugestรฃo", + "suggestionColon": "Sugestรฃo:", + "annotationColon": "Anotaรงรฃo:", + "mappingInference": "Inferรชncia de mapeamento", + "mappingInferenceTip": "A sugestรฃo de mapeamento estรก disponรญvel para este requisito", + "additionalInformation": "Informaรงรตes adicionais", + "requirementMapping": "Mapeamento de requisitos", + "requirementMappings": "Mapeamentos de requisitos", + "sourceFramework": "Quadro de origem", + "targetFramework": "Quadro de objectivos", + "baseline": "Linha de base", + "createAuditFromBaseline": "Criar auditoria a partir de uma base", + "coverageColon": "Cobertura:", + "full": "Completo", + "partial": "Parcial", + "noResultFound": "nenhum resultado encontrado", + "filters": "Filtros", + "notApplicableScore": "Vocรช nรฃo pode pontuar se a avaliaรงรฃo de requisitos nรฃo for aplicรกvel", + "maturity": "Maturidade", + "progress": "Progressรฃo", + "back": "Retornar", + "duplicate": "Duplicado", + "duplicateRiskAssessment": "Duplicar a avaliaรงรฃo de risco" } diff --git a/frontend/package-lock.json b/frontend/package-lock.json deleted file mode 100644 index 3c3e06273..000000000 --- a/frontend/package-lock.json +++ /dev/null @@ -1,18472 +0,0 @@ -{ - "name": "frontend", - "version": "0.0.1", - "lockfileVersion": 3, - "requires": true, - "packages": { - "": { - "name": "frontend", - "version": "0.0.1", - "hasInstallScript": true, - "dependencies": { - "@floating-ui/dom": "^1.5.1", - "@fortawesome/fontawesome-free": "^6.5.1", - "@inlang/paraglide-js-adapter-vite": "^1.2.14", - "dotenv": "^16.4.1", - "echarts": "^5.4.3", - "svelte-multiselect": "^10.2.0" - }, - "devDependencies": { - "@inlang/paraglide-js": "1.2.5", - "@playwright/test": "^1.40.1", - "@skeletonlabs/skeleton": "^2.3.0", - "@skeletonlabs/tw-plugin": "^0.2.2", - "@storybook/addon-essentials": "^7.6.17", - "@storybook/addon-interactions": "^7.6.17", - "@storybook/addon-links": "^7.6.17", - "@storybook/blocks": "^7.6.17", - "@storybook/svelte": "^7.6.17", - "@storybook/sveltekit": "^7.6.17", - "@storybook/test": "^7.6.17", - "@sveltejs/adapter-auto": "^3.0.0", - "@sveltejs/adapter-node": "^4.0.1", - "@sveltejs/kit": "^2.0.0", - "@sveltejs/vite-plugin-svelte": "^3.0.0", - "@tailwindcss/forms": "^0.5.3", - "@tailwindcss/typography": "^0.5.9", - "@testing-library/jest-dom": "^6.1.4", - "@testing-library/svelte": "^4.0.4", - "@types/node": "^20.8.7", - "@typescript-eslint/eslint-plugin": "^5.62.0", - "@typescript-eslint/parser": "^5.62.0", - "@vincjo/datatables": "^1.14.0", - "@vitest/coverage-v8": "^1.1.1", - "@vitest/ui": "^1.1.1", - "autoprefixer": "^10.4.14", - "eslint": "^8.53.0", - "eslint-config-prettier": "^8.5.0", - "eslint-plugin-storybook": "^0.8.0", - "eslint-plugin-svelte": "^2.35.1", - "jsdom": "^22.1.0", - "postcss": "^8.4.23", - "prettier": "^2.8.0", - "prettier-plugin-svelte": "^2.10.1", - "react": "^18.2.0", - "react-dom": "^18.2.0", - "storybook": "^7.6.17", - "svelte": "^4.0.0", - "svelte-check": "^3.4.3", - "svelte-typewriter": "^3.2.3", - "sveltekit-flash-message": "^2.2.1", - "sveltekit-rate-limiter": "^0.4.1", - "sveltekit-superforms": "^2.12.5", - "tailwindcss": "^3.3.2", - "tslib": "^2.4.1", - "typescript": "^5.0.0", - "vite": "^5.0.0", - "vite-plugin-tailwind-purgecss": "^0.2.0", - "vitest": "^1.1.1", - "zod": "^3.22.2" - } - }, - "node_modules/@adobe/css-tools": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@adobe/css-tools/-/css-tools-4.4.0.tgz", - "integrity": "sha512-Ff9+ksdQQB3rMncgqDK78uLznstjyfIf2Arnh22pW8kBpLs6rpKDwgnZT46hin5Hl1WzazzK64DOrhSwYpS7bQ==", - "dev": true - }, - "node_modules/@alloc/quick-lru": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz", - "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@ampproject/remapping": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz", - "integrity": "sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==", - "dependencies": { - "@jridgewell/gen-mapping": "^0.3.5", - "@jridgewell/trace-mapping": "^0.3.24" - }, - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/@arktype/schema": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/@arktype/schema/-/schema-0.1.7.tgz", - "integrity": "sha512-xeaS/0EiuT5kUQGC9DqLv0vnjFpbEILmaBQF9CrLhamR0v8c+eUNM6z5u6DgzqPZbDFMmtfiCdikUTT1VueWXw==", - "dev": true, - "optional": true, - "dependencies": { - "@arktype/util": "0.0.45" - } - }, - "node_modules/@arktype/util": { - "version": "0.0.45", - "resolved": "https://registry.npmjs.org/@arktype/util/-/util-0.0.45.tgz", - "integrity": "sha512-WPzoElBZK1NxYzT8PnoNsnulohgRU7PRKkJUoqeGvuFqP/Egv7tRNnvcJCE0MboHUnWaPTy/5Psjm/4iOvbWiw==", - "dev": true, - "optional": true - }, - "node_modules/@aw-web-design/x-default-browser": { - "version": "1.4.126", - "resolved": "https://registry.npmjs.org/@aw-web-design/x-default-browser/-/x-default-browser-1.4.126.tgz", - "integrity": "sha512-Xk1sIhyNC/esHGGVjL/niHLowM0csl/kFO5uawBy4IrWwy0o1G8LGt3jP6nmWGz+USxeeqbihAmp/oVZju6wug==", - "dev": true, - "dependencies": { - "default-browser-id": "3.0.0" - }, - "bin": { - "x-default-browser": "bin/x-default-browser.js" - } - }, - "node_modules/@babel/code-frame": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.24.7.tgz", - "integrity": "sha512-BcYH1CVJBO9tvyIZ2jVeXgSIMvGZ2FDRvDdOIVQyuklNKSsx+eppDEBq/g47Ayw+RqNFE+URvOShmf+f/qwAlA==", - "dev": true, - "dependencies": { - "@babel/highlight": "^7.24.7", - "picocolors": "^1.0.0" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/compat-data": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/compat-data/-/compat-data-7.24.7.tgz", - "integrity": "sha512-qJzAIcv03PyaWqxRgO4mSU3lihncDT296vnyuE2O8uA4w3UHWI4S3hgeZd1L8W1Bft40w9JxJ2b412iDUFFRhw==", - "dev": true, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/core": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.24.7.tgz", - "integrity": "sha512-nykK+LEK86ahTkX/3TgauT0ikKoNCfKHEaZYTUVupJdTLzGNvrblu4u6fa7DhZONAltdf8e662t/abY8idrd/g==", - "dev": true, - "dependencies": { - "@ampproject/remapping": "^2.2.0", - "@babel/code-frame": "^7.24.7", - "@babel/generator": "^7.24.7", - "@babel/helper-compilation-targets": "^7.24.7", - "@babel/helper-module-transforms": "^7.24.7", - "@babel/helpers": "^7.24.7", - "@babel/parser": "^7.24.7", - "@babel/template": "^7.24.7", - "@babel/traverse": "^7.24.7", - "@babel/types": "^7.24.7", - "convert-source-map": "^2.0.0", - "debug": "^4.1.0", - "gensync": "^1.0.0-beta.2", - "json5": "^2.2.3", - "semver": "^6.3.1" - }, - "engines": { - "node": ">=6.9.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/babel" - } - }, - "node_modules/@babel/generator": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.24.7.tgz", - "integrity": "sha512-oipXieGC3i45Y1A41t4tAqpnEZWgB/lC6Ehh6+rOviR5XWpTtMmLN+fGjz9vOiNRt0p6RtO6DtD0pdU3vpqdSA==", - "dev": true, - "dependencies": { - "@babel/types": "^7.24.7", - "@jridgewell/gen-mapping": "^0.3.5", - "@jridgewell/trace-mapping": "^0.3.25", - "jsesc": "^2.5.1" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-annotate-as-pure": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-annotate-as-pure/-/helper-annotate-as-pure-7.24.7.tgz", - "integrity": "sha512-BaDeOonYvhdKw+JoMVkAixAAJzG2jVPIwWoKBPdYuY9b452e2rPuI9QPYh3KpofZ3pW2akOmwZLOiOsHMiqRAg==", - "dev": true, - "dependencies": { - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-builder-binary-assignment-operator-visitor": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-builder-binary-assignment-operator-visitor/-/helper-builder-binary-assignment-operator-visitor-7.24.7.tgz", - "integrity": "sha512-xZeCVVdwb4MsDBkkyZ64tReWYrLRHlMN72vP7Bdm3OUOuyFZExhsHUUnuWnm2/XOlAJzR0LfPpB56WXZn0X/lA==", - "dev": true, - "dependencies": { - "@babel/traverse": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-compilation-targets": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-compilation-targets/-/helper-compilation-targets-7.24.7.tgz", - "integrity": "sha512-ctSdRHBi20qWOfy27RUb4Fhp07KSJ3sXcuSvTrXrc4aG8NSYDo1ici3Vhg9bg69y5bj0Mr1lh0aeEgTvc12rMg==", - "dev": true, - "dependencies": { - "@babel/compat-data": "^7.24.7", - "@babel/helper-validator-option": "^7.24.7", - "browserslist": "^4.22.2", - "lru-cache": "^5.1.1", - "semver": "^6.3.1" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-create-class-features-plugin": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-create-class-features-plugin/-/helper-create-class-features-plugin-7.24.7.tgz", - "integrity": "sha512-kTkaDl7c9vO80zeX1rJxnuRpEsD5tA81yh11X1gQo+PhSti3JS+7qeZo9U4RHobKRiFPKaGK3svUAeb8D0Q7eg==", - "dev": true, - "dependencies": { - "@babel/helper-annotate-as-pure": "^7.24.7", - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-function-name": "^7.24.7", - "@babel/helper-member-expression-to-functions": "^7.24.7", - "@babel/helper-optimise-call-expression": "^7.24.7", - "@babel/helper-replace-supers": "^7.24.7", - "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7", - "@babel/helper-split-export-declaration": "^7.24.7", - "semver": "^6.3.1" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/helper-create-regexp-features-plugin": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-create-regexp-features-plugin/-/helper-create-regexp-features-plugin-7.24.7.tgz", - "integrity": "sha512-03TCmXy2FtXJEZfbXDTSqq1fRJArk7lX9DOFC/47VthYcxyIOx+eXQmdo6DOQvrbpIix+KfXwvuXdFDZHxt+rA==", - "dev": true, - "dependencies": { - "@babel/helper-annotate-as-pure": "^7.24.7", - "regexpu-core": "^5.3.1", - "semver": "^6.3.1" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/helper-define-polyfill-provider": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/@babel/helper-define-polyfill-provider/-/helper-define-polyfill-provider-0.6.2.tgz", - "integrity": "sha512-LV76g+C502biUK6AyZ3LK10vDpDyCzZnhZFXkH1L75zHPj68+qc8Zfpx2th+gzwA2MzyK+1g/3EPl62yFnVttQ==", - "dev": true, - "dependencies": { - "@babel/helper-compilation-targets": "^7.22.6", - "@babel/helper-plugin-utils": "^7.22.5", - "debug": "^4.1.1", - "lodash.debounce": "^4.0.8", - "resolve": "^1.14.2" - }, - "peerDependencies": { - "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" - } - }, - "node_modules/@babel/helper-environment-visitor": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-environment-visitor/-/helper-environment-visitor-7.24.7.tgz", - "integrity": "sha512-DoiN84+4Gnd0ncbBOM9AZENV4a5ZiL39HYMyZJGZ/AZEykHYdJw0wW3kdcsh9/Kn+BRXHLkkklZ51ecPKmI1CQ==", - "dev": true, - "dependencies": { - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-function-name": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.24.7.tgz", - "integrity": "sha512-FyoJTsj/PEUWu1/TYRiXTIHc8lbw+TDYkZuoE43opPS5TrI7MyONBE1oNvfguEXAD9yhQRrVBnXdXzSLQl9XnA==", - "dev": true, - "dependencies": { - "@babel/template": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-hoist-variables": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-hoist-variables/-/helper-hoist-variables-7.24.7.tgz", - "integrity": "sha512-MJJwhkoGy5c4ehfoRyrJ/owKeMl19U54h27YYftT0o2teQ3FJ3nQUf/I3LlJsX4l3qlw7WRXUmiyajvHXoTubQ==", - "dev": true, - "dependencies": { - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-member-expression-to-functions": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.24.7.tgz", - "integrity": "sha512-LGeMaf5JN4hAT471eJdBs/GK1DoYIJ5GCtZN/EsL6KUiiDZOvO/eKE11AMZJa2zP4zk4qe9V2O/hxAmkRc8p6w==", - "dev": true, - "dependencies": { - "@babel/traverse": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-module-imports": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.24.7.tgz", - "integrity": "sha512-8AyH3C+74cgCVVXow/myrynrAGv+nTVg5vKu2nZph9x7RcRwzmh0VFallJuFTZ9mx6u4eSdXZfcOzSqTUm0HCA==", - "dev": true, - "dependencies": { - "@babel/traverse": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-module-transforms": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.24.7.tgz", - "integrity": "sha512-1fuJEwIrp+97rM4RWdO+qrRsZlAeL1lQJoPqtCYWv0NL115XM93hIH4CSRln2w52SqvmY5hqdtauB6QFCDiZNQ==", - "dev": true, - "dependencies": { - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-module-imports": "^7.24.7", - "@babel/helper-simple-access": "^7.24.7", - "@babel/helper-split-export-declaration": "^7.24.7", - "@babel/helper-validator-identifier": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/helper-optimise-call-expression": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.24.7.tgz", - "integrity": "sha512-jKiTsW2xmWwxT1ixIdfXUZp+P5yURx2suzLZr5Hi64rURpDYdMW0pv+Uf17EYk2Rd428Lx4tLsnjGJzYKDM/6A==", - "dev": true, - "dependencies": { - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-plugin-utils": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-plugin-utils/-/helper-plugin-utils-7.24.7.tgz", - "integrity": "sha512-Rq76wjt7yz9AAc1KnlRKNAi/dMSVWgDRx43FHoJEbcYU6xOWaE2dVPwcdTukJrjxS65GITyfbvEYHvkirZ6uEg==", - "dev": true, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-remap-async-to-generator": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-remap-async-to-generator/-/helper-remap-async-to-generator-7.24.7.tgz", - "integrity": "sha512-9pKLcTlZ92hNZMQfGCHImUpDOlAgkkpqalWEeftW5FBya75k8Li2ilerxkM/uBEj01iBZXcCIB/bwvDYgWyibA==", - "dev": true, - "dependencies": { - "@babel/helper-annotate-as-pure": "^7.24.7", - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-wrap-function": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/helper-replace-supers": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.24.7.tgz", - "integrity": "sha512-qTAxxBM81VEyoAY0TtLrx1oAEJc09ZK67Q9ljQToqCnA+55eNwCORaxlKyu+rNfX86o8OXRUSNUnrtsAZXM9sg==", - "dev": true, - "dependencies": { - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-member-expression-to-functions": "^7.24.7", - "@babel/helper-optimise-call-expression": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/helper-simple-access": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.24.7.tgz", - "integrity": "sha512-zBAIvbCMh5Ts+b86r/CjU+4XGYIs+R1j951gxI3KmmxBMhCg4oQMsv6ZXQ64XOm/cvzfU1FmoCyt6+owc5QMYg==", - "dev": true, - "dependencies": { - "@babel/traverse": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-skip-transparent-expression-wrappers": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-skip-transparent-expression-wrappers/-/helper-skip-transparent-expression-wrappers-7.24.7.tgz", - "integrity": "sha512-IO+DLT3LQUElMbpzlatRASEyQtfhSE0+m465v++3jyyXeBTBUjtVZg28/gHeV5mrTJqvEKhKroBGAvhW+qPHiQ==", - "dev": true, - "dependencies": { - "@babel/traverse": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-split-export-declaration": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.24.7.tgz", - "integrity": "sha512-oy5V7pD+UvfkEATUKvIjvIAH/xCzfsFVw7ygW2SI6NClZzquT+mwdTfgfdbUiceh6iQO0CHtCPsyze/MZ2YbAA==", - "dev": true, - "dependencies": { - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-string-parser": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.24.7.tgz", - "integrity": "sha512-7MbVt6xrwFQbunH2DNQsAP5sTGxfqQtErvBIvIMi6EQnbgUOuVYanvREcmFrOPhoXBrTtjhhP+lW+o5UfK+tDg==", - "dev": true, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-validator-identifier": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.24.7.tgz", - "integrity": "sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w==", - "dev": true, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-validator-option": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-option/-/helper-validator-option-7.24.7.tgz", - "integrity": "sha512-yy1/KvjhV/ZCL+SM7hBrvnZJ3ZuT9OuZgIJAGpPEToANvc3iM6iDvBnRjtElWibHU6n8/LPR/EjX9EtIEYO3pw==", - "dev": true, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helper-wrap-function": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helper-wrap-function/-/helper-wrap-function-7.24.7.tgz", - "integrity": "sha512-N9JIYk3TD+1vq/wn77YnJOqMtfWhNewNE+DJV4puD2X7Ew9J4JvrzrFDfTfyv5EgEXVy9/Wt8QiOErzEmv5Ifw==", - "dev": true, - "dependencies": { - "@babel/helper-function-name": "^7.24.7", - "@babel/template": "^7.24.7", - "@babel/traverse": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/helpers": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.24.7.tgz", - "integrity": "sha512-NlmJJtvcw72yRJRcnCmGvSi+3jDEg8qFu3z0AFoymmzLx5ERVWyzd9kVXr7Th9/8yIJi2Zc6av4Tqz3wFs8QWg==", - "dev": true, - "dependencies": { - "@babel/template": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/highlight": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.24.7.tgz", - "integrity": "sha512-EStJpq4OuY8xYfhGVXngigBJRWxftKX9ksiGDnmlY3o7B/V7KIAc9X4oiK87uPJSc/vs5L869bem5fhZa8caZw==", - "dev": true, - "dependencies": { - "@babel/helper-validator-identifier": "^7.24.7", - "chalk": "^2.4.2", - "js-tokens": "^4.0.0", - "picocolors": "^1.0.0" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/highlight/node_modules/ansi-styles": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", - "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", - "dev": true, - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/highlight/node_modules/chalk": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", - "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", - "dev": true, - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/highlight/node_modules/color-convert": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", - "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", - "dev": true, - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/@babel/highlight/node_modules/color-name": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", - "integrity": "sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==", - "dev": true - }, - "node_modules/@babel/highlight/node_modules/escape-string-regexp": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", - "integrity": "sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==", - "dev": true, - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/@babel/highlight/node_modules/has-flag": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", - "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/highlight/node_modules/supports-color": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", - "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", - "dev": true, - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/parser": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.24.7.tgz", - "integrity": "sha512-9uUYRm6OqQrCqQdG1iCBwBPZgN8ciDBro2nIOFaiRz1/BCxaI7CNvQbDHvsArAC7Tw9Hda/B3U+6ui9u4HWXPw==", - "dev": true, - "bin": { - "parser": "bin/babel-parser.js" - }, - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/@babel/plugin-bugfix-firefox-class-in-computed-class-key": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-firefox-class-in-computed-class-key/-/plugin-bugfix-firefox-class-in-computed-class-key-7.24.7.tgz", - "integrity": "sha512-TiT1ss81W80eQsN+722OaeQMY/G4yTb4G9JrqeiDADs3N8lbPMGldWi9x8tyqCW5NLx1Jh2AvkE6r6QvEltMMQ==", - "dev": true, - "dependencies": { - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression/-/plugin-bugfix-safari-id-destructuring-collision-in-function-expression-7.24.7.tgz", - "integrity": "sha512-unaQgZ/iRu/By6tsjMZzpeBZjChYfLYry6HrEXPoz3KmfF0sVBQ1l8zKMQ4xRGLWVsjuvB8nQfjNP/DcfEOCsg==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining/-/plugin-bugfix-v8-spread-parameters-in-optional-chaining-7.24.7.tgz", - "integrity": "sha512-+izXIbke1T33mY4MSNnrqhPXDz01WYhEf3yF5NbnUtkiNnm+XBZJl3kNfoK6NKmYlz/D07+l2GWVK/QfDkNCuQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7", - "@babel/plugin-transform-optional-chaining": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.13.0" - } - }, - "node_modules/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly/-/plugin-bugfix-v8-static-class-fields-redefine-readonly-7.24.7.tgz", - "integrity": "sha512-utA4HuR6F4Vvcr+o4DnjL8fCOlgRFGbeeBEGNg3ZTrLFw6VWG5XmUrvcQ0FjIYMU2ST4XcR2Wsp7t9qOAPnxMg==", - "dev": true, - "dependencies": { - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/plugin-proposal-private-property-in-object": { - "version": "7.21.0-placeholder-for-preset-env.2", - "resolved": "https://registry.npmjs.org/@babel/plugin-proposal-private-property-in-object/-/plugin-proposal-private-property-in-object-7.21.0-placeholder-for-preset-env.2.tgz", - "integrity": "sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w==", - "dev": true, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-async-generators": { - "version": "7.8.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-async-generators/-/plugin-syntax-async-generators-7.8.4.tgz", - "integrity": "sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.8.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-class-properties": { - "version": "7.12.13", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-properties/-/plugin-syntax-class-properties-7.12.13.tgz", - "integrity": "sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.12.13" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-class-static-block": { - "version": "7.14.5", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-class-static-block/-/plugin-syntax-class-static-block-7.14.5.tgz", - "integrity": "sha512-b+YyPmr6ldyNnM6sqYeMWE+bgJcJpO6yS4QD7ymxgH34GBPNDM/THBh8iunyvKIZztiwLH4CJZ0RxTk9emgpjw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.14.5" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-dynamic-import": { - "version": "7.8.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-dynamic-import/-/plugin-syntax-dynamic-import-7.8.3.tgz", - "integrity": "sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.8.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-export-namespace-from": { - "version": "7.8.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-export-namespace-from/-/plugin-syntax-export-namespace-from-7.8.3.tgz", - "integrity": "sha512-MXf5laXo6c1IbEbegDmzGPwGNTsHZmEy6QGznu5Sh2UCWvueywb2ee+CCE4zQiZstxU9BMoQO9i6zUFSY0Kj0Q==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.8.3" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-flow": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-flow/-/plugin-syntax-flow-7.24.7.tgz", - "integrity": "sha512-9G8GYT/dxn/D1IIKOUBmGX0mnmj46mGH9NnZyJLwtCpgh5f7D2VbuKodb+2s9m1Yavh1s7ASQN8lf0eqrb1LTw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-import-assertions": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-assertions/-/plugin-syntax-import-assertions-7.24.7.tgz", - "integrity": "sha512-Ec3NRUMoi8gskrkBe3fNmEQfxDvY8bgfQpz6jlk/41kX9eUjvpyqWU7PBP/pLAvMaSQjbMNKJmvX57jP+M6bPg==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-import-attributes": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-attributes/-/plugin-syntax-import-attributes-7.24.7.tgz", - "integrity": "sha512-hbX+lKKeUMGihnK8nvKqmXBInriT3GVjzXKFriV3YC6APGxMbP8RZNFwy91+hocLXq90Mta+HshoB31802bb8A==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-import-meta": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-import-meta/-/plugin-syntax-import-meta-7.10.4.tgz", - "integrity": "sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.10.4" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-json-strings": { - "version": "7.8.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-json-strings/-/plugin-syntax-json-strings-7.8.3.tgz", - "integrity": "sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.8.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-jsx": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-jsx/-/plugin-syntax-jsx-7.24.7.tgz", - "integrity": "sha512-6ddciUPe/mpMnOKv/U+RSd2vvVy+Yw/JfBB0ZHYjEZt9NLHmCUylNYlsbqCCS1Bffjlb0fCwC9Vqz+sBz6PsiQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-logical-assignment-operators": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-logical-assignment-operators/-/plugin-syntax-logical-assignment-operators-7.10.4.tgz", - "integrity": "sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.10.4" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-nullish-coalescing-operator": { - "version": "7.8.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-nullish-coalescing-operator/-/plugin-syntax-nullish-coalescing-operator-7.8.3.tgz", - "integrity": "sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.8.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-numeric-separator": { - "version": "7.10.4", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-numeric-separator/-/plugin-syntax-numeric-separator-7.10.4.tgz", - "integrity": "sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.10.4" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-object-rest-spread": { - "version": "7.8.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-object-rest-spread/-/plugin-syntax-object-rest-spread-7.8.3.tgz", - "integrity": "sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.8.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-optional-catch-binding": { - "version": "7.8.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-catch-binding/-/plugin-syntax-optional-catch-binding-7.8.3.tgz", - "integrity": "sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.8.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-optional-chaining": { - "version": "7.8.3", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-optional-chaining/-/plugin-syntax-optional-chaining-7.8.3.tgz", - "integrity": "sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.8.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-private-property-in-object": { - "version": "7.14.5", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-private-property-in-object/-/plugin-syntax-private-property-in-object-7.14.5.tgz", - "integrity": "sha512-0wVnp9dxJ72ZUJDV27ZfbSj6iHLoytYZmh3rFcxNnvsJF3ktkzLDZPy/mA17HGsaQT3/DQsWYX1f1QGWkCoVUg==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.14.5" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-top-level-await": { - "version": "7.14.5", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-top-level-await/-/plugin-syntax-top-level-await-7.14.5.tgz", - "integrity": "sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.14.5" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-typescript": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-typescript/-/plugin-syntax-typescript-7.24.7.tgz", - "integrity": "sha512-c/+fVeJBB0FeKsFvwytYiUD+LBvhHjGSI0g446PRGdSVGZLRNArBUno2PETbAly3tpiNAQR5XaZ+JslxkotsbA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-syntax-unicode-sets-regex": { - "version": "7.18.6", - "resolved": "https://registry.npmjs.org/@babel/plugin-syntax-unicode-sets-regex/-/plugin-syntax-unicode-sets-regex-7.18.6.tgz", - "integrity": "sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg==", - "dev": true, - "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.18.6", - "@babel/helper-plugin-utils": "^7.18.6" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/plugin-transform-arrow-functions": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-arrow-functions/-/plugin-transform-arrow-functions-7.24.7.tgz", - "integrity": "sha512-Dt9LQs6iEY++gXUwY03DNFat5C2NbO48jj+j/bSAz6b3HgPs39qcPiYt77fDObIcFwj3/C2ICX9YMwGflUoSHQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-async-generator-functions": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-generator-functions/-/plugin-transform-async-generator-functions-7.24.7.tgz", - "integrity": "sha512-o+iF77e3u7ZS4AoAuJvapz9Fm001PuD2V3Lp6OSE4FYQke+cSewYtnek+THqGRWyQloRCyvWL1OkyfNEl9vr/g==", - "dev": true, - "dependencies": { - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-remap-async-to-generator": "^7.24.7", - "@babel/plugin-syntax-async-generators": "^7.8.4" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-async-to-generator": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-async-to-generator/-/plugin-transform-async-to-generator-7.24.7.tgz", - "integrity": "sha512-SQY01PcJfmQ+4Ash7NE+rpbLFbmqA2GPIgqzxfFTL4t1FKRq4zTms/7htKpoCUI9OcFYgzqfmCdH53s6/jn5fA==", - "dev": true, - "dependencies": { - "@babel/helper-module-imports": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-remap-async-to-generator": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-block-scoped-functions": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoped-functions/-/plugin-transform-block-scoped-functions-7.24.7.tgz", - "integrity": "sha512-yO7RAz6EsVQDaBH18IDJcMB1HnrUn2FJ/Jslc/WtPPWcjhpUJXU/rjbwmluzp7v/ZzWcEhTMXELnnsz8djWDwQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-block-scoping": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-block-scoping/-/plugin-transform-block-scoping-7.24.7.tgz", - "integrity": "sha512-Nd5CvgMbWc+oWzBsuaMcbwjJWAcp5qzrbg69SZdHSP7AMY0AbWFqFO0WTFCA1jxhMCwodRwvRec8k0QUbZk7RQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-class-properties": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-properties/-/plugin-transform-class-properties-7.24.7.tgz", - "integrity": "sha512-vKbfawVYayKcSeSR5YYzzyXvsDFWU2mD8U5TFeXtbCPLFUqe7GyCgvO6XDHzje862ODrOwy6WCPmKeWHbCFJ4w==", - "dev": true, - "dependencies": { - "@babel/helper-create-class-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-class-static-block": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-class-static-block/-/plugin-transform-class-static-block-7.24.7.tgz", - "integrity": "sha512-HMXK3WbBPpZQufbMG4B46A90PkuuhN9vBCb5T8+VAHqvAqvcLi+2cKoukcpmUYkszLhScU3l1iudhrks3DggRQ==", - "dev": true, - "dependencies": { - "@babel/helper-create-class-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-class-static-block": "^7.14.5" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.12.0" - } - }, - "node_modules/@babel/plugin-transform-classes": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-classes/-/plugin-transform-classes-7.24.7.tgz", - "integrity": "sha512-CFbbBigp8ln4FU6Bpy6g7sE8B/WmCmzvivzUC6xDAdWVsjYTXijpuuGJmYkAaoWAzcItGKT3IOAbxRItZ5HTjw==", - "dev": true, - "dependencies": { - "@babel/helper-annotate-as-pure": "^7.24.7", - "@babel/helper-compilation-targets": "^7.24.7", - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-function-name": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-replace-supers": "^7.24.7", - "@babel/helper-split-export-declaration": "^7.24.7", - "globals": "^11.1.0" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-computed-properties": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-computed-properties/-/plugin-transform-computed-properties-7.24.7.tgz", - "integrity": "sha512-25cS7v+707Gu6Ds2oY6tCkUwsJ9YIDbggd9+cu9jzzDgiNq7hR/8dkzxWfKWnTic26vsI3EsCXNd4iEB6e8esQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/template": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-destructuring": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.24.7.tgz", - "integrity": "sha512-19eJO/8kdCQ9zISOf+SEUJM/bAUIsvY3YDnXZTupUCQ8LgrWnsG/gFB9dvXqdXnRXMAM8fvt7b0CBKQHNGy1mw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-dotall-regex": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dotall-regex/-/plugin-transform-dotall-regex-7.24.7.tgz", - "integrity": "sha512-ZOA3W+1RRTSWvyqcMJDLqbchh7U4NRGqwRfFSVbOLS/ePIP4vHB5e8T8eXcuqyN1QkgKyj5wuW0lcS85v4CrSw==", - "dev": true, - "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-duplicate-keys": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-duplicate-keys/-/plugin-transform-duplicate-keys-7.24.7.tgz", - "integrity": "sha512-JdYfXyCRihAe46jUIliuL2/s0x0wObgwwiGxw/UbgJBr20gQBThrokO4nYKgWkD7uBaqM7+9x5TU7NkExZJyzw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-dynamic-import": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-dynamic-import/-/plugin-transform-dynamic-import-7.24.7.tgz", - "integrity": "sha512-sc3X26PhZQDb3JhORmakcbvkeInvxz+A8oda99lj7J60QRuPZvNAk9wQlTBS1ZynelDrDmTU4pw1tyc5d5ZMUg==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-dynamic-import": "^7.8.3" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-exponentiation-operator": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-exponentiation-operator/-/plugin-transform-exponentiation-operator-7.24.7.tgz", - "integrity": "sha512-Rqe/vSc9OYgDajNIK35u7ot+KeCoetqQYFXM4Epf7M7ez3lWlOjrDjrwMei6caCVhfdw+mIKD4cgdGNy5JQotQ==", - "dev": true, - "dependencies": { - "@babel/helper-builder-binary-assignment-operator-visitor": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-export-namespace-from": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-export-namespace-from/-/plugin-transform-export-namespace-from-7.24.7.tgz", - "integrity": "sha512-v0K9uNYsPL3oXZ/7F9NNIbAj2jv1whUEtyA6aujhekLs56R++JDQuzRcP2/z4WX5Vg/c5lE9uWZA0/iUoFhLTA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-export-namespace-from": "^7.8.3" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-flow-strip-types": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-flow-strip-types/-/plugin-transform-flow-strip-types-7.24.7.tgz", - "integrity": "sha512-cjRKJ7FobOH2eakx7Ja+KpJRj8+y+/SiB3ooYm/n2UJfxu0oEaOoxOinitkJcPqv9KxS0kxTGPUaR7L2XcXDXA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-flow": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-for-of": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-for-of/-/plugin-transform-for-of-7.24.7.tgz", - "integrity": "sha512-wo9ogrDG1ITTTBsy46oGiN1dS9A7MROBTcYsfS8DtsImMkHk9JXJ3EWQM6X2SUw4x80uGPlwj0o00Uoc6nEE3g==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-function-name": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-function-name/-/plugin-transform-function-name-7.24.7.tgz", - "integrity": "sha512-U9FcnA821YoILngSmYkW6FjyQe2TyZD5pHt4EVIhmcTkrJw/3KqcrRSxuOo5tFZJi7TE19iDyI1u+weTI7bn2w==", - "dev": true, - "dependencies": { - "@babel/helper-compilation-targets": "^7.24.7", - "@babel/helper-function-name": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-json-strings": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-json-strings/-/plugin-transform-json-strings-7.24.7.tgz", - "integrity": "sha512-2yFnBGDvRuxAaE/f0vfBKvtnvvqU8tGpMHqMNpTN2oWMKIR3NqFkjaAgGwawhqK/pIN2T3XdjGPdaG0vDhOBGw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-json-strings": "^7.8.3" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-literals": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-literals/-/plugin-transform-literals-7.24.7.tgz", - "integrity": "sha512-vcwCbb4HDH+hWi8Pqenwnjy+UiklO4Kt1vfspcQYFhJdpthSnW8XvWGyDZWKNVrVbVViI/S7K9PDJZiUmP2fYQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-logical-assignment-operators": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-logical-assignment-operators/-/plugin-transform-logical-assignment-operators-7.24.7.tgz", - "integrity": "sha512-4D2tpwlQ1odXmTEIFWy9ELJcZHqrStlzK/dAOWYyxX3zT0iXQB6banjgeOJQXzEc4S0E0a5A+hahxPaEFYftsw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-member-expression-literals": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-member-expression-literals/-/plugin-transform-member-expression-literals-7.24.7.tgz", - "integrity": "sha512-T/hRC1uqrzXMKLQ6UCwMT85S3EvqaBXDGf0FaMf4446Qx9vKwlghvee0+uuZcDUCZU5RuNi4781UQ7R308zzBw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-modules-amd": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-amd/-/plugin-transform-modules-amd-7.24.7.tgz", - "integrity": "sha512-9+pB1qxV3vs/8Hdmz/CulFB8w2tuu6EB94JZFsjdqxQokwGa9Unap7Bo2gGBGIvPmDIVvQrom7r5m/TCDMURhg==", - "dev": true, - "dependencies": { - "@babel/helper-module-transforms": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-modules-commonjs": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-commonjs/-/plugin-transform-modules-commonjs-7.24.7.tgz", - "integrity": "sha512-iFI8GDxtevHJ/Z22J5xQpVqFLlMNstcLXh994xifFwxxGslr2ZXXLWgtBeLctOD63UFDArdvN6Tg8RFw+aEmjQ==", - "dev": true, - "dependencies": { - "@babel/helper-module-transforms": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-simple-access": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-modules-systemjs": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-systemjs/-/plugin-transform-modules-systemjs-7.24.7.tgz", - "integrity": "sha512-GYQE0tW7YoaN13qFh3O1NCY4MPkUiAH3fiF7UcV/I3ajmDKEdG3l+UOcbAm4zUE3gnvUU+Eni7XrVKo9eO9auw==", - "dev": true, - "dependencies": { - "@babel/helper-hoist-variables": "^7.24.7", - "@babel/helper-module-transforms": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-validator-identifier": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-modules-umd": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-modules-umd/-/plugin-transform-modules-umd-7.24.7.tgz", - "integrity": "sha512-3aytQvqJ/h9z4g8AsKPLvD4Zqi2qT+L3j7XoFFu1XBlZWEl2/1kWnhmAbxpLgPrHSY0M6UA02jyTiwUVtiKR6A==", - "dev": true, - "dependencies": { - "@babel/helper-module-transforms": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-named-capturing-groups-regex": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-named-capturing-groups-regex/-/plugin-transform-named-capturing-groups-regex-7.24.7.tgz", - "integrity": "sha512-/jr7h/EWeJtk1U/uz2jlsCioHkZk1JJZVcc8oQsJ1dUlaJD83f4/6Zeh2aHt9BIFokHIsSeDfhUmju0+1GPd6g==", - "dev": true, - "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/plugin-transform-new-target": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-new-target/-/plugin-transform-new-target-7.24.7.tgz", - "integrity": "sha512-RNKwfRIXg4Ls/8mMTza5oPF5RkOW8Wy/WgMAp1/F1yZ8mMbtwXW+HDoJiOsagWrAhI5f57Vncrmr9XeT4CVapA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-nullish-coalescing-operator": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-nullish-coalescing-operator/-/plugin-transform-nullish-coalescing-operator-7.24.7.tgz", - "integrity": "sha512-Ts7xQVk1OEocqzm8rHMXHlxvsfZ0cEF2yomUqpKENHWMF4zKk175Y4q8H5knJes6PgYad50uuRmt3UJuhBw8pQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-numeric-separator": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-numeric-separator/-/plugin-transform-numeric-separator-7.24.7.tgz", - "integrity": "sha512-e6q1TiVUzvH9KRvicuxdBTUj4AdKSRwzIyFFnfnezpCfP2/7Qmbb8qbU2j7GODbl4JMkblitCQjKYUaX/qkkwA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-numeric-separator": "^7.10.4" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-object-rest-spread": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-rest-spread/-/plugin-transform-object-rest-spread-7.24.7.tgz", - "integrity": "sha512-4QrHAr0aXQCEFni2q4DqKLD31n2DL+RxcwnNjDFkSG0eNQ/xCavnRkfCUjsyqGC2OviNJvZOF/mQqZBw7i2C5Q==", - "dev": true, - "dependencies": { - "@babel/helper-compilation-targets": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-object-rest-spread": "^7.8.3", - "@babel/plugin-transform-parameters": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-object-super": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-object-super/-/plugin-transform-object-super-7.24.7.tgz", - "integrity": "sha512-A/vVLwN6lBrMFmMDmPPz0jnE6ZGx7Jq7d6sT/Ev4H65RER6pZ+kczlf1DthF5N0qaPHBsI7UXiE8Zy66nmAovg==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-replace-supers": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-optional-catch-binding": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-catch-binding/-/plugin-transform-optional-catch-binding-7.24.7.tgz", - "integrity": "sha512-uLEndKqP5BfBbC/5jTwPxLh9kqPWWgzN/f8w6UwAIirAEqiIVJWWY312X72Eub09g5KF9+Zn7+hT7sDxmhRuKA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-optional-catch-binding": "^7.8.3" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-optional-chaining": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-optional-chaining/-/plugin-transform-optional-chaining-7.24.7.tgz", - "integrity": "sha512-tK+0N9yd4j+x/4hxF3F0e0fu/VdcxU18y5SevtyM/PCFlQvXbR0Zmlo2eBrKtVipGNFzpq56o8WsIIKcJFUCRQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7", - "@babel/plugin-syntax-optional-chaining": "^7.8.3" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-parameters": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.24.7.tgz", - "integrity": "sha512-yGWW5Rr+sQOhK0Ot8hjDJuxU3XLRQGflvT4lhlSY0DFvdb3TwKaY26CJzHtYllU0vT9j58hc37ndFPsqT1SrzA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-private-methods": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-methods/-/plugin-transform-private-methods-7.24.7.tgz", - "integrity": "sha512-COTCOkG2hn4JKGEKBADkA8WNb35TGkkRbI5iT845dB+NyqgO8Hn+ajPbSnIQznneJTa3d30scb6iz/DhH8GsJQ==", - "dev": true, - "dependencies": { - "@babel/helper-create-class-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-private-property-in-object": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-private-property-in-object/-/plugin-transform-private-property-in-object-7.24.7.tgz", - "integrity": "sha512-9z76mxwnwFxMyxZWEgdgECQglF2Q7cFLm0kMf8pGwt+GSJsY0cONKj/UuO4bOH0w/uAel3ekS4ra5CEAyJRmDA==", - "dev": true, - "dependencies": { - "@babel/helper-annotate-as-pure": "^7.24.7", - "@babel/helper-create-class-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-private-property-in-object": "^7.14.5" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-property-literals": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-property-literals/-/plugin-transform-property-literals-7.24.7.tgz", - "integrity": "sha512-EMi4MLQSHfd2nrCqQEWxFdha2gBCqU4ZcCng4WBGZ5CJL4bBRW0ptdqqDdeirGZcpALazVVNJqRmsO8/+oNCBA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-regenerator": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-regenerator/-/plugin-transform-regenerator-7.24.7.tgz", - "integrity": "sha512-lq3fvXPdimDrlg6LWBoqj+r/DEWgONuwjuOuQCSYgRroXDH/IdM1C0IZf59fL5cHLpjEH/O6opIRBbqv7ELnuA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "regenerator-transform": "^0.15.2" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-reserved-words": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-reserved-words/-/plugin-transform-reserved-words-7.24.7.tgz", - "integrity": "sha512-0DUq0pHcPKbjFZCfTss/pGkYMfy3vFWydkUBd9r0GHpIyfs2eCDENvqadMycRS9wZCXR41wucAfJHJmwA0UmoQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-shorthand-properties": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.24.7.tgz", - "integrity": "sha512-KsDsevZMDsigzbA09+vacnLpmPH4aWjcZjXdyFKGzpplxhbeB4wYtury3vglQkg6KM/xEPKt73eCjPPf1PgXBA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-spread": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-spread/-/plugin-transform-spread-7.24.7.tgz", - "integrity": "sha512-x96oO0I09dgMDxJaANcRyD4ellXFLLiWhuwDxKZX5g2rWP1bTPkBSwCYv96VDXVT1bD9aPj8tppr5ITIh8hBng==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-skip-transparent-expression-wrappers": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-sticky-regex": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-sticky-regex/-/plugin-transform-sticky-regex-7.24.7.tgz", - "integrity": "sha512-kHPSIJc9v24zEml5geKg9Mjx5ULpfncj0wRpYtxbvKyTtHCYDkVE3aHQ03FrpEo4gEe2vrJJS1Y9CJTaThA52g==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-template-literals": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-template-literals/-/plugin-transform-template-literals-7.24.7.tgz", - "integrity": "sha512-AfDTQmClklHCOLxtGoP7HkeMw56k1/bTQjwsfhL6pppo/M4TOBSq+jjBUBLmV/4oeFg4GWMavIl44ZeCtmmZTw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-typeof-symbol": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typeof-symbol/-/plugin-transform-typeof-symbol-7.24.7.tgz", - "integrity": "sha512-VtR8hDy7YLB7+Pet9IarXjg/zgCMSF+1mNS/EQEiEaUPoFXCVsHG64SIxcaaI2zJgRiv+YmgaQESUfWAdbjzgg==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-typescript": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-typescript/-/plugin-transform-typescript-7.24.7.tgz", - "integrity": "sha512-iLD3UNkgx2n/HrjBesVbYX6j0yqn/sJktvbtKKgcaLIQ4bTTQ8obAypc1VpyHPD2y4Phh9zHOaAt8e/L14wCpw==", - "dev": true, - "dependencies": { - "@babel/helper-annotate-as-pure": "^7.24.7", - "@babel/helper-create-class-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/plugin-syntax-typescript": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-unicode-escapes": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-escapes/-/plugin-transform-unicode-escapes-7.24.7.tgz", - "integrity": "sha512-U3ap1gm5+4edc2Q/P+9VrBNhGkfnf+8ZqppY71Bo/pzZmXhhLdqgaUl6cuB07O1+AQJtCLfaOmswiNbSQ9ivhw==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-unicode-property-regex": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-property-regex/-/plugin-transform-unicode-property-regex-7.24.7.tgz", - "integrity": "sha512-uH2O4OV5M9FZYQrwc7NdVmMxQJOCCzFeYudlZSzUAHRFeOujQefa92E74TQDVskNHCzOXoigEuoyzHDhaEaK5w==", - "dev": true, - "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-unicode-regex": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-regex/-/plugin-transform-unicode-regex-7.24.7.tgz", - "integrity": "sha512-hlQ96MBZSAXUq7ltkjtu3FJCCSMx/j629ns3hA3pXnBXjanNP0LHi+JpPeA81zaWgVK1VGH95Xuy7u0RyQ8kMg==", - "dev": true, - "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/plugin-transform-unicode-sets-regex": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/plugin-transform-unicode-sets-regex/-/plugin-transform-unicode-sets-regex-7.24.7.tgz", - "integrity": "sha512-2G8aAvF4wy1w/AGZkemprdGMRg5o6zPNhbHVImRz3lss55TYCBd6xStN19rt8XJHq20sqV0JbyWjOWwQRwV/wg==", - "dev": true, - "dependencies": { - "@babel/helper-create-regexp-features-plugin": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0" - } - }, - "node_modules/@babel/preset-env": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/preset-env/-/preset-env-7.24.7.tgz", - "integrity": "sha512-1YZNsc+y6cTvWlDHidMBsQZrZfEFjRIo/BZCT906PMdzOyXtSLTgqGdrpcuTDCXyd11Am5uQULtDIcCfnTc8fQ==", - "dev": true, - "dependencies": { - "@babel/compat-data": "^7.24.7", - "@babel/helper-compilation-targets": "^7.24.7", - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-validator-option": "^7.24.7", - "@babel/plugin-bugfix-firefox-class-in-computed-class-key": "^7.24.7", - "@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression": "^7.24.7", - "@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining": "^7.24.7", - "@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly": "^7.24.7", - "@babel/plugin-proposal-private-property-in-object": "7.21.0-placeholder-for-preset-env.2", - "@babel/plugin-syntax-async-generators": "^7.8.4", - "@babel/plugin-syntax-class-properties": "^7.12.13", - "@babel/plugin-syntax-class-static-block": "^7.14.5", - "@babel/plugin-syntax-dynamic-import": "^7.8.3", - "@babel/plugin-syntax-export-namespace-from": "^7.8.3", - "@babel/plugin-syntax-import-assertions": "^7.24.7", - "@babel/plugin-syntax-import-attributes": "^7.24.7", - "@babel/plugin-syntax-import-meta": "^7.10.4", - "@babel/plugin-syntax-json-strings": "^7.8.3", - "@babel/plugin-syntax-logical-assignment-operators": "^7.10.4", - "@babel/plugin-syntax-nullish-coalescing-operator": "^7.8.3", - "@babel/plugin-syntax-numeric-separator": "^7.10.4", - "@babel/plugin-syntax-object-rest-spread": "^7.8.3", - "@babel/plugin-syntax-optional-catch-binding": "^7.8.3", - "@babel/plugin-syntax-optional-chaining": "^7.8.3", - "@babel/plugin-syntax-private-property-in-object": "^7.14.5", - "@babel/plugin-syntax-top-level-await": "^7.14.5", - "@babel/plugin-syntax-unicode-sets-regex": "^7.18.6", - "@babel/plugin-transform-arrow-functions": "^7.24.7", - "@babel/plugin-transform-async-generator-functions": "^7.24.7", - "@babel/plugin-transform-async-to-generator": "^7.24.7", - "@babel/plugin-transform-block-scoped-functions": "^7.24.7", - "@babel/plugin-transform-block-scoping": "^7.24.7", - "@babel/plugin-transform-class-properties": "^7.24.7", - "@babel/plugin-transform-class-static-block": "^7.24.7", - "@babel/plugin-transform-classes": "^7.24.7", - "@babel/plugin-transform-computed-properties": "^7.24.7", - "@babel/plugin-transform-destructuring": "^7.24.7", - "@babel/plugin-transform-dotall-regex": "^7.24.7", - "@babel/plugin-transform-duplicate-keys": "^7.24.7", - "@babel/plugin-transform-dynamic-import": "^7.24.7", - "@babel/plugin-transform-exponentiation-operator": "^7.24.7", - "@babel/plugin-transform-export-namespace-from": "^7.24.7", - "@babel/plugin-transform-for-of": "^7.24.7", - "@babel/plugin-transform-function-name": "^7.24.7", - "@babel/plugin-transform-json-strings": "^7.24.7", - "@babel/plugin-transform-literals": "^7.24.7", - "@babel/plugin-transform-logical-assignment-operators": "^7.24.7", - "@babel/plugin-transform-member-expression-literals": "^7.24.7", - "@babel/plugin-transform-modules-amd": "^7.24.7", - "@babel/plugin-transform-modules-commonjs": "^7.24.7", - "@babel/plugin-transform-modules-systemjs": "^7.24.7", - "@babel/plugin-transform-modules-umd": "^7.24.7", - "@babel/plugin-transform-named-capturing-groups-regex": "^7.24.7", - "@babel/plugin-transform-new-target": "^7.24.7", - "@babel/plugin-transform-nullish-coalescing-operator": "^7.24.7", - "@babel/plugin-transform-numeric-separator": "^7.24.7", - "@babel/plugin-transform-object-rest-spread": "^7.24.7", - "@babel/plugin-transform-object-super": "^7.24.7", - "@babel/plugin-transform-optional-catch-binding": "^7.24.7", - "@babel/plugin-transform-optional-chaining": "^7.24.7", - "@babel/plugin-transform-parameters": "^7.24.7", - "@babel/plugin-transform-private-methods": "^7.24.7", - "@babel/plugin-transform-private-property-in-object": "^7.24.7", - "@babel/plugin-transform-property-literals": "^7.24.7", - "@babel/plugin-transform-regenerator": "^7.24.7", - "@babel/plugin-transform-reserved-words": "^7.24.7", - "@babel/plugin-transform-shorthand-properties": "^7.24.7", - "@babel/plugin-transform-spread": "^7.24.7", - "@babel/plugin-transform-sticky-regex": "^7.24.7", - "@babel/plugin-transform-template-literals": "^7.24.7", - "@babel/plugin-transform-typeof-symbol": "^7.24.7", - "@babel/plugin-transform-unicode-escapes": "^7.24.7", - "@babel/plugin-transform-unicode-property-regex": "^7.24.7", - "@babel/plugin-transform-unicode-regex": "^7.24.7", - "@babel/plugin-transform-unicode-sets-regex": "^7.24.7", - "@babel/preset-modules": "0.1.6-no-external-plugins", - "babel-plugin-polyfill-corejs2": "^0.4.10", - "babel-plugin-polyfill-corejs3": "^0.10.4", - "babel-plugin-polyfill-regenerator": "^0.6.1", - "core-js-compat": "^3.31.0", - "semver": "^6.3.1" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/preset-flow": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/preset-flow/-/preset-flow-7.24.7.tgz", - "integrity": "sha512-NL3Lo0NorCU607zU3NwRyJbpaB6E3t0xtd3LfAQKDfkeX4/ggcDXvkmkW42QWT5owUeW/jAe4hn+2qvkV1IbfQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-validator-option": "^7.24.7", - "@babel/plugin-transform-flow-strip-types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/preset-modules": { - "version": "0.1.6-no-external-plugins", - "resolved": "https://registry.npmjs.org/@babel/preset-modules/-/preset-modules-0.1.6-no-external-plugins.tgz", - "integrity": "sha512-HrcgcIESLm9aIR842yhJ5RWan/gebQUJ6E/E5+rf0y9o6oj7w0Br+sWuL6kEQ/o/AdfvR1Je9jG18/gnpwjEyA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.0.0", - "@babel/types": "^7.4.4", - "esutils": "^2.0.2" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0 || ^8.0.0-0 <8.0.0" - } - }, - "node_modules/@babel/preset-typescript": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/preset-typescript/-/preset-typescript-7.24.7.tgz", - "integrity": "sha512-SyXRe3OdWwIwalxDg5UtJnJQO+YPcTfwiIY2B0Xlddh9o7jpWLvv8X1RthIeDOxQ+O1ML5BLPCONToObyVQVuQ==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.24.7", - "@babel/helper-validator-option": "^7.24.7", - "@babel/plugin-syntax-jsx": "^7.24.7", - "@babel/plugin-transform-modules-commonjs": "^7.24.7", - "@babel/plugin-transform-typescript": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/register": { - "version": "7.24.6", - "resolved": "https://registry.npmjs.org/@babel/register/-/register-7.24.6.tgz", - "integrity": "sha512-WSuFCc2wCqMeXkz/i3yfAAsxwWflEgbVkZzivgAmXl/MxrXeoYFZOOPllbC8R8WTF7u61wSRQtDVZ1879cdu6w==", - "dev": true, - "dependencies": { - "clone-deep": "^4.0.1", - "find-cache-dir": "^2.0.0", - "make-dir": "^2.1.0", - "pirates": "^4.0.6", - "source-map-support": "^0.5.16" - }, - "engines": { - "node": ">=6.9.0" - }, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/@babel/register/node_modules/find-cache-dir": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-2.1.0.tgz", - "integrity": "sha512-Tq6PixE0w/VMFfCgbONnkiQIVol/JJL7nRMi20fqzA4NRs9AfeqMGeRdPi3wIhYkxjeBaWh2rxwapn5Tu3IqOQ==", - "dev": true, - "dependencies": { - "commondir": "^1.0.1", - "make-dir": "^2.0.0", - "pkg-dir": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/@babel/register/node_modules/find-up": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz", - "integrity": "sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==", - "dev": true, - "dependencies": { - "locate-path": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/@babel/register/node_modules/locate-path": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz", - "integrity": "sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==", - "dev": true, - "dependencies": { - "p-locate": "^3.0.0", - "path-exists": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/@babel/register/node_modules/make-dir": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-2.1.0.tgz", - "integrity": "sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==", - "dev": true, - "dependencies": { - "pify": "^4.0.1", - "semver": "^5.6.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/@babel/register/node_modules/p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "dev": true, - "dependencies": { - "p-try": "^2.0.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@babel/register/node_modules/p-locate": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz", - "integrity": "sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==", - "dev": true, - "dependencies": { - "p-limit": "^2.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/@babel/register/node_modules/path-exists": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz", - "integrity": "sha512-bpC7GYwiDYQ4wYLe+FA8lhRjhQCMcQGuSgGGqDkg/QerRWw9CmGRT0iSOVRSZJ29NMLZgIzqaljJ63oaL4NIJQ==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/register/node_modules/pify": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", - "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/@babel/register/node_modules/pkg-dir": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-3.0.0.tgz", - "integrity": "sha512-/E57AYkoeQ25qkxMj5PBOVgF8Kiu/h7cYS30Z5+R7WaiCCBfLq58ZI/dSeaEKb9WVJV5n/03QwrN3IeWIFllvw==", - "dev": true, - "dependencies": { - "find-up": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/@babel/register/node_modules/semver": { - "version": "5.7.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", - "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", - "dev": true, - "bin": { - "semver": "bin/semver" - } - }, - "node_modules/@babel/regjsgen": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/@babel/regjsgen/-/regjsgen-0.8.0.tgz", - "integrity": "sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA==", - "dev": true - }, - "node_modules/@babel/runtime": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.24.7.tgz", - "integrity": "sha512-UwgBRMjJP+xv857DCngvqXI3Iq6J4v0wXmwc6sapg+zyhbwmQX67LUEFrkK5tbyJ30jGuG3ZvWpBiB9LCy1kWw==", - "dev": true, - "dependencies": { - "regenerator-runtime": "^0.14.0" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/template": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.24.7.tgz", - "integrity": "sha512-jYqfPrU9JTF0PmPy1tLYHW4Mp4KlgxJD9l2nP9fD6yT/ICi554DmrWBAEYpIelzjHf1msDP3PxJIRt/nFNfBig==", - "dev": true, - "dependencies": { - "@babel/code-frame": "^7.24.7", - "@babel/parser": "^7.24.7", - "@babel/types": "^7.24.7" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/traverse": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.24.7.tgz", - "integrity": "sha512-yb65Ed5S/QAcewNPh0nZczy9JdYXkkAbIsEo+P7BE7yO3txAY30Y/oPa3QkQ5It3xVG2kpKMg9MsdxZaO31uKA==", - "dev": true, - "dependencies": { - "@babel/code-frame": "^7.24.7", - "@babel/generator": "^7.24.7", - "@babel/helper-environment-visitor": "^7.24.7", - "@babel/helper-function-name": "^7.24.7", - "@babel/helper-hoist-variables": "^7.24.7", - "@babel/helper-split-export-declaration": "^7.24.7", - "@babel/parser": "^7.24.7", - "@babel/types": "^7.24.7", - "debug": "^4.3.1", - "globals": "^11.1.0" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/types": { - "version": "7.24.7", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.24.7.tgz", - "integrity": "sha512-XEFXSlxiG5td2EJRe8vOmRbaXVgfcBlszKujvVmWIK/UpywWljQCfzAv3RQCGujWQ1RD4YYWEAqDXfuJiy8f5Q==", - "dev": true, - "dependencies": { - "@babel/helper-string-parser": "^7.24.7", - "@babel/helper-validator-identifier": "^7.24.7", - "to-fast-properties": "^2.0.0" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@bcoe/v8-coverage": { - "version": "0.2.3", - "resolved": "https://registry.npmjs.org/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz", - "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==", - "dev": true - }, - "node_modules/@colors/colors": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/@colors/colors/-/colors-1.5.0.tgz", - "integrity": "sha512-ooWCrlZP11i8GImSjTHYHLkvFDP48nS4+204nGb1RiX/WXYHmJA2III9/e2DWVabCESdW7hBAEzHRqUn9OUVvQ==", - "dev": true, - "optional": true, - "engines": { - "node": ">=0.1.90" - } - }, - "node_modules/@discoveryjs/json-ext": { - "version": "0.5.7", - "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz", - "integrity": "sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw==", - "dev": true, - "engines": { - "node": ">=10.0.0" - } - }, - "node_modules/@emotion/use-insertion-effect-with-fallbacks": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@emotion/use-insertion-effect-with-fallbacks/-/use-insertion-effect-with-fallbacks-1.0.1.tgz", - "integrity": "sha512-jT/qyKZ9rzLErtrjGgdkMBn2OP8wl0G3sQlBb3YPryvKHsjvINUhVaPFfP+fpBcOkmrVOVEEHQFJ7nbj2TH2gw==", - "dev": true, - "peerDependencies": { - "react": ">=16.8.0" - } - }, - "node_modules/@esbuild/aix-ppc64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.20.2.tgz", - "integrity": "sha512-D+EBOJHXdNZcLJRBkhENNG8Wji2kgc9AZ9KiPr1JuZjsNtyHzrsfLRrY0tk2H2aoFu6RANO1y1iPPUCDYWkb5g==", - "cpu": [ - "ppc64" - ], - "dev": true, - "optional": true, - "os": [ - "aix" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/android-arm": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.18.20.tgz", - "integrity": "sha512-fyi7TDI/ijKKNZTUJAQqiG5T7YjJXgnzkURqmGj13C6dCqckZBLdl4h7bkhHt/t0WP+zO9/zwroDvANaOqO5Sw==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/android-arm64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.18.20.tgz", - "integrity": "sha512-Nz4rJcchGDtENV0eMKUNa6L12zz2zBDXuhj/Vjh18zGqB44Bi7MBMSXjgunJgjRhCmKOjnPuZp4Mb6OKqtMHLQ==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/android-x64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.18.20.tgz", - "integrity": "sha512-8GDdlePJA8D6zlZYJV/jnrRAi6rOiNaCC/JclcXpB+KIuvfBN4owLtgzY2bsxnx666XjJx2kDPUmnTtR8qKQUg==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/darwin-arm64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.18.20.tgz", - "integrity": "sha512-bxRHW5kHU38zS2lPTPOyuyTm+S+eobPUnTNkdJEfAddYgEcll4xkT8DB9d2008DtTbl7uJag2HuE5NZAZgnNEA==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/darwin-x64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.18.20.tgz", - "integrity": "sha512-pc5gxlMDxzm513qPGbCbDukOdsGtKhfxD1zJKXjCCcU7ju50O7MeAZ8c4krSJcOIJGFR+qx21yMMVYwiQvyTyQ==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/freebsd-arm64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.18.20.tgz", - "integrity": "sha512-yqDQHy4QHevpMAaxhhIwYPMv1NECwOvIpGCZkECn8w2WFHXjEwrBn3CeNIYsibZ/iZEUemj++M26W3cNR5h+Tw==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "freebsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/freebsd-x64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.18.20.tgz", - "integrity": "sha512-tgWRPPuQsd3RmBZwarGVHZQvtzfEBOreNuxEMKFcd5DaDn2PbBxfwLcj4+aenoh7ctXcbXmOQIn8HI6mCSw5MQ==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "freebsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-arm": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.18.20.tgz", - "integrity": "sha512-/5bHkMWnq1EgKr1V+Ybz3s1hWXok7mDFUMQ4cG10AfW3wL02PSZi5kFpYKrptDsgb2WAJIvRcDm+qIvXf/apvg==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-arm64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.18.20.tgz", - "integrity": "sha512-2YbscF+UL7SQAVIpnWvYwM+3LskyDmPhe31pE7/aoTMFKKzIc9lLbyGUpmmb8a8AixOL61sQ/mFh3jEjHYFvdA==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-ia32": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.18.20.tgz", - "integrity": "sha512-P4etWwq6IsReT0E1KHU40bOnzMHoH73aXp96Fs8TIT6z9Hu8G6+0SHSw9i2isWrD2nbx2qo5yUqACgdfVGx7TA==", - "cpu": [ - "ia32" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-loong64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.18.20.tgz", - "integrity": "sha512-nXW8nqBTrOpDLPgPY9uV+/1DjxoQ7DoB2N8eocyq8I9XuqJ7BiAMDMf9n1xZM9TgW0J8zrquIb/A7s3BJv7rjg==", - "cpu": [ - "loong64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-mips64el": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.18.20.tgz", - "integrity": "sha512-d5NeaXZcHp8PzYy5VnXV3VSd2D328Zb+9dEq5HE6bw6+N86JVPExrA6O68OPwobntbNJ0pzCpUFZTo3w0GyetQ==", - "cpu": [ - "mips64el" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-ppc64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.18.20.tgz", - "integrity": "sha512-WHPyeScRNcmANnLQkq6AfyXRFr5D6N2sKgkFo2FqguP44Nw2eyDlbTdZwd9GYk98DZG9QItIiTlFLHJHjxP3FA==", - "cpu": [ - "ppc64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-riscv64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.18.20.tgz", - "integrity": "sha512-WSxo6h5ecI5XH34KC7w5veNnKkju3zBRLEQNY7mv5mtBmrP/MjNBCAlsM2u5hDBlS3NGcTQpoBvRzqBcRtpq1A==", - "cpu": [ - "riscv64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-s390x": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.18.20.tgz", - "integrity": "sha512-+8231GMs3mAEth6Ja1iK0a1sQ3ohfcpzpRLH8uuc5/KVDFneH6jtAJLFGafpzpMRO6DzJ6AvXKze9LfFMrIHVQ==", - "cpu": [ - "s390x" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/linux-x64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.18.20.tgz", - "integrity": "sha512-UYqiqemphJcNsFEskc73jQ7B9jgwjWrSayxawS6UVFZGWrAAtkzjxSqnoclCXxWtfwLdzU+vTpcNYhpn43uP1w==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/netbsd-x64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.18.20.tgz", - "integrity": "sha512-iO1c++VP6xUBUmltHZoMtCUdPlnPGdBom6IrO4gyKPFFVBKioIImVooR5I83nTew5UOYrk3gIJhbZh8X44y06A==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "netbsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/openbsd-x64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.18.20.tgz", - "integrity": "sha512-e5e4YSsuQfX4cxcygw/UCPIEP6wbIL+se3sxPdCiMbFLBWu0eiZOJ7WoD+ptCLrmjZBK1Wk7I6D/I3NglUGOxg==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "openbsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/sunos-x64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.18.20.tgz", - "integrity": "sha512-kDbFRFp0YpTQVVrqUd5FTYmWo45zGaXe0X8E1G/LKFC0v8x0vWrhOWSLITcCn63lmZIxfOMXtCfti/RxN/0wnQ==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "sunos" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/win32-arm64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.18.20.tgz", - "integrity": "sha512-ddYFR6ItYgoaq4v4JmQQaAI5s7npztfV4Ag6NrhiaW0RrnOXqBkgwZLofVTlq1daVTQNhtI5oieTvkRPfZrePg==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/win32-ia32": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.18.20.tgz", - "integrity": "sha512-Wv7QBi3ID/rROT08SABTS7eV4hX26sVduqDOTe1MvGMjNd3EjOz4b7zeexIR62GTIEKrfJXKL9LFxTYgkyeu7g==", - "cpu": [ - "ia32" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@esbuild/win32-x64": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.18.20.tgz", - "integrity": "sha512-kTdfRcSiDfQca/y9QIkng02avJ+NCaQvrMejlsB3RRv5sE9rRoeBPISaZpKxHELzRxZyLvNts1P27W3wV+8geQ==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/@eslint-community/eslint-utils": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.4.0.tgz", - "integrity": "sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==", - "dev": true, - "dependencies": { - "eslint-visitor-keys": "^3.3.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "peerDependencies": { - "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0" - } - }, - "node_modules/@eslint-community/regexpp": { - "version": "4.10.1", - "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.10.1.tgz", - "integrity": "sha512-Zm2NGpWELsQAD1xsJzGQpYfvICSsFkEpU0jxBjfdC6uNEWXcHnfs9hScFWtXVDVl+rBQJGrl4g1vcKIejpH9dA==", - "dev": true, - "engines": { - "node": "^12.0.0 || ^14.0.0 || >=16.0.0" - } - }, - "node_modules/@eslint/eslintrc": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-2.1.4.tgz", - "integrity": "sha512-269Z39MS6wVJtsoUl10L60WdkhJVdPG24Q4eZTH3nnF6lpvSShEK3wQjDX9JRWAUPvPh7COouPpU9IrqaZFvtQ==", - "dev": true, - "dependencies": { - "ajv": "^6.12.4", - "debug": "^4.3.2", - "espree": "^9.6.0", - "globals": "^13.19.0", - "ignore": "^5.2.0", - "import-fresh": "^3.2.1", - "js-yaml": "^4.1.0", - "minimatch": "^3.1.2", - "strip-json-comments": "^3.1.1" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/@eslint/eslintrc/node_modules/argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true - }, - "node_modules/@eslint/eslintrc/node_modules/globals": { - "version": "13.24.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", - "integrity": "sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==", - "dev": true, - "dependencies": { - "type-fest": "^0.20.2" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@eslint/eslintrc/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, - "dependencies": { - "argparse": "^2.0.1" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, - "node_modules/@eslint/eslintrc/node_modules/type-fest": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", - "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@eslint/js": { - "version": "8.57.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.57.0.tgz", - "integrity": "sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g==", - "dev": true, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - } - }, - "node_modules/@exodus/schemasafe": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/@exodus/schemasafe/-/schemasafe-1.3.0.tgz", - "integrity": "sha512-5Aap/GaRupgNx/feGBwLLTVv8OQFfv3pq2lPRzPg9R+IOBnDgghTGW7l7EuVXOvg5cc/xSAlRW8rBrjIC3Nvqw==", - "dev": true, - "optional": true - }, - "node_modules/@fal-works/esbuild-plugin-global-externals": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/@fal-works/esbuild-plugin-global-externals/-/esbuild-plugin-global-externals-2.1.2.tgz", - "integrity": "sha512-cEee/Z+I12mZcFJshKcCqC8tuX5hG3s+d+9nZ3LabqKF1vKdF41B92pJVCBggjAGORAeOzyyDDKrZwIkLffeOQ==", - "dev": true - }, - "node_modules/@floating-ui/core": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/@floating-ui/core/-/core-1.6.2.tgz", - "integrity": "sha512-+2XpQV9LLZeanU4ZevzRnGFg2neDeKHgFLjP6YLW+tly0IvrhqT4u8enLGjLH3qeh85g19xY5rsAusfwTdn5lg==", - "dependencies": { - "@floating-ui/utils": "^0.2.0" - } - }, - "node_modules/@floating-ui/dom": { - "version": "1.6.5", - "resolved": "https://registry.npmjs.org/@floating-ui/dom/-/dom-1.6.5.tgz", - "integrity": "sha512-Nsdud2X65Dz+1RHjAIP0t8z5e2ff/IRbei6BqFrl1urT8sDVzM1HMQ+R0XcU5ceRfyO3I6ayeqIfh+6Wb8LGTw==", - "dependencies": { - "@floating-ui/core": "^1.0.0", - "@floating-ui/utils": "^0.2.0" - } - }, - "node_modules/@floating-ui/react-dom": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@floating-ui/react-dom/-/react-dom-2.1.0.tgz", - "integrity": "sha512-lNzj5EQmEKn5FFKc04+zasr09h/uX8RtJRNj5gUXsSQIXHVWTVh+hVAg1vOMCexkX8EgvemMvIFpQfkosnVNyA==", - "dev": true, - "dependencies": { - "@floating-ui/dom": "^1.0.0" - }, - "peerDependencies": { - "react": ">=16.8.0", - "react-dom": ">=16.8.0" - } - }, - "node_modules/@floating-ui/utils": { - "version": "0.2.2", - "resolved": "https://registry.npmjs.org/@floating-ui/utils/-/utils-0.2.2.tgz", - "integrity": "sha512-J4yDIIthosAsRZ5CPYP/jQvUAQtlZTTD/4suA08/FEnlxqW3sKS9iAhgsa9VYLZ6vDHn/ixJgIqRQPotoBjxIw==" - }, - "node_modules/@formatjs/ecma402-abstract": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@formatjs/ecma402-abstract/-/ecma402-abstract-2.0.0.tgz", - "integrity": "sha512-rRqXOqdFmk7RYvj4khklyqzcfQl9vEL/usogncBHRZfZBDOwMGuSRNFl02fu5KGHXdbinju+YXyuR+Nk8xlr/g==", - "dev": true, - "dependencies": { - "@formatjs/intl-localematcher": "0.5.4", - "tslib": "^2.4.0" - } - }, - "node_modules/@formatjs/intl-localematcher": { - "version": "0.5.4", - "resolved": "https://registry.npmjs.org/@formatjs/intl-localematcher/-/intl-localematcher-0.5.4.tgz", - "integrity": "sha512-zTwEpWOzZ2CiKcB93BLngUX59hQkuZjT2+SAQEscSm52peDW/getsawMcWF1rGRpMCX6D7nSJA3CzJ8gn13N/g==", - "dev": true, - "dependencies": { - "tslib": "^2.4.0" - } - }, - "node_modules/@formatjs/intl-segmenter": { - "version": "11.5.7", - "resolved": "https://registry.npmjs.org/@formatjs/intl-segmenter/-/intl-segmenter-11.5.7.tgz", - "integrity": "sha512-MPvUKOURPY1aHc/d3YtLKp4hamrJtdBRc/AZVt9zRitrNeRszSwpIIYDHka9chQJTRIJlIfS4S9FGMdA1PE3Xw==", - "dev": true, - "dependencies": { - "@formatjs/ecma402-abstract": "2.0.0", - "@formatjs/intl-localematcher": "0.5.4", - "tslib": "^2.4.0" - } - }, - "node_modules/@fortawesome/fontawesome-free": { - "version": "6.5.2", - "resolved": "https://registry.npmjs.org/@fortawesome/fontawesome-free/-/fontawesome-free-6.5.2.tgz", - "integrity": "sha512-hRILoInAx8GNT5IMkrtIt9blOdrqHOnPBH+k70aWUAqPZPgopb9G5EQJFpaBx/S8zp2fC+mPW349Bziuk1o28Q==", - "hasInstallScript": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/@gcornut/valibot-json-schema": { - "version": "0.0.27", - "resolved": "https://registry.npmjs.org/@gcornut/valibot-json-schema/-/valibot-json-schema-0.0.27.tgz", - "integrity": "sha512-xcMaUStVgQzPrK3d7PuLFbQ+3qSp6LzaLExAm52E3FKmUfjQa7Sw5cDK6Hfu/8WT0yfGsuSCuJ5uT1sosjR9Qg==", - "dev": true, - "optional": true, - "bin": { - "valibot-json-schema": "bin/index.js" - }, - "peerDependencies": { - "@types/json-schema": ">= 7.0.14", - "esbuild": ">= 0.18.20", - "esbuild-runner": ">= 2.2.2", - "valibot": ">= 0.21.0" - } - }, - "node_modules/@hapi/hoek": { - "version": "9.3.0", - "resolved": "https://registry.npmjs.org/@hapi/hoek/-/hoek-9.3.0.tgz", - "integrity": "sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==", - "dev": true, - "optional": true - }, - "node_modules/@hapi/topo": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/@hapi/topo/-/topo-5.1.0.tgz", - "integrity": "sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==", - "dev": true, - "optional": true, - "dependencies": { - "@hapi/hoek": "^9.0.0" - } - }, - "node_modules/@humanwhocodes/config-array": { - "version": "0.11.14", - "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.14.tgz", - "integrity": "sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==", - "dev": true, - "dependencies": { - "@humanwhocodes/object-schema": "^2.0.2", - "debug": "^4.3.1", - "minimatch": "^3.0.5" - }, - "engines": { - "node": ">=10.10.0" - } - }, - "node_modules/@humanwhocodes/module-importer": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz", - "integrity": "sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==", - "dev": true, - "engines": { - "node": ">=12.22" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/nzakas" - } - }, - "node_modules/@humanwhocodes/object-schema": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.3.tgz", - "integrity": "sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==", - "dev": true - }, - "node_modules/@inlang/detect-json-formatting": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@inlang/detect-json-formatting/-/detect-json-formatting-1.0.0.tgz", - "integrity": "sha512-o0jeI8U4TgNlsPwI0y92jld8/18Loh2KEgHCYCJ42rCOdxFrA8R60cydlEd2/6jkdHFn5DxKj8rOyiKv3z9uOw==", - "dependencies": { - "guess-json-indent": "2.0.0" - } - }, - "node_modules/@inlang/json-types": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@inlang/json-types/-/json-types-1.1.0.tgz", - "integrity": "sha512-n6vS6AqETsCFbV4TdBvR/EH57waVXzKsMqeUQ+eH2Q6NUATfKhfLabgNms2A+QV3aedH/hLtb1pRmjl2ykBVZg==", - "peerDependencies": { - "@sinclair/typebox": "^0.31.0" - } - }, - "node_modules/@inlang/language-tag": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/@inlang/language-tag/-/language-tag-1.5.1.tgz", - "integrity": "sha512-+NlYDxDvN5h/TKUmkuQv+Ct1flxaVRousCbek7oFEk3/afZPVLNTJhm+cX2xiOg3tmi2KKrBLfy/V9oUDHj6GQ==", - "dependencies": { - "@sinclair/typebox": "^0.31.17" - } - }, - "node_modules/@inlang/message": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@inlang/message/-/message-2.1.0.tgz", - "integrity": "sha512-Gr3wiErI7fW4iW11xgZzsJEUTjlZuz02fB/EO+ENTBlSHGyI1kzbCCeNqLr1mnGdQYiOxfuZxY0S4G5C6Pju3Q==", - "dependencies": { - "@inlang/language-tag": "1.5.1" - }, - "peerDependencies": { - "@sinclair/typebox": "^0.31.17" - } - }, - "node_modules/@inlang/message-lint-rule": { - "version": "1.4.5", - "resolved": "https://registry.npmjs.org/@inlang/message-lint-rule/-/message-lint-rule-1.4.5.tgz", - "integrity": "sha512-pyLSUhcoOYaFlYrk8d/OSpev/IaxAv/LBhKIa/ZEaycwFOBtuxDnFXEwQf9cWuPMeiPVsU83X8rgEEfOzWwupw==", - "dependencies": { - "@inlang/json-types": "1.1.0", - "@inlang/language-tag": "1.5.1", - "@inlang/message": "2.1.0", - "@inlang/project-settings": "2.4.0", - "@inlang/translatable": "1.3.1" - }, - "peerDependencies": { - "@sinclair/typebox": "^0.31.17" - } - }, - "node_modules/@inlang/module": { - "version": "1.2.9", - "resolved": "https://registry.npmjs.org/@inlang/module/-/module-1.2.9.tgz", - "integrity": "sha512-+nGyReKCcqtzhkryEguN8ftL2gvr8vukGBKWzGx0hq3ul0i3JNVwlzFohU+TKpRyUE36DzffngVQX3khH0Gu8g==", - "dependencies": { - "@inlang/message-lint-rule": "1.4.5", - "@inlang/plugin": "2.4.9" - }, - "peerDependencies": { - "@sinclair/typebox": "^0.31.17" - } - }, - "node_modules/@inlang/paraglide-js": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/@inlang/paraglide-js/-/paraglide-js-1.2.5.tgz", - "integrity": "sha512-r7aqfI/j+054ioKGPpDzBG6Ngr5Hi0lZoV4zK16D5nu9J0XNljuBOQXoXQwJdHDyF4bYdlETZBO9C52uvcOAPQ==", - "dev": true, - "dependencies": { - "@inlang/detect-json-formatting": "1.0.0", - "commander": "11.1.0", - "consola": "3.2.3", - "dedent": "1.5.1", - "isomorphic-git": "1.24.5", - "json5": "2.2.3", - "posthog-node": "3.1.3" - }, - "bin": { - "paraglide-js": "bin/run.js" - } - }, - "node_modules/@inlang/paraglide-js-adapter-unplugin": { - "version": "1.4.29", - "resolved": "https://registry.npmjs.org/@inlang/paraglide-js-adapter-unplugin/-/paraglide-js-adapter-unplugin-1.4.29.tgz", - "integrity": "sha512-CDhQ69M9Ej8wfY/8P2rdNzwq6ux69A4nlFJqPcWffEX21xMaWGlt8JNspjMjc158KpAYyBGB8bFgTZ5K6o1fwg==", - "dependencies": { - "@inlang/paraglide-js": "1.7.0", - "@inlang/sdk": "0.33.0", - "@lix-js/client": "1.2.1", - "unplugin": "1.5.1" - } - }, - "node_modules/@inlang/paraglide-js-adapter-unplugin/node_modules/@inlang/paraglide-js": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/@inlang/paraglide-js/-/paraglide-js-1.7.0.tgz", - "integrity": "sha512-FkyOqMAPd8iks66xZpIqzepzlnMPT/t7sHmZkwN9QzjFu6RUjdSbHSP6dZPdmD1puobhtDQcbbub6NA/OmpuzA==", - "dependencies": { - "@inlang/detect-json-formatting": "1.0.0", - "commander": "11.1.0", - "consola": "3.2.3", - "dedent": "1.5.1", - "json5": "2.2.3", - "posthog-node": "3.1.3" - }, - "bin": { - "paraglide-js": "bin/run.js" - } - }, - "node_modules/@inlang/paraglide-js-adapter-vite": { - "version": "1.2.40", - "resolved": "https://registry.npmjs.org/@inlang/paraglide-js-adapter-vite/-/paraglide-js-adapter-vite-1.2.40.tgz", - "integrity": "sha512-2+mAYI4hDMTr7AAei5CNzjqpjzOvsnlGrVvHrohtYs+Jn+tayokDaO7iL5o9k9SYrlXBZ7tUshAw88UQ1+f82Q==", - "dependencies": { - "@inlang/paraglide-js-adapter-unplugin": "1.4.29" - } - }, - "node_modules/@inlang/plugin": { - "version": "2.4.9", - "resolved": "https://registry.npmjs.org/@inlang/plugin/-/plugin-2.4.9.tgz", - "integrity": "sha512-zWYUUlHsHvjAnwz7ep2eIBE+3PNQ6QKDSuF4HezJaBnJGC2fkijuPhuNqPfn+1tH8rxHQbfuNeWqwfco0dsf+A==", - "dependencies": { - "@inlang/json-types": "1.1.0", - "@inlang/language-tag": "1.5.1", - "@inlang/message": "2.1.0", - "@inlang/project-settings": "2.4.0", - "@inlang/translatable": "1.3.1", - "@lix-js/fs": "1.0.0" - }, - "peerDependencies": { - "@sinclair/typebox": "^0.31.17" - } - }, - "node_modules/@inlang/project-settings": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/@inlang/project-settings/-/project-settings-2.4.0.tgz", - "integrity": "sha512-hzrO07YiZM6rf6HwgdYofQa+rfcy13MV2u0pEPyfthnz/wB3Il4JOUKw0fIhQMj5Hz8097LWVi1mniJ6xWGyqA==", - "dependencies": { - "@inlang/json-types": "1.1.0", - "@inlang/language-tag": "1.5.1" - }, - "peerDependencies": { - "@sinclair/typebox": "^0.31.17" - } - }, - "node_modules/@inlang/result": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@inlang/result/-/result-1.1.0.tgz", - "integrity": "sha512-zLGroi9EUiHuOjUOaglUVTFO7EWdo2OARMJLBO1Q5Ga/xJmSQb6XS1lhqEXBFAjgFarfEMX5YEJWWALogYV3wA==" - }, - "node_modules/@inlang/sdk": { - "version": "0.33.0", - "resolved": "https://registry.npmjs.org/@inlang/sdk/-/sdk-0.33.0.tgz", - "integrity": "sha512-bwSGay4kg9RmqxqBVQuSxCl8ZFqOKDvvvxpb7oAQoMVbDL+dX0J5pc8Yh7AMzY9TYWXwt7yT2umeZtHz9UvfZw==", - "dependencies": { - "@inlang/json-types": "1.1.0", - "@inlang/language-tag": "1.5.1", - "@inlang/message": "2.1.0", - "@inlang/message-lint-rule": "1.4.5", - "@inlang/module": "1.2.9", - "@inlang/plugin": "2.4.9", - "@inlang/project-settings": "2.4.0", - "@inlang/result": "1.1.0", - "@inlang/translatable": "1.3.1", - "@lix-js/client": "1.2.1", - "@lix-js/fs": "1.0.0", - "@sinclair/typebox": "^0.31.17", - "debug": "^4.3.4", - "dedent": "1.5.1", - "deepmerge-ts": "^5.1.0", - "murmurhash3js": "^3.0.1", - "solid-js": "1.6.12", - "throttle-debounce": "^5.0.0" - }, - "engines": { - "node": ">=18.0.0" - } - }, - "node_modules/@inlang/translatable": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/@inlang/translatable/-/translatable-1.3.1.tgz", - "integrity": "sha512-VAtle21vRpIrB+axtHFrFB0d1HtDaaNj+lV77eZQTJyOWbTFYTVIQJ8WAbyw9eu4F6h6QC2FutLyxjMomxfpcQ==", - "dependencies": { - "@inlang/language-tag": "1.5.1" - } - }, - "node_modules/@isaacs/cliui": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz", - "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==", - "dev": true, - "dependencies": { - "string-width": "^5.1.2", - "string-width-cjs": "npm:string-width@^4.2.0", - "strip-ansi": "^7.0.1", - "strip-ansi-cjs": "npm:strip-ansi@^6.0.1", - "wrap-ansi": "^8.1.0", - "wrap-ansi-cjs": "npm:wrap-ansi@^7.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/@isaacs/cliui/node_modules/ansi-regex": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", - "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/ansi-regex?sponsor=1" - } - }, - "node_modules/@isaacs/cliui/node_modules/strip-ansi": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", - "dev": true, - "dependencies": { - "ansi-regex": "^6.0.1" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/strip-ansi?sponsor=1" - } - }, - "node_modules/@isaacs/ttlcache": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/@isaacs/ttlcache/-/ttlcache-1.4.1.tgz", - "integrity": "sha512-RQgQ4uQ+pLbqXfOmieB91ejmLwvSgv9nLx6sT6sD83s7umBypgg+OIBOBbEUiJXrfpnp9j0mRhYYdzp9uqq3lA==", - "dev": true, - "engines": { - "node": ">=12" - } - }, - "node_modules/@istanbuljs/load-nyc-config": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz", - "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==", - "dev": true, - "dependencies": { - "camelcase": "^5.3.1", - "find-up": "^4.1.0", - "get-package-type": "^0.1.0", - "js-yaml": "^3.13.1", - "resolve-from": "^5.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/@istanbuljs/load-nyc-config/node_modules/find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "dev": true, - "dependencies": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/@istanbuljs/load-nyc-config/node_modules/locate-path": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", - "dev": true, - "dependencies": { - "p-locate": "^4.1.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/@istanbuljs/load-nyc-config/node_modules/p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "dev": true, - "dependencies": { - "p-try": "^2.0.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@istanbuljs/load-nyc-config/node_modules/p-locate": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", - "dev": true, - "dependencies": { - "p-limit": "^2.2.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/@istanbuljs/schema": { - "version": "0.1.3", - "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.3.tgz", - "integrity": "sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/@jest/schemas": { - "version": "29.6.3", - "resolved": "https://registry.npmjs.org/@jest/schemas/-/schemas-29.6.3.tgz", - "integrity": "sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==", - "dev": true, - "dependencies": { - "@sinclair/typebox": "^0.27.8" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/@jest/schemas/node_modules/@sinclair/typebox": { - "version": "0.27.8", - "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.8.tgz", - "integrity": "sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA==", - "dev": true - }, - "node_modules/@jest/transform": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/@jest/transform/-/transform-29.7.0.tgz", - "integrity": "sha512-ok/BTPFzFKVMwO5eOHRrvnBVHdRy9IrsrW1GpMaQ9MCnilNLXQKmAX8s1YXDFaai9xJpac2ySzV0YeRRECr2Vw==", - "dev": true, - "dependencies": { - "@babel/core": "^7.11.6", - "@jest/types": "^29.6.3", - "@jridgewell/trace-mapping": "^0.3.18", - "babel-plugin-istanbul": "^6.1.1", - "chalk": "^4.0.0", - "convert-source-map": "^2.0.0", - "fast-json-stable-stringify": "^2.1.0", - "graceful-fs": "^4.2.9", - "jest-haste-map": "^29.7.0", - "jest-regex-util": "^29.6.3", - "jest-util": "^29.7.0", - "micromatch": "^4.0.4", - "pirates": "^4.0.4", - "slash": "^3.0.0", - "write-file-atomic": "^4.0.2" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/@jest/types": { - "version": "29.6.3", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-29.6.3.tgz", - "integrity": "sha512-u3UPsIilWKOM3F9CXtrG8LEJmNxwoCQC/XVj4IKYXvvpx7QIi/Kg1LI5uDmDpKlac62NUtX7eLjRh+jVZcLOzw==", - "dev": true, - "dependencies": { - "@jest/schemas": "^29.6.3", - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^17.0.8", - "chalk": "^4.0.0" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/@jridgewell/gen-mapping": { - "version": "0.3.5", - "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz", - "integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==", - "dependencies": { - "@jridgewell/set-array": "^1.2.1", - "@jridgewell/sourcemap-codec": "^1.4.10", - "@jridgewell/trace-mapping": "^0.3.24" - }, - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/@jridgewell/resolve-uri": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz", - "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==", - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/@jridgewell/set-array": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz", - "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==", - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/@jridgewell/sourcemap-codec": { - "version": "1.4.15", - "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz", - "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==" - }, - "node_modules/@jridgewell/trace-mapping": { - "version": "0.3.25", - "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz", - "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==", - "dependencies": { - "@jridgewell/resolve-uri": "^3.1.0", - "@jridgewell/sourcemap-codec": "^1.4.14" - } - }, - "node_modules/@juggle/resize-observer": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/@juggle/resize-observer/-/resize-observer-3.4.0.tgz", - "integrity": "sha512-dfLbk+PwWvFzSxwk3n5ySL0hfBog779o8h68wK/7/APo/7cgyWp5jcXockbxdk5kFRkbeXWm4Fbi9FrdN381sA==", - "dev": true - }, - "node_modules/@lix-js/client": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/@lix-js/client/-/client-1.2.1.tgz", - "integrity": "sha512-9EjzAWX2GAUk1LPdG8JZoAjQUYVSENQ7GesDMdvvkbE86cwpOfIf79aRcVCDF0zuBk5ferikGLSv5IJD/+i6Ig==", - "dependencies": { - "@lix-js/fs": "1.0.0", - "@octokit/types": "12.4.0 ", - "async-lock": "^1.4.1", - "clean-git-ref": "^2.0.1", - "crc-32": "^1.2.2", - "diff3": "^0.0.4", - "ignore": "^5.3.1", - "octokit": "3.1.2", - "pako": "^1.0.11", - "pify": "^5.0.0", - "sha.js": "^2.4.11", - "solid-js": "1.7.11" - } - }, - "node_modules/@lix-js/client/node_modules/solid-js": { - "version": "1.7.11", - "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.7.11.tgz", - "integrity": "sha512-JkuvsHt8jqy7USsy9xJtT18aF9r2pFO+GB8JQ2XGTvtF49rGTObB46iebD25sE3qVNvIbwglXOXdALnJq9IHtQ==", - "dependencies": { - "csstype": "^3.1.0", - "seroval": "^0.5.0" - } - }, - "node_modules/@lix-js/fs": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@lix-js/fs/-/fs-1.0.0.tgz", - "integrity": "sha512-B3gnR0B7mOiYePnxh+XNU1OpVvvRYcLJ3MrdqkFVKiXz1fbKKCEMA53Vwhu3ehAMFFDB1Mo9+GVjiY2ssbA/ZQ==" - }, - "node_modules/@mdx-js/react": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@mdx-js/react/-/react-2.3.0.tgz", - "integrity": "sha512-zQH//gdOmuu7nt2oJR29vFhDv88oGPmVw6BggmrHeMI+xgEkp1B2dX9/bMBSYtK0dyLX/aOmesKS09g222K1/g==", - "dev": true, - "dependencies": { - "@types/mdx": "^2.0.0", - "@types/react": ">=16" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - }, - "peerDependencies": { - "react": ">=16" - } - }, - "node_modules/@ndelangen/get-tarball": { - "version": "3.0.9", - "resolved": "https://registry.npmjs.org/@ndelangen/get-tarball/-/get-tarball-3.0.9.tgz", - "integrity": "sha512-9JKTEik4vq+yGosHYhZ1tiH/3WpUS0Nh0kej4Agndhox8pAdWhEx5knFVRcb/ya9knCRCs1rPxNrSXTDdfVqpA==", - "dev": true, - "dependencies": { - "gunzip-maybe": "^1.4.2", - "pump": "^3.0.0", - "tar-fs": "^2.1.1" - } - }, - "node_modules/@nodelib/fs.scandir": { - "version": "2.1.5", - "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz", - "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==", - "dev": true, - "dependencies": { - "@nodelib/fs.stat": "2.0.5", - "run-parallel": "^1.1.9" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/@nodelib/fs.stat": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz", - "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==", - "dev": true, - "engines": { - "node": ">= 8" - } - }, - "node_modules/@nodelib/fs.walk": { - "version": "1.2.8", - "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz", - "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==", - "dev": true, - "dependencies": { - "@nodelib/fs.scandir": "2.1.5", - "fastq": "^1.6.0" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/@octokit/app": { - "version": "14.1.0", - "resolved": "https://registry.npmjs.org/@octokit/app/-/app-14.1.0.tgz", - "integrity": "sha512-g3uEsGOQCBl1+W1rgfwoRFUIR6PtvB2T1E4RpygeUU5LrLvlOqcxrt5lfykIeRpUPpupreGJUYl70fqMDXdTpw==", - "dependencies": { - "@octokit/auth-app": "^6.0.0", - "@octokit/auth-unauthenticated": "^5.0.0", - "@octokit/core": "^5.0.0", - "@octokit/oauth-app": "^6.0.0", - "@octokit/plugin-paginate-rest": "^9.0.0", - "@octokit/types": "^12.0.0", - "@octokit/webhooks": "^12.0.4" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/auth-app": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/@octokit/auth-app/-/auth-app-6.1.1.tgz", - "integrity": "sha512-VrTtzRpyuT5nYGUWeGWQqH//hqEZDV+/yb6+w5wmWpmmUA1Tx950XsAc2mBBfvusfcdF2E7w8jZ1r1WwvfZ9pA==", - "dependencies": { - "@octokit/auth-oauth-app": "^7.1.0", - "@octokit/auth-oauth-user": "^4.1.0", - "@octokit/request": "^8.3.1", - "@octokit/request-error": "^5.1.0", - "@octokit/types": "^13.1.0", - "deprecation": "^2.3.1", - "lru-cache": "^10.0.0", - "universal-github-app-jwt": "^1.1.2", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/auth-app/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/auth-app/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/auth-app/node_modules/lru-cache": { - "version": "10.2.2", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", - "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==", - "engines": { - "node": "14 || >=16.14" - } - }, - "node_modules/@octokit/auth-oauth-app": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-app/-/auth-oauth-app-7.1.0.tgz", - "integrity": "sha512-w+SyJN/b0l/HEb4EOPRudo7uUOSW51jcK1jwLa+4r7PA8FPFpoxEnHBHMITqCsc/3Vo2qqFjgQfz/xUUvsSQnA==", - "dependencies": { - "@octokit/auth-oauth-device": "^6.1.0", - "@octokit/auth-oauth-user": "^4.1.0", - "@octokit/request": "^8.3.1", - "@octokit/types": "^13.0.0", - "@types/btoa-lite": "^1.0.0", - "btoa-lite": "^1.0.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/auth-oauth-app/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/auth-oauth-app/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/auth-oauth-device": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-device/-/auth-oauth-device-6.1.0.tgz", - "integrity": "sha512-FNQ7cb8kASufd6Ej4gnJ3f1QB5vJitkoV1O0/g6e6lUsQ7+VsSNRHRmFScN2tV4IgKA12frrr/cegUs0t+0/Lw==", - "dependencies": { - "@octokit/oauth-methods": "^4.1.0", - "@octokit/request": "^8.3.1", - "@octokit/types": "^13.0.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/auth-oauth-device/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/auth-oauth-device/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/auth-oauth-user": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@octokit/auth-oauth-user/-/auth-oauth-user-4.1.0.tgz", - "integrity": "sha512-FrEp8mtFuS/BrJyjpur+4GARteUCrPeR/tZJzD8YourzoVhRics7u7we/aDcKv+yywRNwNi/P4fRi631rG/OyQ==", - "dependencies": { - "@octokit/auth-oauth-device": "^6.1.0", - "@octokit/oauth-methods": "^4.1.0", - "@octokit/request": "^8.3.1", - "@octokit/types": "^13.0.0", - "btoa-lite": "^1.0.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/auth-oauth-user/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/auth-oauth-user/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/auth-token": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-4.0.0.tgz", - "integrity": "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==", - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/auth-unauthenticated": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/@octokit/auth-unauthenticated/-/auth-unauthenticated-5.0.1.tgz", - "integrity": "sha512-oxeWzmBFxWd+XolxKTc4zr+h3mt+yofn4r7OfoIkR/Cj/o70eEGmPsFbueyJE2iBAGpjgTnEOKM3pnuEGVmiqg==", - "dependencies": { - "@octokit/request-error": "^5.0.0", - "@octokit/types": "^12.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/core": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.0.tgz", - "integrity": "sha512-1LFfa/qnMQvEOAdzlQymH0ulepxbxnCYAKJZfMci/5XJyIHWgEYnDmgnKakbTh7CH2tFQ5O60oYDvns4i9RAIg==", - "dependencies": { - "@octokit/auth-token": "^4.0.0", - "@octokit/graphql": "^7.1.0", - "@octokit/request": "^8.3.1", - "@octokit/request-error": "^5.1.0", - "@octokit/types": "^13.0.0", - "before-after-hook": "^2.2.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/core/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/core/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/endpoint": { - "version": "9.0.5", - "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-9.0.5.tgz", - "integrity": "sha512-ekqR4/+PCLkEBF6qgj8WqJfvDq65RH85OAgrtnVp1mSxaXF03u2xW/hUdweGS5654IlC0wkNYC18Z50tSYTAFw==", - "dependencies": { - "@octokit/types": "^13.1.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/endpoint/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/graphql": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-7.1.0.tgz", - "integrity": "sha512-r+oZUH7aMFui1ypZnAvZmn0KSqAUgE1/tUXIWaqUCa1758ts/Jio84GZuzsvUkme98kv0WFY8//n0J1Z+vsIsQ==", - "dependencies": { - "@octokit/request": "^8.3.0", - "@octokit/types": "^13.0.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/graphql/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/graphql/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/oauth-app": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/@octokit/oauth-app/-/oauth-app-6.1.0.tgz", - "integrity": "sha512-nIn/8eUJ/BKUVzxUXd5vpzl1rwaVxMyYbQkNZjHrF7Vk/yu98/YDF/N2KeWO7uZ0g3b5EyiFXFkZI8rJ+DH1/g==", - "dependencies": { - "@octokit/auth-oauth-app": "^7.0.0", - "@octokit/auth-oauth-user": "^4.0.0", - "@octokit/auth-unauthenticated": "^5.0.0", - "@octokit/core": "^5.0.0", - "@octokit/oauth-authorization-url": "^6.0.2", - "@octokit/oauth-methods": "^4.0.0", - "@types/aws-lambda": "^8.10.83", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/oauth-authorization-url": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/@octokit/oauth-authorization-url/-/oauth-authorization-url-6.0.2.tgz", - "integrity": "sha512-CdoJukjXXxqLNK4y/VOiVzQVjibqoj/xHgInekviUJV73y/BSIcwvJ/4aNHPBPKcPWFnd4/lO9uqRV65jXhcLA==", - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/oauth-methods": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@octokit/oauth-methods/-/oauth-methods-4.1.0.tgz", - "integrity": "sha512-4tuKnCRecJ6CG6gr0XcEXdZtkTDbfbnD5oaHBmLERTjTMZNi2CbfEHZxPU41xXLDG4DfKf+sonu00zvKI9NSbw==", - "dependencies": { - "@octokit/oauth-authorization-url": "^6.0.2", - "@octokit/request": "^8.3.1", - "@octokit/request-error": "^5.1.0", - "@octokit/types": "^13.0.0", - "btoa-lite": "^1.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/oauth-methods/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/oauth-methods/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/openapi-types": { - "version": "19.1.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-19.1.0.tgz", - "integrity": "sha512-6G+ywGClliGQwRsjvqVYpklIfa7oRPA0vyhPQG/1Feh+B+wU0vGH1JiJ5T25d3g1JZYBHzR2qefLi9x8Gt+cpw==" - }, - "node_modules/@octokit/plugin-paginate-graphql": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-graphql/-/plugin-paginate-graphql-4.0.1.tgz", - "integrity": "sha512-R8ZQNmrIKKpHWC6V2gum4x9LG2qF1RxRjo27gjQcG3j+vf2tLsEfE7I/wRWEPzYMaenr1M+qDAtNcwZve1ce1A==", - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "@octokit/core": ">=5" - } - }, - "node_modules/@octokit/plugin-paginate-rest": { - "version": "9.2.1", - "resolved": "https://registry.npmjs.org/@octokit/plugin-paginate-rest/-/plugin-paginate-rest-9.2.1.tgz", - "integrity": "sha512-wfGhE/TAkXZRLjksFXuDZdmGnJQHvtU/joFQdweXUgzo1XwvBCD4o4+75NtFfjfLK5IwLf9vHTfSiU3sLRYpRw==", - "dependencies": { - "@octokit/types": "^12.6.0" - }, - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "@octokit/core": "5" - } - }, - "node_modules/@octokit/plugin-paginate-rest/node_modules/@octokit/openapi-types": { - "version": "20.0.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz", - "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==" - }, - "node_modules/@octokit/plugin-paginate-rest/node_modules/@octokit/types": { - "version": "12.6.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz", - "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==", - "dependencies": { - "@octokit/openapi-types": "^20.0.0" - } - }, - "node_modules/@octokit/plugin-rest-endpoint-methods": { - "version": "10.4.1", - "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-10.4.1.tgz", - "integrity": "sha512-xV1b+ceKV9KytQe3zCVqjg+8GTGfDYwaT1ATU5isiUyVtlVAO3HNdzpS4sr4GBx4hxQ46s7ITtZrAsxG22+rVg==", - "dependencies": { - "@octokit/types": "^12.6.0" - }, - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "@octokit/core": "5" - } - }, - "node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/openapi-types": { - "version": "20.0.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-20.0.0.tgz", - "integrity": "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==" - }, - "node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/types": { - "version": "12.6.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.6.0.tgz", - "integrity": "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==", - "dependencies": { - "@octokit/openapi-types": "^20.0.0" - } - }, - "node_modules/@octokit/plugin-retry": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/@octokit/plugin-retry/-/plugin-retry-6.0.1.tgz", - "integrity": "sha512-SKs+Tz9oj0g4p28qkZwl/topGcb0k0qPNX/i7vBKmDsjoeqnVfFUquqrE/O9oJY7+oLzdCtkiWSXLpLjvl6uog==", - "dependencies": { - "@octokit/request-error": "^5.0.0", - "@octokit/types": "^12.0.0", - "bottleneck": "^2.15.3" - }, - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "@octokit/core": ">=5" - } - }, - "node_modules/@octokit/plugin-throttling": { - "version": "8.2.0", - "resolved": "https://registry.npmjs.org/@octokit/plugin-throttling/-/plugin-throttling-8.2.0.tgz", - "integrity": "sha512-nOpWtLayKFpgqmgD0y3GqXafMFuKcA4tRPZIfu7BArd2lEZeb1988nhWhwx4aZWmjDmUfdgVf7W+Tt4AmvRmMQ==", - "dependencies": { - "@octokit/types": "^12.2.0", - "bottleneck": "^2.15.3" - }, - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "@octokit/core": "^5.0.0" - } - }, - "node_modules/@octokit/request": { - "version": "8.4.0", - "resolved": "https://registry.npmjs.org/@octokit/request/-/request-8.4.0.tgz", - "integrity": "sha512-9Bb014e+m2TgBeEJGEbdplMVWwPmL1FPtggHQRkV+WVsMggPtEkLKPlcVYm/o8xKLkpJ7B+6N8WfQMtDLX2Dpw==", - "dependencies": { - "@octokit/endpoint": "^9.0.1", - "@octokit/request-error": "^5.1.0", - "@octokit/types": "^13.1.0", - "universal-user-agent": "^6.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/request-error": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-5.1.0.tgz", - "integrity": "sha512-GETXfE05J0+7H2STzekpKObFe765O5dlAKUTLNGeH+x47z7JjXHfsHKo5z21D/o/IOZTUEI6nyWyR+bZVP/n5Q==", - "dependencies": { - "@octokit/types": "^13.1.0", - "deprecation": "^2.0.0", - "once": "^1.4.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/request-error/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/request/node_modules/@octokit/openapi-types": { - "version": "22.2.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-22.2.0.tgz", - "integrity": "sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==" - }, - "node_modules/@octokit/request/node_modules/@octokit/types": { - "version": "13.5.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-13.5.0.tgz", - "integrity": "sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==", - "dependencies": { - "@octokit/openapi-types": "^22.2.0" - } - }, - "node_modules/@octokit/types": { - "version": "12.4.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.4.0.tgz", - "integrity": "sha512-FLWs/AvZllw/AGVs+nJ+ELCDZZJk+kY0zMen118xhL2zD0s1etIUHm1odgjP7epxYU1ln7SZxEUWYop5bhsdgQ==", - "dependencies": { - "@octokit/openapi-types": "^19.1.0" - } - }, - "node_modules/@octokit/webhooks": { - "version": "12.2.0", - "resolved": "https://registry.npmjs.org/@octokit/webhooks/-/webhooks-12.2.0.tgz", - "integrity": "sha512-CyuLJ0/P7bKZ+kIYw+fnkeVdhUzNuDKgNSI7pU/m7Nod0T7kP+s4s2f0pNmG9HL8/RZN1S0ZWTDll3VTMrFLAw==", - "dependencies": { - "@octokit/request-error": "^5.0.0", - "@octokit/webhooks-methods": "^4.1.0", - "@octokit/webhooks-types": "7.4.0", - "aggregate-error": "^3.1.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/webhooks-methods": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@octokit/webhooks-methods/-/webhooks-methods-4.1.0.tgz", - "integrity": "sha512-zoQyKw8h9STNPqtm28UGOYFE7O6D4Il8VJwhAtMHFt2C4L0VQT1qGKLeefUOqHNs1mNRYSadVv7x0z8U2yyeWQ==", - "engines": { - "node": ">= 18" - } - }, - "node_modules/@octokit/webhooks-types": { - "version": "7.4.0", - "resolved": "https://registry.npmjs.org/@octokit/webhooks-types/-/webhooks-types-7.4.0.tgz", - "integrity": "sha512-FE2V+QZ2UYlh+9wWd5BPLNXG+J/XUD/PPq0ovS+nCcGX4+3qVbi3jYOmCTW48hg9SBBLtInx9+o7fFt4H5iP0Q==" - }, - "node_modules/@pkgjs/parseargs": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz", - "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==", - "dev": true, - "optional": true, - "engines": { - "node": ">=14" - } - }, - "node_modules/@playwright/test": { - "version": "1.44.1", - "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.44.1.tgz", - "integrity": "sha512-1hZ4TNvD5z9VuhNJ/walIjvMVvYkZKf71axoF/uiAqpntQJXpG64dlXhoDXE3OczPuTuvjf/M5KWFg5VAVUS3Q==", - "dev": true, - "dependencies": { - "playwright": "1.44.1" - }, - "bin": { - "playwright": "cli.js" - }, - "engines": { - "node": ">=16" - } - }, - "node_modules/@polka/url": { - "version": "1.0.0-next.25", - "resolved": "https://registry.npmjs.org/@polka/url/-/url-1.0.0-next.25.tgz", - "integrity": "sha512-j7P6Rgr3mmtdkeDGTe0E/aYyWEWVtc5yFXtHCRHs28/jptDEWfaVOc5T7cblqy1XKPPfCxJc/8DwQ5YgLOZOVQ==", - "dev": true - }, - "node_modules/@poppinss/macroable": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@poppinss/macroable/-/macroable-1.0.2.tgz", - "integrity": "sha512-xhhEcEvhQC8mP5oOr5hbE4CmUgmw/IPV1jhpGg2xSkzoFrt9i8YVqBQt9744EFesi5F7pBheWozg63RUBM/5JA==", - "dev": true, - "optional": true, - "engines": { - "node": ">=18.16.0" - } - }, - "node_modules/@radix-ui/number": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/number/-/number-1.0.1.tgz", - "integrity": "sha512-T5gIdVO2mmPW3NNhjNgEP3cqMXjXL9UbO0BzWcXfvdBs+BohbQxvd/K5hSVKmn9/lbTdsQVKbUcP5WLCwvUbBg==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - } - }, - "node_modules/@radix-ui/primitive": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/primitive/-/primitive-1.0.1.tgz", - "integrity": "sha512-yQ8oGX2GVsEYMWGxcovu1uGWPCxV5BFfeeYxqPmuAzUyLT9qmaMXSAhXpb0WrspIeqYzdJpkh2vHModJPgRIaw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - } - }, - "node_modules/@radix-ui/react-arrow": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-arrow/-/react-arrow-1.0.3.tgz", - "integrity": "sha512-wSP+pHsB/jQRaL6voubsQ/ZlrGBHHrOjmBnr19hxYgtS0WvAFwZhK2WP/YY5yF9uKECCEEDGxuLxq1NBK51wFA==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-primitive": "1.0.3" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-collection": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-collection/-/react-collection-1.0.3.tgz", - "integrity": "sha512-3SzW+0PW7yBBoQlT8wNcGtaxaD0XSu0uLUFgrtHY08Acx05TaHaOmVLR73c0j/cqpDy53KBMO7s0dx2wmOIDIA==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-compose-refs": "1.0.1", - "@radix-ui/react-context": "1.0.1", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-slot": "1.0.2" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-compose-refs": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-compose-refs/-/react-compose-refs-1.0.1.tgz", - "integrity": "sha512-fDSBgd44FKHa1FRMU59qBMPFcl2PZE+2nmqunj+BWFyYYjnhIDWL2ItDs3rrbJDQOtzt5nIebLCQc4QRfz6LJw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-context": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-context/-/react-context-1.0.1.tgz", - "integrity": "sha512-ebbrdFoYTcuZ0v4wG5tedGnp9tzcV8awzsxYph7gXUyvnNLuTIcCk1q17JEbnVhXAKG9oX3KtchwiMIAYp9NLg==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-direction": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-direction/-/react-direction-1.0.1.tgz", - "integrity": "sha512-RXcvnXgyvYvBEOhCBuddKecVkoMiI10Jcm5cTI7abJRAHYfFxeu+FBQs/DvdxSYucxR5mna0dNsL6QFlds5TMA==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-dismissable-layer": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/@radix-ui/react-dismissable-layer/-/react-dismissable-layer-1.0.4.tgz", - "integrity": "sha512-7UpBa/RKMoHJYjie1gkF1DlK8l1fdU/VKDpoS3rCCo8YBJR294GwcEHyxHw72yvphJ7ld0AXEcSLAzY2F/WyCg==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/primitive": "1.0.1", - "@radix-ui/react-compose-refs": "1.0.1", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-use-callback-ref": "1.0.1", - "@radix-ui/react-use-escape-keydown": "1.0.3" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-focus-guards": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-focus-guards/-/react-focus-guards-1.0.1.tgz", - "integrity": "sha512-Rect2dWbQ8waGzhMavsIbmSVCgYxkXLxxR3ZvCX79JOglzdEy4JXMb98lq4hPxUbLr77nP0UOGf4rcMU+s1pUA==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-focus-scope": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-focus-scope/-/react-focus-scope-1.0.3.tgz", - "integrity": "sha512-upXdPfqI4islj2CslyfUBNlaJCPybbqRHAi1KER7Isel9Q2AtSJ0zRBZv8mWQiFXD2nyAJ4BhC3yXgZ6kMBSrQ==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-compose-refs": "1.0.1", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-use-callback-ref": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-id": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-id/-/react-id-1.0.1.tgz", - "integrity": "sha512-tI7sT/kqYp8p96yGWY1OAnLHrqDgzHefRBKQ2YAkBS5ja7QLcZ9Z/uY7bEjPUatf8RomoXM8/1sMj1IJaE5UzQ==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-use-layout-effect": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-popper": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/@radix-ui/react-popper/-/react-popper-1.1.2.tgz", - "integrity": "sha512-1CnGGfFi/bbqtJZZ0P/NQY20xdG3E0LALJaLUEoKwPLwl6PPPfbeiCqMVQnhoFRAxjJj4RpBRJzDmUgsex2tSg==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@floating-ui/react-dom": "^2.0.0", - "@radix-ui/react-arrow": "1.0.3", - "@radix-ui/react-compose-refs": "1.0.1", - "@radix-ui/react-context": "1.0.1", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-use-callback-ref": "1.0.1", - "@radix-ui/react-use-layout-effect": "1.0.1", - "@radix-ui/react-use-rect": "1.0.1", - "@radix-ui/react-use-size": "1.0.1", - "@radix-ui/rect": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-portal": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-portal/-/react-portal-1.0.3.tgz", - "integrity": "sha512-xLYZeHrWoPmA5mEKEfZZevoVRK/Q43GfzRXkWV6qawIWWK8t6ifIiLQdd7rmQ4Vk1bmI21XhqF9BN3jWf+phpA==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-primitive": "1.0.3" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-primitive": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-primitive/-/react-primitive-1.0.3.tgz", - "integrity": "sha512-yi58uVyoAcK/Nq1inRY56ZSjKypBNKTa/1mcL8qdl6oJeEaDbOldlzrGn7P6Q3Id5d+SYNGc5AJgc4vGhjs5+g==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-slot": "1.0.2" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-roving-focus": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/@radix-ui/react-roving-focus/-/react-roving-focus-1.0.4.tgz", - "integrity": "sha512-2mUg5Mgcu001VkGy+FfzZyzbmuUWzgWkj3rvv4yu+mLw03+mTzbxZHvfcGyFp2b8EkQeMkpRQ5FiA2Vr2O6TeQ==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/primitive": "1.0.1", - "@radix-ui/react-collection": "1.0.3", - "@radix-ui/react-compose-refs": "1.0.1", - "@radix-ui/react-context": "1.0.1", - "@radix-ui/react-direction": "1.0.1", - "@radix-ui/react-id": "1.0.1", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-use-callback-ref": "1.0.1", - "@radix-ui/react-use-controllable-state": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-select": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/@radix-ui/react-select/-/react-select-1.2.2.tgz", - "integrity": "sha512-zI7McXr8fNaSrUY9mZe4x/HC0jTLY9fWNhO1oLWYMQGDXuV4UCivIGTxwioSzO0ZCYX9iSLyWmAh/1TOmX3Cnw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/number": "1.0.1", - "@radix-ui/primitive": "1.0.1", - "@radix-ui/react-collection": "1.0.3", - "@radix-ui/react-compose-refs": "1.0.1", - "@radix-ui/react-context": "1.0.1", - "@radix-ui/react-direction": "1.0.1", - "@radix-ui/react-dismissable-layer": "1.0.4", - "@radix-ui/react-focus-guards": "1.0.1", - "@radix-ui/react-focus-scope": "1.0.3", - "@radix-ui/react-id": "1.0.1", - "@radix-ui/react-popper": "1.1.2", - "@radix-ui/react-portal": "1.0.3", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-slot": "1.0.2", - "@radix-ui/react-use-callback-ref": "1.0.1", - "@radix-ui/react-use-controllable-state": "1.0.1", - "@radix-ui/react-use-layout-effect": "1.0.1", - "@radix-ui/react-use-previous": "1.0.1", - "@radix-ui/react-visually-hidden": "1.0.3", - "aria-hidden": "^1.1.1", - "react-remove-scroll": "2.5.5" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-separator": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-separator/-/react-separator-1.0.3.tgz", - "integrity": "sha512-itYmTy/kokS21aiV5+Z56MZB54KrhPgn6eHDKkFeOLR34HMN2s8PaN47qZZAGnvupcjxHaFZnW4pQEh0BvvVuw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-primitive": "1.0.3" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-slot": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@radix-ui/react-slot/-/react-slot-1.0.2.tgz", - "integrity": "sha512-YeTpuq4deV+6DusvVUW4ivBgnkHwECUu0BiN43L5UCDFgdhsRUWAghhTF5MbvNTPzmiFOx90asDSUjWuCNapwg==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-compose-refs": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-toggle": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-toggle/-/react-toggle-1.0.3.tgz", - "integrity": "sha512-Pkqg3+Bc98ftZGsl60CLANXQBBQ4W3mTFS9EJvNxKMZ7magklKV69/id1mlAlOFDDfHvlCms0fx8fA4CMKDJHg==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/primitive": "1.0.1", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-use-controllable-state": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-toggle-group": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/@radix-ui/react-toggle-group/-/react-toggle-group-1.0.4.tgz", - "integrity": "sha512-Uaj/M/cMyiyT9Bx6fOZO0SAG4Cls0GptBWiBmBxofmDbNVnYYoyRWj/2M/6VCi/7qcXFWnHhRUfdfZFvvkuu8A==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/primitive": "1.0.1", - "@radix-ui/react-context": "1.0.1", - "@radix-ui/react-direction": "1.0.1", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-roving-focus": "1.0.4", - "@radix-ui/react-toggle": "1.0.3", - "@radix-ui/react-use-controllable-state": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-toolbar": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/@radix-ui/react-toolbar/-/react-toolbar-1.0.4.tgz", - "integrity": "sha512-tBgmM/O7a07xbaEkYJWYTXkIdU/1pW4/KZORR43toC/4XWyBCURK0ei9kMUdp+gTPPKBgYLxXmRSH1EVcIDp8Q==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/primitive": "1.0.1", - "@radix-ui/react-context": "1.0.1", - "@radix-ui/react-direction": "1.0.1", - "@radix-ui/react-primitive": "1.0.3", - "@radix-ui/react-roving-focus": "1.0.4", - "@radix-ui/react-separator": "1.0.3", - "@radix-ui/react-toggle-group": "1.0.4" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-use-callback-ref": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-use-callback-ref/-/react-use-callback-ref-1.0.1.tgz", - "integrity": "sha512-D94LjX4Sp0xJFVaoQOd3OO9k7tpBYNOXdVhkltUbGv2Qb9OXdrg/CpsjlZv7ia14Sylv398LswWBVVu5nqKzAQ==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-use-controllable-state": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-use-controllable-state/-/react-use-controllable-state-1.0.1.tgz", - "integrity": "sha512-Svl5GY5FQeN758fWKrjM6Qb7asvXeiZltlT4U2gVfl8Gx5UAv2sMR0LWo8yhsIZh2oQ0eFdZ59aoOOMV7b47VA==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-use-callback-ref": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-use-escape-keydown": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-use-escape-keydown/-/react-use-escape-keydown-1.0.3.tgz", - "integrity": "sha512-vyL82j40hcFicA+M4Ex7hVkB9vHgSse1ZWomAqV2Je3RleKGO5iM8KMOEtfoSB0PnIelMd2lATjTGMYqN5ylTg==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-use-callback-ref": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-use-layout-effect": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-use-layout-effect/-/react-use-layout-effect-1.0.1.tgz", - "integrity": "sha512-v/5RegiJWYdoCvMnITBkNNx6bCj20fiaJnWtRkU18yITptraXjffz5Qbn05uOiQnOvi+dbkznkoaMltz1GnszQ==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-use-previous": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-use-previous/-/react-use-previous-1.0.1.tgz", - "integrity": "sha512-cV5La9DPwiQ7S0gf/0qiD6YgNqM5Fk97Kdrlc5yBcrF3jyEZQwm7vYFqMo4IfeHgJXsRaMvLABFtd0OVEmZhDw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-use-rect": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-use-rect/-/react-use-rect-1.0.1.tgz", - "integrity": "sha512-Cq5DLuSiuYVKNU8orzJMbl15TXilTnJKUCltMVQg53BQOF1/C5toAaGrowkgksdBQ9H+SRL23g0HDmg9tvmxXw==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/rect": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-use-size": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/react-use-size/-/react-use-size-1.0.1.tgz", - "integrity": "sha512-ibay+VqrgcaI6veAojjofPATwledXiSmX+C0KrBk/xgpX9rBzPV3OsfwlhQdUOFbh+LKQorLYT+xTXW9V8yd0g==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-use-layout-effect": "1.0.1" - }, - "peerDependencies": { - "@types/react": "*", - "react": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/@radix-ui/react-visually-hidden": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@radix-ui/react-visually-hidden/-/react-visually-hidden-1.0.3.tgz", - "integrity": "sha512-D4w41yN5YRKtu464TLnByKzMDG/JlMPHtfZgQAu9v6mNakUqGUI9vUrfQKz8NK41VMm/xbZbh76NUTVtIYqOMA==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10", - "@radix-ui/react-primitive": "1.0.3" - }, - "peerDependencies": { - "@types/react": "*", - "@types/react-dom": "*", - "react": "^16.8 || ^17.0 || ^18.0", - "react-dom": "^16.8 || ^17.0 || ^18.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - }, - "@types/react-dom": { - "optional": true - } - } - }, - "node_modules/@radix-ui/rect": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/@radix-ui/rect/-/rect-1.0.1.tgz", - "integrity": "sha512-fyrgCaedtvMg9NK3en0pnOYJdtfwxUcNolezkNPUsoX57X8oQk+NkqcvzHXD2uKNij6GXmWU9NDru2IWjrO4BQ==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.13.10" - } - }, - "node_modules/@rollup/plugin-commonjs": { - "version": "25.0.8", - "resolved": "https://registry.npmjs.org/@rollup/plugin-commonjs/-/plugin-commonjs-25.0.8.tgz", - "integrity": "sha512-ZEZWTK5n6Qde0to4vS9Mr5x/0UZoqCxPVR9KRUjU4kA2sO7GEUn1fop0DAwpO6z0Nw/kJON9bDmSxdWxO/TT1A==", - "dev": true, - "dependencies": { - "@rollup/pluginutils": "^5.0.1", - "commondir": "^1.0.1", - "estree-walker": "^2.0.2", - "glob": "^8.0.3", - "is-reference": "1.2.1", - "magic-string": "^0.30.3" - }, - "engines": { - "node": ">=14.0.0" - }, - "peerDependencies": { - "rollup": "^2.68.0||^3.0.0||^4.0.0" - }, - "peerDependenciesMeta": { - "rollup": { - "optional": true - } - } - }, - "node_modules/@rollup/plugin-commonjs/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "dev": true, - "dependencies": { - "balanced-match": "^1.0.0" - } - }, - "node_modules/@rollup/plugin-commonjs/node_modules/glob": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/glob/-/glob-8.1.0.tgz", - "integrity": "sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==", - "deprecated": "Glob versions prior to v9 are no longer supported", - "dev": true, - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^5.0.1", - "once": "^1.3.0" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/@rollup/plugin-commonjs/node_modules/minimatch": { - "version": "5.1.6", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", - "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", - "dev": true, - "dependencies": { - "brace-expansion": "^2.0.1" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@rollup/plugin-json": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/@rollup/plugin-json/-/plugin-json-6.1.0.tgz", - "integrity": "sha512-EGI2te5ENk1coGeADSIwZ7G2Q8CJS2sF120T7jLw4xFw9n7wIOXHo+kIYRAoVpJAN+kmqZSoO3Fp4JtoNF4ReA==", - "dev": true, - "dependencies": { - "@rollup/pluginutils": "^5.1.0" - }, - "engines": { - "node": ">=14.0.0" - }, - "peerDependencies": { - "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" - }, - "peerDependenciesMeta": { - "rollup": { - "optional": true - } - } - }, - "node_modules/@rollup/plugin-node-resolve": { - "version": "15.2.3", - "resolved": "https://registry.npmjs.org/@rollup/plugin-node-resolve/-/plugin-node-resolve-15.2.3.tgz", - "integrity": "sha512-j/lym8nf5E21LwBT4Df1VD6hRO2L2iwUeUmP7litikRsVp1H6NWx20NEp0Y7su+7XGc476GnXXc4kFeZNGmaSQ==", - "dev": true, - "dependencies": { - "@rollup/pluginutils": "^5.0.1", - "@types/resolve": "1.20.2", - "deepmerge": "^4.2.2", - "is-builtin-module": "^3.2.1", - "is-module": "^1.0.0", - "resolve": "^1.22.1" - }, - "engines": { - "node": ">=14.0.0" - }, - "peerDependencies": { - "rollup": "^2.78.0||^3.0.0||^4.0.0" - }, - "peerDependenciesMeta": { - "rollup": { - "optional": true - } - } - }, - "node_modules/@rollup/pluginutils": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/@rollup/pluginutils/-/pluginutils-5.1.0.tgz", - "integrity": "sha512-XTIWOPPcpvyKI6L1NHo0lFlCyznUEyPmPY1mc3KpPVDYulHSTvyeLNVW00QTLIAFNhR3kYnJTQHeGqU4M3n09g==", - "dev": true, - "dependencies": { - "@types/estree": "^1.0.0", - "estree-walker": "^2.0.2", - "picomatch": "^2.3.1" - }, - "engines": { - "node": ">=14.0.0" - }, - "peerDependencies": { - "rollup": "^1.20.0||^2.0.0||^3.0.0||^4.0.0" - }, - "peerDependenciesMeta": { - "rollup": { - "optional": true - } - } - }, - "node_modules/@rollup/rollup-android-arm-eabi": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.18.0.tgz", - "integrity": "sha512-Tya6xypR10giZV1XzxmH5wr25VcZSncG0pZIjfePT0OVBvqNEurzValetGNarVrGiq66EBVAFn15iYX4w6FKgQ==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ] - }, - "node_modules/@rollup/rollup-android-arm64": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.18.0.tgz", - "integrity": "sha512-avCea0RAP03lTsDhEyfy+hpfr85KfyTctMADqHVhLAF3MlIkq83CP8UfAHUssgXTYd+6er6PaAhx/QGv4L1EiA==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ] - }, - "node_modules/@rollup/rollup-darwin-arm64": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.18.0.tgz", - "integrity": "sha512-IWfdwU7KDSm07Ty0PuA/W2JYoZ4iTj3TUQjkVsO/6U+4I1jN5lcR71ZEvRh52sDOERdnNhhHU57UITXz5jC1/w==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "darwin" - ] - }, - "node_modules/@rollup/rollup-darwin-x64": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.18.0.tgz", - "integrity": "sha512-n2LMsUz7Ynu7DoQrSQkBf8iNrjOGyPLrdSg802vk6XT3FtsgX6JbE8IHRvposskFm9SNxzkLYGSq9QdpLYpRNA==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "darwin" - ] - }, - "node_modules/@rollup/rollup-linux-arm-gnueabihf": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.18.0.tgz", - "integrity": "sha512-C/zbRYRXFjWvz9Z4haRxcTdnkPt1BtCkz+7RtBSuNmKzMzp3ZxdM28Mpccn6pt28/UWUCTXa+b0Mx1k3g6NOMA==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-linux-arm-musleabihf": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.18.0.tgz", - "integrity": "sha512-l3m9ewPgjQSXrUMHg93vt0hYCGnrMOcUpTz6FLtbwljo2HluS4zTXFy2571YQbisTnfTKPZ01u/ukJdQTLGh9A==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-linux-arm64-gnu": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.18.0.tgz", - "integrity": "sha512-rJ5D47d8WD7J+7STKdCUAgmQk49xuFrRi9pZkWoRD1UeSMakbcepWXPF8ycChBoAqs1pb2wzvbY6Q33WmN2ftw==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-linux-arm64-musl": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.18.0.tgz", - "integrity": "sha512-be6Yx37b24ZwxQ+wOQXXLZqpq4jTckJhtGlWGZs68TgdKXJgw54lUUoFYrg6Zs/kjzAQwEwYbp8JxZVzZLRepQ==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-linux-powerpc64le-gnu": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.18.0.tgz", - "integrity": "sha512-hNVMQK+qrA9Todu9+wqrXOHxFiD5YmdEi3paj6vP02Kx1hjd2LLYR2eaN7DsEshg09+9uzWi2W18MJDlG0cxJA==", - "cpu": [ - "ppc64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-linux-riscv64-gnu": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.18.0.tgz", - "integrity": "sha512-ROCM7i+m1NfdrsmvwSzoxp9HFtmKGHEqu5NNDiZWQtXLA8S5HBCkVvKAxJ8U+CVctHwV2Gb5VUaK7UAkzhDjlg==", - "cpu": [ - "riscv64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-linux-s390x-gnu": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.18.0.tgz", - "integrity": "sha512-0UyyRHyDN42QL+NbqevXIIUnKA47A+45WyasO+y2bGJ1mhQrfrtXUpTxCOrfxCR4esV3/RLYyucGVPiUsO8xjg==", - "cpu": [ - "s390x" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-linux-x64-gnu": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.18.0.tgz", - "integrity": "sha512-xuglR2rBVHA5UsI8h8UbX4VJ470PtGCf5Vpswh7p2ukaqBGFTnsfzxUBetoWBWymHMxbIG0Cmx7Y9qDZzr648w==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-linux-x64-musl": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.18.0.tgz", - "integrity": "sha512-LKaqQL9osY/ir2geuLVvRRs+utWUNilzdE90TpyoX0eNqPzWjRm14oMEE+YLve4k/NAqCdPkGYDaDF5Sw+xBfg==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ] - }, - "node_modules/@rollup/rollup-win32-arm64-msvc": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.18.0.tgz", - "integrity": "sha512-7J6TkZQFGo9qBKH0pk2cEVSRhJbL6MtfWxth7Y5YmZs57Pi+4x6c2dStAUvaQkHQLnEQv1jzBUW43GvZW8OFqA==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ] - }, - "node_modules/@rollup/rollup-win32-ia32-msvc": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.18.0.tgz", - "integrity": "sha512-Txjh+IxBPbkUB9+SXZMpv+b/vnTEtFyfWZgJ6iyCmt2tdx0OF5WhFowLmnh8ENGNpfUlUZkdI//4IEmhwPieNg==", - "cpu": [ - "ia32" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ] - }, - "node_modules/@rollup/rollup-win32-x64-msvc": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.18.0.tgz", - "integrity": "sha512-UOo5FdvOL0+eIVTgS4tIdbW+TtnBLWg1YBCcU2KWM7nuNwRz9bksDX1bekJJCpu25N1DVWaCwnT39dVQxzqS8g==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ] - }, - "node_modules/@sideway/address": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@sideway/address/-/address-4.1.5.tgz", - "integrity": "sha512-IqO/DUQHUkPeixNQ8n0JA6102hT9CmaljNTPmQ1u8MEhBo/R4Q8eKLN/vGZxuebwOroDB4cbpjheD4+/sKFK4Q==", - "dev": true, - "optional": true, - "dependencies": { - "@hapi/hoek": "^9.0.0" - } - }, - "node_modules/@sideway/formula": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/@sideway/formula/-/formula-3.0.1.tgz", - "integrity": "sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg==", - "dev": true, - "optional": true - }, - "node_modules/@sideway/pinpoint": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@sideway/pinpoint/-/pinpoint-2.0.0.tgz", - "integrity": "sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==", - "dev": true, - "optional": true - }, - "node_modules/@sinclair/typebox": { - "version": "0.31.28", - "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.31.28.tgz", - "integrity": "sha512-/s55Jujywdw/Jpan+vsy6JZs1z2ZTGxTmbZTPiuSL2wz9mfzA2gN1zzaqmvfi4pq+uOt7Du85fkiwv5ymW84aQ==" - }, - "node_modules/@skeletonlabs/skeleton": { - "version": "2.10.0", - "resolved": "https://registry.npmjs.org/@skeletonlabs/skeleton/-/skeleton-2.10.0.tgz", - "integrity": "sha512-jPdDT9PCkGmlUgsgNvR99bK6N2pWG2GfdapwWqDVZkKIhTsLz4TeJNF3H26Pfkicoj4hNz486+WYa7iSpbn80g==", - "dev": true, - "dependencies": { - "esm-env": "1.0.0" - }, - "peerDependencies": { - "svelte": "^3.56.0 || ^4.0.0" - } - }, - "node_modules/@skeletonlabs/tw-plugin": { - "version": "0.2.4", - "resolved": "https://registry.npmjs.org/@skeletonlabs/tw-plugin/-/tw-plugin-0.2.4.tgz", - "integrity": "sha512-DmOFMV6jhhvnub/TANB62nJJqxfMBby5Kxwe/Mn3DTxHuJLZj8B47Ta2K5sl/or2B8MaMfny8ocvPAzd6lrMtQ==", - "dev": true, - "peerDependencies": { - "tailwindcss": ">=3.0.0" - } - }, - "node_modules/@sodaru/yup-to-json-schema": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@sodaru/yup-to-json-schema/-/yup-to-json-schema-2.0.1.tgz", - "integrity": "sha512-lWb0Wiz8KZ9ip/dY1eUqt7fhTPmL24p6Hmv5Fd9pzlzAdw/YNcWZr+tiCT4oZ4Zyxzi9+1X4zv82o7jYvcFxYA==", - "dev": true, - "optional": true - }, - "node_modules/@storybook/addon-actions": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-actions/-/addon-actions-7.6.19.tgz", - "integrity": "sha512-ATLrA5QKFJt7tIAScRHz5T3eBQ+RG3jaZk08L7gChvyQZhei8knWwePElZ7GaWbCr9BgznQp1lQUUXq/UUblAQ==", - "dev": true, - "dependencies": { - "@storybook/core-events": "7.6.19", - "@storybook/global": "^5.0.0", - "@types/uuid": "^9.0.1", - "dequal": "^2.0.2", - "polished": "^4.2.2", - "uuid": "^9.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/addon-backgrounds": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-backgrounds/-/addon-backgrounds-7.6.19.tgz", - "integrity": "sha512-Nu3LAZODRSV2e5bOroKm/Jp6BIFzwu/nJxD5OvLWkkwNCh+vDXUFbbaVrZf5xRL+fHd9iLFPtWbJQpF/w7UsCw==", - "dev": true, - "dependencies": { - "@storybook/global": "^5.0.0", - "memoizerific": "^1.11.3", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/addon-controls": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-controls/-/addon-controls-7.6.19.tgz", - "integrity": "sha512-cl6PCNEwihDjuWIUsKTyDNKk+/IE4J3oMbSY5AZV/9Z0jJbpMV2shVm5DMZm5LhCCVcu5obWcxCIa4FMIMJAMQ==", - "dev": true, - "dependencies": { - "@storybook/blocks": "7.6.19", - "lodash": "^4.17.21", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/addon-docs": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-docs/-/addon-docs-7.6.19.tgz", - "integrity": "sha512-nv+9SR/NOtM8Od2esOXHcg0NQT8Pk8BMUyGwZu5Q3MLI4JxNVEG65dY0IP2j6Knc4UtlvQTpM0f7m5xp4seHjQ==", - "dev": true, - "dependencies": { - "@jest/transform": "^29.3.1", - "@mdx-js/react": "^2.1.5", - "@storybook/blocks": "7.6.19", - "@storybook/client-logger": "7.6.19", - "@storybook/components": "7.6.19", - "@storybook/csf-plugin": "7.6.19", - "@storybook/csf-tools": "7.6.19", - "@storybook/global": "^5.0.0", - "@storybook/mdx2-csf": "^1.0.0", - "@storybook/node-logger": "7.6.19", - "@storybook/postinstall": "7.6.19", - "@storybook/preview-api": "7.6.19", - "@storybook/react-dom-shim": "7.6.19", - "@storybook/theming": "7.6.19", - "@storybook/types": "7.6.19", - "fs-extra": "^11.1.0", - "remark-external-links": "^8.0.0", - "remark-slug": "^6.0.0", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0" - } - }, - "node_modules/@storybook/addon-essentials": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-essentials/-/addon-essentials-7.6.19.tgz", - "integrity": "sha512-SC33ZEQ5YaOt9wDkrdZmwQgqPWo9om/gqnyif06eug3SwrTe9JjO5iq1PIBfQodLD9MAxr9cwBvO0NG505oszQ==", - "dev": true, - "dependencies": { - "@storybook/addon-actions": "7.6.19", - "@storybook/addon-backgrounds": "7.6.19", - "@storybook/addon-controls": "7.6.19", - "@storybook/addon-docs": "7.6.19", - "@storybook/addon-highlight": "7.6.19", - "@storybook/addon-measure": "7.6.19", - "@storybook/addon-outline": "7.6.19", - "@storybook/addon-toolbars": "7.6.19", - "@storybook/addon-viewport": "7.6.19", - "@storybook/core-common": "7.6.19", - "@storybook/manager-api": "7.6.19", - "@storybook/node-logger": "7.6.19", - "@storybook/preview-api": "7.6.19", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0" - } - }, - "node_modules/@storybook/addon-highlight": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-highlight/-/addon-highlight-7.6.19.tgz", - "integrity": "sha512-/pApl0oiVU1CQ8xETRNDLDthMBjeTmvFnTRq8RJ9m0JYTrSsoyHDmj9zS4K1k9gReqijE7brslhP8d2tblBpNw==", - "dev": true, - "dependencies": { - "@storybook/global": "^5.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/addon-interactions": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-interactions/-/addon-interactions-7.6.19.tgz", - "integrity": "sha512-lMQDu6JT2LXDWcRnIGvrKRk/W+67zOtUNpDKwoVuvM5eHVJcza5SPV6v8yXDLCHLOt7RZ15h6LT2uXabfKpcww==", - "dev": true, - "dependencies": { - "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.19", - "jest-mock": "^27.0.6", - "polished": "^4.2.2", - "ts-dedent": "^2.2.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/addon-links": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-links/-/addon-links-7.6.19.tgz", - "integrity": "sha512-qMIFfcsMf4olxhYUHUV2ZJhxphh6Xpf1DMd0lxKqAibfxl/sX1m0rJkyiqWSBxbCmAy/pwdgqEOJ1lpDUsJ33w==", - "dev": true, - "dependencies": { - "@storybook/csf": "^0.1.2", - "@storybook/global": "^5.0.0", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0" - }, - "peerDependenciesMeta": { - "react": { - "optional": true - } - } - }, - "node_modules/@storybook/addon-measure": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-measure/-/addon-measure-7.6.19.tgz", - "integrity": "sha512-n+cfhVXXouBv9oQr3a77vvip5dTznaNoBDWMafP2ohauc8jBlAxeBwCjk5r3pyThMRIFCTG/ypZrhiJcSJT3bw==", - "dev": true, - "dependencies": { - "@storybook/global": "^5.0.0", - "tiny-invariant": "^1.3.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/addon-outline": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-outline/-/addon-outline-7.6.19.tgz", - "integrity": "sha512-Tt4MrfjK5j/Mdh8nJ8ccVyh78Dy7aiEPxO31YVvr5XUkge0pDi1PX328mHRDPur0i56NM8ssVbekWBZr+9MxlA==", - "dev": true, - "dependencies": { - "@storybook/global": "^5.0.0", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/addon-toolbars": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-toolbars/-/addon-toolbars-7.6.19.tgz", - "integrity": "sha512-+qGbPP2Vo/HoPiS4EJopZ127HGculCV74Hkz6ot7ob6AkYdA1yLMPzWns/ZXNIWm6ab3jV+iq+mQCM/i1qJzvA==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/addon-viewport": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/addon-viewport/-/addon-viewport-7.6.19.tgz", - "integrity": "sha512-OQQtJ2kYwImbvE9QiC3I3yR0O0EBgNjq+XSaSS4ixJrvUyesfuB7Lm7RkubhEEiP4yANi9OlbzsqZelmPOnk6w==", - "dev": true, - "dependencies": { - "memoizerific": "^1.11.3" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/blocks": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/blocks/-/blocks-7.6.19.tgz", - "integrity": "sha512-/c/bVQRmyRPoviJhPrFdLfubRcrnZWTwkjxsCvrOTJ/UDOyEl0t/H8yY1mGq7KWWTdbIznnZWhAIofHnH4/Esw==", - "dev": true, - "dependencies": { - "@storybook/channels": "7.6.19", - "@storybook/client-logger": "7.6.19", - "@storybook/components": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/csf": "^0.1.2", - "@storybook/docs-tools": "7.6.19", - "@storybook/global": "^5.0.0", - "@storybook/manager-api": "7.6.19", - "@storybook/preview-api": "7.6.19", - "@storybook/theming": "7.6.19", - "@storybook/types": "7.6.19", - "@types/lodash": "^4.14.167", - "color-convert": "^2.0.1", - "dequal": "^2.0.2", - "lodash": "^4.17.21", - "markdown-to-jsx": "^7.1.8", - "memoizerific": "^1.11.3", - "polished": "^4.2.2", - "react-colorful": "^5.1.2", - "telejson": "^7.2.0", - "tocbot": "^4.20.1", - "ts-dedent": "^2.0.0", - "util-deprecate": "^1.0.2" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0" - } - }, - "node_modules/@storybook/builder-manager": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/builder-manager/-/builder-manager-7.6.19.tgz", - "integrity": "sha512-Dt5OLh97xeWh4h2mk9uG0SbCxBKHPhIiHLHAKEIDzIZBdwUhuyncVNDPHW2NlXM+S7U0/iKs2tw05waqh2lHvg==", - "dev": true, - "dependencies": { - "@fal-works/esbuild-plugin-global-externals": "^2.1.2", - "@storybook/core-common": "7.6.19", - "@storybook/manager": "7.6.19", - "@storybook/node-logger": "7.6.19", - "@types/ejs": "^3.1.1", - "@types/find-cache-dir": "^3.2.1", - "@yarnpkg/esbuild-plugin-pnp": "^3.0.0-rc.10", - "browser-assert": "^1.2.1", - "ejs": "^3.1.8", - "esbuild": "^0.18.0", - "esbuild-plugin-alias": "^0.2.1", - "express": "^4.17.3", - "find-cache-dir": "^3.0.0", - "fs-extra": "^11.1.0", - "process": "^0.11.10", - "util": "^0.12.4" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/builder-vite": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/builder-vite/-/builder-vite-7.6.19.tgz", - "integrity": "sha512-llYpfYCHQCD0nPy+5J+H67iKcOpBrexIFO13wXxHQyl27Z+1T2JJj4cHqZs5S3a2XLiwf4df44NBvvwV5cmJmQ==", - "dev": true, - "dependencies": { - "@storybook/channels": "7.6.19", - "@storybook/client-logger": "7.6.19", - "@storybook/core-common": "7.6.19", - "@storybook/csf-plugin": "7.6.19", - "@storybook/node-logger": "7.6.19", - "@storybook/preview": "7.6.19", - "@storybook/preview-api": "7.6.19", - "@storybook/types": "7.6.19", - "@types/find-cache-dir": "^3.2.1", - "browser-assert": "^1.2.1", - "es-module-lexer": "^0.9.3", - "express": "^4.17.3", - "find-cache-dir": "^3.0.0", - "fs-extra": "^11.1.0", - "magic-string": "^0.30.0", - "rollup": "^2.25.0 || ^3.3.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "@preact/preset-vite": "*", - "typescript": ">= 4.3.x", - "vite": "^3.0.0 || ^4.0.0 || ^5.0.0", - "vite-plugin-glimmerx": "*" - }, - "peerDependenciesMeta": { - "@preact/preset-vite": { - "optional": true - }, - "typescript": { - "optional": true - }, - "vite-plugin-glimmerx": { - "optional": true - } - } - }, - "node_modules/@storybook/channels": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-7.6.19.tgz", - "integrity": "sha512-2JGh+i95GwjtjqWqhtEh15jM5ifwbRGmXeFqkY7dpdHH50EEWafYHr2mg3opK3heVDwg0rJ/VBptkmshloXuvA==", - "dev": true, - "dependencies": { - "@storybook/client-logger": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/global": "^5.0.0", - "qs": "^6.10.0", - "telejson": "^7.2.0", - "tiny-invariant": "^1.3.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/cli": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/cli/-/cli-7.6.19.tgz", - "integrity": "sha512-7OVy7nPgkLfgivv6/dmvoyU6pKl9EzWFk+g9izyQHiM/jS8jOiEyn6akG8Ebj6k5pWslo5lgiXUSW+cEEZUnqQ==", - "dev": true, - "dependencies": { - "@babel/core": "^7.23.2", - "@babel/preset-env": "^7.23.2", - "@babel/types": "^7.23.0", - "@ndelangen/get-tarball": "^3.0.7", - "@storybook/codemod": "7.6.19", - "@storybook/core-common": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/core-server": "7.6.19", - "@storybook/csf-tools": "7.6.19", - "@storybook/node-logger": "7.6.19", - "@storybook/telemetry": "7.6.19", - "@storybook/types": "7.6.19", - "@types/semver": "^7.3.4", - "@yarnpkg/fslib": "2.10.3", - "@yarnpkg/libzip": "2.3.0", - "chalk": "^4.1.0", - "commander": "^6.2.1", - "cross-spawn": "^7.0.3", - "detect-indent": "^6.1.0", - "envinfo": "^7.7.3", - "execa": "^5.0.0", - "express": "^4.17.3", - "find-up": "^5.0.0", - "fs-extra": "^11.1.0", - "get-npm-tarball-url": "^2.0.3", - "get-port": "^5.1.1", - "giget": "^1.0.0", - "globby": "^11.0.2", - "jscodeshift": "^0.15.1", - "leven": "^3.1.0", - "ora": "^5.4.1", - "prettier": "^2.8.0", - "prompts": "^2.4.0", - "puppeteer-core": "^2.1.1", - "read-pkg-up": "^7.0.1", - "semver": "^7.3.7", - "strip-json-comments": "^3.0.1", - "tempy": "^1.0.1", - "ts-dedent": "^2.0.0", - "util-deprecate": "^1.0.2" - }, - "bin": { - "getstorybook": "bin/index.js", - "sb": "bin/index.js" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/cli/node_modules/commander": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.1.tgz", - "integrity": "sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==", - "dev": true, - "engines": { - "node": ">= 6" - } - }, - "node_modules/@storybook/cli/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@storybook/client-logger": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-7.6.19.tgz", - "integrity": "sha512-oGzOxbmLmciSIfd5gsxDzPmX8DttWhoYdPKxjMuCuWLTO2TWpkCWp1FTUMWO72mm/6V/FswT/aqpJJBBvdZ3RQ==", - "dev": true, - "dependencies": { - "@storybook/global": "^5.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/codemod": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/codemod/-/codemod-7.6.19.tgz", - "integrity": "sha512-bmHE0iEEgWZ65dXCmasd+GreChjPiWkXu2FEa0cJmNz/PqY12GsXGls4ke1TkNTj4gdSZnbtJxbclPZZnib2tQ==", - "dev": true, - "dependencies": { - "@babel/core": "^7.23.2", - "@babel/preset-env": "^7.23.2", - "@babel/types": "^7.23.0", - "@storybook/csf": "^0.1.2", - "@storybook/csf-tools": "7.6.19", - "@storybook/node-logger": "7.6.19", - "@storybook/types": "7.6.19", - "@types/cross-spawn": "^6.0.2", - "cross-spawn": "^7.0.3", - "globby": "^11.0.2", - "jscodeshift": "^0.15.1", - "lodash": "^4.17.21", - "prettier": "^2.8.0", - "recast": "^0.23.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/components": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/components/-/components-7.6.19.tgz", - "integrity": "sha512-8Zw/RQ4crzKkUR7ojxvRIj8vktKiBBO8Nq93qv4JfDqDWrcR7cro0hOlZgmZmrzbFunBBt6WlsNNO6nVP7R4Xw==", - "dev": true, - "dependencies": { - "@radix-ui/react-select": "^1.2.2", - "@radix-ui/react-toolbar": "^1.0.4", - "@storybook/client-logger": "7.6.19", - "@storybook/csf": "^0.1.2", - "@storybook/global": "^5.0.0", - "@storybook/theming": "7.6.19", - "@storybook/types": "7.6.19", - "memoizerific": "^1.11.3", - "use-resize-observer": "^9.1.0", - "util-deprecate": "^1.0.2" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0" - } - }, - "node_modules/@storybook/core-client": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/core-client/-/core-client-7.6.19.tgz", - "integrity": "sha512-F0V9nzcEnj6DIpnw2ilrxsV4d9ibyyQS+Wi2uQtXy+wCQQm9PeBVqrOywjXAY2F9pcoftXOaepfhp8jrxX4MXw==", - "dev": true, - "dependencies": { - "@storybook/client-logger": "7.6.19", - "@storybook/preview-api": "7.6.19" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/core-common": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/core-common/-/core-common-7.6.19.tgz", - "integrity": "sha512-njwpGzFJrfbJr/AFxGP8KMrfPfxN85KOfSlxYnQwRm5Z0H1D/lT33LhEBf5m37gaGawHeG7KryxO6RvaioMt2Q==", - "dev": true, - "dependencies": { - "@storybook/core-events": "7.6.19", - "@storybook/node-logger": "7.6.19", - "@storybook/types": "7.6.19", - "@types/find-cache-dir": "^3.2.1", - "@types/node": "^18.0.0", - "@types/node-fetch": "^2.6.4", - "@types/pretty-hrtime": "^1.0.0", - "chalk": "^4.1.0", - "esbuild": "^0.18.0", - "esbuild-register": "^3.5.0", - "file-system-cache": "2.3.0", - "find-cache-dir": "^3.0.0", - "find-up": "^5.0.0", - "fs-extra": "^11.1.0", - "glob": "^10.0.0", - "handlebars": "^4.7.7", - "lazy-universal-dotenv": "^4.0.0", - "node-fetch": "^2.0.0", - "picomatch": "^2.3.0", - "pkg-dir": "^5.0.0", - "pretty-hrtime": "^1.0.3", - "resolve-from": "^5.0.0", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/core-common/node_modules/@types/node": { - "version": "18.19.34", - "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.34.tgz", - "integrity": "sha512-eXF4pfBNV5DAMKGbI02NnDtWrQ40hAN558/2vvS4gMpMIxaf6JmD7YjnZbq0Q9TDSSkKBamime8ewRoomHdt4g==", - "dev": true, - "dependencies": { - "undici-types": "~5.26.4" - } - }, - "node_modules/@storybook/core-events": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-7.6.19.tgz", - "integrity": "sha512-K/W6Uvum0ocZSgjbi8hiotpe+wDEHDZlvN+KlPqdh9ae9xDK8aBNBq9IelCoqM+uKO1Zj+dDfSQds7CD781DJg==", - "dev": true, - "dependencies": { - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/core-server": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/core-server/-/core-server-7.6.19.tgz", - "integrity": "sha512-7mKL73Wv5R2bEl0kJ6QJ9bOu5YY53Idu24QgvTnUdNsQazp2yUONBNwHIrNDnNEXm8SfCi4Mc9o0mmNRMIoiRA==", - "dev": true, - "dependencies": { - "@aw-web-design/x-default-browser": "1.4.126", - "@discoveryjs/json-ext": "^0.5.3", - "@storybook/builder-manager": "7.6.19", - "@storybook/channels": "7.6.19", - "@storybook/core-common": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/csf": "^0.1.2", - "@storybook/csf-tools": "7.6.19", - "@storybook/docs-mdx": "^0.1.0", - "@storybook/global": "^5.0.0", - "@storybook/manager": "7.6.19", - "@storybook/node-logger": "7.6.19", - "@storybook/preview-api": "7.6.19", - "@storybook/telemetry": "7.6.19", - "@storybook/types": "7.6.19", - "@types/detect-port": "^1.3.0", - "@types/node": "^18.0.0", - "@types/pretty-hrtime": "^1.0.0", - "@types/semver": "^7.3.4", - "better-opn": "^3.0.2", - "chalk": "^4.1.0", - "cli-table3": "^0.6.1", - "compression": "^1.7.4", - "detect-port": "^1.3.0", - "express": "^4.17.3", - "fs-extra": "^11.1.0", - "globby": "^11.0.2", - "ip": "^2.0.1", - "lodash": "^4.17.21", - "open": "^8.4.0", - "pretty-hrtime": "^1.0.3", - "prompts": "^2.4.0", - "read-pkg-up": "^7.0.1", - "semver": "^7.3.7", - "telejson": "^7.2.0", - "tiny-invariant": "^1.3.1", - "ts-dedent": "^2.0.0", - "util": "^0.12.4", - "util-deprecate": "^1.0.2", - "watchpack": "^2.2.0", - "ws": "^8.2.3" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/core-server/node_modules/@types/node": { - "version": "18.19.34", - "resolved": "https://registry.npmjs.org/@types/node/-/node-18.19.34.tgz", - "integrity": "sha512-eXF4pfBNV5DAMKGbI02NnDtWrQ40hAN558/2vvS4gMpMIxaf6JmD7YjnZbq0Q9TDSSkKBamime8ewRoomHdt4g==", - "dev": true, - "dependencies": { - "undici-types": "~5.26.4" - } - }, - "node_modules/@storybook/core-server/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@storybook/csf": { - "version": "0.1.8", - "resolved": "https://registry.npmjs.org/@storybook/csf/-/csf-0.1.8.tgz", - "integrity": "sha512-Ntab9o7LjBCbFIao5l42itFiaSh/Qu+l16l/r/9qmV9LnYZkO+JQ7tzhdlwpgJfhs+B5xeejpdAtftDRyXNajw==", - "dev": true, - "dependencies": { - "type-fest": "^2.19.0" - } - }, - "node_modules/@storybook/csf-plugin": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/csf-plugin/-/csf-plugin-7.6.19.tgz", - "integrity": "sha512-yUP0xfJyR8e6fmCgKoEt4c1EvslF8dZ8wtwVLE5hnC3kfs7xt8RVDiKLB/9NhYjY3mD/oOesX60HqRXDgJQHwA==", - "dev": true, - "dependencies": { - "@storybook/csf-tools": "7.6.19", - "unplugin": "^1.3.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/csf-tools": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/csf-tools/-/csf-tools-7.6.19.tgz", - "integrity": "sha512-8Vzia3cHhDdGHuS3XKXJReCRxmfRq3vmTm/Te9yKZnPSAsC58CCKcMh8FNEFJ44vxYF9itKTkRutjGs+DprKLQ==", - "dev": true, - "dependencies": { - "@babel/generator": "^7.23.0", - "@babel/parser": "^7.23.0", - "@babel/traverse": "^7.23.2", - "@babel/types": "^7.23.0", - "@storybook/csf": "^0.1.2", - "@storybook/types": "7.6.19", - "fs-extra": "^11.1.0", - "recast": "^0.23.1", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/docs-mdx": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/@storybook/docs-mdx/-/docs-mdx-0.1.0.tgz", - "integrity": "sha512-JDaBR9lwVY4eSH5W8EGHrhODjygPd6QImRbwjAuJNEnY0Vw4ie3bPkeGfnacB3OBW6u/agqPv2aRlR46JcAQLg==", - "dev": true - }, - "node_modules/@storybook/docs-tools": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/docs-tools/-/docs-tools-7.6.19.tgz", - "integrity": "sha512-JuwV6wtm7Hb7Kb5ValChfxy4J7XngfrSQNpvwsDCSBNVcQUv2y843hvclpa26Ptfr/c7zpUX8r9FGSaMDy+2aQ==", - "dev": true, - "dependencies": { - "@storybook/core-common": "7.6.19", - "@storybook/preview-api": "7.6.19", - "@storybook/types": "7.6.19", - "@types/doctrine": "^0.0.3", - "assert": "^2.1.0", - "doctrine": "^3.0.0", - "lodash": "^4.17.21" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/global": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/@storybook/global/-/global-5.0.0.tgz", - "integrity": "sha512-FcOqPAXACP0I3oJ/ws6/rrPT9WGhu915Cg8D02a9YxLo0DE9zI+a9A5gRGvmQ09fiWPukqI8ZAEoQEdWUKMQdQ==", - "dev": true - }, - "node_modules/@storybook/instrumenter": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/instrumenter/-/instrumenter-7.6.19.tgz", - "integrity": "sha512-chPRR8/N1fMss4gSOiEbLzDFqA+0tinnrrFeUSHhvadf+VqUcA/G72sf4b3C/jxBDdK6WPC6L+A3pFR/C1dN5A==", - "dev": true, - "dependencies": { - "@storybook/channels": "7.6.19", - "@storybook/client-logger": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/global": "^5.0.0", - "@storybook/preview-api": "7.6.19", - "@vitest/utils": "^0.34.6", - "util": "^0.12.4" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/manager": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/manager/-/manager-7.6.19.tgz", - "integrity": "sha512-fZWQcf59x4P0iiBhrL74PZrqKJAPuk9sWjP8BIkGbf8wTZtUunbY5Sv4225fOL4NLJbuX9/RYLUPoxQ3nucGHA==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/manager-api": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/manager-api/-/manager-api-7.6.19.tgz", - "integrity": "sha512-dVCx1Q+HZEA4U08XqYljiG88BeS3I3ahnPAQLZAeWQXQRkoc9G2jMgLNPKYPIqEtq7Xrn6SRlFMIofhwWrwZpg==", - "dev": true, - "dependencies": { - "@storybook/channels": "7.6.19", - "@storybook/client-logger": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/csf": "^0.1.2", - "@storybook/global": "^5.0.0", - "@storybook/router": "7.6.19", - "@storybook/theming": "7.6.19", - "@storybook/types": "7.6.19", - "dequal": "^2.0.2", - "lodash": "^4.17.21", - "memoizerific": "^1.11.3", - "store2": "^2.14.2", - "telejson": "^7.2.0", - "ts-dedent": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/mdx2-csf": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/@storybook/mdx2-csf/-/mdx2-csf-1.1.0.tgz", - "integrity": "sha512-TXJJd5RAKakWx4BtpwvSNdgTDkKM6RkXU8GK34S/LhidQ5Pjz3wcnqb0TxEkfhK/ztbP8nKHqXFwLfa2CYkvQw==", - "dev": true - }, - "node_modules/@storybook/node-logger": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/node-logger/-/node-logger-7.6.19.tgz", - "integrity": "sha512-2g29QC44Zl1jKY37DmQ0/dO7+VSKnGgPI/x0mwVwQffypSapxH3rwLLT5Q5XLHeFyD+fhRu5w9Cj4vTGynJgpA==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/postinstall": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/postinstall/-/postinstall-7.6.19.tgz", - "integrity": "sha512-s6p1vpgMfn+QGDfCK2YNdyyWKidUgb3nGicB81FANRyzYqGB//QlJlghEc2LKCIQbGIZQiwP3l8PdZQmczEJRw==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/preview": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/preview/-/preview-7.6.19.tgz", - "integrity": "sha512-VqRPua2koOQTOteB+VvuKNXFYQ7IDEopaPpj9Nx+3kom+bqp0hWdAysWcm6CtKN2GGzBQm+5PvGibMNdawsaVg==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/preview-api": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/preview-api/-/preview-api-7.6.19.tgz", - "integrity": "sha512-04hdMSQucroJT4dBjQzRd7ZwH2hij8yx2nm5qd4HYGkd1ORkvlH6GOLph4XewNJl5Um3xfzFQzBhvkqvG0WaCQ==", - "dev": true, - "dependencies": { - "@storybook/channels": "7.6.19", - "@storybook/client-logger": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/csf": "^0.1.2", - "@storybook/global": "^5.0.0", - "@storybook/types": "7.6.19", - "@types/qs": "^6.9.5", - "dequal": "^2.0.2", - "lodash": "^4.17.21", - "memoizerific": "^1.11.3", - "qs": "^6.10.0", - "synchronous-promise": "^2.0.15", - "ts-dedent": "^2.0.0", - "util-deprecate": "^1.0.2" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/react-dom-shim": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/react-dom-shim/-/react-dom-shim-7.6.19.tgz", - "integrity": "sha512-tpt2AC1428d1gF4fetMkpkeFZ1WdDr1CLKoLbSInWQZ7i96nbnIMIA9raR/W8ai1bo55KSz9Bq5ytC/1Pac2qQ==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0" - } - }, - "node_modules/@storybook/router": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/router/-/router-7.6.19.tgz", - "integrity": "sha512-q2/AvY8rG0znFEfbg50OIhkS5yQ6OmyzdCdztoEsDDdsbq87YPmsDj7k8Op1EkTa2T5CB8XhBOCQDtcj7gUUtg==", - "dev": true, - "dependencies": { - "@storybook/client-logger": "7.6.19", - "memoizerific": "^1.11.3", - "qs": "^6.10.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/svelte": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/svelte/-/svelte-7.6.19.tgz", - "integrity": "sha512-Rg9NnvKT72KyVmxBiaX6Ug4u4FkLcqphqEt4ZbasR0ohOjX9iY6C9uDvyfnJazpukGpEakCBCMpsXAFW4Z/qLQ==", - "dev": true, - "dependencies": { - "@storybook/client-logger": "7.6.19", - "@storybook/core-client": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/docs-tools": "7.6.19", - "@storybook/global": "^5.0.0", - "@storybook/preview-api": "7.6.19", - "@storybook/types": "7.6.19", - "sveltedoc-parser": "^4.2.1", - "ts-dedent": "^2.0.0", - "type-fest": "~2.19" - }, - "engines": { - "node": ">=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "svelte": "^3.1.0 || ^4.0.0" - } - }, - "node_modules/@storybook/svelte-vite": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/svelte-vite/-/svelte-vite-7.6.19.tgz", - "integrity": "sha512-+7eHb7pAnO2tW049N+Ku/onf0QkXQ1EXD7OndTBNMboygGEVs1NyY56HzsgCaIGkv73IrxX0lBaQU2IAf58LFg==", - "dev": true, - "dependencies": { - "@storybook/builder-vite": "7.6.19", - "@storybook/node-logger": "7.6.19", - "@storybook/svelte": "7.6.19", - "@sveltejs/vite-plugin-svelte": "^2.4.2", - "magic-string": "^0.30.0", - "svelte-preprocess": "^5.0.4", - "sveltedoc-parser": "^4.2.1", - "ts-dedent": "^2.2.0" - }, - "engines": { - "node": "^14.18 || >=16" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "svelte": "^3.0.0 || ^4.0.0", - "vite": "^3.0.0 || ^4.0.0 || ^5.0.0" - } - }, - "node_modules/@storybook/svelte-vite/node_modules/@sveltejs/vite-plugin-svelte": { - "version": "2.5.3", - "resolved": "https://registry.npmjs.org/@sveltejs/vite-plugin-svelte/-/vite-plugin-svelte-2.5.3.tgz", - "integrity": "sha512-erhNtXxE5/6xGZz/M9eXsmI7Pxa6MS7jyTy06zN3Ck++ldrppOnOlJwHHTsMC7DHDQdgUp4NAc4cDNQ9eGdB/w==", - "dev": true, - "dependencies": { - "@sveltejs/vite-plugin-svelte-inspector": "^1.0.4", - "debug": "^4.3.4", - "deepmerge": "^4.3.1", - "kleur": "^4.1.5", - "magic-string": "^0.30.3", - "svelte-hmr": "^0.15.3", - "vitefu": "^0.2.4" - }, - "engines": { - "node": "^14.18.0 || >= 16" - }, - "peerDependencies": { - "svelte": "^3.54.0 || ^4.0.0 || ^5.0.0-next.0", - "vite": "^4.0.0" - } - }, - "node_modules/@storybook/svelte-vite/node_modules/@sveltejs/vite-plugin-svelte/node_modules/@sveltejs/vite-plugin-svelte-inspector": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/@sveltejs/vite-plugin-svelte-inspector/-/vite-plugin-svelte-inspector-1.0.4.tgz", - "integrity": "sha512-zjiuZ3yydBtwpF3bj0kQNV0YXe+iKE545QGZVTaylW3eAzFr+pJ/cwK8lZEaRp4JtaJXhD5DyWAV4AxLh6DgaQ==", - "dev": true, - "dependencies": { - "debug": "^4.3.4" - }, - "engines": { - "node": "^14.18.0 || >= 16" - }, - "peerDependencies": { - "@sveltejs/vite-plugin-svelte": "^2.2.0", - "svelte": "^3.54.0 || ^4.0.0", - "vite": "^4.0.0" - } - }, - "node_modules/@storybook/svelte-vite/node_modules/svelte-hmr": { - "version": "0.15.3", - "resolved": "https://registry.npmjs.org/svelte-hmr/-/svelte-hmr-0.15.3.tgz", - "integrity": "sha512-41snaPswvSf8TJUhlkoJBekRrABDXDMdpNpT2tfHIv4JuhgvHqLMhEPGtaQn0BmbNSTkuz2Ed20DF2eHw0SmBQ==", - "dev": true, - "engines": { - "node": "^12.20 || ^14.13.1 || >= 16" - }, - "peerDependencies": { - "svelte": "^3.19.0 || ^4.0.0" - } - }, - "node_modules/@storybook/sveltekit": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/sveltekit/-/sveltekit-7.6.19.tgz", - "integrity": "sha512-C2SkbeH3WZBYopFEroSrR9h/py1QQvbjjaL7ieWmSqPikmtMurKWdfSCXBxUVsi4AUYzWogl2yP6Kej2jQ0chA==", - "dev": true, - "dependencies": { - "@storybook/addon-actions": "7.6.19", - "@storybook/builder-vite": "7.6.19", - "@storybook/svelte": "7.6.19", - "@storybook/svelte-vite": "7.6.19" - }, - "engines": { - "node": "^14.18 || >=16" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "svelte": "^3.0.0 || ^4.0.0", - "vite": "^4.0.0 || ^5.0.0" - } - }, - "node_modules/@storybook/telemetry": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/telemetry/-/telemetry-7.6.19.tgz", - "integrity": "sha512-rA5xum4I36M57iiD3uzmW0MOdpl0vEpHWBSAa5hK0a0ALPeY9TgAsQlI/0dSyNYJ/K7aczEEN6d4qm1NC4u10A==", - "dev": true, - "dependencies": { - "@storybook/client-logger": "7.6.19", - "@storybook/core-common": "7.6.19", - "@storybook/csf-tools": "7.6.19", - "chalk": "^4.1.0", - "detect-package-manager": "^2.0.1", - "fetch-retry": "^5.0.2", - "fs-extra": "^11.1.0", - "read-pkg-up": "^7.0.1" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/test": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/test/-/test-7.6.19.tgz", - "integrity": "sha512-pEMyrPsV6zfcoH8z/sXlmJYBMBocZU6MZhM//dVGf4OiaOSwCLGDXNImZYNDUOpq4//kxC51yTytkdDgm1QFMg==", - "dev": true, - "dependencies": { - "@storybook/client-logger": "7.6.19", - "@storybook/core-events": "7.6.19", - "@storybook/instrumenter": "7.6.19", - "@storybook/preview-api": "7.6.19", - "@testing-library/dom": "^9.3.1", - "@testing-library/jest-dom": "^6.1.3", - "@testing-library/user-event": "14.3.0", - "@types/chai": "^4", - "@vitest/expect": "^0.34.2", - "@vitest/spy": "^0.34.1", - "chai": "^4.3.7", - "util": "^0.12.4" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@storybook/theming": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-7.6.19.tgz", - "integrity": "sha512-sAho13MmtA80ctOaLn8lpkQBsPyiqSdLcOPH5BWFhatQzzBQCpTAKQk+q/xGju8bNiPZ+yQBaBzbN8SfX8ceCg==", - "dev": true, - "dependencies": { - "@emotion/use-insertion-effect-with-fallbacks": "^1.0.0", - "@storybook/client-logger": "7.6.19", - "@storybook/global": "^5.0.0", - "memoizerific": "^1.11.3" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - }, - "peerDependencies": { - "react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0" - } - }, - "node_modules/@storybook/types": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/@storybook/types/-/types-7.6.19.tgz", - "integrity": "sha512-DeGYrRPRMGTVfT7o2rEZtRzyLT2yKTI2exgpnxbwPWEFAduZCSfzBrcBXZ/nb5B0pjA9tUNWls1YzGkJGlkhpg==", - "dev": true, - "dependencies": { - "@storybook/channels": "7.6.19", - "@types/babel__core": "^7.0.0", - "@types/express": "^4.7.0", - "file-system-cache": "2.3.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/@sveltejs/adapter-auto": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/@sveltejs/adapter-auto/-/adapter-auto-3.2.1.tgz", - "integrity": "sha512-/3xx8ZFCD5UBc/7AbyXkFF3HNCzWAp2xncH8HA4doGjoGQEN7PmwiRx4Y9nOzi4mqDqYYUic0gaIAE2khWWU4Q==", - "dev": true, - "dependencies": { - "import-meta-resolve": "^4.1.0" - }, - "peerDependencies": { - "@sveltejs/kit": "^2.0.0" - } - }, - "node_modules/@sveltejs/adapter-node": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/@sveltejs/adapter-node/-/adapter-node-4.0.1.tgz", - "integrity": "sha512-IviiTtKCDp+0QoTmmMlGGZBA1EoUNsjecU6XGV9k62S3f01SNsVhpqi2e4nbI62BLGKh/YKKfFii+Vz/b9XIxg==", - "dev": true, - "dependencies": { - "@rollup/plugin-commonjs": "^25.0.7", - "@rollup/plugin-json": "^6.1.0", - "@rollup/plugin-node-resolve": "^15.2.3", - "rollup": "^4.9.5" - }, - "peerDependencies": { - "@sveltejs/kit": "^2.4.0" - } - }, - "node_modules/@sveltejs/adapter-node/node_modules/rollup": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.18.0.tgz", - "integrity": "sha512-QmJz14PX3rzbJCN1SG4Xe/bAAX2a6NpCP8ab2vfu2GiUr8AQcr2nCV/oEO3yneFarB67zk8ShlIyWb2LGTb3Sg==", - "dev": true, - "dependencies": { - "@types/estree": "1.0.5" - }, - "bin": { - "rollup": "dist/bin/rollup" - }, - "engines": { - "node": ">=18.0.0", - "npm": ">=8.0.0" - }, - "optionalDependencies": { - "@rollup/rollup-android-arm-eabi": "4.18.0", - "@rollup/rollup-android-arm64": "4.18.0", - "@rollup/rollup-darwin-arm64": "4.18.0", - "@rollup/rollup-darwin-x64": "4.18.0", - "@rollup/rollup-linux-arm-gnueabihf": "4.18.0", - "@rollup/rollup-linux-arm-musleabihf": "4.18.0", - "@rollup/rollup-linux-arm64-gnu": "4.18.0", - "@rollup/rollup-linux-arm64-musl": "4.18.0", - "@rollup/rollup-linux-powerpc64le-gnu": "4.18.0", - "@rollup/rollup-linux-riscv64-gnu": "4.18.0", - "@rollup/rollup-linux-s390x-gnu": "4.18.0", - "@rollup/rollup-linux-x64-gnu": "4.18.0", - "@rollup/rollup-linux-x64-musl": "4.18.0", - "@rollup/rollup-win32-arm64-msvc": "4.18.0", - "@rollup/rollup-win32-ia32-msvc": "4.18.0", - "@rollup/rollup-win32-x64-msvc": "4.18.0", - "fsevents": "~2.3.2" - } - }, - "node_modules/@sveltejs/kit": { - "version": "2.5.10", - "resolved": "https://registry.npmjs.org/@sveltejs/kit/-/kit-2.5.10.tgz", - "integrity": "sha512-OqoyTmFG2cYmCFAdBfW+Qxbg8m23H4dv6KqwEt7ofr/ROcfcIl3Z/VT56L22H9f0uNZyr+9Bs1eh2gedOCK9kA==", - "dev": true, - "hasInstallScript": true, - "dependencies": { - "@types/cookie": "^0.6.0", - "cookie": "^0.6.0", - "devalue": "^5.0.0", - "esm-env": "^1.0.0", - "import-meta-resolve": "^4.1.0", - "kleur": "^4.1.5", - "magic-string": "^0.30.5", - "mrmime": "^2.0.0", - "sade": "^1.8.1", - "set-cookie-parser": "^2.6.0", - "sirv": "^2.0.4", - "tiny-glob": "^0.2.9" - }, - "bin": { - "svelte-kit": "svelte-kit.js" - }, - "engines": { - "node": ">=18.13" - }, - "peerDependencies": { - "@sveltejs/vite-plugin-svelte": "^3.0.0", - "svelte": "^4.0.0 || ^5.0.0-next.0", - "vite": "^5.0.3" - } - }, - "node_modules/@sveltejs/vite-plugin-svelte": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/@sveltejs/vite-plugin-svelte/-/vite-plugin-svelte-3.1.1.tgz", - "integrity": "sha512-rimpFEAboBBHIlzISibg94iP09k/KYdHgVhJlcsTfn7KMBhc70jFX/GRWkRdFCc2fdnk+4+Bdfej23cMDnJS6A==", - "dev": true, - "dependencies": { - "@sveltejs/vite-plugin-svelte-inspector": "^2.1.0", - "debug": "^4.3.4", - "deepmerge": "^4.3.1", - "kleur": "^4.1.5", - "magic-string": "^0.30.10", - "svelte-hmr": "^0.16.0", - "vitefu": "^0.2.5" - }, - "engines": { - "node": "^18.0.0 || >=20" - }, - "peerDependencies": { - "svelte": "^4.0.0 || ^5.0.0-next.0", - "vite": "^5.0.0" - } - }, - "node_modules/@sveltejs/vite-plugin-svelte-inspector": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/@sveltejs/vite-plugin-svelte-inspector/-/vite-plugin-svelte-inspector-2.1.0.tgz", - "integrity": "sha512-9QX28IymvBlSCqsCll5t0kQVxipsfhFFL+L2t3nTWfXnddYwxBuAEtTtlaVQpRz9c37BhJjltSeY4AJSC03SSg==", - "dev": true, - "dependencies": { - "debug": "^4.3.4" - }, - "engines": { - "node": "^18.0.0 || >=20" - }, - "peerDependencies": { - "@sveltejs/vite-plugin-svelte": "^3.0.0", - "svelte": "^4.0.0 || ^5.0.0-next.0", - "vite": "^5.0.0" - } - }, - "node_modules/@tailwindcss/forms": { - "version": "0.5.7", - "resolved": "https://registry.npmjs.org/@tailwindcss/forms/-/forms-0.5.7.tgz", - "integrity": "sha512-QE7X69iQI+ZXwldE+rzasvbJiyV/ju1FGHH0Qn2W3FKbuYtqp8LKcy6iSw79fVUT5/Vvf+0XgLCeYVG+UV6hOw==", - "dev": true, - "dependencies": { - "mini-svg-data-uri": "^1.2.3" - }, - "peerDependencies": { - "tailwindcss": ">=3.0.0 || >= 3.0.0-alpha.1" - } - }, - "node_modules/@tailwindcss/typography": { - "version": "0.5.13", - "resolved": "https://registry.npmjs.org/@tailwindcss/typography/-/typography-0.5.13.tgz", - "integrity": "sha512-ADGcJ8dX21dVVHIwTRgzrcunY6YY9uSlAHHGVKvkA+vLc5qLwEszvKts40lx7z0qc4clpjclwLeK5rVCV2P/uw==", - "dev": true, - "dependencies": { - "lodash.castarray": "^4.4.0", - "lodash.isplainobject": "^4.0.6", - "lodash.merge": "^4.6.2", - "postcss-selector-parser": "6.0.10" - }, - "peerDependencies": { - "tailwindcss": ">=3.0.0 || insiders" - } - }, - "node_modules/@testing-library/dom": { - "version": "9.3.4", - "resolved": "https://registry.npmjs.org/@testing-library/dom/-/dom-9.3.4.tgz", - "integrity": "sha512-FlS4ZWlp97iiNWig0Muq8p+3rVDjRiYE+YKGbAqXOu9nwJFFOdL00kFpz42M+4huzYi86vAK1sOOfyOG45muIQ==", - "dev": true, - "dependencies": { - "@babel/code-frame": "^7.10.4", - "@babel/runtime": "^7.12.5", - "@types/aria-query": "^5.0.1", - "aria-query": "5.1.3", - "chalk": "^4.1.0", - "dom-accessibility-api": "^0.5.9", - "lz-string": "^1.5.0", - "pretty-format": "^27.0.2" - }, - "engines": { - "node": ">=14" - } - }, - "node_modules/@testing-library/jest-dom": { - "version": "6.4.5", - "resolved": "https://registry.npmjs.org/@testing-library/jest-dom/-/jest-dom-6.4.5.tgz", - "integrity": "sha512-AguB9yvTXmCnySBP1lWjfNNUwpbElsaQ567lt2VdGqAdHtpieLgjmcVyv1q7PMIvLbgpDdkWV5Ydv3FEejyp2A==", - "dev": true, - "dependencies": { - "@adobe/css-tools": "^4.3.2", - "@babel/runtime": "^7.9.2", - "aria-query": "^5.0.0", - "chalk": "^3.0.0", - "css.escape": "^1.5.1", - "dom-accessibility-api": "^0.6.3", - "lodash": "^4.17.21", - "redent": "^3.0.0" - }, - "engines": { - "node": ">=14", - "npm": ">=6", - "yarn": ">=1" - }, - "peerDependencies": { - "@jest/globals": ">= 28", - "@types/bun": "latest", - "@types/jest": ">= 28", - "jest": ">= 28", - "vitest": ">= 0.32" - }, - "peerDependenciesMeta": { - "@jest/globals": { - "optional": true - }, - "@types/bun": { - "optional": true - }, - "@types/jest": { - "optional": true - }, - "jest": { - "optional": true - }, - "vitest": { - "optional": true - } - } - }, - "node_modules/@testing-library/jest-dom/node_modules/chalk": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz", - "integrity": "sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==", - "dev": true, - "dependencies": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/@testing-library/jest-dom/node_modules/dom-accessibility-api": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.6.3.tgz", - "integrity": "sha512-7ZgogeTnjuHbo+ct10G9Ffp0mif17idi0IyWNVA/wcwcm7NPOD/WEHVP3n7n3MhXqxoIYm8d6MuZohYWIZ4T3w==", - "dev": true - }, - "node_modules/@testing-library/svelte": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/@testing-library/svelte/-/svelte-4.2.3.tgz", - "integrity": "sha512-8vM2+JSPc6wZWkO9ICPmHvzacjy8jBw+iVjmNs+0VsPV3AO3v4P8qCLWTaQ9nYW/e+IR1BCy3MM3Uqg21dlBkw==", - "dev": true, - "dependencies": { - "@testing-library/dom": "^9.3.1" - }, - "engines": { - "node": ">= 10" - }, - "peerDependencies": { - "svelte": "^3 || ^4 || ^5" - } - }, - "node_modules/@testing-library/user-event": { - "version": "14.3.0", - "resolved": "https://registry.npmjs.org/@testing-library/user-event/-/user-event-14.3.0.tgz", - "integrity": "sha512-P02xtBBa8yMaLhK8CzJCIns8rqwnF6FxhR9zs810flHOBXUYCFjLd8Io1rQrAkQRWEmW2PGdZIEdMxf/KLsqFA==", - "dev": true, - "engines": { - "node": ">=12", - "npm": ">=6" - }, - "peerDependencies": { - "@testing-library/dom": ">=7.21.4" - } - }, - "node_modules/@tootallnate/once": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@tootallnate/once/-/once-2.0.0.tgz", - "integrity": "sha512-XCuKFP5PS55gnMVu3dty8KPatLqUoy/ZYzDzAGCQ8JNFCkLXzmI7vNHCR+XpbZaMWQK/vQubr7PkYq8g470J/A==", - "dev": true, - "engines": { - "node": ">= 10" - } - }, - "node_modules/@types/aria-query": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/@types/aria-query/-/aria-query-5.0.4.tgz", - "integrity": "sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==", - "dev": true - }, - "node_modules/@types/aws-lambda": { - "version": "8.10.138", - "resolved": "https://registry.npmjs.org/@types/aws-lambda/-/aws-lambda-8.10.138.tgz", - "integrity": "sha512-71EHMl70TPWIAsFuHd85NHq6S6T2OOjiisPTrH7RgcjzpJpPh4RQJv7PvVvIxc6PIp8CLV7F9B+TdjcAES5vcA==" - }, - "node_modules/@types/babel__core": { - "version": "7.20.5", - "resolved": "https://registry.npmjs.org/@types/babel__core/-/babel__core-7.20.5.tgz", - "integrity": "sha512-qoQprZvz5wQFJwMDqeseRXWv3rqMvhgpbXFfVyWhbx9X47POIA6i/+dXefEmZKoAgOaTdaIgNSMqMIU61yRyzA==", - "dev": true, - "dependencies": { - "@babel/parser": "^7.20.7", - "@babel/types": "^7.20.7", - "@types/babel__generator": "*", - "@types/babel__template": "*", - "@types/babel__traverse": "*" - } - }, - "node_modules/@types/babel__generator": { - "version": "7.6.8", - "resolved": "https://registry.npmjs.org/@types/babel__generator/-/babel__generator-7.6.8.tgz", - "integrity": "sha512-ASsj+tpEDsEiFr1arWrlN6V3mdfjRMZt6LtK/Vp/kreFLnr5QH5+DhvD5nINYZXzwJvXeGq+05iUXcAzVrqWtw==", - "dev": true, - "dependencies": { - "@babel/types": "^7.0.0" - } - }, - "node_modules/@types/babel__template": { - "version": "7.4.4", - "resolved": "https://registry.npmjs.org/@types/babel__template/-/babel__template-7.4.4.tgz", - "integrity": "sha512-h/NUaSyG5EyxBIp8YRxo4RMe2/qQgvyowRwVMzhYhBCONbW8PUsg4lkFMrhgZhUe5z3L3MiLDuvyJ/CaPa2A8A==", - "dev": true, - "dependencies": { - "@babel/parser": "^7.1.0", - "@babel/types": "^7.0.0" - } - }, - "node_modules/@types/babel__traverse": { - "version": "7.20.6", - "resolved": "https://registry.npmjs.org/@types/babel__traverse/-/babel__traverse-7.20.6.tgz", - "integrity": "sha512-r1bzfrm0tomOI8g1SzvCaQHo6Lcv6zu0EA+W2kHrt8dyrHQxGzBBL4kdkzIS+jBMV+EYcMAEAqXqYaLJq5rOZg==", - "dev": true, - "dependencies": { - "@babel/types": "^7.20.7" - } - }, - "node_modules/@types/body-parser": { - "version": "1.19.5", - "resolved": "https://registry.npmjs.org/@types/body-parser/-/body-parser-1.19.5.tgz", - "integrity": "sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==", - "dev": true, - "dependencies": { - "@types/connect": "*", - "@types/node": "*" - } - }, - "node_modules/@types/btoa-lite": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/@types/btoa-lite/-/btoa-lite-1.0.2.tgz", - "integrity": "sha512-ZYbcE2x7yrvNFJiU7xJGrpF/ihpkM7zKgw8bha3LNJSesvTtUNxbpzaT7WXBIryf6jovisrxTBvymxMeLLj1Mg==" - }, - "node_modules/@types/chai": { - "version": "4.3.16", - "resolved": "https://registry.npmjs.org/@types/chai/-/chai-4.3.16.tgz", - "integrity": "sha512-PatH4iOdyh3MyWtmHVFXLWCCIhUbopaltqddG9BzB+gMIzee2MJrvd+jouii9Z3wzQJruGWAm7WOMjgfG8hQlQ==", - "dev": true - }, - "node_modules/@types/connect": { - "version": "3.4.38", - "resolved": "https://registry.npmjs.org/@types/connect/-/connect-3.4.38.tgz", - "integrity": "sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==", - "dev": true, - "dependencies": { - "@types/node": "*" - } - }, - "node_modules/@types/cookie": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/@types/cookie/-/cookie-0.6.0.tgz", - "integrity": "sha512-4Kh9a6B2bQciAhf7FSuMRRkUWecJgJu9nPnx3yzpsfXX/c50REIqpHY4C82bXP90qrLtXtkDxTZosYO3UpOwlA==", - "dev": true - }, - "node_modules/@types/cross-spawn": { - "version": "6.0.6", - "resolved": "https://registry.npmjs.org/@types/cross-spawn/-/cross-spawn-6.0.6.tgz", - "integrity": "sha512-fXRhhUkG4H3TQk5dBhQ7m/JDdSNHKwR2BBia62lhwEIq9xGiQKLxd6LymNhn47SjXhsUEPmxi+PKw2OkW4LLjA==", - "dev": true, - "dependencies": { - "@types/node": "*" - } - }, - "node_modules/@types/detect-port": { - "version": "1.3.5", - "resolved": "https://registry.npmjs.org/@types/detect-port/-/detect-port-1.3.5.tgz", - "integrity": "sha512-Rf3/lB9WkDfIL9eEKaSYKc+1L/rNVYBjThk22JTqQw0YozXarX8YljFAz+HCoC6h4B4KwCMsBPZHaFezwT4BNA==", - "dev": true - }, - "node_modules/@types/doctrine": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/@types/doctrine/-/doctrine-0.0.3.tgz", - "integrity": "sha512-w5jZ0ee+HaPOaX25X2/2oGR/7rgAQSYII7X7pp0m9KgBfMP7uKfMfTvcpl5Dj+eDBbpxKGiqE+flqDr6XTd2RA==", - "dev": true - }, - "node_modules/@types/ejs": { - "version": "3.1.5", - "resolved": "https://registry.npmjs.org/@types/ejs/-/ejs-3.1.5.tgz", - "integrity": "sha512-nv+GSx77ZtXiJzwKdsASqi+YQ5Z7vwHsTP0JY2SiQgjGckkBRKZnk8nIM+7oUZ1VCtuTz0+By4qVR7fqzp/Dfg==", - "dev": true - }, - "node_modules/@types/emscripten": { - "version": "1.39.13", - "resolved": "https://registry.npmjs.org/@types/emscripten/-/emscripten-1.39.13.tgz", - "integrity": "sha512-cFq+fO/isvhvmuP/+Sl4K4jtU6E23DoivtbO4r50e3odaxAiVdbfSYRDdJ4gCdxx+3aRjhphS5ZMwIH4hFy/Cw==", - "dev": true - }, - "node_modules/@types/estree": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.5.tgz", - "integrity": "sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==" - }, - "node_modules/@types/express": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.21.tgz", - "integrity": "sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==", - "dev": true, - "dependencies": { - "@types/body-parser": "*", - "@types/express-serve-static-core": "^4.17.33", - "@types/qs": "*", - "@types/serve-static": "*" - } - }, - "node_modules/@types/express-serve-static-core": { - "version": "4.19.3", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.19.3.tgz", - "integrity": "sha512-KOzM7MhcBFlmnlr/fzISFF5vGWVSvN6fTd4T+ExOt08bA/dA5kpSzY52nMsI1KDFmUREpJelPYyuslLRSjjgCg==", - "dev": true, - "dependencies": { - "@types/node": "*", - "@types/qs": "*", - "@types/range-parser": "*", - "@types/send": "*" - } - }, - "node_modules/@types/find-cache-dir": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/@types/find-cache-dir/-/find-cache-dir-3.2.1.tgz", - "integrity": "sha512-frsJrz2t/CeGifcu/6uRo4b+SzAwT4NYCVPu1GN8IB9XTzrpPkGuV0tmh9mN+/L0PklAlsC3u5Fxt0ju00LXIw==", - "dev": true - }, - "node_modules/@types/graceful-fs": { - "version": "4.1.9", - "resolved": "https://registry.npmjs.org/@types/graceful-fs/-/graceful-fs-4.1.9.tgz", - "integrity": "sha512-olP3sd1qOEe5dXTSaFvQG+02VdRXcdytWLAZsAq1PecU8uqQAhkrnbli7DagjtXKW/Bl7YJbUsa8MPcuc8LHEQ==", - "dev": true, - "dependencies": { - "@types/node": "*" - } - }, - "node_modules/@types/http-errors": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-2.0.4.tgz", - "integrity": "sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==", - "dev": true - }, - "node_modules/@types/istanbul-lib-coverage": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/@types/istanbul-lib-coverage/-/istanbul-lib-coverage-2.0.6.tgz", - "integrity": "sha512-2QF/t/auWm0lsy8XtKVPG19v3sSOQlJe/YHZgfjb/KBBHOGSV+J2q/S671rcq9uTBrLAXmZpqJiaQbMT+zNU1w==", - "dev": true - }, - "node_modules/@types/istanbul-lib-report": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/@types/istanbul-lib-report/-/istanbul-lib-report-3.0.3.tgz", - "integrity": "sha512-NQn7AHQnk/RSLOxrBbGyJM/aVQ+pjj5HCgasFxc0K/KhoATfQ/47AyUl15I2yBUpihjmas+a+VJBOqecrFH+uA==", - "dev": true, - "dependencies": { - "@types/istanbul-lib-coverage": "*" - } - }, - "node_modules/@types/istanbul-reports": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/@types/istanbul-reports/-/istanbul-reports-3.0.4.tgz", - "integrity": "sha512-pk2B1NWalF9toCRu6gjBzR69syFjP4Od8WRAX+0mmf9lAjCRicLOWc+ZrxZHx/0XRjotgkF9t6iaMJ+aXcOdZQ==", - "dev": true, - "dependencies": { - "@types/istanbul-lib-report": "*" - } - }, - "node_modules/@types/json-schema": { - "version": "7.0.15", - "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.15.tgz", - "integrity": "sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==", - "dev": true - }, - "node_modules/@types/jsonwebtoken": { - "version": "9.0.6", - "resolved": "https://registry.npmjs.org/@types/jsonwebtoken/-/jsonwebtoken-9.0.6.tgz", - "integrity": "sha512-/5hndP5dCjloafCXns6SZyESp3Ldq7YjH3zwzwczYnjxIT0Fqzk5ROSYVGfFyczIue7IUEj8hkvLbPoLQ18vQw==", - "dependencies": { - "@types/node": "*" - } - }, - "node_modules/@types/lodash": { - "version": "4.17.4", - "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.17.4.tgz", - "integrity": "sha512-wYCP26ZLxaT3R39kiN2+HcJ4kTd3U1waI/cY7ivWYqFP6pW3ZNpvi6Wd6PHZx7T/t8z0vlkXMg3QYLa7DZ/IJQ==", - "dev": true - }, - "node_modules/@types/mdx": { - "version": "2.0.13", - "resolved": "https://registry.npmjs.org/@types/mdx/-/mdx-2.0.13.tgz", - "integrity": "sha512-+OWZQfAYyio6YkJb3HLxDrvnx6SWWDbC0zVPfBRzUk0/nqoDyf6dNxQi3eArPe8rJ473nobTMQ/8Zk+LxJ+Yuw==", - "dev": true - }, - "node_modules/@types/mime": { - "version": "1.3.5", - "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz", - "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==", - "dev": true - }, - "node_modules/@types/mime-types": { - "version": "2.1.4", - "resolved": "https://registry.npmjs.org/@types/mime-types/-/mime-types-2.1.4.tgz", - "integrity": "sha512-lfU4b34HOri+kAY5UheuFMWPDOI+OPceBSHZKp69gEyTL/mmJ4cnU6Y/rlme3UL3GyOn6Y42hyIEw0/q8sWx5w==", - "dev": true - }, - "node_modules/@types/node": { - "version": "20.14.2", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.2.tgz", - "integrity": "sha512-xyu6WAMVwv6AKFLB+e/7ySZVr/0zLCzOa7rSpq6jNwpqOrUbcACDWC+53d4n2QHOnDou0fbIsg8wZu/sxrnI4Q==", - "dependencies": { - "undici-types": "~5.26.4" - } - }, - "node_modules/@types/node-fetch": { - "version": "2.6.11", - "resolved": "https://registry.npmjs.org/@types/node-fetch/-/node-fetch-2.6.11.tgz", - "integrity": "sha512-24xFj9R5+rfQJLRyM56qh+wnVSYhyXC2tkoBndtY0U+vubqNsYXGjufB2nn8Q6gt0LrARwL6UBtMCSVCwl4B1g==", - "dev": true, - "dependencies": { - "@types/node": "*", - "form-data": "^4.0.0" - } - }, - "node_modules/@types/normalize-package-data": { - "version": "2.4.4", - "resolved": "https://registry.npmjs.org/@types/normalize-package-data/-/normalize-package-data-2.4.4.tgz", - "integrity": "sha512-37i+OaWTh9qeK4LSHPsyRC7NahnGotNuZvjLSgcPzblpHB3rrCJxAOgI5gCdKm7coonsaX1Of0ILiTcnZjbfxA==", - "dev": true - }, - "node_modules/@types/pretty-hrtime": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@types/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz", - "integrity": "sha512-nj39q0wAIdhwn7DGUyT9irmsKK1tV0bd5WFEhgpqNTMFZ8cE+jieuTphCW0tfdm47S2zVT5mr09B28b1chmQMA==", - "dev": true - }, - "node_modules/@types/prop-types": { - "version": "15.7.12", - "resolved": "https://registry.npmjs.org/@types/prop-types/-/prop-types-15.7.12.tgz", - "integrity": "sha512-5zvhXYtRNRluoE/jAp4GVsSduVUzNWKkOZrCDBWYtE7biZywwdC2AcEzg+cSMLFRfVgeAFqpfNabiPjxFddV1Q==", - "dev": true - }, - "node_modules/@types/pug": { - "version": "2.0.10", - "resolved": "https://registry.npmjs.org/@types/pug/-/pug-2.0.10.tgz", - "integrity": "sha512-Sk/uYFOBAB7mb74XcpizmH0KOR2Pv3D2Hmrh1Dmy5BmK3MpdSa5kqZcg6EKBdklU0bFXX9gCfzvpnyUehrPIuA==", - "dev": true - }, - "node_modules/@types/qs": { - "version": "6.9.15", - "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.15.tgz", - "integrity": "sha512-uXHQKES6DQKKCLh441Xv/dwxOq1TVS3JPUMlEqoEglvlhR6Mxnlew/Xq/LRVHpLyk7iK3zODe1qYHIMltO7XGg==", - "dev": true - }, - "node_modules/@types/range-parser": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/@types/range-parser/-/range-parser-1.2.7.tgz", - "integrity": "sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==", - "dev": true - }, - "node_modules/@types/react": { - "version": "18.3.3", - "resolved": "https://registry.npmjs.org/@types/react/-/react-18.3.3.tgz", - "integrity": "sha512-hti/R0pS0q1/xx+TsI73XIqk26eBsISZ2R0wUijXIngRK9R/e7Xw/cXVxQK7R5JjW+SV4zGcn5hXjudkN/pLIw==", - "dev": true, - "dependencies": { - "@types/prop-types": "*", - "csstype": "^3.0.2" - } - }, - "node_modules/@types/resolve": { - "version": "1.20.2", - "resolved": "https://registry.npmjs.org/@types/resolve/-/resolve-1.20.2.tgz", - "integrity": "sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==", - "dev": true - }, - "node_modules/@types/semver": { - "version": "7.5.8", - "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.8.tgz", - "integrity": "sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==", - "dev": true - }, - "node_modules/@types/send": { - "version": "0.17.4", - "resolved": "https://registry.npmjs.org/@types/send/-/send-0.17.4.tgz", - "integrity": "sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==", - "dev": true, - "dependencies": { - "@types/mime": "^1", - "@types/node": "*" - } - }, - "node_modules/@types/serve-static": { - "version": "1.15.7", - "resolved": "https://registry.npmjs.org/@types/serve-static/-/serve-static-1.15.7.tgz", - "integrity": "sha512-W8Ym+h8nhuRwaKPaDw34QUkwsGi6Rc4yYqvKFo5rm2FUEhCFbzVWrxXUxuKK8TASjWsysJY0nsmNCGhCOIsrOw==", - "dev": true, - "dependencies": { - "@types/http-errors": "*", - "@types/node": "*", - "@types/send": "*" - } - }, - "node_modules/@types/unist": { - "version": "2.0.10", - "resolved": "https://registry.npmjs.org/@types/unist/-/unist-2.0.10.tgz", - "integrity": "sha512-IfYcSBWE3hLpBg8+X2SEa8LVkJdJEkT2Ese2aaLs3ptGdVtABxndrMaxuFlQ1qdFf9Q5rDvDpxI3WwgvKFAsQA==", - "dev": true - }, - "node_modules/@types/uuid": { - "version": "9.0.8", - "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", - "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==", - "dev": true - }, - "node_modules/@types/validator": { - "version": "13.11.10", - "resolved": "https://registry.npmjs.org/@types/validator/-/validator-13.11.10.tgz", - "integrity": "sha512-e2PNXoXLr6Z+dbfx5zSh9TRlXJrELycxiaXznp4S5+D2M3b9bqJEitNHA5923jhnB2zzFiZHa2f0SI1HoIahpg==", - "dev": true, - "optional": true - }, - "node_modules/@types/yargs": { - "version": "17.0.32", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.32.tgz", - "integrity": "sha512-xQ67Yc/laOG5uMfX/093MRlGGCIBzZMarVa+gfNKJxWAIgykYpVGkBdbqEzGDDfCrVUj6Hiff4mTZ5BA6TmAog==", - "dev": true, - "dependencies": { - "@types/yargs-parser": "*" - } - }, - "node_modules/@types/yargs-parser": { - "version": "21.0.3", - "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", - "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==", - "dev": true - }, - "node_modules/@typescript-eslint/eslint-plugin": { - "version": "5.62.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.62.0.tgz", - "integrity": "sha512-TiZzBSJja/LbhNPvk6yc0JrX9XqhQ0hdh6M2svYfsHGejaKFIAGd9MQ+ERIMzLGlN/kZoYIgdxFV0PuljTKXag==", - "dev": true, - "dependencies": { - "@eslint-community/regexpp": "^4.4.0", - "@typescript-eslint/scope-manager": "5.62.0", - "@typescript-eslint/type-utils": "5.62.0", - "@typescript-eslint/utils": "5.62.0", - "debug": "^4.3.4", - "graphemer": "^1.4.0", - "ignore": "^5.2.0", - "natural-compare-lite": "^1.4.0", - "semver": "^7.3.7", - "tsutils": "^3.21.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependencies": { - "@typescript-eslint/parser": "^5.0.0", - "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/@typescript-eslint/eslint-plugin/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@typescript-eslint/parser": { - "version": "5.62.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.62.0.tgz", - "integrity": "sha512-VlJEV0fOQ7BExOsHYAGrgbEiZoi8D+Bl2+f6V2RrXerRSylnp+ZBHmPvaIa8cz0Ajx7WO7Z5RqfgYg7ED1nRhA==", - "dev": true, - "dependencies": { - "@typescript-eslint/scope-manager": "5.62.0", - "@typescript-eslint/types": "5.62.0", - "@typescript-eslint/typescript-estree": "5.62.0", - "debug": "^4.3.4" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependencies": { - "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/@typescript-eslint/scope-manager": { - "version": "5.62.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.62.0.tgz", - "integrity": "sha512-VXuvVvZeQCQb5Zgf4HAxc04q5j+WrNAtNh9OwCsCgpKqESMTu3tF/jhZ3xG6T4NZwWl65Bg8KuS2uEvhSfLl0w==", - "dev": true, - "dependencies": { - "@typescript-eslint/types": "5.62.0", - "@typescript-eslint/visitor-keys": "5.62.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/type-utils": { - "version": "5.62.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-5.62.0.tgz", - "integrity": "sha512-xsSQreu+VnfbqQpW5vnCJdq1Z3Q0U31qiWmRhr98ONQmcp/yhiPJFPq8MXiJVLiksmOKSjIldZzkebzHuCGzew==", - "dev": true, - "dependencies": { - "@typescript-eslint/typescript-estree": "5.62.0", - "@typescript-eslint/utils": "5.62.0", - "debug": "^4.3.4", - "tsutils": "^3.21.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependencies": { - "eslint": "*" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/@typescript-eslint/types": { - "version": "5.62.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.62.0.tgz", - "integrity": "sha512-87NVngcbVXUahrRTqIK27gD2t5Cu1yuCXxbLcFtCzZGlfyVWWh8mLHkoxzjsB6DDNnvdL+fW8MiwPEJyGJQDgQ==", - "dev": true, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@typescript-eslint/typescript-estree": { - "version": "5.62.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.62.0.tgz", - "integrity": "sha512-CmcQ6uY7b9y694lKdRB8FEel7JbU/40iSAPomu++SjLMntB+2Leay2LO6i8VnJk58MtE9/nQSFIH6jpyRWyYzA==", - "dev": true, - "dependencies": { - "@typescript-eslint/types": "5.62.0", - "@typescript-eslint/visitor-keys": "5.62.0", - "debug": "^4.3.4", - "globby": "^11.1.0", - "is-glob": "^4.0.3", - "semver": "^7.3.7", - "tsutils": "^3.21.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependenciesMeta": { - "typescript": { - "optional": true - } - } - }, - "node_modules/@typescript-eslint/typescript-estree/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@typescript-eslint/utils": { - "version": "5.62.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-5.62.0.tgz", - "integrity": "sha512-n8oxjeb5aIbPFEtmQxQYOLI0i9n5ySBEY/ZEHHZqKQSFnxio1rv6dthascc9dLuwrL0RC5mPCxB7vnAVGAYWAQ==", - "dev": true, - "dependencies": { - "@eslint-community/eslint-utils": "^4.2.0", - "@types/json-schema": "^7.0.9", - "@types/semver": "^7.3.12", - "@typescript-eslint/scope-manager": "5.62.0", - "@typescript-eslint/types": "5.62.0", - "@typescript-eslint/typescript-estree": "5.62.0", - "eslint-scope": "^5.1.1", - "semver": "^7.3.7" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - }, - "peerDependencies": { - "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0" - } - }, - "node_modules/@typescript-eslint/utils/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/@typescript-eslint/visitor-keys": { - "version": "5.62.0", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.62.0.tgz", - "integrity": "sha512-07ny+LHRzQXepkGg6w0mFY41fVUNBrL2Roj/++7V1txKugfjm/Ci/qSND03r2RhlJhJYMcTn9AhhSSqQp0Ysyw==", - "dev": true, - "dependencies": { - "@typescript-eslint/types": "5.62.0", - "eslint-visitor-keys": "^3.3.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/typescript-eslint" - } - }, - "node_modules/@ungap/structured-clone": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz", - "integrity": "sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==", - "dev": true - }, - "node_modules/@vincjo/datatables": { - "version": "1.14.9", - "resolved": "https://registry.npmjs.org/@vincjo/datatables/-/datatables-1.14.9.tgz", - "integrity": "sha512-dv+EsQGUMOwAtUN5VyFvt9lTqgkvFXX3RXXJhEWhGBODUWnuAXTISRouMAn30mr1/AAhXfezO+70n1ZRNkK1Bg==", - "dev": true, - "peerDependencies": { - "svelte": "^3.56.0 || ^4.0.0 || ^5.0.0-next.120" - } - }, - "node_modules/@vinejs/compiler": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/@vinejs/compiler/-/compiler-2.5.0.tgz", - "integrity": "sha512-hg4ekaB5Y2zh+IWzBiC/WCDWrIfpVnKu/ubUvelKlidc/VbulsexoFRw5kJGHZenPVI5YzNnDeTdYSALkTV7jQ==", - "dev": true, - "optional": true, - "engines": { - "node": ">=18.0.0" - } - }, - "node_modules/@vinejs/vine": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/@vinejs/vine/-/vine-1.8.0.tgz", - "integrity": "sha512-Qq3XxbA26jzqS9ICifkqzT399lMQZ2fWtqeV3luI2as+UIK7qDifJFU2Q4W3q3IB5VXoWxgwAZSZEO0em9I/qQ==", - "dev": true, - "optional": true, - "dependencies": { - "@poppinss/macroable": "^1.0.1", - "@types/validator": "^13.11.9", - "@vinejs/compiler": "^2.4.1", - "camelcase": "^8.0.0", - "dayjs": "^1.11.10", - "dlv": "^1.1.3", - "normalize-url": "^8.0.1", - "validator": "^13.11.0" - }, - "engines": { - "node": ">=18.16.0" - } - }, - "node_modules/@vinejs/vine/node_modules/camelcase": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-8.0.0.tgz", - "integrity": "sha512-8WB3Jcas3swSvjIeA2yvCJ+Miyz5l1ZmB6HFb9R1317dt9LCQoswg/BGrmAmkWVEszSrrg4RwmO46qIm2OEnSA==", - "dev": true, - "optional": true, - "engines": { - "node": ">=16" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@vitest/coverage-v8": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-1.6.0.tgz", - "integrity": "sha512-KvapcbMY/8GYIG0rlwwOKCVNRc0OL20rrhFkg/CHNzncV03TE2XWvO5w9uZYoxNiMEBacAJt3unSOiZ7svePew==", - "dev": true, - "dependencies": { - "@ampproject/remapping": "^2.2.1", - "@bcoe/v8-coverage": "^0.2.3", - "debug": "^4.3.4", - "istanbul-lib-coverage": "^3.2.2", - "istanbul-lib-report": "^3.0.1", - "istanbul-lib-source-maps": "^5.0.4", - "istanbul-reports": "^3.1.6", - "magic-string": "^0.30.5", - "magicast": "^0.3.3", - "picocolors": "^1.0.0", - "std-env": "^3.5.0", - "strip-literal": "^2.0.0", - "test-exclude": "^6.0.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - }, - "peerDependencies": { - "vitest": "1.6.0" - } - }, - "node_modules/@vitest/expect": { - "version": "0.34.7", - "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-0.34.7.tgz", - "integrity": "sha512-G9iEtwrD6ZQ4MVHZufif9Iqz3eLtuwBBNx971fNAGPaugM7ftAWjQN+ob2zWhtzURp8RK3zGXOxVb01mFo3zAQ==", - "dev": true, - "dependencies": { - "@vitest/spy": "0.34.7", - "@vitest/utils": "0.34.7", - "chai": "^4.3.10" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/@vitest/runner": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-1.6.0.tgz", - "integrity": "sha512-P4xgwPjwesuBiHisAVz/LSSZtDjOTPYZVmNAnpHHSR6ONrf8eCJOFRvUwdHn30F5M1fxhqtl7QZQUk2dprIXAg==", - "dev": true, - "dependencies": { - "@vitest/utils": "1.6.0", - "p-limit": "^5.0.0", - "pathe": "^1.1.1" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/@vitest/runner/node_modules/@vitest/utils": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.6.0.tgz", - "integrity": "sha512-21cPiuGMoMZwiOHa2i4LXkMkMkCGzA+MVFV70jRwHo95dL4x/ts5GZhML1QWuy7yfp3WzK3lRvZi3JnXTYqrBw==", - "dev": true, - "dependencies": { - "diff-sequences": "^29.6.3", - "estree-walker": "^3.0.3", - "loupe": "^2.3.7", - "pretty-format": "^29.7.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/@vitest/runner/node_modules/ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/@vitest/runner/node_modules/estree-walker": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", - "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", - "dev": true, - "dependencies": { - "@types/estree": "^1.0.0" - } - }, - "node_modules/@vitest/runner/node_modules/p-limit": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-5.0.0.tgz", - "integrity": "sha512-/Eaoq+QyLSiXQ4lyYV23f14mZRQcXnxfHrN0vCai+ak9G0pp9iEQukIIZq5NccEvwRB8PUnZT0KsOoDCINS1qQ==", - "dev": true, - "dependencies": { - "yocto-queue": "^1.0.0" - }, - "engines": { - "node": ">=18" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@vitest/runner/node_modules/pretty-format": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", - "integrity": "sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==", - "dev": true, - "dependencies": { - "@jest/schemas": "^29.6.3", - "ansi-styles": "^5.0.0", - "react-is": "^18.0.0" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/@vitest/runner/node_modules/react-is": { - "version": "18.3.1", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", - "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==", - "dev": true - }, - "node_modules/@vitest/runner/node_modules/yocto-queue": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-1.0.0.tgz", - "integrity": "sha512-9bnSc/HEW2uRy67wc+T8UwauLuPJVn28jb+GtJY16iiKWyvmYJRXVT4UamsAEGQfPohgr2q4Tq0sQbQlxTfi1g==", - "dev": true, - "engines": { - "node": ">=12.20" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/@vitest/snapshot": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-1.6.0.tgz", - "integrity": "sha512-+Hx43f8Chus+DCmygqqfetcAZrDJwvTj0ymqjQq4CvmpKFSTVteEOBzCusu1x2tt4OJcvBflyHUE0DZSLgEMtQ==", - "dev": true, - "dependencies": { - "magic-string": "^0.30.5", - "pathe": "^1.1.1", - "pretty-format": "^29.7.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/@vitest/snapshot/node_modules/ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/@vitest/snapshot/node_modules/pretty-format": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", - "integrity": "sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==", - "dev": true, - "dependencies": { - "@jest/schemas": "^29.6.3", - "ansi-styles": "^5.0.0", - "react-is": "^18.0.0" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/@vitest/snapshot/node_modules/react-is": { - "version": "18.3.1", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", - "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==", - "dev": true - }, - "node_modules/@vitest/spy": { - "version": "0.34.7", - "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-0.34.7.tgz", - "integrity": "sha512-NMMSzOY2d8L0mcOt4XcliDOS1ISyGlAXuQtERWVOoVHnKwmG+kKhinAiGw3dTtMQWybfa89FG8Ucg9tiC/FhTQ==", - "dev": true, - "dependencies": { - "tinyspy": "^2.1.1" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/@vitest/ui": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/ui/-/ui-1.6.0.tgz", - "integrity": "sha512-k3Lyo+ONLOgylctiGovRKy7V4+dIN2yxstX3eY5cWFXH6WP+ooVX79YSyi0GagdTQzLmT43BF27T0s6dOIPBXA==", - "dev": true, - "dependencies": { - "@vitest/utils": "1.6.0", - "fast-glob": "^3.3.2", - "fflate": "^0.8.1", - "flatted": "^3.2.9", - "pathe": "^1.1.1", - "picocolors": "^1.0.0", - "sirv": "^2.0.4" - }, - "funding": { - "url": "https://opencollective.com/vitest" - }, - "peerDependencies": { - "vitest": "1.6.0" - } - }, - "node_modules/@vitest/ui/node_modules/@vitest/utils": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.6.0.tgz", - "integrity": "sha512-21cPiuGMoMZwiOHa2i4LXkMkMkCGzA+MVFV70jRwHo95dL4x/ts5GZhML1QWuy7yfp3WzK3lRvZi3JnXTYqrBw==", - "dev": true, - "dependencies": { - "diff-sequences": "^29.6.3", - "estree-walker": "^3.0.3", - "loupe": "^2.3.7", - "pretty-format": "^29.7.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/@vitest/ui/node_modules/ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/@vitest/ui/node_modules/estree-walker": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", - "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", - "dev": true, - "dependencies": { - "@types/estree": "^1.0.0" - } - }, - "node_modules/@vitest/ui/node_modules/pretty-format": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", - "integrity": "sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==", - "dev": true, - "dependencies": { - "@jest/schemas": "^29.6.3", - "ansi-styles": "^5.0.0", - "react-is": "^18.0.0" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/@vitest/ui/node_modules/react-is": { - "version": "18.3.1", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", - "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==", - "dev": true - }, - "node_modules/@vitest/utils": { - "version": "0.34.7", - "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-0.34.7.tgz", - "integrity": "sha512-ziAavQLpCYS9sLOorGrFFKmy2gnfiNU0ZJ15TsMz/K92NAPS/rp9K4z6AJQQk5Y8adCy4Iwpxy7pQumQ/psnRg==", - "dev": true, - "dependencies": { - "diff-sequences": "^29.4.3", - "loupe": "^2.3.6", - "pretty-format": "^29.5.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/@vitest/utils/node_modules/ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/@vitest/utils/node_modules/pretty-format": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", - "integrity": "sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==", - "dev": true, - "dependencies": { - "@jest/schemas": "^29.6.3", - "ansi-styles": "^5.0.0", - "react-is": "^18.0.0" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/@vitest/utils/node_modules/react-is": { - "version": "18.3.1", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", - "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==", - "dev": true - }, - "node_modules/@yarnpkg/esbuild-plugin-pnp": { - "version": "3.0.0-rc.15", - "resolved": "https://registry.npmjs.org/@yarnpkg/esbuild-plugin-pnp/-/esbuild-plugin-pnp-3.0.0-rc.15.tgz", - "integrity": "sha512-kYzDJO5CA9sy+on/s2aIW0411AklfCi8Ck/4QDivOqsMKpStZA2SsR+X27VTggGwpStWaLrjJcDcdDMowtG8MA==", - "dev": true, - "dependencies": { - "tslib": "^2.4.0" - }, - "engines": { - "node": ">=14.15.0" - }, - "peerDependencies": { - "esbuild": ">=0.10.0" - } - }, - "node_modules/@yarnpkg/fslib": { - "version": "2.10.3", - "resolved": "https://registry.npmjs.org/@yarnpkg/fslib/-/fslib-2.10.3.tgz", - "integrity": "sha512-41H+Ga78xT9sHvWLlFOZLIhtU6mTGZ20pZ29EiZa97vnxdohJD2AF42rCoAoWfqUz486xY6fhjMH+DYEM9r14A==", - "dev": true, - "dependencies": { - "@yarnpkg/libzip": "^2.3.0", - "tslib": "^1.13.0" - }, - "engines": { - "node": ">=12 <14 || 14.2 - 14.9 || >14.10.0" - } - }, - "node_modules/@yarnpkg/fslib/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", - "dev": true - }, - "node_modules/@yarnpkg/libzip": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@yarnpkg/libzip/-/libzip-2.3.0.tgz", - "integrity": "sha512-6xm38yGVIa6mKm/DUCF2zFFJhERh/QWp1ufm4cNUvxsONBmfPg8uZ9pZBdOmF6qFGr/HlT6ABBkCSx/dlEtvWg==", - "dev": true, - "dependencies": { - "@types/emscripten": "^1.39.6", - "tslib": "^1.13.0" - }, - "engines": { - "node": ">=12 <14 || 14.2 - 14.9 || >14.10.0" - } - }, - "node_modules/@yarnpkg/libzip/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", - "dev": true - }, - "node_modules/abab": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/abab/-/abab-2.0.6.tgz", - "integrity": "sha512-j2afSsaIENvHZN2B8GOpF566vZ5WVk5opAiMTvWgaQT8DkbOqsTfvNAvHoRGU2zzP8cPoqys+xHTRDWW8L+/BA==", - "deprecated": "Use your platform's native atob() and btoa() methods instead", - "dev": true - }, - "node_modules/accepts": { - "version": "1.3.8", - "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", - "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", - "dev": true, - "dependencies": { - "mime-types": "~2.1.34", - "negotiator": "0.6.3" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/acorn": { - "version": "8.11.3", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.11.3.tgz", - "integrity": "sha512-Y9rRfJG5jcKOE0CLisYbojUjIrIEE7AGMzA/Sm4BslANhbS+cDMpgBdcPT91oJ7OuJ9hYJBx59RjbhxVnrF8Xg==", - "bin": { - "acorn": "bin/acorn" - }, - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/acorn-jsx": { - "version": "5.3.2", - "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.3.2.tgz", - "integrity": "sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==", - "dev": true, - "peerDependencies": { - "acorn": "^6.0.0 || ^7.0.0 || ^8.0.0" - } - }, - "node_modules/acorn-walk": { - "version": "8.3.2", - "resolved": "https://registry.npmjs.org/acorn-walk/-/acorn-walk-8.3.2.tgz", - "integrity": "sha512-cjkyv4OtNCIeqhHrfS81QWXoCBPExR/J62oyEqepVw8WaQeSqpW2uhuLPh1m9eWhDuOo/jUXVTlifvesOWp/4A==", - "dev": true, - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/address": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/address/-/address-1.2.2.tgz", - "integrity": "sha512-4B/qKCfeE/ODUaAUpSwfzazo5x29WD4r3vXiWsB7I2mSDAihwEqKO+g8GELZUQSSAo5e1XTYh3ZVfLyxBc12nA==", - "dev": true, - "engines": { - "node": ">= 10.0.0" - } - }, - "node_modules/agent-base": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", - "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", - "dev": true, - "dependencies": { - "debug": "4" - }, - "engines": { - "node": ">= 6.0.0" - } - }, - "node_modules/aggregate-error": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz", - "integrity": "sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==", - "dependencies": { - "clean-stack": "^2.0.0", - "indent-string": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/ajv": { - "version": "6.12.6", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", - "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", - "dev": true, - "dependencies": { - "fast-deep-equal": "^3.1.1", - "fast-json-stable-stringify": "^2.0.0", - "json-schema-traverse": "^0.4.1", - "uri-js": "^4.2.2" - }, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/epoberezkin" - } - }, - "node_modules/ansi-colors": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.3.tgz", - "integrity": "sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/ansi-regex": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz", - "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/ansi-styles": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz", - "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==", - "dev": true, - "dependencies": { - "color-convert": "^2.0.1" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/any-promise": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz", - "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==", - "dev": true - }, - "node_modules/anymatch": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", - "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", - "dependencies": { - "normalize-path": "^3.0.0", - "picomatch": "^2.0.4" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/app-root-dir": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/app-root-dir/-/app-root-dir-1.0.2.tgz", - "integrity": "sha512-jlpIfsOoNoafl92Sz//64uQHGSyMrD2vYG5d8o2a4qGvyNCvXur7bzIsWtAC/6flI2RYAp3kv8rsfBtaLm7w0g==", - "dev": true - }, - "node_modules/arg": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz", - "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==", - "dev": true - }, - "node_modules/argparse": { - "version": "1.0.10", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz", - "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==", - "dev": true, - "dependencies": { - "sprintf-js": "~1.0.2" - } - }, - "node_modules/aria-hidden": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/aria-hidden/-/aria-hidden-1.2.4.tgz", - "integrity": "sha512-y+CcFFwelSXpLZk/7fMB2mUbGtX9lKycf1MWJ7CaTIERyitVlyQx6C+sxcROU2BAJ24OiZyK+8wj2i8AlBoS3A==", - "dev": true, - "dependencies": { - "tslib": "^2.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/aria-query": { - "version": "5.1.3", - "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.1.3.tgz", - "integrity": "sha512-R5iJ5lkuHybztUfuOAznmboyjWq8O6sqNqtK7CLOqdydi54VNbORp49mb14KbWgG1QD3JFO9hJdZ+y4KutfdOQ==", - "dev": true, - "dependencies": { - "deep-equal": "^2.0.5" - } - }, - "node_modules/arktype": { - "version": "2.0.0-dev.15", - "resolved": "https://registry.npmjs.org/arktype/-/arktype-2.0.0-dev.15.tgz", - "integrity": "sha512-V8/jyfU/ISl9uSzTNZMgj/sYOI1QNxhVaqcS+spWamF/jx4eDFMqBVdhAGysJhKyLC+Qi2yNw5f1YQuaOMEeGw==", - "dev": true, - "optional": true, - "dependencies": { - "@arktype/schema": "0.1.7", - "@arktype/util": "0.0.45" - } - }, - "node_modules/array-buffer-byte-length": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/array-buffer-byte-length/-/array-buffer-byte-length-1.0.1.tgz", - "integrity": "sha512-ahC5W1xgou+KTXix4sAO8Ki12Q+jf4i0+tmk3sC+zgcynshkHxzpXdImBehiUYKKKDwvfFiJl1tZt6ewscS1Mg==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.5", - "is-array-buffer": "^3.0.4" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/array-flatten": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", - "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", - "dev": true - }, - "node_modules/array-union": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/array-union/-/array-union-2.1.0.tgz", - "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/assert": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/assert/-/assert-2.1.0.tgz", - "integrity": "sha512-eLHpSK/Y4nhMJ07gDaAzoX/XAKS8PSaojml3M0DM4JpV1LAi5JOJ/p6H/XWrl8L+DzVEvVCW1z3vWAaB9oTsQw==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.2", - "is-nan": "^1.3.2", - "object-is": "^1.1.5", - "object.assign": "^4.1.4", - "util": "^0.12.5" - } - }, - "node_modules/assertion-error": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz", - "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==", - "dev": true, - "engines": { - "node": "*" - } - }, - "node_modules/ast-types": { - "version": "0.16.1", - "resolved": "https://registry.npmjs.org/ast-types/-/ast-types-0.16.1.tgz", - "integrity": "sha512-6t10qk83GOG8p0vKmaCr8eiilZwO171AvbROMtvvNiwrTly62t+7XkA8RdIIVbpMhCASAsxgAzdRSwh6nw/5Dg==", - "dev": true, - "dependencies": { - "tslib": "^2.0.1" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/async": { - "version": "3.2.5", - "resolved": "https://registry.npmjs.org/async/-/async-3.2.5.tgz", - "integrity": "sha512-baNZyqaaLhyLVKm/DlvdW051MSgO6b8eVfIezl9E5PqWxFgzLm/wQntEW4zOytVburDEr0JlALEpdOFwvErLsg==", - "dev": true - }, - "node_modules/async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", - "dev": true - }, - "node_modules/async-lock": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/async-lock/-/async-lock-1.4.1.tgz", - "integrity": "sha512-Az2ZTpuytrtqENulXwO3GGv1Bztugx6TT37NIo7imr/Qo0gsYiGtSdBa2B6fsXhTpVZDNfu1Qn3pk531e3q+nQ==" - }, - "node_modules/asynckit": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", - "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" - }, - "node_modules/autoprefixer": { - "version": "10.4.19", - "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.19.tgz", - "integrity": "sha512-BaENR2+zBZ8xXhM4pUaKUxlVdxZ0EZhjvbopwnXmxRUfqDmwSpC2lAi/QXvx7NRdPCo1WKEcEF6mV64si1z4Ew==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/autoprefixer" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "browserslist": "^4.23.0", - "caniuse-lite": "^1.0.30001599", - "fraction.js": "^4.3.7", - "normalize-range": "^0.1.2", - "picocolors": "^1.0.0", - "postcss-value-parser": "^4.2.0" - }, - "bin": { - "autoprefixer": "bin/autoprefixer" - }, - "engines": { - "node": "^10 || ^12 || >=14" - }, - "peerDependencies": { - "postcss": "^8.1.0" - } - }, - "node_modules/available-typed-arrays": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz", - "integrity": "sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==", - "dev": true, - "dependencies": { - "possible-typed-array-names": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/axios": { - "version": "1.7.2", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.2.tgz", - "integrity": "sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw==", - "dependencies": { - "follow-redirects": "^1.15.6", - "form-data": "^4.0.0", - "proxy-from-env": "^1.1.0" - } - }, - "node_modules/axobject-query": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/axobject-query/-/axobject-query-4.0.0.tgz", - "integrity": "sha512-+60uv1hiVFhHZeO+Lz0RYzsVHy5Wr1ayX0mwda9KPDVLNJgZ1T9Ny7VmFbLDzxsH0D87I86vgj3gFrjTJUYznw==", - "dependencies": { - "dequal": "^2.0.3" - } - }, - "node_modules/babel-core": { - "version": "7.0.0-bridge.0", - "resolved": "https://registry.npmjs.org/babel-core/-/babel-core-7.0.0-bridge.0.tgz", - "integrity": "sha512-poPX9mZH/5CSanm50Q+1toVci6pv5KSRv/5TWCwtzQS5XEwn40BcCrgIeMFWP9CKKIniKXNxoIOnOq4VVlGXhg==", - "dev": true, - "peerDependencies": { - "@babel/core": "^7.0.0-0" - } - }, - "node_modules/babel-plugin-istanbul": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/babel-plugin-istanbul/-/babel-plugin-istanbul-6.1.1.tgz", - "integrity": "sha512-Y1IQok9821cC9onCx5otgFfRm7Lm+I+wwxOx738M/WLPZ9Q42m4IG5W0FNX8WLL2gYMZo3JkuXIH2DOpWM+qwA==", - "dev": true, - "dependencies": { - "@babel/helper-plugin-utils": "^7.0.0", - "@istanbuljs/load-nyc-config": "^1.0.0", - "@istanbuljs/schema": "^0.1.2", - "istanbul-lib-instrument": "^5.0.4", - "test-exclude": "^6.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/babel-plugin-polyfill-corejs2": { - "version": "0.4.11", - "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs2/-/babel-plugin-polyfill-corejs2-0.4.11.tgz", - "integrity": "sha512-sMEJ27L0gRHShOh5G54uAAPaiCOygY/5ratXuiyb2G46FmlSpc9eFCzYVyDiPxfNbwzA7mYahmjQc5q+CZQ09Q==", - "dev": true, - "dependencies": { - "@babel/compat-data": "^7.22.6", - "@babel/helper-define-polyfill-provider": "^0.6.2", - "semver": "^6.3.1" - }, - "peerDependencies": { - "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" - } - }, - "node_modules/babel-plugin-polyfill-corejs3": { - "version": "0.10.4", - "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-corejs3/-/babel-plugin-polyfill-corejs3-0.10.4.tgz", - "integrity": "sha512-25J6I8NGfa5YkCDogHRID3fVCadIR8/pGl1/spvCkzb6lVn6SR3ojpx9nOn9iEBcUsjY24AmdKm5khcfKdylcg==", - "dev": true, - "dependencies": { - "@babel/helper-define-polyfill-provider": "^0.6.1", - "core-js-compat": "^3.36.1" - }, - "peerDependencies": { - "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" - } - }, - "node_modules/babel-plugin-polyfill-regenerator": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/babel-plugin-polyfill-regenerator/-/babel-plugin-polyfill-regenerator-0.6.2.tgz", - "integrity": "sha512-2R25rQZWP63nGwaAswvDazbPXfrM3HwVoBXK6HcqeKrSrL/JqcC/rDcf95l4r7LXLyxDXc8uQDa064GubtCABg==", - "dev": true, - "dependencies": { - "@babel/helper-define-polyfill-provider": "^0.6.2" - }, - "peerDependencies": { - "@babel/core": "^7.4.0 || ^8.0.0-0 <8.0.0" - } - }, - "node_modules/balanced-match": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", - "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", - "dev": true - }, - "node_modules/base64-js": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", - "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, - "node_modules/before-after-hook": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.3.tgz", - "integrity": "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==" - }, - "node_modules/better-opn": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/better-opn/-/better-opn-3.0.2.tgz", - "integrity": "sha512-aVNobHnJqLiUelTaHat9DZ1qM2w0C0Eym4LPI/3JxOnSokGVdsl1T1kN7TFvsEAD8G47A6VKQ0TVHqbBnYMJlQ==", - "dev": true, - "dependencies": { - "open": "^8.0.4" - }, - "engines": { - "node": ">=12.0.0" - } - }, - "node_modules/big-integer": { - "version": "1.6.52", - "resolved": "https://registry.npmjs.org/big-integer/-/big-integer-1.6.52.tgz", - "integrity": "sha512-QxD8cf2eVqJOOz63z6JIN9BzvVs/dlySa5HGSBH5xtR8dPteIRQnBxxKqkNTiT6jbDTF6jAfrd4oMcND9RGbQg==", - "dev": true, - "engines": { - "node": ">=0.6" - } - }, - "node_modules/binary-extensions": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", - "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/bl": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/bl/-/bl-4.1.0.tgz", - "integrity": "sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==", - "dev": true, - "dependencies": { - "buffer": "^5.5.0", - "inherits": "^2.0.4", - "readable-stream": "^3.4.0" - } - }, - "node_modules/body-parser": { - "version": "1.20.2", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", - "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==", - "dev": true, - "dependencies": { - "bytes": "3.1.2", - "content-type": "~1.0.5", - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "on-finished": "2.4.1", - "qs": "6.11.0", - "raw-body": "2.5.2", - "type-is": "~1.6.18", - "unpipe": "1.0.0" - }, - "engines": { - "node": ">= 0.8", - "npm": "1.2.8000 || >= 1.4.16" - } - }, - "node_modules/body-parser/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/body-parser/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/body-parser/node_modules/qs": { - "version": "6.11.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", - "dev": true, - "dependencies": { - "side-channel": "^1.0.4" - }, - "engines": { - "node": ">=0.6" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/bottleneck": { - "version": "2.19.5", - "resolved": "https://registry.npmjs.org/bottleneck/-/bottleneck-2.19.5.tgz", - "integrity": "sha512-VHiNCbI1lKdl44tGrhNfU3lup0Tj/ZBMJB5/2ZbNXRCPuRCO7ed2mgcK4r17y+KB2EfuYuRaVlwNbAeaWGSpbw==" - }, - "node_modules/bplist-parser": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/bplist-parser/-/bplist-parser-0.2.0.tgz", - "integrity": "sha512-z0M+byMThzQmD9NILRniCUXYsYpjwnlO8N5uCFaCqIOpqRsJCrQL9NK3JsD67CN5a08nF5oIL2bD6loTdHOuKw==", - "dev": true, - "dependencies": { - "big-integer": "^1.6.44" - }, - "engines": { - "node": ">= 5.10.0" - } - }, - "node_modules/brace-expansion": { - "version": "1.1.11", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", - "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", - "dev": true, - "dependencies": { - "balanced-match": "^1.0.0", - "concat-map": "0.0.1" - } - }, - "node_modules/braces": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", - "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", - "dependencies": { - "fill-range": "^7.1.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/browser-assert": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/browser-assert/-/browser-assert-1.2.1.tgz", - "integrity": "sha512-nfulgvOR6S4gt9UKCeGJOuSGBPGiFT6oQ/2UBnvTY/5aQ1PnksW72fhZkM30DzoRRv2WpwZf1vHHEr3mtuXIWQ==", - "dev": true - }, - "node_modules/browserify-zlib": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/browserify-zlib/-/browserify-zlib-0.1.4.tgz", - "integrity": "sha512-19OEpq7vWgsH6WkvkBJQDFvJS1uPcbFOQ4v9CU839dO+ZZXUZO6XpE6hNCqvlIIj+4fZvRiJ6DsAQ382GwiyTQ==", - "dev": true, - "dependencies": { - "pako": "~0.2.0" - } - }, - "node_modules/browserify-zlib/node_modules/pako": { - "version": "0.2.9", - "resolved": "https://registry.npmjs.org/pako/-/pako-0.2.9.tgz", - "integrity": "sha512-NUcwaKxUxWrZLpDG+z/xZaCgQITkA/Dv4V/T6bw7VON6l1Xz/VnrBqrYjZQ12TamKHzITTfOEIYUj48y2KXImA==", - "dev": true - }, - "node_modules/browserslist": { - "version": "4.23.0", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz", - "integrity": "sha512-QW8HiM1shhT2GuzkvklfjcKDiWFXHOeFCIA/huJPwHsslwcydgk7X+z2zXpEijP98UCY7HbubZt5J2Zgvf0CaQ==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/browserslist" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/browserslist" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "caniuse-lite": "^1.0.30001587", - "electron-to-chromium": "^1.4.668", - "node-releases": "^2.0.14", - "update-browserslist-db": "^1.0.13" - }, - "bin": { - "browserslist": "cli.js" - }, - "engines": { - "node": "^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7" - } - }, - "node_modules/bser": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/bser/-/bser-2.1.1.tgz", - "integrity": "sha512-gQxTNE/GAfIIrmHLUE3oJyp5FO6HRBfhjnw4/wMmA63ZGDJnWBmgY/lyQBpnDUkGmAhbSe39tx2d/iTOAfglwQ==", - "dev": true, - "dependencies": { - "node-int64": "^0.4.0" - } - }, - "node_modules/btoa-lite": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/btoa-lite/-/btoa-lite-1.0.0.tgz", - "integrity": "sha512-gvW7InbIyF8AicrqWoptdW08pUxuhq8BEgowNajy9RhiE86fmGAGl+bLKo6oB8QP0CkqHLowfN0oJdKC/J6LbA==" - }, - "node_modules/buffer": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", - "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], - "dependencies": { - "base64-js": "^1.3.1", - "ieee754": "^1.1.13" - } - }, - "node_modules/buffer-crc32": { - "version": "0.2.13", - "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", - "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==", - "dev": true, - "engines": { - "node": "*" - } - }, - "node_modules/buffer-equal-constant-time": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", - "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" - }, - "node_modules/buffer-from": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", - "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", - "dev": true - }, - "node_modules/builtin-modules": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-3.3.0.tgz", - "integrity": "sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==", - "dev": true, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/bytes": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", - "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cac": { - "version": "6.7.14", - "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz", - "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/call-bind": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz", - "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==", - "dev": true, - "dependencies": { - "es-define-property": "^1.0.0", - "es-errors": "^1.3.0", - "function-bind": "^1.1.2", - "get-intrinsic": "^1.2.4", - "set-function-length": "^1.2.1" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/callsites": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz", - "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/camelcase": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz", - "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/camelcase-css": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/camelcase-css/-/camelcase-css-2.0.1.tgz", - "integrity": "sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==", - "dev": true, - "engines": { - "node": ">= 6" - } - }, - "node_modules/caniuse-lite": { - "version": "1.0.30001629", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001629.tgz", - "integrity": "sha512-c3dl911slnQhmxUIT4HhYzT7wnBK/XYpGnYLOj4nJBaRiw52Ibe7YxlDaAeRECvA786zCuExhxIUJ2K7nHMrBw==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/browserslist" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/caniuse-lite" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ] - }, - "node_modules/chai": { - "version": "4.4.1", - "resolved": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz", - "integrity": "sha512-13sOfMv2+DWduEU+/xbun3LScLoqN17nBeTLUsmDfKdoiC1fr0n9PU4guu4AhRcOVFk/sW8LyZWHuhWtQZiF+g==", - "dev": true, - "dependencies": { - "assertion-error": "^1.1.0", - "check-error": "^1.0.3", - "deep-eql": "^4.1.3", - "get-func-name": "^2.0.2", - "loupe": "^2.3.6", - "pathval": "^1.1.1", - "type-detect": "^4.0.8" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/chalk": { - "version": "4.1.2", - "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz", - "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==", - "dev": true, - "dependencies": { - "ansi-styles": "^4.1.0", - "supports-color": "^7.1.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/chalk?sponsor=1" - } - }, - "node_modules/check-error": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.3.tgz", - "integrity": "sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==", - "dev": true, - "dependencies": { - "get-func-name": "^2.0.2" - }, - "engines": { - "node": "*" - } - }, - "node_modules/chokidar": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", - "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", - "dependencies": { - "anymatch": "~3.1.2", - "braces": "~3.0.2", - "glob-parent": "~5.1.2", - "is-binary-path": "~2.1.0", - "is-glob": "~4.0.1", - "normalize-path": "~3.0.0", - "readdirp": "~3.6.0" - }, - "engines": { - "node": ">= 8.10.0" - }, - "funding": { - "url": "https://paulmillr.com/funding/" - }, - "optionalDependencies": { - "fsevents": "~2.3.2" - } - }, - "node_modules/chokidar/node_modules/glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "dependencies": { - "is-glob": "^4.0.1" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/chownr": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/chownr/-/chownr-2.0.0.tgz", - "integrity": "sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==", - "dev": true, - "engines": { - "node": ">=10" - } - }, - "node_modules/ci-info": { - "version": "3.9.0", - "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-3.9.0.tgz", - "integrity": "sha512-NIxF55hv4nSqQswkAeiOi1r83xy8JldOFDTWiug55KBu9Jnblncd2U6ViHmYgHf01TPZS77NJBhBMKdWj9HQMQ==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/sibiraj-s" - } - ], - "engines": { - "node": ">=8" - } - }, - "node_modules/citty": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/citty/-/citty-0.1.6.tgz", - "integrity": "sha512-tskPPKEs8D2KPafUypv2gxwJP8h/OaJmC82QQGGDQcHvXX43xF2VDACcJVmZ0EuSxkpO9Kc4MlrA3q0+FG58AQ==", - "dev": true, - "dependencies": { - "consola": "^3.2.3" - } - }, - "node_modules/clean-git-ref": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/clean-git-ref/-/clean-git-ref-2.0.1.tgz", - "integrity": "sha512-bLSptAy2P0s6hU4PzuIMKmMJJSE6gLXGH1cntDu7bWJUksvuM+7ReOK61mozULErYvP6a15rnYl0zFDef+pyPw==" - }, - "node_modules/clean-stack": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz", - "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==", - "engines": { - "node": ">=6" - } - }, - "node_modules/cli-cursor": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-3.1.0.tgz", - "integrity": "sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==", - "dev": true, - "dependencies": { - "restore-cursor": "^3.1.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/cli-spinners": { - "version": "2.9.2", - "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz", - "integrity": "sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg==", - "dev": true, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/cli-table3": { - "version": "0.6.5", - "resolved": "https://registry.npmjs.org/cli-table3/-/cli-table3-0.6.5.tgz", - "integrity": "sha512-+W/5efTR7y5HRD7gACw9yQjqMVvEMLBHmboM/kPWam+H+Hmyrgjh6YncVKK122YZkXrLudzTuAukUw9FnMf7IQ==", - "dev": true, - "dependencies": { - "string-width": "^4.2.0" - }, - "engines": { - "node": "10.* || >= 12.*" - }, - "optionalDependencies": { - "@colors/colors": "1.5.0" - } - }, - "node_modules/cli-table3/node_modules/emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true - }, - "node_modules/cli-table3/node_modules/string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/clone": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/clone/-/clone-1.0.4.tgz", - "integrity": "sha512-JQHZ2QMW6l3aH/j6xCqQThY/9OH4D/9ls34cgkUBiEeocRTU04tHfKPBsUK1PqZCUQM7GiA0IIXJSuXHI64Kbg==", - "dev": true, - "engines": { - "node": ">=0.8" - } - }, - "node_modules/clone-deep": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/clone-deep/-/clone-deep-4.0.1.tgz", - "integrity": "sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==", - "dev": true, - "dependencies": { - "is-plain-object": "^2.0.4", - "kind-of": "^6.0.2", - "shallow-clone": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/code-red": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/code-red/-/code-red-1.0.4.tgz", - "integrity": "sha512-7qJWqItLA8/VPVlKJlFXU+NBlo/qyfs39aJcuMT/2ere32ZqvF5OSxgdM5xOfJJ7O429gg2HM47y8v9P+9wrNw==", - "dependencies": { - "@jridgewell/sourcemap-codec": "^1.4.15", - "@types/estree": "^1.0.1", - "acorn": "^8.10.0", - "estree-walker": "^3.0.3", - "periscopic": "^3.1.0" - } - }, - "node_modules/code-red/node_modules/estree-walker": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", - "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", - "dependencies": { - "@types/estree": "^1.0.0" - } - }, - "node_modules/color-convert": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz", - "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==", - "dev": true, - "dependencies": { - "color-name": "~1.1.4" - }, - "engines": { - "node": ">=7.0.0" - } - }, - "node_modules/color-name": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz", - "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", - "dev": true - }, - "node_modules/combined-stream": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", - "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", - "dependencies": { - "delayed-stream": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/commander": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", - "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", - "engines": { - "node": ">=16" - } - }, - "node_modules/commondir": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz", - "integrity": "sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==", - "dev": true - }, - "node_modules/compressible": { - "version": "2.0.18", - "resolved": "https://registry.npmjs.org/compressible/-/compressible-2.0.18.tgz", - "integrity": "sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg==", - "dev": true, - "dependencies": { - "mime-db": ">= 1.43.0 < 2" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/compression": { - "version": "1.7.4", - "resolved": "https://registry.npmjs.org/compression/-/compression-1.7.4.tgz", - "integrity": "sha512-jaSIDzP9pZVS4ZfQ+TzvtiWhdpFhE2RDHz8QJkpX9SIpLq88VueF5jJw6t+6CUQcAoA6t+x89MLrWAqpfDE8iQ==", - "dev": true, - "dependencies": { - "accepts": "~1.3.5", - "bytes": "3.0.0", - "compressible": "~2.0.16", - "debug": "2.6.9", - "on-headers": "~1.0.2", - "safe-buffer": "5.1.2", - "vary": "~1.1.2" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/compression/node_modules/bytes": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz", - "integrity": "sha512-pMhOfFDPiv9t5jjIXkHosWmkSyQbvsgEVNkz0ERHbuLh2T/7j4Mqqpz523Fe8MVY89KC6Sh/QfS2sM+SjgFDcw==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/compression/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/compression/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/compression/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/concat-map": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", - "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", - "dev": true - }, - "node_modules/concat-stream": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz", - "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==", - "dev": true, - "engines": [ - "node >= 0.8" - ], - "dependencies": { - "buffer-from": "^1.0.0", - "inherits": "^2.0.3", - "readable-stream": "^2.2.2", - "typedarray": "^0.0.6" - } - }, - "node_modules/concat-stream/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/concat-stream/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/concat-stream/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/concat-stream/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, - "node_modules/confbox": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/confbox/-/confbox-0.1.7.tgz", - "integrity": "sha512-uJcB/FKZtBMCJpK8MQji6bJHgu1tixKPxRLeGkNzBoOZzpnZUJm0jm2/sBDWcuBx1dYgxV4JU+g5hmNxCyAmdA==", - "dev": true - }, - "node_modules/consola": { - "version": "3.2.3", - "resolved": "https://registry.npmjs.org/consola/-/consola-3.2.3.tgz", - "integrity": "sha512-I5qxpzLv+sJhTVEoLYNcTW+bThDCPsit0vLNKShZx6rLtpilNpmmeTPaeqJb9ZE9dV3DGaeby6Vuhrw38WjeyQ==", - "engines": { - "node": "^14.18.0 || >=16.10.0" - } - }, - "node_modules/content-disposition": { - "version": "0.5.4", - "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", - "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", - "dev": true, - "dependencies": { - "safe-buffer": "5.2.1" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/content-type": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", - "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/convert-source-map": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz", - "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==", - "dev": true - }, - "node_modules/cookie": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz", - "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/cookie-signature": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", - "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==", - "dev": true - }, - "node_modules/core-js-compat": { - "version": "3.37.1", - "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.37.1.tgz", - "integrity": "sha512-9TNiImhKvQqSUkOvk/mMRZzOANTiEVC7WaBNhHcKM7x+/5E1l5NvsysR19zuDQScE8k+kfQXWRN3AtS/eOSHpg==", - "dev": true, - "dependencies": { - "browserslist": "^4.23.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/core-js" - } - }, - "node_modules/core-util-is": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", - "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", - "dev": true - }, - "node_modules/crc-32": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/crc-32/-/crc-32-1.2.2.tgz", - "integrity": "sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ==", - "bin": { - "crc32": "bin/crc32.njs" - }, - "engines": { - "node": ">=0.8" - } - }, - "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", - "dev": true, - "dependencies": { - "path-key": "^3.1.0", - "shebang-command": "^2.0.0", - "which": "^2.0.1" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/crypto-random-string": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz", - "integrity": "sha512-v1plID3y9r/lPhviJ1wrXpLeyUIGAZ2SHNYTEapm7/8A9nLPoyvVp3RK/EPFqn5kEznyWgYZNsRtYYIWbuG8KA==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/css-tree": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-2.3.1.tgz", - "integrity": "sha512-6Fv1DV/TYw//QF5IzQdqsNDjx/wc8TrMBZsqjL9eW01tWb7R7k/mq+/VXfJCl7SoD5emsJop9cOByJZfs8hYIw==", - "dependencies": { - "mdn-data": "2.0.30", - "source-map-js": "^1.0.1" - }, - "engines": { - "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0" - } - }, - "node_modules/css.escape": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/css.escape/-/css.escape-1.5.1.tgz", - "integrity": "sha512-YUifsXXuknHlUsmlgyY0PKzgPOr7/FjCePfHNt0jxm83wHZi44VDMQ7/fGNkjY3/jV1MC+1CmZbaHzugyeRtpg==", - "dev": true - }, - "node_modules/cssesc": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/cssesc/-/cssesc-3.0.0.tgz", - "integrity": "sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==", - "dev": true, - "bin": { - "cssesc": "bin/cssesc" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/cssstyle": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-3.0.0.tgz", - "integrity": "sha512-N4u2ABATi3Qplzf0hWbVCdjenim8F3ojEXpBDF5hBpjzW182MjNGLqfmQ0SkSPeQ+V86ZXgeH8aXj6kayd4jgg==", - "dev": true, - "dependencies": { - "rrweb-cssom": "^0.6.0" - }, - "engines": { - "node": ">=14" - } - }, - "node_modules/csstype": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.1.3.tgz", - "integrity": "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==" - }, - "node_modules/data-urls": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-4.0.0.tgz", - "integrity": "sha512-/mMTei/JXPqvFqQtfyTowxmJVwr2PVAeCcDxyFf6LhoOu/09TX2OX3kb2wzi4DMXcfj4OItwDOnhl5oziPnT6g==", - "dev": true, - "dependencies": { - "abab": "^2.0.6", - "whatwg-mimetype": "^3.0.0", - "whatwg-url": "^12.0.0" - }, - "engines": { - "node": ">=14" - } - }, - "node_modules/dayjs": { - "version": "1.11.11", - "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.11.tgz", - "integrity": "sha512-okzr3f11N6WuqYtZSvm+F776mB41wRZMhKP+hc34YdW+KmtYYK9iqvHSwo2k9FEH3fhGXvOPV6yz2IcSrfRUDg==", - "dev": true, - "optional": true - }, - "node_modules/debug": { - "version": "4.3.5", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "integrity": "sha512-pt0bNEmneDIvdL1Xsd9oDQ/wrQRkXDT4AUWlNZNPKvW5x/jyO9VFXkJUP07vQ2upmw5PlaITaPKc31jK13V+jg==", - "dependencies": { - "ms": "2.1.2" - }, - "engines": { - "node": ">=6.0" - }, - "peerDependenciesMeta": { - "supports-color": { - "optional": true - } - } - }, - "node_modules/decimal.js": { - "version": "10.4.3", - "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.4.3.tgz", - "integrity": "sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA==", - "dev": true - }, - "node_modules/decompress-response": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-6.0.0.tgz", - "integrity": "sha512-aW35yZM6Bb/4oJlZncMH2LCoZtJXTRxES17vE3hoRiowU2kWHaJKFkSBDnDR+cm9J+9QhXmREyIfv0pji9ejCQ==", - "dev": true, - "dependencies": { - "mimic-response": "^3.1.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/dedent": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/dedent/-/dedent-1.5.1.tgz", - "integrity": "sha512-+LxW+KLWxu3HW3M2w2ympwtqPrqYRzU8fqi6Fhd18fBALe15blJPI/I4+UHveMVG6lJqB4JNd4UG0S5cnVHwIg==", - "peerDependencies": { - "babel-plugin-macros": "^3.1.0" - }, - "peerDependenciesMeta": { - "babel-plugin-macros": { - "optional": true - } - } - }, - "node_modules/deep-eql": { - "version": "4.1.4", - "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-4.1.4.tgz", - "integrity": "sha512-SUwdGfqdKOwxCPeVYjwSyRpJ7Z+fhpwIAtmCUdZIWZ/YP5R9WAsyuSgpLVDi9bjWoN2LXHNss/dk3urXtdQxGg==", - "dev": true, - "dependencies": { - "type-detect": "^4.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/deep-equal": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/deep-equal/-/deep-equal-2.2.3.tgz", - "integrity": "sha512-ZIwpnevOurS8bpT4192sqAowWM76JDKSHYzMLty3BZGSswgq6pBaH3DhCSW5xVAZICZyKdOBPjwww5wfgT/6PA==", - "dev": true, - "dependencies": { - "array-buffer-byte-length": "^1.0.0", - "call-bind": "^1.0.5", - "es-get-iterator": "^1.1.3", - "get-intrinsic": "^1.2.2", - "is-arguments": "^1.1.1", - "is-array-buffer": "^3.0.2", - "is-date-object": "^1.0.5", - "is-regex": "^1.1.4", - "is-shared-array-buffer": "^1.0.2", - "isarray": "^2.0.5", - "object-is": "^1.1.5", - "object-keys": "^1.1.1", - "object.assign": "^4.1.4", - "regexp.prototype.flags": "^1.5.1", - "side-channel": "^1.0.4", - "which-boxed-primitive": "^1.0.2", - "which-collection": "^1.0.1", - "which-typed-array": "^1.1.13" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/deep-is": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.4.tgz", - "integrity": "sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==", - "dev": true - }, - "node_modules/deepmerge": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.3.1.tgz", - "integrity": "sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/deepmerge-ts": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/deepmerge-ts/-/deepmerge-ts-5.1.0.tgz", - "integrity": "sha512-eS8dRJOckyo9maw9Tu5O5RUi/4inFLrnoLkBe3cPfDMx3WZioXtmOew4TXQaxq7Rhl4xjDtR7c6x8nNTxOvbFw==", - "engines": { - "node": ">=16.0.0" - } - }, - "node_modules/default-browser-id": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/default-browser-id/-/default-browser-id-3.0.0.tgz", - "integrity": "sha512-OZ1y3y0SqSICtE8DE4S8YOE9UZOJ8wO16fKWVP5J1Qz42kV9jcnMVFrEE/noXb/ss3Q4pZIH79kxofzyNNtUNA==", - "dev": true, - "dependencies": { - "bplist-parser": "^0.2.0", - "untildify": "^4.0.0" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/defaults": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/defaults/-/defaults-1.0.4.tgz", - "integrity": "sha512-eFuaLoy/Rxalv2kr+lqMlUnrDWV+3j4pljOIJgLIhI058IQfWJ7vXhyEIHu+HtC738klGALYxOKDO0bQP3tg8A==", - "dev": true, - "dependencies": { - "clone": "^1.0.2" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/define-data-property": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz", - "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==", - "dev": true, - "dependencies": { - "es-define-property": "^1.0.0", - "es-errors": "^1.3.0", - "gopd": "^1.0.1" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/define-lazy-prop": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/define-lazy-prop/-/define-lazy-prop-2.0.0.tgz", - "integrity": "sha512-Ds09qNh8yw3khSjiJjiUInaGX9xlqZDY7JVryGxdxV7NPeuqQfplOpQ66yJFZut3jLa5zOwkXw1g9EI2uKh4Og==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/define-properties": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.2.1.tgz", - "integrity": "sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg==", - "dev": true, - "dependencies": { - "define-data-property": "^1.0.1", - "has-property-descriptors": "^1.0.0", - "object-keys": "^1.1.1" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/defu": { - "version": "6.1.4", - "resolved": "https://registry.npmjs.org/defu/-/defu-6.1.4.tgz", - "integrity": "sha512-mEQCMmwJu317oSz8CwdIOdwf3xMif1ttiM8LTufzc3g6kR+9Pe236twL8j3IYT1F7GfRgGcW6MWxzZjLIkuHIg==", - "dev": true - }, - "node_modules/del": { - "version": "6.1.1", - "resolved": "https://registry.npmjs.org/del/-/del-6.1.1.tgz", - "integrity": "sha512-ua8BhapfP0JUJKC/zV9yHHDW/rDoDxP4Zhn3AkA6/xT6gY7jYXJiaeyBZznYVujhZZET+UgcbZiQ7sN3WqcImg==", - "dev": true, - "dependencies": { - "globby": "^11.0.1", - "graceful-fs": "^4.2.4", - "is-glob": "^4.0.1", - "is-path-cwd": "^2.2.0", - "is-path-inside": "^3.0.2", - "p-map": "^4.0.0", - "rimraf": "^3.0.2", - "slash": "^3.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/delayed-stream": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", - "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/depd": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/deprecation": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/deprecation/-/deprecation-2.3.1.tgz", - "integrity": "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==" - }, - "node_modules/dequal": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/dequal/-/dequal-2.0.3.tgz", - "integrity": "sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==", - "engines": { - "node": ">=6" - } - }, - "node_modules/destroy": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", - "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", - "dev": true, - "engines": { - "node": ">= 0.8", - "npm": "1.2.8000 || >= 1.4.16" - } - }, - "node_modules/detect-indent": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/detect-indent/-/detect-indent-6.1.0.tgz", - "integrity": "sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/detect-node-es": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/detect-node-es/-/detect-node-es-1.1.0.tgz", - "integrity": "sha512-ypdmJU/TbBby2Dxibuv7ZLW3Bs1QEmM7nHjEANfohJLvE0XVujisn1qPJcZxg+qDucsr+bP6fLD1rPS3AhJ7EQ==", - "dev": true - }, - "node_modules/detect-package-manager": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/detect-package-manager/-/detect-package-manager-2.0.1.tgz", - "integrity": "sha512-j/lJHyoLlWi6G1LDdLgvUtz60Zo5GEj+sVYtTVXnYLDPuzgC3llMxonXym9zIwhhUII8vjdw0LXxavpLqTbl1A==", - "dev": true, - "dependencies": { - "execa": "^5.1.1" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/detect-port": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/detect-port/-/detect-port-1.6.1.tgz", - "integrity": "sha512-CmnVc+Hek2egPx1PeTFVta2W78xy2K/9Rkf6cC4T59S50tVnzKj+tnx5mmx5lwvCkujZ4uRrpRSuV+IVs3f90Q==", - "dev": true, - "dependencies": { - "address": "^1.0.1", - "debug": "4" - }, - "bin": { - "detect": "bin/detect-port.js", - "detect-port": "bin/detect-port.js" - }, - "engines": { - "node": ">= 4.0.0" - } - }, - "node_modules/devalue": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/devalue/-/devalue-5.0.0.tgz", - "integrity": "sha512-gO+/OMXF7488D+u3ue+G7Y4AA3ZmUnB3eHJXmBTgNHvr4ZNzl36A0ZtG+XCRNYCkYx/bFmw4qtkoFLa+wSrwAA==", - "dev": true - }, - "node_modules/didyoumean": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz", - "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==", - "dev": true - }, - "node_modules/diff-sequences": { - "version": "29.6.3", - "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-29.6.3.tgz", - "integrity": "sha512-EjePK1srD3P08o2j4f0ExnylqRs5B9tJjcp9t1krH2qRi8CCdsYfwe9JgSLurFBWwq4uOlipzfk5fHNvwFKr8Q==", - "dev": true, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/diff3": { - "version": "0.0.4", - "resolved": "https://registry.npmjs.org/diff3/-/diff3-0.0.4.tgz", - "integrity": "sha512-f1rQ7jXDn/3i37hdwRk9ohqcvLRH3+gEIgmA6qEM280WUOh7cOr3GXV8Jm5sPwUs46Nzl48SE8YNLGJoaLuodg==" - }, - "node_modules/dir-glob": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/dir-glob/-/dir-glob-3.0.1.tgz", - "integrity": "sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==", - "dev": true, - "dependencies": { - "path-type": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/dlv": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz", - "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==", - "dev": true - }, - "node_modules/doctrine": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz", - "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==", - "dev": true, - "dependencies": { - "esutils": "^2.0.2" - }, - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/dom-accessibility-api": { - "version": "0.5.16", - "resolved": "https://registry.npmjs.org/dom-accessibility-api/-/dom-accessibility-api-0.5.16.tgz", - "integrity": "sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg==", - "dev": true - }, - "node_modules/dom-serializer": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.4.1.tgz", - "integrity": "sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==", - "dev": true, - "dependencies": { - "domelementtype": "^2.0.1", - "domhandler": "^4.2.0", - "entities": "^2.0.0" - }, - "funding": { - "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1" - } - }, - "node_modules/dom-serializer/node_modules/domhandler": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", - "integrity": "sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==", - "dev": true, - "dependencies": { - "domelementtype": "^2.2.0" - }, - "engines": { - "node": ">= 4" - }, - "funding": { - "url": "https://github.com/fb55/domhandler?sponsor=1" - } - }, - "node_modules/dom-serializer/node_modules/entities": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", - "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==", - "dev": true, - "funding": { - "url": "https://github.com/fb55/entities?sponsor=1" - } - }, - "node_modules/domelementtype": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz", - "integrity": "sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/fb55" - } - ] - }, - "node_modules/domexception": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/domexception/-/domexception-4.0.0.tgz", - "integrity": "sha512-A2is4PLG+eeSfoTMA95/s4pvAoSo2mKtiM5jlHkAVewmiO8ISFTFKZjH7UAM1Atli/OT/7JHOrJRJiMKUZKYBw==", - "deprecated": "Use your platform's native DOMException instead", - "dev": true, - "dependencies": { - "webidl-conversions": "^7.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/domhandler": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-3.3.0.tgz", - "integrity": "sha512-J1C5rIANUbuYK+FuFL98650rihynUOEzRLxW+90bKZRWB6A1X1Tf82GxR1qAWLyfNPRvjqfip3Q5tdYlmAa9lA==", - "dev": true, - "dependencies": { - "domelementtype": "^2.0.1" - }, - "engines": { - "node": ">= 4" - }, - "funding": { - "url": "https://github.com/fb55/domhandler?sponsor=1" - } - }, - "node_modules/domutils": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.8.0.tgz", - "integrity": "sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==", - "dev": true, - "dependencies": { - "dom-serializer": "^1.0.1", - "domelementtype": "^2.2.0", - "domhandler": "^4.2.0" - }, - "funding": { - "url": "https://github.com/fb55/domutils?sponsor=1" - } - }, - "node_modules/domutils/node_modules/domhandler": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.3.1.tgz", - "integrity": "sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==", - "dev": true, - "dependencies": { - "domelementtype": "^2.2.0" - }, - "engines": { - "node": ">= 4" - }, - "funding": { - "url": "https://github.com/fb55/domhandler?sponsor=1" - } - }, - "node_modules/dotenv": { - "version": "16.4.5", - "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", - "integrity": "sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==", - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://dotenvx.com" - } - }, - "node_modules/dotenv-expand": { - "version": "10.0.0", - "resolved": "https://registry.npmjs.org/dotenv-expand/-/dotenv-expand-10.0.0.tgz", - "integrity": "sha512-GopVGCpVS1UKH75VKHGuQFqS1Gusej0z4FyQkPdwjil2gNIv+LNsqBlboOzpJFZKVT95GkCyWJbBSdFEFUWI2A==", - "dev": true, - "engines": { - "node": ">=12" - } - }, - "node_modules/duplexify": { - "version": "3.7.1", - "resolved": "https://registry.npmjs.org/duplexify/-/duplexify-3.7.1.tgz", - "integrity": "sha512-07z8uv2wMyS51kKhD1KsdXJg5WQ6t93RneqRxUHnskXVtlYYkLqM0gqStQZ3pj073g687jPCHrqNfCzawLYh5g==", - "dev": true, - "dependencies": { - "end-of-stream": "^1.0.0", - "inherits": "^2.0.1", - "readable-stream": "^2.0.0", - "stream-shift": "^1.0.0" - } - }, - "node_modules/duplexify/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/duplexify/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/duplexify/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/duplexify/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, - "node_modules/eastasianwidth": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz", - "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==", - "dev": true - }, - "node_modules/ecdsa-sig-formatter": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", - "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", - "dependencies": { - "safe-buffer": "^5.0.1" - } - }, - "node_modules/echarts": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/echarts/-/echarts-5.5.0.tgz", - "integrity": "sha512-rNYnNCzqDAPCr4m/fqyUFv7fD9qIsd50S6GDFgO1DxZhncCsNsG7IfUlAlvZe5oSEQxtsjnHiUuppzccry93Xw==", - "dependencies": { - "tslib": "2.3.0", - "zrender": "5.5.0" - } - }, - "node_modules/echarts/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - }, - "node_modules/ee-first": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", - "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", - "dev": true - }, - "node_modules/ejs": { - "version": "3.1.10", - "resolved": "https://registry.npmjs.org/ejs/-/ejs-3.1.10.tgz", - "integrity": "sha512-UeJmFfOrAQS8OJWPZ4qtgHyWExa088/MtK5UEyoJGFH67cDEXkZSviOiKRCZ4Xij0zxI3JECgYs3oKx+AizQBA==", - "dev": true, - "dependencies": { - "jake": "^10.8.5" - }, - "bin": { - "ejs": "bin/cli.js" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/electron-to-chromium": { - "version": "1.4.792", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.792.tgz", - "integrity": "sha512-rkg5/N3L+Y844JyfgPUyuKK0Hk0efo3JNxUDKvz3HgP6EmN4rNGhr2D8boLsfTV/hGo7ZGAL8djw+jlg99zQyA==", - "dev": true - }, - "node_modules/emoji-regex": { - "version": "9.2.2", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz", - "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==", - "dev": true - }, - "node_modules/encodeurl": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz", - "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/end-of-stream": { - "version": "1.4.4", - "resolved": "https://registry.npmjs.org/end-of-stream/-/end-of-stream-1.4.4.tgz", - "integrity": "sha512-+uw1inIHVPQoaVuHzRyXd21icM+cnt4CzD5rW+NC1wjOUSTOs+Te7FOv7AhN7vS9x/oIyhLP5PR1H+phQAHu5Q==", - "dev": true, - "dependencies": { - "once": "^1.4.0" - } - }, - "node_modules/enquirer": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.4.1.tgz", - "integrity": "sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ==", - "dev": true, - "dependencies": { - "ansi-colors": "^4.1.1", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8.6" - } - }, - "node_modules/entities": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz", - "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", - "dev": true, - "engines": { - "node": ">=0.12" - }, - "funding": { - "url": "https://github.com/fb55/entities?sponsor=1" - } - }, - "node_modules/envinfo": { - "version": "7.13.0", - "resolved": "https://registry.npmjs.org/envinfo/-/envinfo-7.13.0.tgz", - "integrity": "sha512-cvcaMr7KqXVh4nyzGTVqTum+gAiL265x5jUWQIDLq//zOGbW+gSW/C+OWLleY/rs9Qole6AZLMXPbtIFQbqu+Q==", - "dev": true, - "bin": { - "envinfo": "dist/cli.js" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/error-ex": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz", - "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==", - "dev": true, - "dependencies": { - "is-arrayish": "^0.2.1" - } - }, - "node_modules/es-define-property": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz", - "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==", - "dev": true, - "dependencies": { - "get-intrinsic": "^1.2.4" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/es-errors": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", - "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", - "dev": true, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/es-get-iterator": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/es-get-iterator/-/es-get-iterator-1.1.3.tgz", - "integrity": "sha512-sPZmqHBe6JIiTfN5q2pEi//TwxmAFHwj/XEuYjTuse78i8KxaqMTTzxPoFKuzRpDpTJ+0NAbpfenkmH2rePtuw==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.2", - "get-intrinsic": "^1.1.3", - "has-symbols": "^1.0.3", - "is-arguments": "^1.1.1", - "is-map": "^2.0.2", - "is-set": "^2.0.2", - "is-string": "^1.0.7", - "isarray": "^2.0.5", - "stop-iteration-iterator": "^1.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/es-module-lexer": { - "version": "0.9.3", - "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-0.9.3.tgz", - "integrity": "sha512-1HQ2M2sPtxwnvOvT1ZClHyQDiggdNjURWpY2we6aMKCQiUVxTmVs2UYPLIrD84sS+kMdUwfBSylbJPwNnBrnHQ==", - "dev": true - }, - "node_modules/es6-promise": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-3.3.1.tgz", - "integrity": "sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg==", - "dev": true - }, - "node_modules/esbuild": { - "version": "0.18.20", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.18.20.tgz", - "integrity": "sha512-ceqxoedUrcayh7Y7ZX6NdbbDzGROiyVBgC4PriJThBKSVPWnnFHZAkfI1lJT8QFkOwH4qOS2SJkS4wvpGl8BpA==", - "dev": true, - "hasInstallScript": true, - "bin": { - "esbuild": "bin/esbuild" - }, - "engines": { - "node": ">=12" - }, - "optionalDependencies": { - "@esbuild/android-arm": "0.18.20", - "@esbuild/android-arm64": "0.18.20", - "@esbuild/android-x64": "0.18.20", - "@esbuild/darwin-arm64": "0.18.20", - "@esbuild/darwin-x64": "0.18.20", - "@esbuild/freebsd-arm64": "0.18.20", - "@esbuild/freebsd-x64": "0.18.20", - "@esbuild/linux-arm": "0.18.20", - "@esbuild/linux-arm64": "0.18.20", - "@esbuild/linux-ia32": "0.18.20", - "@esbuild/linux-loong64": "0.18.20", - "@esbuild/linux-mips64el": "0.18.20", - "@esbuild/linux-ppc64": "0.18.20", - "@esbuild/linux-riscv64": "0.18.20", - "@esbuild/linux-s390x": "0.18.20", - "@esbuild/linux-x64": "0.18.20", - "@esbuild/netbsd-x64": "0.18.20", - "@esbuild/openbsd-x64": "0.18.20", - "@esbuild/sunos-x64": "0.18.20", - "@esbuild/win32-arm64": "0.18.20", - "@esbuild/win32-ia32": "0.18.20", - "@esbuild/win32-x64": "0.18.20" - } - }, - "node_modules/esbuild-plugin-alias": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/esbuild-plugin-alias/-/esbuild-plugin-alias-0.2.1.tgz", - "integrity": "sha512-jyfL/pwPqaFXyKnj8lP8iLk6Z0m099uXR45aSN8Av1XD4vhvQutxxPzgA2bTcAwQpa1zCXDcWOlhFgyP3GKqhQ==", - "dev": true - }, - "node_modules/esbuild-register": { - "version": "3.5.0", - "resolved": "https://registry.npmjs.org/esbuild-register/-/esbuild-register-3.5.0.tgz", - "integrity": "sha512-+4G/XmakeBAsvJuDugJvtyF1x+XJT4FMocynNpxrvEBViirpfUn2PgNpCHedfWhF4WokNsO/OvMKrmJOIJsI5A==", - "dev": true, - "dependencies": { - "debug": "^4.3.4" - }, - "peerDependencies": { - "esbuild": ">=0.12 <1" - } - }, - "node_modules/esbuild-runner": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/esbuild-runner/-/esbuild-runner-2.2.2.tgz", - "integrity": "sha512-fRFVXcmYVmSmtYm2mL8RlUASt2TDkGh3uRcvHFOKNr/T58VrfVeKD9uT9nlgxk96u0LS0ehS/GY7Da/bXWKkhw==", - "dev": true, - "optional": true, - "peer": true, - "dependencies": { - "source-map-support": "0.5.21", - "tslib": "2.4.0" - }, - "bin": { - "esr": "bin/esr.js" - }, - "peerDependencies": { - "esbuild": "*" - } - }, - "node_modules/esbuild-runner/node_modules/tslib": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.4.0.tgz", - "integrity": "sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ==", - "dev": true, - "optional": true, - "peer": true - }, - "node_modules/escalade": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz", - "integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/escape-html": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", - "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", - "dev": true - }, - "node_modules/escape-string-regexp": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz", - "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/eslint": { - "version": "8.57.0", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.0.tgz", - "integrity": "sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==", - "dev": true, - "dependencies": { - "@eslint-community/eslint-utils": "^4.2.0", - "@eslint-community/regexpp": "^4.6.1", - "@eslint/eslintrc": "^2.1.4", - "@eslint/js": "8.57.0", - "@humanwhocodes/config-array": "^0.11.14", - "@humanwhocodes/module-importer": "^1.0.1", - "@nodelib/fs.walk": "^1.2.8", - "@ungap/structured-clone": "^1.2.0", - "ajv": "^6.12.4", - "chalk": "^4.0.0", - "cross-spawn": "^7.0.2", - "debug": "^4.3.2", - "doctrine": "^3.0.0", - "escape-string-regexp": "^4.0.0", - "eslint-scope": "^7.2.2", - "eslint-visitor-keys": "^3.4.3", - "espree": "^9.6.1", - "esquery": "^1.4.2", - "esutils": "^2.0.2", - "fast-deep-equal": "^3.1.3", - "file-entry-cache": "^6.0.1", - "find-up": "^5.0.0", - "glob-parent": "^6.0.2", - "globals": "^13.19.0", - "graphemer": "^1.4.0", - "ignore": "^5.2.0", - "imurmurhash": "^0.1.4", - "is-glob": "^4.0.0", - "is-path-inside": "^3.0.3", - "js-yaml": "^4.1.0", - "json-stable-stringify-without-jsonify": "^1.0.1", - "levn": "^0.4.1", - "lodash.merge": "^4.6.2", - "minimatch": "^3.1.2", - "natural-compare": "^1.4.0", - "optionator": "^0.9.3", - "strip-ansi": "^6.0.1", - "text-table": "^0.2.0" - }, - "bin": { - "eslint": "bin/eslint.js" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/eslint-compat-utils": { - "version": "0.5.1", - "resolved": "https://registry.npmjs.org/eslint-compat-utils/-/eslint-compat-utils-0.5.1.tgz", - "integrity": "sha512-3z3vFexKIEnjHE3zCMRo6fn/e44U7T1khUjg+Hp0ZQMCigh28rALD0nPFBcGZuiLC5rLZa2ubQHDRln09JfU2Q==", - "dev": true, - "dependencies": { - "semver": "^7.5.4" - }, - "engines": { - "node": ">=12" - }, - "peerDependencies": { - "eslint": ">=6.0.0" - } - }, - "node_modules/eslint-compat-utils/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/eslint-config-prettier": { - "version": "8.10.0", - "resolved": "https://registry.npmjs.org/eslint-config-prettier/-/eslint-config-prettier-8.10.0.tgz", - "integrity": "sha512-SM8AMJdeQqRYT9O9zguiruQZaN7+z+E4eAP9oiLNGKMtomwaB1E9dcgUD6ZAn/eQAb52USbvezbiljfZUhbJcg==", - "dev": true, - "bin": { - "eslint-config-prettier": "bin/cli.js" - }, - "peerDependencies": { - "eslint": ">=7.0.0" - } - }, - "node_modules/eslint-plugin-storybook": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/eslint-plugin-storybook/-/eslint-plugin-storybook-0.8.0.tgz", - "integrity": "sha512-CZeVO5EzmPY7qghO2t64oaFM+8FTaD4uzOEjHKp516exyTKo+skKAL9GI3QALS2BXhyALJjNtwbmr1XinGE8bA==", - "dev": true, - "dependencies": { - "@storybook/csf": "^0.0.1", - "@typescript-eslint/utils": "^5.62.0", - "requireindex": "^1.2.0", - "ts-dedent": "^2.2.0" - }, - "engines": { - "node": ">= 18" - }, - "peerDependencies": { - "eslint": ">=6" - } - }, - "node_modules/eslint-plugin-storybook/node_modules/@storybook/csf": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/@storybook/csf/-/csf-0.0.1.tgz", - "integrity": "sha512-USTLkZze5gkel8MYCujSRBVIrUQ3YPBrLOx7GNk/0wttvVtlzWXAq9eLbQ4p/NicGxP+3T7KPEMVV//g+yubpw==", - "dev": true, - "dependencies": { - "lodash": "^4.17.15" - } - }, - "node_modules/eslint-plugin-svelte": { - "version": "2.39.0", - "resolved": "https://registry.npmjs.org/eslint-plugin-svelte/-/eslint-plugin-svelte-2.39.0.tgz", - "integrity": "sha512-FXktBLXsrxbA+6ZvJK2z/sQOrUKyzSg3fNWK5h0reSCjr2fjAsc9ai/s/JvSl4Hgvz3nYVtTIMwarZH5RcB7BA==", - "dev": true, - "dependencies": { - "@eslint-community/eslint-utils": "^4.4.0", - "@jridgewell/sourcemap-codec": "^1.4.15", - "debug": "^4.3.4", - "eslint-compat-utils": "^0.5.0", - "esutils": "^2.0.3", - "known-css-properties": "^0.31.0", - "postcss": "^8.4.38", - "postcss-load-config": "^3.1.4", - "postcss-safe-parser": "^6.0.0", - "postcss-selector-parser": "^6.0.16", - "semver": "^7.6.0", - "svelte-eslint-parser": ">=0.36.0 <1.0.0" - }, - "engines": { - "node": "^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/ota-meshi" - }, - "peerDependencies": { - "eslint": "^7.0.0 || ^8.0.0-0 || ^9.0.0-0", - "svelte": "^3.37.0 || ^4.0.0 || ^5.0.0-next.112" - }, - "peerDependenciesMeta": { - "svelte": { - "optional": true - } - } - }, - "node_modules/eslint-plugin-svelte/node_modules/postcss-selector-parser": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.0.tgz", - "integrity": "sha512-UMz42UD0UY0EApS0ZL9o1XnLhSTtvvvLe5Dc2H2O56fvRZi+KulDyf5ctDhhtYJBGKStV2FL1fy6253cmLgqVQ==", - "dev": true, - "dependencies": { - "cssesc": "^3.0.0", - "util-deprecate": "^1.0.2" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/eslint-plugin-svelte/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/eslint-scope": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz", - "integrity": "sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==", - "dev": true, - "dependencies": { - "esrecurse": "^4.3.0", - "estraverse": "^4.1.1" - }, - "engines": { - "node": ">=8.0.0" - } - }, - "node_modules/eslint-utils": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-3.0.0.tgz", - "integrity": "sha512-uuQC43IGctw68pJA1RgbQS8/NP7rch6Cwd4j3ZBtgo4/8Flj4eGE7ZYSZRN3iq5pVUv6GPdW5Z1RFleo84uLDA==", - "dev": true, - "dependencies": { - "eslint-visitor-keys": "^2.0.0" - }, - "engines": { - "node": "^10.0.0 || ^12.0.0 || >= 14.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/mysticatea" - }, - "peerDependencies": { - "eslint": ">=5" - } - }, - "node_modules/eslint-utils/node_modules/eslint-visitor-keys": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-2.1.0.tgz", - "integrity": "sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==", - "dev": true, - "engines": { - "node": ">=10" - } - }, - "node_modules/eslint-visitor-keys": { - "version": "3.4.3", - "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz", - "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==", - "dev": true, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/eslint/node_modules/argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true - }, - "node_modules/eslint/node_modules/eslint-scope": { - "version": "7.2.2", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", - "integrity": "sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==", - "dev": true, - "dependencies": { - "esrecurse": "^4.3.0", - "estraverse": "^5.2.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/eslint/node_modules/estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", - "dev": true, - "engines": { - "node": ">=4.0" - } - }, - "node_modules/eslint/node_modules/globals": { - "version": "13.24.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", - "integrity": "sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==", - "dev": true, - "dependencies": { - "type-fest": "^0.20.2" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/eslint/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, - "dependencies": { - "argparse": "^2.0.1" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, - "node_modules/eslint/node_modules/type-fest": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", - "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/esm-env": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/esm-env/-/esm-env-1.0.0.tgz", - "integrity": "sha512-Cf6VksWPsTuW01vU9Mk/3vRue91Zevka5SjyNf3nEpokFRuqt/KjUQoGAwq9qMmhpLTHmXzSIrFRw8zxWzmFBA==", - "dev": true - }, - "node_modules/espree": { - "version": "9.6.1", - "resolved": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", - "integrity": "sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==", - "dev": true, - "dependencies": { - "acorn": "^8.9.0", - "acorn-jsx": "^5.3.2", - "eslint-visitor-keys": "^3.4.1" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/esprima": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz", - "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==", - "dev": true, - "bin": { - "esparse": "bin/esparse.js", - "esvalidate": "bin/esvalidate.js" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/esquery": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", - "integrity": "sha512-YQLXUplAwJgCydQ78IMJywZCceoqk1oH01OERdSAJc/7U2AylwjhSCLDEtqwg811idIS/9fIU5GjG73IgjKMVg==", - "dev": true, - "dependencies": { - "estraverse": "^5.1.0" - }, - "engines": { - "node": ">=0.10" - } - }, - "node_modules/esquery/node_modules/estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", - "dev": true, - "engines": { - "node": ">=4.0" - } - }, - "node_modules/esrecurse": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz", - "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==", - "dev": true, - "dependencies": { - "estraverse": "^5.2.0" - }, - "engines": { - "node": ">=4.0" - } - }, - "node_modules/esrecurse/node_modules/estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", - "dev": true, - "engines": { - "node": ">=4.0" - } - }, - "node_modules/estraverse": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz", - "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==", - "dev": true, - "engines": { - "node": ">=4.0" - } - }, - "node_modules/estree-walker": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-2.0.2.tgz", - "integrity": "sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==", - "dev": true - }, - "node_modules/esutils": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz", - "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/etag": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", - "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/execa": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/execa/-/execa-5.1.1.tgz", - "integrity": "sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==", - "dev": true, - "dependencies": { - "cross-spawn": "^7.0.3", - "get-stream": "^6.0.0", - "human-signals": "^2.1.0", - "is-stream": "^2.0.0", - "merge-stream": "^2.0.0", - "npm-run-path": "^4.0.1", - "onetime": "^5.1.2", - "signal-exit": "^3.0.3", - "strip-final-newline": "^2.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sindresorhus/execa?sponsor=1" - } - }, - "node_modules/execa/node_modules/signal-exit": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", - "dev": true - }, - "node_modules/express": { - "version": "4.19.2", - "resolved": "https://registry.npmjs.org/express/-/express-4.19.2.tgz", - "integrity": "sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==", - "dev": true, - "dependencies": { - "accepts": "~1.3.8", - "array-flatten": "1.1.1", - "body-parser": "1.20.2", - "content-disposition": "0.5.4", - "content-type": "~1.0.4", - "cookie": "0.6.0", - "cookie-signature": "1.0.6", - "debug": "2.6.9", - "depd": "2.0.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "finalhandler": "1.2.0", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "merge-descriptors": "1.0.1", - "methods": "~1.1.2", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "path-to-regexp": "0.1.7", - "proxy-addr": "~2.0.7", - "qs": "6.11.0", - "range-parser": "~1.2.1", - "safe-buffer": "5.2.1", - "send": "0.18.0", - "serve-static": "1.15.0", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "type-is": "~1.6.18", - "utils-merge": "1.0.1", - "vary": "~1.1.2" - }, - "engines": { - "node": ">= 0.10.0" - } - }, - "node_modules/express/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/express/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/express/node_modules/qs": { - "version": "6.11.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", - "dev": true, - "dependencies": { - "side-channel": "^1.0.4" - }, - "engines": { - "node": ">=0.6" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/extend": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz", - "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==", - "dev": true - }, - "node_modules/extract-zip": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-1.7.0.tgz", - "integrity": "sha512-xoh5G1W/PB0/27lXgMQyIhP5DSY/LhoCsOyZgb+6iMmRtCwVBo55uKaMoEYrDCKQhWvqEip5ZPKAc6eFNyf/MA==", - "dev": true, - "dependencies": { - "concat-stream": "^1.6.2", - "debug": "^2.6.9", - "mkdirp": "^0.5.4", - "yauzl": "^2.10.0" - }, - "bin": { - "extract-zip": "cli.js" - } - }, - "node_modules/extract-zip/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/extract-zip/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/fast-deep-equal": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", - "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==", - "dev": true - }, - "node_modules/fast-glob": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz", - "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==", - "dev": true, - "dependencies": { - "@nodelib/fs.stat": "^2.0.2", - "@nodelib/fs.walk": "^1.2.3", - "glob-parent": "^5.1.2", - "merge2": "^1.3.0", - "micromatch": "^4.0.4" - }, - "engines": { - "node": ">=8.6.0" - } - }, - "node_modules/fast-glob/node_modules/glob-parent": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", - "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", - "dev": true, - "dependencies": { - "is-glob": "^4.0.1" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/fast-json-stable-stringify": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz", - "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==", - "dev": true - }, - "node_modules/fast-levenshtein": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz", - "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==", - "dev": true - }, - "node_modules/fastq": { - "version": "1.17.1", - "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz", - "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==", - "dev": true, - "dependencies": { - "reusify": "^1.0.4" - } - }, - "node_modules/fb-watchman": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/fb-watchman/-/fb-watchman-2.0.2.tgz", - "integrity": "sha512-p5161BqbuCaSnB8jIbzQHOlpgsPmK5rJVDfDKO91Axs5NC1uu3HRQm6wt9cd9/+GtQQIO53JdGXXoyDpTAsgYA==", - "dev": true, - "dependencies": { - "bser": "2.1.1" - } - }, - "node_modules/fd-slicer": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", - "integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==", - "dev": true, - "dependencies": { - "pend": "~1.2.0" - } - }, - "node_modules/fetch-retry": { - "version": "5.0.6", - "resolved": "https://registry.npmjs.org/fetch-retry/-/fetch-retry-5.0.6.tgz", - "integrity": "sha512-3yurQZ2hD9VISAhJJP9bpYFNQrHHBXE2JxxjY5aLEcDi46RmAzJE2OC9FAde0yis5ElW0jTTzs0zfg/Cca4XqQ==", - "dev": true - }, - "node_modules/fflate": { - "version": "0.8.2", - "resolved": "https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz", - "integrity": "sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==", - "dev": true - }, - "node_modules/file-entry-cache": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-6.0.1.tgz", - "integrity": "sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==", - "dev": true, - "dependencies": { - "flat-cache": "^3.0.4" - }, - "engines": { - "node": "^10.12.0 || >=12.0.0" - } - }, - "node_modules/file-system-cache": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/file-system-cache/-/file-system-cache-2.3.0.tgz", - "integrity": "sha512-l4DMNdsIPsVnKrgEXbJwDJsA5mB8rGwHYERMgqQx/xAUtChPJMre1bXBzDEqqVbWv9AIbFezXMxeEkZDSrXUOQ==", - "dev": true, - "dependencies": { - "fs-extra": "11.1.1", - "ramda": "0.29.0" - } - }, - "node_modules/file-system-cache/node_modules/fs-extra": { - "version": "11.1.1", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.1.1.tgz", - "integrity": "sha512-MGIE4HOvQCeUCzmlHs0vXpih4ysz4wg9qiSAu6cd42lVwPbTM1TjV7RusoyQqMmk/95gdQZX72u+YW+c3eEpFQ==", - "dev": true, - "dependencies": { - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - }, - "engines": { - "node": ">=14.14" - } - }, - "node_modules/filelist": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", - "integrity": "sha512-w1cEuf3S+DrLCQL7ET6kz+gmlJdbq9J7yXCSjK/OZCPA+qEN1WyF4ZAf0YYJa4/shHJra2t/d/r8SV4Ji+x+8Q==", - "dev": true, - "dependencies": { - "minimatch": "^5.0.1" - } - }, - "node_modules/filelist/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "dev": true, - "dependencies": { - "balanced-match": "^1.0.0" - } - }, - "node_modules/filelist/node_modules/minimatch": { - "version": "5.1.6", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.1.6.tgz", - "integrity": "sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g==", - "dev": true, - "dependencies": { - "brace-expansion": "^2.0.1" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/fill-range": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", - "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", - "dependencies": { - "to-regex-range": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/finalhandler": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz", - "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==", - "dev": true, - "dependencies": { - "debug": "2.6.9", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "on-finished": "2.4.1", - "parseurl": "~1.3.3", - "statuses": "2.0.1", - "unpipe": "~1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/finalhandler/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/finalhandler/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/find-cache-dir": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.2.tgz", - "integrity": "sha512-wXZV5emFEjrridIgED11OoUKLxiYjAcqot/NJdAkOhlJ+vGzwhOAfcG5OX1jP+S0PcjEn8bdMJv+g2jwQ3Onig==", - "dev": true, - "dependencies": { - "commondir": "^1.0.1", - "make-dir": "^3.0.2", - "pkg-dir": "^4.1.0" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/avajs/find-cache-dir?sponsor=1" - } - }, - "node_modules/find-cache-dir/node_modules/find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "dev": true, - "dependencies": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/find-cache-dir/node_modules/locate-path": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", - "dev": true, - "dependencies": { - "p-locate": "^4.1.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/find-cache-dir/node_modules/p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "dev": true, - "dependencies": { - "p-try": "^2.0.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/find-cache-dir/node_modules/p-locate": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", - "dev": true, - "dependencies": { - "p-limit": "^2.2.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/find-cache-dir/node_modules/pkg-dir": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz", - "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==", - "dev": true, - "dependencies": { - "find-up": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/find-up": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz", - "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==", - "dev": true, - "dependencies": { - "locate-path": "^6.0.0", - "path-exists": "^4.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/flat-cache": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-3.2.0.tgz", - "integrity": "sha512-CYcENa+FtcUKLmhhqyctpclsq7QF38pKjZHsGNiSQF5r4FtoKDWabFDl3hzaEQMvT1LHEysw5twgLvpYYb4vbw==", - "dev": true, - "dependencies": { - "flatted": "^3.2.9", - "keyv": "^4.5.3", - "rimraf": "^3.0.2" - }, - "engines": { - "node": "^10.12.0 || >=12.0.0" - } - }, - "node_modules/flatted": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.1.tgz", - "integrity": "sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==", - "dev": true - }, - "node_modules/flow-parser": { - "version": "0.237.2", - "resolved": "https://registry.npmjs.org/flow-parser/-/flow-parser-0.237.2.tgz", - "integrity": "sha512-mvI/kdfr3l1waaPbThPA8dJa77nHXrfZIun+SWvFwSwDjmeByU7mGJGRmv1+7guU6ccyLV8e1lqZA1lD4iMGnQ==", - "dev": true, - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/follow-redirects": { - "version": "1.15.6", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", - "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==", - "funding": [ - { - "type": "individual", - "url": "https://github.com/sponsors/RubenVerborgh" - } - ], - "engines": { - "node": ">=4.0" - }, - "peerDependenciesMeta": { - "debug": { - "optional": true - } - } - }, - "node_modules/for-each": { - "version": "0.3.3", - "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz", - "integrity": "sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==", - "dev": true, - "dependencies": { - "is-callable": "^1.1.3" - } - }, - "node_modules/foreground-child": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz", - "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==", - "dev": true, - "dependencies": { - "cross-spawn": "^7.0.0", - "signal-exit": "^4.0.1" - }, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/form-data": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", - "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", - "dependencies": { - "asynckit": "^0.4.0", - "combined-stream": "^1.0.8", - "mime-types": "^2.1.12" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/forwarded": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", - "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/fraction.js": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz", - "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==", - "dev": true, - "engines": { - "node": "*" - }, - "funding": { - "type": "patreon", - "url": "https://github.com/sponsors/rawify" - } - }, - "node_modules/fresh": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", - "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/fs-constants": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs-constants/-/fs-constants-1.0.0.tgz", - "integrity": "sha512-y6OAwoSIf7FyjMIv94u+b5rdheZEjzR63GTyZJm5qh4Bi+2YgwLCcI/fPFZkL5PSixOt6ZNKm+w+Hfp/Bciwow==", - "dev": true - }, - "node_modules/fs-extra": { - "version": "11.2.0", - "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-11.2.0.tgz", - "integrity": "sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==", - "dev": true, - "dependencies": { - "graceful-fs": "^4.2.0", - "jsonfile": "^6.0.1", - "universalify": "^2.0.0" - }, - "engines": { - "node": ">=14.14" - } - }, - "node_modules/fs-minipass": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/fs-minipass/-/fs-minipass-2.1.0.tgz", - "integrity": "sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==", - "dev": true, - "dependencies": { - "minipass": "^3.0.0" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/fs-minipass/node_modules/minipass": { - "version": "3.3.6", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", - "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", - "dev": true, - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/fs-minipass/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", - "dev": true - }, - "node_modules/fs.realpath": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", - "integrity": "sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==", - "dev": true - }, - "node_modules/fsevents": { - "version": "2.3.3", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", - "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", - "hasInstallScript": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, - "node_modules/function-bind": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", - "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", - "dev": true, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/functional-red-black-tree": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz", - "integrity": "sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==", - "dev": true - }, - "node_modules/functions-have-names": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/functions-have-names/-/functions-have-names-1.2.3.tgz", - "integrity": "sha512-xckBUXyTIqT97tq2x2AMb+g163b5JFysYk0x4qxNFwbfQkmNZoiRHb6sPzI9/QV33WeuvVYBUIiD4NzNIyqaRQ==", - "dev": true, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/gensync": { - "version": "1.0.0-beta.2", - "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.2.tgz", - "integrity": "sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==", - "dev": true, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/get-func-name": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.2.tgz", - "integrity": "sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==", - "dev": true, - "engines": { - "node": "*" - } - }, - "node_modules/get-intrinsic": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz", - "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==", - "dev": true, - "dependencies": { - "es-errors": "^1.3.0", - "function-bind": "^1.1.2", - "has-proto": "^1.0.1", - "has-symbols": "^1.0.3", - "hasown": "^2.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/get-nonce": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/get-nonce/-/get-nonce-1.0.1.tgz", - "integrity": "sha512-FJhYRoDaiatfEkUK8HKlicmu/3SGFD51q3itKDGoSTysQJBnfOcxU5GxnhE1E6soB76MbT0MBtnKJuXyAx+96Q==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/get-npm-tarball-url": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/get-npm-tarball-url/-/get-npm-tarball-url-2.1.0.tgz", - "integrity": "sha512-ro+DiMu5DXgRBabqXupW38h7WPZ9+Ad8UjwhvsmmN8w1sU7ab0nzAXvVZ4kqYg57OrqomRtJvepX5/xvFKNtjA==", - "dev": true, - "engines": { - "node": ">=12.17" - } - }, - "node_modules/get-package-type": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz", - "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==", - "dev": true, - "engines": { - "node": ">=8.0.0" - } - }, - "node_modules/get-port": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/get-port/-/get-port-5.1.1.tgz", - "integrity": "sha512-g/Q1aTSDOxFpchXC4i8ZWvxA1lnPqx/JHqcpIw0/LX9T8x/GBbi6YnlN5nhaKIFkT8oFsscUKgDJYxfwfS6QsQ==", - "dev": true, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/get-stream": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-6.0.1.tgz", - "integrity": "sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/giget": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/giget/-/giget-1.2.3.tgz", - "integrity": "sha512-8EHPljDvs7qKykr6uw8b+lqLiUc/vUg+KVTI0uND4s63TdsZM2Xus3mflvF0DDG9SiM4RlCkFGL+7aAjRmV7KA==", - "dev": true, - "dependencies": { - "citty": "^0.1.6", - "consola": "^3.2.3", - "defu": "^6.1.4", - "node-fetch-native": "^1.6.3", - "nypm": "^0.3.8", - "ohash": "^1.1.3", - "pathe": "^1.1.2", - "tar": "^6.2.0" - }, - "bin": { - "giget": "dist/cli.mjs" - } - }, - "node_modules/github-slugger": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/github-slugger/-/github-slugger-1.5.0.tgz", - "integrity": "sha512-wIh+gKBI9Nshz2o46B0B3f5k/W+WI9ZAv6y5Dn5WJ5SK1t0TnDimB4WE5rmTD05ZAIn8HALCZVmCsvj0w0v0lw==", - "dev": true - }, - "node_modules/glob": { - "version": "10.4.1", - "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz", - "integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==", - "dev": true, - "dependencies": { - "foreground-child": "^3.1.0", - "jackspeak": "^3.1.2", - "minimatch": "^9.0.4", - "minipass": "^7.1.2", - "path-scurry": "^1.11.1" - }, - "bin": { - "glob": "dist/esm/bin.mjs" - }, - "engines": { - "node": ">=16 || 14 >=14.18" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/glob-parent": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz", - "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==", - "dev": true, - "dependencies": { - "is-glob": "^4.0.3" - }, - "engines": { - "node": ">=10.13.0" - } - }, - "node_modules/glob-to-regexp": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz", - "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==", - "dev": true - }, - "node_modules/glob/node_modules/brace-expansion": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz", - "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==", - "dev": true, - "dependencies": { - "balanced-match": "^1.0.0" - } - }, - "node_modules/glob/node_modules/minimatch": { - "version": "9.0.4", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz", - "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==", - "dev": true, - "dependencies": { - "brace-expansion": "^2.0.1" - }, - "engines": { - "node": ">=16 || 14 >=14.17" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/globals": { - "version": "11.12.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz", - "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/globalyzer": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/globalyzer/-/globalyzer-0.1.0.tgz", - "integrity": "sha512-40oNTM9UfG6aBmuKxk/giHn5nQ8RVz/SS4Ir6zgzOv9/qC3kKZ9v4etGTcJbEl/NyVQH7FGU7d+X1egr57Md2Q==", - "dev": true - }, - "node_modules/globby": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/globby/-/globby-11.1.0.tgz", - "integrity": "sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==", - "dev": true, - "dependencies": { - "array-union": "^2.1.0", - "dir-glob": "^3.0.1", - "fast-glob": "^3.2.9", - "ignore": "^5.2.0", - "merge2": "^1.4.1", - "slash": "^3.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/globrex": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/globrex/-/globrex-0.1.2.tgz", - "integrity": "sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg==", - "dev": true - }, - "node_modules/gopd": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", - "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", - "dev": true, - "dependencies": { - "get-intrinsic": "^1.1.3" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/graceful-fs": { - "version": "4.2.11", - "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz", - "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==", - "dev": true - }, - "node_modules/graphemer": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz", - "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==", - "dev": true - }, - "node_modules/guess-json-indent": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/guess-json-indent/-/guess-json-indent-2.0.0.tgz", - "integrity": "sha512-3Tm6R43KhtZWEVSHZnFmYMV9+gf3Vu0HXNNYtPVk2s7o8eGwYlJPHrjLtYw/7HBc10YxV+bfzKMuOf24z5qFng==", - "engines": { - "node": ">=16.17.0" - } - }, - "node_modules/gunzip-maybe": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/gunzip-maybe/-/gunzip-maybe-1.4.2.tgz", - "integrity": "sha512-4haO1M4mLO91PW57BMsDFf75UmwoRX0GkdD+Faw+Lr+r/OZrOCS0pIBwOL1xCKQqnQzbNFGgK2V2CpBUPeFNTw==", - "dev": true, - "dependencies": { - "browserify-zlib": "^0.1.4", - "is-deflate": "^1.0.0", - "is-gzip": "^1.0.0", - "peek-stream": "^1.1.0", - "pumpify": "^1.3.3", - "through2": "^2.0.3" - }, - "bin": { - "gunzip-maybe": "bin.js" - } - }, - "node_modules/handlebars": { - "version": "4.7.8", - "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.7.8.tgz", - "integrity": "sha512-vafaFqs8MZkRrSX7sFVUdo3ap/eNiLnb4IakshzvP56X5Nr1iGKAIqdX6tMlm6HcNRIkr6AxO5jFEoJzzpT8aQ==", - "dev": true, - "dependencies": { - "minimist": "^1.2.5", - "neo-async": "^2.6.2", - "source-map": "^0.6.1", - "wordwrap": "^1.0.0" - }, - "bin": { - "handlebars": "bin/handlebars" - }, - "engines": { - "node": ">=0.4.7" - }, - "optionalDependencies": { - "uglify-js": "^3.1.4" - } - }, - "node_modules/has-bigints": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz", - "integrity": "sha512-tSvCKtBr9lkF0Ex0aQiP9N+OpV4zi2r/Nee5VkRDbaqv35RLYMzbwQfFSZZH0kR+Rd6302UJZ2p/bJCEoR3VoQ==", - "dev": true, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/has-flag": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz", - "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/has-property-descriptors": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz", - "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==", - "dev": true, - "dependencies": { - "es-define-property": "^1.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/has-proto": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz", - "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==", - "dev": true, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/has-symbols": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", - "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", - "dev": true, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/has-tostringtag": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.2.tgz", - "integrity": "sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==", - "dev": true, - "dependencies": { - "has-symbols": "^1.0.3" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/hasown": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", - "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", - "dev": true, - "dependencies": { - "function-bind": "^1.1.2" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/hosted-git-info": { - "version": "2.8.9", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz", - "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==", - "dev": true - }, - "node_modules/html-encoding-sniffer": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-3.0.0.tgz", - "integrity": "sha512-oWv4T4yJ52iKrufjnyZPkrN0CH3QnrUqdB6In1g5Fe1mia8GmF36gnfNySxoZtxD5+NmYw1EElVXiBk93UeskA==", - "dev": true, - "dependencies": { - "whatwg-encoding": "^2.0.0" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/html-escaper": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz", - "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==", - "dev": true - }, - "node_modules/htmlparser2-svelte": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/htmlparser2-svelte/-/htmlparser2-svelte-4.1.0.tgz", - "integrity": "sha512-+4f4RBFz7Rj2Hp0ZbFbXC+Kzbd6S9PgjiuFtdT76VMNgKogrEZy0pG2UrPycPbrZzVEIM5lAT3lAdkSTCHLPjg==", - "dev": true, - "dependencies": { - "domelementtype": "^2.0.1", - "domhandler": "^3.0.0", - "domutils": "^2.0.0", - "entities": "^2.0.0" - } - }, - "node_modules/htmlparser2-svelte/node_modules/entities": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", - "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==", - "dev": true, - "funding": { - "url": "https://github.com/fb55/entities?sponsor=1" - } - }, - "node_modules/http-errors": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.0.tgz", - "integrity": "sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==", - "dev": true, - "dependencies": { - "depd": "2.0.0", - "inherits": "2.0.4", - "setprototypeof": "1.2.0", - "statuses": "2.0.1", - "toidentifier": "1.0.1" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/http-proxy-agent": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-5.0.0.tgz", - "integrity": "sha512-n2hY8YdoRE1i7r6M0w9DIw5GgZN0G25P8zLCRQ8rjXtTU3vsNFBI/vWK/UIeE6g5MUUz6avwAPXmL6Fy9D/90w==", - "dev": true, - "dependencies": { - "@tootallnate/once": "2", - "agent-base": "6", - "debug": "4" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/https-proxy-agent": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", - "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", - "dev": true, - "dependencies": { - "agent-base": "6", - "debug": "4" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/human-signals": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-2.1.0.tgz", - "integrity": "sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==", - "dev": true, - "engines": { - "node": ">=10.17.0" - } - }, - "node_modules/iconv-lite": { - "version": "0.4.24", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", - "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", - "dev": true, - "dependencies": { - "safer-buffer": ">= 2.1.2 < 3" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/ieee754": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.2.1.tgz", - "integrity": "sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, - "node_modules/ignore": { - "version": "5.3.1", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.1.tgz", - "integrity": "sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==", - "engines": { - "node": ">= 4" - } - }, - "node_modules/import-fresh": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.0.tgz", - "integrity": "sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==", - "dev": true, - "dependencies": { - "parent-module": "^1.0.0", - "resolve-from": "^4.0.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/import-fresh/node_modules/resolve-from": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz", - "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/import-meta-resolve": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/import-meta-resolve/-/import-meta-resolve-4.1.0.tgz", - "integrity": "sha512-I6fiaX09Xivtk+THaMfAwnA3MVA5Big1WHF1Dfx9hFuvNIWpXnorlkzhcQf6ehrqQiiZECRt1poOAkPmer3ruw==", - "dev": true, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, - "node_modules/imurmurhash": { - "version": "0.1.4", - "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz", - "integrity": "sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==", - "dev": true, - "engines": { - "node": ">=0.8.19" - } - }, - "node_modules/indent-string": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz", - "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==", - "engines": { - "node": ">=8" - } - }, - "node_modules/inflight": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", - "integrity": "sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==", - "deprecated": "This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.", - "dev": true, - "dependencies": { - "once": "^1.3.0", - "wrappy": "1" - } - }, - "node_modules/inherits": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", - "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" - }, - "node_modules/internal-slot": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/internal-slot/-/internal-slot-1.0.7.tgz", - "integrity": "sha512-NGnrKwXzSms2qUUih/ILZ5JBqNTSa1+ZmP6flaIp6KmSElgE9qdndzS3cqjrDovwFdmwsGsLdeFgB6suw+1e9g==", - "dev": true, - "dependencies": { - "es-errors": "^1.3.0", - "hasown": "^2.0.0", - "side-channel": "^1.0.4" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/invariant": { - "version": "2.2.4", - "resolved": "https://registry.npmjs.org/invariant/-/invariant-2.2.4.tgz", - "integrity": "sha512-phJfQVBuaJM5raOpJjSfkiD6BpbCE4Ns//LaXl6wGYtUBY83nWS6Rf9tXm2e8VaK60JEjYldbPif/A2B1C2gNA==", - "dev": true, - "dependencies": { - "loose-envify": "^1.0.0" - } - }, - "node_modules/ip": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.1.tgz", - "integrity": "sha512-lJUL9imLTNi1ZfXT+DU6rBBdbiKGBuay9B6xGSPVjUeQwaH1RIGqef8RZkUtHioLmSNpPR5M4HVKJGm1j8FWVQ==", - "dev": true - }, - "node_modules/ipaddr.js": { - "version": "1.9.1", - "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", - "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", - "dev": true, - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/is-absolute-url": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/is-absolute-url/-/is-absolute-url-3.0.3.tgz", - "integrity": "sha512-opmNIX7uFnS96NtPmhWQgQx6/NYFgsUXYMllcfzwWKUMwfo8kku1TvE6hkNcH+Q1ts5cMVrsY7j0bxXQDciu9Q==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/is-arguments": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.1.tgz", - "integrity": "sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.2", - "has-tostringtag": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-array-buffer": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/is-array-buffer/-/is-array-buffer-3.0.4.tgz", - "integrity": "sha512-wcjaerHw0ydZwfhiKbXJWLDY8A7yV7KhjQOpb83hGgGfId/aQa4TOvwyzn2PuswW2gPCYEL/nEAiSVpdOj1lXw==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.2", - "get-intrinsic": "^1.2.1" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-arrayish": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz", - "integrity": "sha512-zz06S8t0ozoDXMG+ube26zeCTNXcKIPJZJi8hBrF4idCLms4CG9QtK7qBl1boi5ODzFpjswb5JPmHCbMpjaYzg==", - "dev": true - }, - "node_modules/is-bigint": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.4.tgz", - "integrity": "sha512-zB9CruMamjym81i2JZ3UMn54PKGsQzsJeo6xvN3HJJ4CAsQNB6iRutp2To77OfCNuoxspsIhzaPoO1zyCEhFOg==", - "dev": true, - "dependencies": { - "has-bigints": "^1.0.1" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-binary-path": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", - "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", - "dependencies": { - "binary-extensions": "^2.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/is-boolean-object": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.2.tgz", - "integrity": "sha512-gDYaKHJmnj4aWxyj6YHyXVpdQawtVLHU5cb+eztPGczf6cjuTdwve5ZIEfgXqH4e57An1D1AKf8CZ3kYrQRqYA==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.2", - "has-tostringtag": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-builtin-module": { - "version": "3.2.1", - "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-3.2.1.tgz", - "integrity": "sha512-BSLE3HnV2syZ0FK0iMA/yUGplUeMmNz4AW5fnTunbCIqZi4vG3WjJT9FHMy5D69xmAYBHXQhJdALdpwVxV501A==", - "dev": true, - "dependencies": { - "builtin-modules": "^3.3.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/is-callable": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz", - "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==", - "dev": true, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-core-module": { - "version": "2.13.1", - "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz", - "integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==", - "dev": true, - "dependencies": { - "hasown": "^2.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-date-object": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.5.tgz", - "integrity": "sha512-9YQaSxsAiSwcvS33MBk3wTCVnWK+HhF8VZR2jRxehM16QcVOdHqPn4VPHmRK4lSr38n9JriurInLcP90xsYNfQ==", - "dev": true, - "dependencies": { - "has-tostringtag": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-deflate": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-deflate/-/is-deflate-1.0.0.tgz", - "integrity": "sha512-YDoFpuZWu1VRXlsnlYMzKyVRITXj7Ej/V9gXQ2/pAe7X1J7M/RNOqaIYi6qUn+B7nGyB9pDXrv02dsB58d2ZAQ==", - "dev": true - }, - "node_modules/is-docker": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/is-docker/-/is-docker-2.2.1.tgz", - "integrity": "sha512-F+i2BKsFrH66iaUFc0woD8sLy8getkwTwtOBjvs56Cx4CgJDeKQeqfz8wAYiSb8JOprWhHH5p77PbmYCvvUuXQ==", - "dev": true, - "bin": { - "is-docker": "cli.js" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/is-extglob": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", - "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/is-fullwidth-code-point": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz", - "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/is-generator-function": { - "version": "1.0.10", - "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.10.tgz", - "integrity": "sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==", - "dev": true, - "dependencies": { - "has-tostringtag": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-glob": { - "version": "4.0.3", - "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", - "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", - "dependencies": { - "is-extglob": "^2.1.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/is-gzip": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-gzip/-/is-gzip-1.0.0.tgz", - "integrity": "sha512-rcfALRIb1YewtnksfRIHGcIY93QnK8BIQ/2c9yDYcG/Y6+vRoJuTWBmmSEbyLLYtXm7q35pHOHbZFQBaLrhlWQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/is-interactive": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-interactive/-/is-interactive-1.0.0.tgz", - "integrity": "sha512-2HvIEKRoqS62guEC+qBjpvRubdX910WCMuJTZ+I9yvqKU2/12eSL549HMwtabb4oupdj2sMP50k+XJfB/8JE6w==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/is-map": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/is-map/-/is-map-2.0.3.tgz", - "integrity": "sha512-1Qed0/Hr2m+YqxnM09CjA2d/i6YZNfF6R2oRAOj36eUdS6qIV/huPJNSEpKbupewFs+ZsJlxsjjPbc0/afW6Lw==", - "dev": true, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-module": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/is-module/-/is-module-1.0.0.tgz", - "integrity": "sha512-51ypPSPCoTEIN9dy5Oy+h4pShgJmPCygKfyRCISBI+JoWT/2oJvK8QPxmwv7b/p239jXrm9M1mlQbyKJ5A152g==", - "dev": true - }, - "node_modules/is-nan": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/is-nan/-/is-nan-1.3.2.tgz", - "integrity": "sha512-E+zBKpQ2t6MEo1VsonYmluk9NxGrbzpeeLC2xIViuO2EjU2xsXsBPwTr3Ykv9l08UYEVEdWeRZNouaZqF6RN0w==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.0", - "define-properties": "^1.1.3" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-number": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", - "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", - "engines": { - "node": ">=0.12.0" - } - }, - "node_modules/is-number-object": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.7.tgz", - "integrity": "sha512-k1U0IRzLMo7ZlYIfzRu23Oh6MiIFasgpb9X76eqfFZAqwH44UI4KTBvBYIZ1dSL9ZzChTB9ShHfLkR4pdW5krQ==", - "dev": true, - "dependencies": { - "has-tostringtag": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-path-cwd": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/is-path-cwd/-/is-path-cwd-2.2.0.tgz", - "integrity": "sha512-w942bTcih8fdJPJmQHFzkS76NEP8Kzzvmw92cXsazb8intwLqPibPPdXf4ANdKV3rYMuuQYGIWtvz9JilB3NFQ==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/is-path-inside": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-3.0.3.tgz", - "integrity": "sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/is-plain-object": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/is-plain-object/-/is-plain-object-2.0.4.tgz", - "integrity": "sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==", - "dev": true, - "dependencies": { - "isobject": "^3.0.1" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/is-potential-custom-element-name": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz", - "integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==", - "dev": true - }, - "node_modules/is-reference": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/is-reference/-/is-reference-1.2.1.tgz", - "integrity": "sha512-U82MsXXiFIrjCK4otLT+o2NA2Cd2g5MLoOVXUZjIOhLurrRxpEXzI8O0KZHr3IjLvlAH1kTPYSuqer5T9ZVBKQ==", - "dev": true, - "dependencies": { - "@types/estree": "*" - } - }, - "node_modules/is-regex": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.4.tgz", - "integrity": "sha512-kvRdxDsxZjhzUX07ZnLydzS1TU/TJlTUHHY4YLL87e37oUA49DfkLqgy+VjFocowy29cKvcSiu+kIv728jTTVg==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.2", - "has-tostringtag": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-set": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/is-set/-/is-set-2.0.3.tgz", - "integrity": "sha512-iPAjerrse27/ygGLxw+EBR9agv9Y6uLeYVJMu+QNCoouJ1/1ri0mGrcWpfCqFZuzzx3WjtwxG098X+n4OuRkPg==", - "dev": true, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-shared-array-buffer": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/is-shared-array-buffer/-/is-shared-array-buffer-1.0.3.tgz", - "integrity": "sha512-nA2hv5XIhLR3uVzDDfCIknerhx8XUKnstuOERPNNIinXG7v9u+ohXF67vxm4TPTEPU6lm61ZkwP3c9PCB97rhg==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.7" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-stream": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.1.tgz", - "integrity": "sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==", - "dev": true, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/is-string": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.7.tgz", - "integrity": "sha512-tE2UXzivje6ofPW7l23cjDOMa09gb7xlAqG6jG5ej6uPV32TlWP3NKPigtaGeHNu9fohccRYvIiZMfOOnOYUtg==", - "dev": true, - "dependencies": { - "has-tostringtag": "^1.0.0" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-symbol": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", - "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", - "dev": true, - "dependencies": { - "has-symbols": "^1.0.2" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-typed-array": { - "version": "1.1.13", - "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.13.tgz", - "integrity": "sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==", - "dev": true, - "dependencies": { - "which-typed-array": "^1.1.14" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-unicode-supported": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz", - "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/is-weakmap": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/is-weakmap/-/is-weakmap-2.0.2.tgz", - "integrity": "sha512-K5pXYOm9wqY1RgjpL3YTkF39tni1XajUIkawTLUo9EZEVUFga5gSQJF8nNS7ZwJQ02y+1YCNYcMh+HIf1ZqE+w==", - "dev": true, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-weakset": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/is-weakset/-/is-weakset-2.0.3.tgz", - "integrity": "sha512-LvIm3/KWzS9oRFHugab7d+M/GcBXuXX5xZkzPmN+NxihdQlZUQ4dWuSV1xR/sq6upL1TJEDrfBgRepHFdBtSNQ==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.7", - "get-intrinsic": "^1.2.4" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/is-wsl": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/is-wsl/-/is-wsl-2.2.0.tgz", - "integrity": "sha512-fKzAra0rGJUUBwGBgNkHZuToZcn+TtXHpeCgmkMJMMYx1sQDYaCSyjJBSCa2nH1DGm7s3n1oBnohoVTBaN7Lww==", - "dev": true, - "dependencies": { - "is-docker": "^2.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/isarray": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-2.0.5.tgz", - "integrity": "sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw==", - "dev": true - }, - "node_modules/isexe": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz", - "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==", - "dev": true - }, - "node_modules/isobject": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", - "integrity": "sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/isomorphic-git": { - "version": "1.24.5", - "resolved": "https://registry.npmjs.org/isomorphic-git/-/isomorphic-git-1.24.5.tgz", - "integrity": "sha512-07M4YscftHZJIuw7xZhgWkdFvVjHSBJBsIwWXkxgFCivhb0l8mGNchM7nO2hU27EKSIf0sT4gJivEgLGohWbzA==", - "dev": true, - "dependencies": { - "async-lock": "^1.1.0", - "clean-git-ref": "^2.0.1", - "crc-32": "^1.2.0", - "diff3": "0.0.3", - "ignore": "^5.1.4", - "minimisted": "^2.0.0", - "pako": "^1.0.10", - "pify": "^4.0.1", - "readable-stream": "^3.4.0", - "sha.js": "^2.4.9", - "simple-get": "^4.0.1" - }, - "bin": { - "isogit": "cli.cjs" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/isomorphic-git/node_modules/diff3": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/diff3/-/diff3-0.0.3.tgz", - "integrity": "sha512-iSq8ngPOt0K53A6eVr4d5Kn6GNrM2nQZtC740pzIriHtn4pOQ2lyzEXQMBeVcWERN0ye7fhBsk9PbLLQOnUx/g==", - "dev": true - }, - "node_modules/isomorphic-git/node_modules/pify": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/pify/-/pify-4.0.1.tgz", - "integrity": "sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/istanbul-lib-coverage": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", - "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/istanbul-lib-instrument": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-5.2.1.tgz", - "integrity": "sha512-pzqtp31nLv/XFOzXGuvhCb8qhjmTVo5vjVk19XE4CRlSWz0KoeJ3bw9XsA7nOp9YBf4qHjwBxkDzKcME/J29Yg==", - "dev": true, - "dependencies": { - "@babel/core": "^7.12.3", - "@babel/parser": "^7.14.7", - "@istanbuljs/schema": "^0.1.2", - "istanbul-lib-coverage": "^3.2.0", - "semver": "^6.3.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/istanbul-lib-report": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz", - "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==", - "dev": true, - "dependencies": { - "istanbul-lib-coverage": "^3.0.0", - "make-dir": "^4.0.0", - "supports-color": "^7.1.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/istanbul-lib-report/node_modules/make-dir": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-4.0.0.tgz", - "integrity": "sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==", - "dev": true, - "dependencies": { - "semver": "^7.5.3" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/istanbul-lib-report/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/istanbul-lib-source-maps": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-5.0.4.tgz", - "integrity": "sha512-wHOoEsNJTVltaJp8eVkm8w+GVkVNHT2YDYo53YdzQEL2gWm1hBX5cGFR9hQJtuGLebidVX7et3+dmDZrmclduw==", - "dev": true, - "dependencies": { - "@jridgewell/trace-mapping": "^0.3.23", - "debug": "^4.1.1", - "istanbul-lib-coverage": "^3.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/istanbul-reports": { - "version": "3.1.7", - "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.1.7.tgz", - "integrity": "sha512-BewmUXImeuRk2YY0PVbxgKAysvhRPUQE0h5QRM++nVWyubKGV0l8qQ5op8+B2DOmwSe63Jivj0BjkPQVf8fP5g==", - "dev": true, - "dependencies": { - "html-escaper": "^2.0.0", - "istanbul-lib-report": "^3.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/jackspeak": { - "version": "3.4.0", - "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.0.tgz", - "integrity": "sha512-JVYhQnN59LVPFCEcVa2C3CrEKYacvjRfqIQl+h8oi91aLYQVWRYbxjPcv1bUiUy/kLmQaANrYfNMCO3kuEDHfw==", - "dev": true, - "dependencies": { - "@isaacs/cliui": "^8.0.2" - }, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - }, - "optionalDependencies": { - "@pkgjs/parseargs": "^0.11.0" - } - }, - "node_modules/jake": { - "version": "10.9.1", - "resolved": "https://registry.npmjs.org/jake/-/jake-10.9.1.tgz", - "integrity": "sha512-61btcOHNnLnsOdtLgA5efqQWjnSi/vow5HbI7HMdKKWqvrKR1bLK3BPlJn9gcSaP2ewuamUSMB5XEy76KUIS2w==", - "dev": true, - "dependencies": { - "async": "^3.2.3", - "chalk": "^4.0.2", - "filelist": "^1.0.4", - "minimatch": "^3.1.2" - }, - "bin": { - "jake": "bin/cli.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/jest-haste-map": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/jest-haste-map/-/jest-haste-map-29.7.0.tgz", - "integrity": "sha512-fP8u2pyfqx0K1rGn1R9pyE0/KTn+G7PxktWidOBTqFPLYX0b9ksaMFkhK5vrS3DVun09pckLdlx90QthlW7AmA==", - "dev": true, - "dependencies": { - "@jest/types": "^29.6.3", - "@types/graceful-fs": "^4.1.3", - "@types/node": "*", - "anymatch": "^3.0.3", - "fb-watchman": "^2.0.0", - "graceful-fs": "^4.2.9", - "jest-regex-util": "^29.6.3", - "jest-util": "^29.7.0", - "jest-worker": "^29.7.0", - "micromatch": "^4.0.4", - "walker": "^1.0.8" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - }, - "optionalDependencies": { - "fsevents": "^2.3.2" - } - }, - "node_modules/jest-mock": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/jest-mock/-/jest-mock-27.5.1.tgz", - "integrity": "sha512-K4jKbY1d4ENhbrG2zuPWaQBvDly+iZ2yAW+T1fATN78hc0sInwn7wZB8XtlNnvHug5RMwV897Xm4LqmPM4e2Og==", - "dev": true, - "dependencies": { - "@jest/types": "^27.5.1", - "@types/node": "*" - }, - "engines": { - "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" - } - }, - "node_modules/jest-mock/node_modules/@jest/types": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/@jest/types/-/types-27.5.1.tgz", - "integrity": "sha512-Cx46iJ9QpwQTjIdq5VJu2QTMMs3QlEjI0x1QbBP5W1+nMzyc2XmimiRR/CbX9TO0cPTeUlxWMOu8mslYsJ8DEw==", - "dev": true, - "dependencies": { - "@types/istanbul-lib-coverage": "^2.0.0", - "@types/istanbul-reports": "^3.0.0", - "@types/node": "*", - "@types/yargs": "^16.0.0", - "chalk": "^4.0.0" - }, - "engines": { - "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" - } - }, - "node_modules/jest-mock/node_modules/@types/yargs": { - "version": "16.0.9", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-16.0.9.tgz", - "integrity": "sha512-tHhzvkFXZQeTECenFoRljLBYPZJ7jAVxqqtEI0qTLOmuultnFp4I9yKE17vTuhf7BkhCu7I4XuemPgikDVuYqA==", - "dev": true, - "dependencies": { - "@types/yargs-parser": "*" - } - }, - "node_modules/jest-regex-util": { - "version": "29.6.3", - "resolved": "https://registry.npmjs.org/jest-regex-util/-/jest-regex-util-29.6.3.tgz", - "integrity": "sha512-KJJBsRCyyLNWCNBOvZyRDnAIfUiRJ8v+hOBQYGn8gDyF3UegwiP4gwRR3/SDa42g1YbVycTidUF3rKjyLFDWbg==", - "dev": true, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/jest-util": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/jest-util/-/jest-util-29.7.0.tgz", - "integrity": "sha512-z6EbKajIpqGKU56y5KBUgy1dt1ihhQJgWzUlZHArA/+X2ad7Cb5iF+AK1EWVL/Bo7Rz9uurpqw6SiBCefUbCGA==", - "dev": true, - "dependencies": { - "@jest/types": "^29.6.3", - "@types/node": "*", - "chalk": "^4.0.0", - "ci-info": "^3.2.0", - "graceful-fs": "^4.2.9", - "picomatch": "^2.2.3" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/jest-worker": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/jest-worker/-/jest-worker-29.7.0.tgz", - "integrity": "sha512-eIz2msL/EzL9UFTFFx7jBTkeZfku0yUAyZZZmJ93H2TYEiroIx2PQjEXcwYtYl8zXCxb+PAmA2hLIt/6ZEkPHw==", - "dev": true, - "dependencies": { - "@types/node": "*", - "jest-util": "^29.7.0", - "merge-stream": "^2.0.0", - "supports-color": "^8.0.0" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/jest-worker/node_modules/supports-color": { - "version": "8.1.1", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz", - "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==", - "dev": true, - "dependencies": { - "has-flag": "^4.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/supports-color?sponsor=1" - } - }, - "node_modules/jiti": { - "version": "1.21.3", - "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.21.3.tgz", - "integrity": "sha512-uy2bNX5zQ+tESe+TiC7ilGRz8AtRGmnJH55NC5S0nSUjvvvM2hJHmefHErugGXN4pNv4Qx7vLsnNw9qJ9mtIsw==", - "dev": true, - "bin": { - "jiti": "bin/jiti.js" - } - }, - "node_modules/joi": { - "version": "17.13.1", - "resolved": "https://registry.npmjs.org/joi/-/joi-17.13.1.tgz", - "integrity": "sha512-vaBlIKCyo4FCUtCm7Eu4QZd/q02bWcxfUO6YSXAZOWF6gzcLBeba8kwotUdYJjDLW8Cz8RywsSOqiNJZW0mNvg==", - "dev": true, - "optional": true, - "dependencies": { - "@hapi/hoek": "^9.3.0", - "@hapi/topo": "^5.1.0", - "@sideway/address": "^4.1.5", - "@sideway/formula": "^3.0.1", - "@sideway/pinpoint": "^2.0.0" - } - }, - "node_modules/js-tokens": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", - "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", - "dev": true - }, - "node_modules/js-yaml": { - "version": "3.14.1", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz", - "integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==", - "dev": true, - "dependencies": { - "argparse": "^1.0.7", - "esprima": "^4.0.0" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, - "node_modules/jscodeshift": { - "version": "0.15.2", - "resolved": "https://registry.npmjs.org/jscodeshift/-/jscodeshift-0.15.2.tgz", - "integrity": "sha512-FquR7Okgmc4Sd0aEDwqho3rEiKR3BdvuG9jfdHjLJ6JQoWSMpavug3AoIfnfWhxFlf+5pzQh8qjqz0DWFrNQzA==", - "dev": true, - "dependencies": { - "@babel/core": "^7.23.0", - "@babel/parser": "^7.23.0", - "@babel/plugin-transform-class-properties": "^7.22.5", - "@babel/plugin-transform-modules-commonjs": "^7.23.0", - "@babel/plugin-transform-nullish-coalescing-operator": "^7.22.11", - "@babel/plugin-transform-optional-chaining": "^7.23.0", - "@babel/plugin-transform-private-methods": "^7.22.5", - "@babel/preset-flow": "^7.22.15", - "@babel/preset-typescript": "^7.23.0", - "@babel/register": "^7.22.15", - "babel-core": "^7.0.0-bridge.0", - "chalk": "^4.1.2", - "flow-parser": "0.*", - "graceful-fs": "^4.2.4", - "micromatch": "^4.0.4", - "neo-async": "^2.5.0", - "node-dir": "^0.1.17", - "recast": "^0.23.3", - "temp": "^0.8.4", - "write-file-atomic": "^2.3.0" - }, - "bin": { - "jscodeshift": "bin/jscodeshift.js" - }, - "peerDependencies": { - "@babel/preset-env": "^7.1.6" - }, - "peerDependenciesMeta": { - "@babel/preset-env": { - "optional": true - } - } - }, - "node_modules/jscodeshift/node_modules/signal-exit": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", - "dev": true - }, - "node_modules/jscodeshift/node_modules/write-file-atomic": { - "version": "2.4.3", - "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-2.4.3.tgz", - "integrity": "sha512-GaETH5wwsX+GcnzhPgKcKjJ6M2Cq3/iZp1WyY/X1CSqrW+jVNM9Y7D8EC2sM4ZG/V8wZlSniJnCKWPmBYAucRQ==", - "dev": true, - "dependencies": { - "graceful-fs": "^4.1.11", - "imurmurhash": "^0.1.4", - "signal-exit": "^3.0.2" - } - }, - "node_modules/jsdom": { - "version": "22.1.0", - "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-22.1.0.tgz", - "integrity": "sha512-/9AVW7xNbsBv6GfWho4TTNjEo9fe6Zhf9O7s0Fhhr3u+awPwAJMKwAMXnkk5vBxflqLW9hTHX/0cs+P3gW+cQw==", - "dev": true, - "dependencies": { - "abab": "^2.0.6", - "cssstyle": "^3.0.0", - "data-urls": "^4.0.0", - "decimal.js": "^10.4.3", - "domexception": "^4.0.0", - "form-data": "^4.0.0", - "html-encoding-sniffer": "^3.0.0", - "http-proxy-agent": "^5.0.0", - "https-proxy-agent": "^5.0.1", - "is-potential-custom-element-name": "^1.0.1", - "nwsapi": "^2.2.4", - "parse5": "^7.1.2", - "rrweb-cssom": "^0.6.0", - "saxes": "^6.0.0", - "symbol-tree": "^3.2.4", - "tough-cookie": "^4.1.2", - "w3c-xmlserializer": "^4.0.0", - "webidl-conversions": "^7.0.0", - "whatwg-encoding": "^2.0.0", - "whatwg-mimetype": "^3.0.0", - "whatwg-url": "^12.0.1", - "ws": "^8.13.0", - "xml-name-validator": "^4.0.0" - }, - "engines": { - "node": ">=16" - }, - "peerDependencies": { - "canvas": "^2.5.0" - }, - "peerDependenciesMeta": { - "canvas": { - "optional": true - } - } - }, - "node_modules/jsesc": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz", - "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==", - "dev": true, - "bin": { - "jsesc": "bin/jsesc" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/json-buffer": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/json-buffer/-/json-buffer-3.0.1.tgz", - "integrity": "sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==", - "dev": true - }, - "node_modules/json-parse-even-better-errors": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/json-parse-even-better-errors/-/json-parse-even-better-errors-2.3.1.tgz", - "integrity": "sha512-xyFwyhro/JEof6Ghe2iz2NcXoj2sloNsWr/XsERDK/oiPCfaNhl5ONfp+jQdAZRQQ0IJWNzH9zIZF7li91kh2w==", - "dev": true - }, - "node_modules/json-schema-to-ts": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/json-schema-to-ts/-/json-schema-to-ts-3.1.0.tgz", - "integrity": "sha512-UeVN/ery4/JeXI8h4rM8yZPxsH+KqPi/84qFxHfTGHZnWnK9D0UU9ZGYO+6XAaJLqCWMiks+ARuFOKAiSxJCHA==", - "dev": true, - "optional": true, - "dependencies": { - "@babel/runtime": "^7.18.3", - "ts-algebra": "^2.0.0" - }, - "engines": { - "node": ">=16" - } - }, - "node_modules/json-schema-traverse": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz", - "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==", - "dev": true - }, - "node_modules/json-stable-stringify-without-jsonify": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz", - "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==", - "dev": true - }, - "node_modules/json5": { - "version": "2.2.3", - "resolved": "https://registry.npmjs.org/json5/-/json5-2.2.3.tgz", - "integrity": "sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==", - "bin": { - "json5": "lib/cli.js" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/jsonfile": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", - "integrity": "sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==", - "dev": true, - "dependencies": { - "universalify": "^2.0.0" - }, - "optionalDependencies": { - "graceful-fs": "^4.1.6" - } - }, - "node_modules/jsonwebtoken": { - "version": "9.0.2", - "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", - "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", - "dependencies": { - "jws": "^3.2.2", - "lodash.includes": "^4.3.0", - "lodash.isboolean": "^3.0.3", - "lodash.isinteger": "^4.0.4", - "lodash.isnumber": "^3.0.3", - "lodash.isplainobject": "^4.0.6", - "lodash.isstring": "^4.0.1", - "lodash.once": "^4.0.0", - "ms": "^2.1.1", - "semver": "^7.5.4" - }, - "engines": { - "node": ">=12", - "npm": ">=6" - } - }, - "node_modules/jsonwebtoken/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/just-clone": { - "version": "6.2.0", - "resolved": "https://registry.npmjs.org/just-clone/-/just-clone-6.2.0.tgz", - "integrity": "sha512-1IynUYEc/HAwxhi3WDpIpxJbZpMCvvrrmZVqvj9EhpvbH8lls7HhdhiByjL7DkAaWlLIzpC0Xc/VPvy/UxLNjA==", - "dev": true - }, - "node_modules/jwa": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", - "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", - "dependencies": { - "buffer-equal-constant-time": "1.0.1", - "ecdsa-sig-formatter": "1.0.11", - "safe-buffer": "^5.0.1" - } - }, - "node_modules/jws": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", - "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", - "dependencies": { - "jwa": "^1.4.1", - "safe-buffer": "^5.0.1" - } - }, - "node_modules/keyv": { - "version": "4.5.4", - "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", - "integrity": "sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==", - "dev": true, - "dependencies": { - "json-buffer": "3.0.1" - } - }, - "node_modules/kind-of": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.3.tgz", - "integrity": "sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/kleur": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/kleur/-/kleur-4.1.5.tgz", - "integrity": "sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/known-css-properties": { - "version": "0.31.0", - "resolved": "https://registry.npmjs.org/known-css-properties/-/known-css-properties-0.31.0.tgz", - "integrity": "sha512-sBPIUGTNF0czz0mwGGUoKKJC8Q7On1GPbCSFPfyEsfHb2DyBG0Y4QtV+EVWpINSaiGKZblDNuF5AezxSgOhesQ==", - "dev": true - }, - "node_modules/lazy-universal-dotenv": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/lazy-universal-dotenv/-/lazy-universal-dotenv-4.0.0.tgz", - "integrity": "sha512-aXpZJRnTkpK6gQ/z4nk+ZBLd/Qdp118cvPruLSIQzQNRhKwEcdXCOzXuF55VDqIiuAaY3UGZ10DJtvZzDcvsxg==", - "dev": true, - "dependencies": { - "app-root-dir": "^1.0.2", - "dotenv": "^16.0.0", - "dotenv-expand": "^10.0.0" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/leven": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz", - "integrity": "sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/levn": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz", - "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==", - "dev": true, - "dependencies": { - "prelude-ls": "^1.2.1", - "type-check": "~0.4.0" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/lilconfig": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz", - "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==", - "dev": true, - "engines": { - "node": ">=10" - } - }, - "node_modules/lines-and-columns": { - "version": "1.2.4", - "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", - "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==", - "dev": true - }, - "node_modules/local-pkg": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/local-pkg/-/local-pkg-0.5.0.tgz", - "integrity": "sha512-ok6z3qlYyCDS4ZEU27HaU6x/xZa9Whf8jD4ptH5UZTQYZVYeb9bnZ3ojVhiJNLiXK1Hfc0GNbLXcmZ5plLDDBg==", - "dev": true, - "dependencies": { - "mlly": "^1.4.2", - "pkg-types": "^1.0.3" - }, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/antfu" - } - }, - "node_modules/locate-character": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/locate-character/-/locate-character-3.0.0.tgz", - "integrity": "sha512-SW13ws7BjaeJ6p7Q6CO2nchbYEc3X3J6WrmTTDto7yMPqVSZTUyY5Tjbid+Ab8gLnATtygYtiDIJGQRRn2ZOiA==" - }, - "node_modules/locate-path": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz", - "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==", - "dev": true, - "dependencies": { - "p-locate": "^5.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/lodash": { - "version": "4.17.21", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", - "dev": true - }, - "node_modules/lodash.castarray": { - "version": "4.4.0", - "resolved": "https://registry.npmjs.org/lodash.castarray/-/lodash.castarray-4.4.0.tgz", - "integrity": "sha512-aVx8ztPv7/2ULbArGJ2Y42bG1mEQ5mGjpdvrbJcJFU3TbYybe+QlLS4pst9zV52ymy2in1KpFPiZnAOATxD4+Q==", - "dev": true - }, - "node_modules/lodash.debounce": { - "version": "4.0.8", - "resolved": "https://registry.npmjs.org/lodash.debounce/-/lodash.debounce-4.0.8.tgz", - "integrity": "sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==", - "dev": true - }, - "node_modules/lodash.includes": { - "version": "4.3.0", - "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", - "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" - }, - "node_modules/lodash.isboolean": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", - "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==" - }, - "node_modules/lodash.isinteger": { - "version": "4.0.4", - "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", - "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" - }, - "node_modules/lodash.isnumber": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", - "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" - }, - "node_modules/lodash.isplainobject": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", - "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" - }, - "node_modules/lodash.isstring": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", - "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" - }, - "node_modules/lodash.merge": { - "version": "4.6.2", - "resolved": "https://registry.npmjs.org/lodash.merge/-/lodash.merge-4.6.2.tgz", - "integrity": "sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==", - "dev": true - }, - "node_modules/lodash.once": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", - "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" - }, - "node_modules/log-symbols": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz", - "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==", - "dev": true, - "dependencies": { - "chalk": "^4.1.0", - "is-unicode-supported": "^0.1.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/loose-envify": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz", - "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==", - "dev": true, - "dependencies": { - "js-tokens": "^3.0.0 || ^4.0.0" - }, - "bin": { - "loose-envify": "cli.js" - } - }, - "node_modules/loupe": { - "version": "2.3.7", - "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.7.tgz", - "integrity": "sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA==", - "dev": true, - "dependencies": { - "get-func-name": "^2.0.1" - } - }, - "node_modules/lru-cache": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz", - "integrity": "sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==", - "dev": true, - "dependencies": { - "yallist": "^3.0.2" - } - }, - "node_modules/lz-string": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/lz-string/-/lz-string-1.5.0.tgz", - "integrity": "sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==", - "dev": true, - "bin": { - "lz-string": "bin/bin.js" - } - }, - "node_modules/magic-string": { - "version": "0.30.10", - "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.10.tgz", - "integrity": "sha512-iIRwTIf0QKV3UAnYK4PU8uiEc4SRh5jX0mwpIwETPpHdhVM4f53RSwS/vXvN1JhGX+Cs7B8qIq3d6AH49O5fAQ==", - "dependencies": { - "@jridgewell/sourcemap-codec": "^1.4.15" - } - }, - "node_modules/magicast": { - "version": "0.3.4", - "resolved": "https://registry.npmjs.org/magicast/-/magicast-0.3.4.tgz", - "integrity": "sha512-TyDF/Pn36bBji9rWKHlZe+PZb6Mx5V8IHCSxk7X4aljM4e/vyDvZZYwHewdVaqiA0nb3ghfHU/6AUpDxWoER2Q==", - "dev": true, - "dependencies": { - "@babel/parser": "^7.24.4", - "@babel/types": "^7.24.0", - "source-map-js": "^1.2.0" - } - }, - "node_modules/make-dir": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz", - "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==", - "dev": true, - "dependencies": { - "semver": "^6.0.0" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/makeerror": { - "version": "1.0.12", - "resolved": "https://registry.npmjs.org/makeerror/-/makeerror-1.0.12.tgz", - "integrity": "sha512-JmqCvUhmt43madlpFzG4BQzG2Z3m6tvQDNKdClZnO3VbIudJYmxsT0FNJMeiB2+JTSlTQTSbU8QdesVmwJcmLg==", - "dev": true, - "dependencies": { - "tmpl": "1.0.5" - } - }, - "node_modules/map-or-similar": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/map-or-similar/-/map-or-similar-1.5.0.tgz", - "integrity": "sha512-0aF7ZmVon1igznGI4VS30yugpduQW3y3GkcgGJOp7d8x8QrizhigUxjI/m2UojsXXto+jLAH3KSz+xOJTiORjg==", - "dev": true - }, - "node_modules/markdown-to-jsx": { - "version": "7.4.7", - "resolved": "https://registry.npmjs.org/markdown-to-jsx/-/markdown-to-jsx-7.4.7.tgz", - "integrity": "sha512-0+ls1IQZdU6cwM1yu0ZjjiVWYtkbExSyUIFU2ZeDIFuZM1W42Mh4OlJ4nb4apX4H8smxDHRdFaoIVJGwfv5hkg==", - "dev": true, - "engines": { - "node": ">= 10" - }, - "peerDependencies": { - "react": ">= 0.14.0" - } - }, - "node_modules/mdast-util-definitions": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/mdast-util-definitions/-/mdast-util-definitions-4.0.0.tgz", - "integrity": "sha512-k8AJ6aNnUkB7IE+5azR9h81O5EQ/cTDXtWdMq9Kk5KcEW/8ritU5CeLg/9HhOC++nALHBlaogJ5jz0Ybk3kPMQ==", - "dev": true, - "dependencies": { - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/mdast-util-to-string": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/mdast-util-to-string/-/mdast-util-to-string-1.1.0.tgz", - "integrity": "sha512-jVU0Nr2B9X3MU4tSK7JP1CMkSvOj7X5l/GboG1tKRw52lLF1x2Ju92Ms9tNetCcbfX3hzlM73zYo2NKkWSfF/A==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/mdn-data": { - "version": "2.0.30", - "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.30.tgz", - "integrity": "sha512-GaqWWShW4kv/G9IEucWScBx9G1/vsFZZJUO+tD26M8J8z3Kw5RDQjaoZe03YAClgeS/SWPOcb4nkFBTEi5DUEA==" - }, - "node_modules/media-typer": { - "version": "0.3.0", - "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", - "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/memoize-weak": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/memoize-weak/-/memoize-weak-1.0.2.tgz", - "integrity": "sha512-gj39xkrjEw7nCn4nJ1M5ms6+MyMlyiGmttzsqAUsAKn6bYKwuTHh/AO3cKPF8IBrTIYTxb0wWXFs3E//Y8VoWQ==", - "dev": true - }, - "node_modules/memoizerific": { - "version": "1.11.3", - "resolved": "https://registry.npmjs.org/memoizerific/-/memoizerific-1.11.3.tgz", - "integrity": "sha512-/EuHYwAPdLtXwAwSZkh/Gutery6pD2KYd44oQLhAvQp/50mpyduZh8Q7PYHXTCJ+wuXxt7oij2LXyIJOOYFPog==", - "dev": true, - "dependencies": { - "map-or-similar": "^1.5.0" - } - }, - "node_modules/merge-descriptors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz", - "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==", - "dev": true - }, - "node_modules/merge-stream": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz", - "integrity": "sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==", - "dev": true - }, - "node_modules/merge2": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz", - "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==", - "dev": true, - "engines": { - "node": ">= 8" - } - }, - "node_modules/methods": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", - "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/micromatch": { - "version": "4.0.7", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz", - "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==", - "dev": true, - "dependencies": { - "braces": "^3.0.3", - "picomatch": "^2.3.1" - }, - "engines": { - "node": ">=8.6" - } - }, - "node_modules/mime": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", - "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", - "dev": true, - "bin": { - "mime": "cli.js" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/mime-db": { - "version": "1.52.0", - "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", - "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mime-types": { - "version": "2.1.35", - "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", - "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", - "dependencies": { - "mime-db": "1.52.0" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/mimic-fn": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-2.1.0.tgz", - "integrity": "sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/mimic-response": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-3.1.0.tgz", - "integrity": "sha512-z0yWI+4FDrrweS8Zmt4Ej5HdJmky15+L2e6Wgn3+iK5fWzb6T3fhNFq2+MeTRb064c6Wr4N/wv0DzQTjNzHNGQ==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/min-indent": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz", - "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/mini-svg-data-uri": { - "version": "1.4.4", - "resolved": "https://registry.npmjs.org/mini-svg-data-uri/-/mini-svg-data-uri-1.4.4.tgz", - "integrity": "sha512-r9deDe9p5FJUPZAk3A59wGH7Ii9YrjjWw0jmw/liSbHl2CHiyXj6FcDXDu2K3TjVAXqiJdaw3xxwlZZr9E6nHg==", - "dev": true, - "bin": { - "mini-svg-data-uri": "cli.js" - } - }, - "node_modules/minimatch": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", - "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", - "dev": true, - "dependencies": { - "brace-expansion": "^1.1.7" - }, - "engines": { - "node": "*" - } - }, - "node_modules/minimist": { - "version": "1.2.8", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", - "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", - "dev": true, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/minimisted": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/minimisted/-/minimisted-2.0.1.tgz", - "integrity": "sha512-1oPjfuLQa2caorJUM8HV8lGgWCc0qqAO1MNv/k05G4qslmsndV/5WdNZrqCiyqiz3wohia2Ij2B7w2Dr7/IyrA==", - "dev": true, - "dependencies": { - "minimist": "^1.2.5" - } - }, - "node_modules/minipass": { - "version": "7.1.2", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz", - "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==", - "dev": true, - "engines": { - "node": ">=16 || 14 >=14.17" - } - }, - "node_modules/minizlib": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-2.1.2.tgz", - "integrity": "sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==", - "dev": true, - "dependencies": { - "minipass": "^3.0.0", - "yallist": "^4.0.0" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/minizlib/node_modules/minipass": { - "version": "3.3.6", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-3.3.6.tgz", - "integrity": "sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==", - "dev": true, - "dependencies": { - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/minizlib/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", - "dev": true - }, - "node_modules/mkdirp": { - "version": "0.5.6", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", - "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==", - "dev": true, - "dependencies": { - "minimist": "^1.2.6" - }, - "bin": { - "mkdirp": "bin/cmd.js" - } - }, - "node_modules/mkdirp-classic": { - "version": "0.5.3", - "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz", - "integrity": "sha512-gKLcREMhtuZRwRAfqP3RFW+TK4JqApVBtOIftVgjuABpAtpxhPGaDcfvbhNvD0B8iD1oUr/txX35NjcaY6Ns/A==", - "dev": true - }, - "node_modules/mlly": { - "version": "1.7.1", - "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.7.1.tgz", - "integrity": "sha512-rrVRZRELyQzrIUAVMHxP97kv+G786pHmOKzuFII8zDYahFBS7qnHh2AlYSl1GAHhaMPCz6/oHjVMcfFYgFYHgA==", - "dev": true, - "dependencies": { - "acorn": "^8.11.3", - "pathe": "^1.1.2", - "pkg-types": "^1.1.1", - "ufo": "^1.5.3" - } - }, - "node_modules/mri": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/mri/-/mri-1.2.0.tgz", - "integrity": "sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/mrmime": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/mrmime/-/mrmime-2.0.0.tgz", - "integrity": "sha512-eu38+hdgojoyq63s+yTpN4XMBdt5l8HhMhc4VKLO9KM5caLIBvUm4thi7fFaxyTmCKeNnXZ5pAlBwCUnhA09uw==", - "dev": true, - "engines": { - "node": ">=10" - } - }, - "node_modules/ms": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", - "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" - }, - "node_modules/murmurhash3js": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/murmurhash3js/-/murmurhash3js-3.0.1.tgz", - "integrity": "sha512-KL8QYUaxq7kUbcl0Yto51rMcYt7E/4N4BG3/c96Iqw1PQrTRspu8Cpx4TZ4Nunib1d4bEkIH3gjCYlP2RLBdow==", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/mz": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz", - "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==", - "dev": true, - "dependencies": { - "any-promise": "^1.0.0", - "object-assign": "^4.0.1", - "thenify-all": "^1.0.0" - } - }, - "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "bin": { - "nanoid": "bin/nanoid.cjs" - }, - "engines": { - "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1" - } - }, - "node_modules/natural-compare": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz", - "integrity": "sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==", - "dev": true - }, - "node_modules/natural-compare-lite": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/natural-compare-lite/-/natural-compare-lite-1.4.0.tgz", - "integrity": "sha512-Tj+HTDSJJKaZnfiuw+iaF9skdPpTo2GtEly5JHnWV/hfv2Qj/9RKsGISQtLh2ox3l5EAGw487hnBee0sIJ6v2g==", - "dev": true - }, - "node_modules/negotiator": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", - "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/neo-async": { - "version": "2.6.2", - "resolved": "https://registry.npmjs.org/neo-async/-/neo-async-2.6.2.tgz", - "integrity": "sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==", - "dev": true - }, - "node_modules/node-dir": { - "version": "0.1.17", - "resolved": "https://registry.npmjs.org/node-dir/-/node-dir-0.1.17.tgz", - "integrity": "sha512-tmPX422rYgofd4epzrNoOXiE8XFZYOcCq1vD7MAXCDO+O+zndlA2ztdKKMa+EeuBG5tHETpr4ml4RGgpqDCCAg==", - "dev": true, - "dependencies": { - "minimatch": "^3.0.2" - }, - "engines": { - "node": ">= 0.10.5" - } - }, - "node_modules/node-fetch": { - "version": "2.7.0", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz", - "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==", - "dev": true, - "dependencies": { - "whatwg-url": "^5.0.0" - }, - "engines": { - "node": "4.x || >=6.0.0" - }, - "peerDependencies": { - "encoding": "^0.1.0" - }, - "peerDependenciesMeta": { - "encoding": { - "optional": true - } - } - }, - "node_modules/node-fetch-native": { - "version": "1.6.4", - "resolved": "https://registry.npmjs.org/node-fetch-native/-/node-fetch-native-1.6.4.tgz", - "integrity": "sha512-IhOigYzAKHd244OC0JIMIUrjzctirCmPkaIfhDeGcEETWof5zKYUW7e7MYvChGWh/4CJeXEgsRyGzuF334rOOQ==", - "dev": true - }, - "node_modules/node-fetch/node_modules/tr46": { - "version": "0.0.3", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz", - "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==", - "dev": true - }, - "node_modules/node-fetch/node_modules/webidl-conversions": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz", - "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==", - "dev": true - }, - "node_modules/node-fetch/node_modules/whatwg-url": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz", - "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==", - "dev": true, - "dependencies": { - "tr46": "~0.0.3", - "webidl-conversions": "^3.0.0" - } - }, - "node_modules/node-int64": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/node-int64/-/node-int64-0.4.0.tgz", - "integrity": "sha512-O5lz91xSOeoXP6DulyHfllpq+Eg00MWitZIbtPfoSEvqIHdl5gfcY6hYzDWnj0qD5tz52PI08u9qUvSVeUBeHw==", - "dev": true - }, - "node_modules/node-releases": { - "version": "2.0.14", - "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz", - "integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==", - "dev": true - }, - "node_modules/normalize-package-data": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz", - "integrity": "sha512-/5CMN3T0R4XTj4DcGaexo+roZSdSFW/0AOOTROrjxzCG1wrWXEsGbRKevjlIL+ZDE4sZlJr5ED4YW0yqmkK+eA==", - "dev": true, - "dependencies": { - "hosted-git-info": "^2.1.4", - "resolve": "^1.10.0", - "semver": "2 || 3 || 4 || 5", - "validate-npm-package-license": "^3.0.1" - } - }, - "node_modules/normalize-package-data/node_modules/semver": { - "version": "5.7.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", - "integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==", - "dev": true, - "bin": { - "semver": "bin/semver" - } - }, - "node_modules/normalize-path": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", - "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/normalize-range": { - "version": "0.1.2", - "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz", - "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/normalize-url": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-8.0.1.tgz", - "integrity": "sha512-IO9QvjUMWxPQQhs60oOu10CRkWCiZzSUkzbXGGV9pviYl1fXYcvkzQ5jV9z8Y6un8ARoVRl4EtC6v6jNqbaJ/w==", - "dev": true, - "optional": true, - "engines": { - "node": ">=14.16" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/npm-run-path": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-4.0.1.tgz", - "integrity": "sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==", - "dev": true, - "dependencies": { - "path-key": "^3.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/nwsapi": { - "version": "2.2.10", - "resolved": "https://registry.npmjs.org/nwsapi/-/nwsapi-2.2.10.tgz", - "integrity": "sha512-QK0sRs7MKv0tKe1+5uZIQk/C8XGza4DAnztJG8iD+TpJIORARrCxczA738awHrZoHeTjSSoHqao2teO0dC/gFQ==", - "dev": true - }, - "node_modules/nypm": { - "version": "0.3.8", - "resolved": "https://registry.npmjs.org/nypm/-/nypm-0.3.8.tgz", - "integrity": "sha512-IGWlC6So2xv6V4cIDmoV0SwwWx7zLG086gyqkyumteH2fIgCAM4nDVFB2iDRszDvmdSVW9xb1N+2KjQ6C7d4og==", - "dev": true, - "dependencies": { - "citty": "^0.1.6", - "consola": "^3.2.3", - "execa": "^8.0.1", - "pathe": "^1.1.2", - "ufo": "^1.4.0" - }, - "bin": { - "nypm": "dist/cli.mjs" - }, - "engines": { - "node": "^14.16.0 || >=16.10.0" - } - }, - "node_modules/nypm/node_modules/execa": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz", - "integrity": "sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==", - "dev": true, - "dependencies": { - "cross-spawn": "^7.0.3", - "get-stream": "^8.0.1", - "human-signals": "^5.0.0", - "is-stream": "^3.0.0", - "merge-stream": "^2.0.0", - "npm-run-path": "^5.1.0", - "onetime": "^6.0.0", - "signal-exit": "^4.1.0", - "strip-final-newline": "^3.0.0" - }, - "engines": { - "node": ">=16.17" - }, - "funding": { - "url": "https://github.com/sindresorhus/execa?sponsor=1" - } - }, - "node_modules/nypm/node_modules/get-stream": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-8.0.1.tgz", - "integrity": "sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==", - "dev": true, - "engines": { - "node": ">=16" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/nypm/node_modules/human-signals": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-5.0.0.tgz", - "integrity": "sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==", - "dev": true, - "engines": { - "node": ">=16.17.0" - } - }, - "node_modules/nypm/node_modules/is-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-3.0.0.tgz", - "integrity": "sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==", - "dev": true, - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/nypm/node_modules/mimic-fn": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-4.0.0.tgz", - "integrity": "sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/nypm/node_modules/npm-run-path": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", - "integrity": "sha512-ppwTtiJZq0O/ai0z7yfudtBpWIoxM8yE6nHi1X47eFR2EWORqfbu6CnPlNsjeN683eT0qG6H/Pyf9fCcvjnnnQ==", - "dev": true, - "dependencies": { - "path-key": "^4.0.0" - }, - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/nypm/node_modules/onetime": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/onetime/-/onetime-6.0.0.tgz", - "integrity": "sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==", - "dev": true, - "dependencies": { - "mimic-fn": "^4.0.0" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/nypm/node_modules/path-key": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", - "integrity": "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/nypm/node_modules/strip-final-newline": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz", - "integrity": "sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/object-assign": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", - "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/object-hash": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz", - "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==", - "dev": true, - "engines": { - "node": ">= 6" - } - }, - "node_modules/object-inspect": { - "version": "1.13.1", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.1.tgz", - "integrity": "sha512-5qoj1RUiKOMsCCNLV1CBiPYE10sziTsnmNxkAI/rZhiD63CF7IqdFGC/XzjWjpSgLf0LxXX3bDFIh0E18f6UhQ==", - "dev": true, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/object-is": { - "version": "1.1.6", - "resolved": "https://registry.npmjs.org/object-is/-/object-is-1.1.6.tgz", - "integrity": "sha512-F8cZ+KfGlSGi09lJT7/Nd6KJZ9ygtvYC0/UYYLI9nmQKLMnydpB9yvbv9K1uSkEu7FU9vYPmVwLg328tX+ot3Q==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.7", - "define-properties": "^1.2.1" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/object-keys": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz", - "integrity": "sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA==", - "dev": true, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/object.assign": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/object.assign/-/object.assign-4.1.5.tgz", - "integrity": "sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.5", - "define-properties": "^1.2.1", - "has-symbols": "^1.0.3", - "object-keys": "^1.1.1" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/octokit": { - "version": "3.1.2", - "resolved": "https://registry.npmjs.org/octokit/-/octokit-3.1.2.tgz", - "integrity": "sha512-MG5qmrTL5y8KYwFgE1A4JWmgfQBaIETE/lOlfwNYx1QOtCQHGVxkRJmdUJltFc1HVn73d61TlMhMyNTOtMl+ng==", - "dependencies": { - "@octokit/app": "^14.0.2", - "@octokit/core": "^5.0.0", - "@octokit/oauth-app": "^6.0.0", - "@octokit/plugin-paginate-graphql": "^4.0.0", - "@octokit/plugin-paginate-rest": "^9.0.0", - "@octokit/plugin-rest-endpoint-methods": "^10.0.0", - "@octokit/plugin-retry": "^6.0.0", - "@octokit/plugin-throttling": "^8.0.0", - "@octokit/request-error": "^5.0.0", - "@octokit/types": "^12.0.0" - }, - "engines": { - "node": ">= 18" - } - }, - "node_modules/ohash": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/ohash/-/ohash-1.1.3.tgz", - "integrity": "sha512-zuHHiGTYTA1sYJ/wZN+t5HKZaH23i4yI1HMwbuXm24Nid7Dv0KcuRlKoNKS9UNfAVSBlnGLcuQrnOKWOZoEGaw==", - "dev": true - }, - "node_modules/on-finished": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", - "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", - "dev": true, - "dependencies": { - "ee-first": "1.1.1" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/on-headers": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.2.tgz", - "integrity": "sha512-pZAE+FJLoyITytdqK0U5s+FIpjN0JP3OzFi/u8Rx+EV5/W+JTWGXG8xFzevE7AjBfDqHv/8vL8qQsIhHnqRkrA==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/once": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", - "integrity": "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==", - "dependencies": { - "wrappy": "1" - } - }, - "node_modules/onetime": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/onetime/-/onetime-5.1.2.tgz", - "integrity": "sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==", - "dev": true, - "dependencies": { - "mimic-fn": "^2.1.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/open": { - "version": "8.4.2", - "resolved": "https://registry.npmjs.org/open/-/open-8.4.2.tgz", - "integrity": "sha512-7x81NCL719oNbsq/3mh+hVrAWmFuEYUqrq/Iw3kUzH8ReypT9QQ0BLoJS7/G9k6N81XjW4qHWtjWwe/9eLy1EQ==", - "dev": true, - "dependencies": { - "define-lazy-prop": "^2.0.0", - "is-docker": "^2.1.1", - "is-wsl": "^2.2.0" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/optionator": { - "version": "0.9.4", - "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.4.tgz", - "integrity": "sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==", - "dev": true, - "dependencies": { - "deep-is": "^0.1.3", - "fast-levenshtein": "^2.0.6", - "levn": "^0.4.1", - "prelude-ls": "^1.2.1", - "type-check": "^0.4.0", - "word-wrap": "^1.2.5" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/ora": { - "version": "5.4.1", - "resolved": "https://registry.npmjs.org/ora/-/ora-5.4.1.tgz", - "integrity": "sha512-5b6Y85tPxZZ7QytO+BQzysW31HJku27cRIlkbAXaNx+BdcVi+LlRFmVXzeF6a7JCwJpyw5c4b+YSVImQIrBpuQ==", - "dev": true, - "dependencies": { - "bl": "^4.1.0", - "chalk": "^4.1.0", - "cli-cursor": "^3.1.0", - "cli-spinners": "^2.5.0", - "is-interactive": "^1.0.0", - "is-unicode-supported": "^0.1.0", - "log-symbols": "^4.1.0", - "strip-ansi": "^6.0.0", - "wcwidth": "^1.0.1" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/p-limit": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz", - "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==", - "dev": true, - "dependencies": { - "yocto-queue": "^0.1.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/p-locate": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz", - "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==", - "dev": true, - "dependencies": { - "p-limit": "^3.0.2" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/p-map": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/p-map/-/p-map-4.0.0.tgz", - "integrity": "sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ==", - "dev": true, - "dependencies": { - "aggregate-error": "^3.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/p-try": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz", - "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/pako": { - "version": "1.0.11", - "resolved": "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz", - "integrity": "sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==" - }, - "node_modules/parent-module": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz", - "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==", - "dev": true, - "dependencies": { - "callsites": "^3.0.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/parse-json": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-5.2.0.tgz", - "integrity": "sha512-ayCKvm/phCGxOkYRSCM82iDwct8/EonSEgCSxWxD7ve6jHggsFl4fZVQBPRNgQoKiuV/odhFrGzQXZwbifC8Rg==", - "dev": true, - "dependencies": { - "@babel/code-frame": "^7.0.0", - "error-ex": "^1.3.1", - "json-parse-even-better-errors": "^2.3.0", - "lines-and-columns": "^1.1.6" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/parse5": { - "version": "7.1.2", - "resolved": "https://registry.npmjs.org/parse5/-/parse5-7.1.2.tgz", - "integrity": "sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==", - "dev": true, - "dependencies": { - "entities": "^4.4.0" - }, - "funding": { - "url": "https://github.com/inikulin/parse5?sponsor=1" - } - }, - "node_modules/parseurl": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", - "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/path-exists": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz", - "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/path-is-absolute": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", - "integrity": "sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/path-key": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz", - "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/path-parse": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", - "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", - "dev": true - }, - "node_modules/path-scurry": { - "version": "1.11.1", - "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz", - "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==", - "dev": true, - "dependencies": { - "lru-cache": "^10.2.0", - "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0" - }, - "engines": { - "node": ">=16 || 14 >=14.18" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/path-scurry/node_modules/lru-cache": { - "version": "10.2.2", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz", - "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==", - "dev": true, - "engines": { - "node": "14 || >=16.14" - } - }, - "node_modules/path-to-regexp": { - "version": "0.1.7", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz", - "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==", - "dev": true - }, - "node_modules/path-type": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz", - "integrity": "sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/pathe": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/pathe/-/pathe-1.1.2.tgz", - "integrity": "sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==", - "dev": true - }, - "node_modules/pathval": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz", - "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==", - "dev": true, - "engines": { - "node": "*" - } - }, - "node_modules/peek-stream": { - "version": "1.1.3", - "resolved": "https://registry.npmjs.org/peek-stream/-/peek-stream-1.1.3.tgz", - "integrity": "sha512-FhJ+YbOSBb9/rIl2ZeE/QHEsWn7PqNYt8ARAY3kIgNGOk13g9FGyIY6JIl/xB/3TFRVoTv5as0l11weORrTekA==", - "dev": true, - "dependencies": { - "buffer-from": "^1.0.0", - "duplexify": "^3.5.0", - "through2": "^2.0.3" - } - }, - "node_modules/pend": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", - "integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==", - "dev": true - }, - "node_modules/periscopic": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/periscopic/-/periscopic-3.1.0.tgz", - "integrity": "sha512-vKiQ8RRtkl9P+r/+oefh25C3fhybptkHKCZSPlcXiJux2tJF55GnEj3BVn4A5gKfq9NWWXXrxkHBwVPUfH0opw==", - "dependencies": { - "@types/estree": "^1.0.0", - "estree-walker": "^3.0.0", - "is-reference": "^3.0.0" - } - }, - "node_modules/periscopic/node_modules/estree-walker": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", - "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", - "dependencies": { - "@types/estree": "^1.0.0" - } - }, - "node_modules/periscopic/node_modules/is-reference": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/is-reference/-/is-reference-3.0.2.tgz", - "integrity": "sha512-v3rht/LgVcsdZa3O2Nqs+NMowLOxeOm7Ay9+/ARQ2F+qEoANRcqrjAZKGN0v8ymUetZGgkp26LTnGT7H0Qo9Pg==", - "dependencies": { - "@types/estree": "*" - } - }, - "node_modules/picocolors": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.1.tgz", - "integrity": "sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==", - "dev": true - }, - "node_modules/picomatch": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", - "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", - "engines": { - "node": ">=8.6" - }, - "funding": { - "url": "https://github.com/sponsors/jonschlinkert" - } - }, - "node_modules/pify": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-5.0.0.tgz", - "integrity": "sha512-eW/gHNMlxdSP6dmG6uJip6FXN0EQBwm2clYYd8Wul42Cwu/DK8HEftzsapcNdYe2MfLiIwZqsDk2RDEsTE79hA==", - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/pirates": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz", - "integrity": "sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg==", - "dev": true, - "engines": { - "node": ">= 6" - } - }, - "node_modules/pkg-dir": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-5.0.0.tgz", - "integrity": "sha512-NPE8TDbzl/3YQYY7CSS228s3g2ollTFnc+Qi3tqmqJp9Vg2ovUpixcJEo2HJScN2Ez+kEaal6y70c0ehqJBJeA==", - "dev": true, - "dependencies": { - "find-up": "^5.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/pkg-types": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/pkg-types/-/pkg-types-1.1.1.tgz", - "integrity": "sha512-ko14TjmDuQJ14zsotODv7dBlwxKhUKQEhuhmbqo1uCi9BB0Z2alo/wAXg6q1dTR5TyuqYyWhjtfe/Tsh+X28jQ==", - "dev": true, - "dependencies": { - "confbox": "^0.1.7", - "mlly": "^1.7.0", - "pathe": "^1.1.2" - } - }, - "node_modules/playwright": { - "version": "1.44.1", - "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.44.1.tgz", - "integrity": "sha512-qr/0UJ5CFAtloI3avF95Y0L1xQo6r3LQArLIg/z/PoGJ6xa+EwzrwO5lpNr/09STxdHuUoP2mvuELJS+hLdtgg==", - "dev": true, - "dependencies": { - "playwright-core": "1.44.1" - }, - "bin": { - "playwright": "cli.js" - }, - "engines": { - "node": ">=16" - }, - "optionalDependencies": { - "fsevents": "2.3.2" - } - }, - "node_modules/playwright-core": { - "version": "1.44.1", - "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.44.1.tgz", - "integrity": "sha512-wh0JWtYTrhv1+OSsLPgFzGzt67Y7BE/ZS3jEqgGBlp2ppp1ZDj8c+9IARNW4dwf1poq5MgHreEM2KV/GuR4cFA==", - "dev": true, - "bin": { - "playwright-core": "cli.js" - }, - "engines": { - "node": ">=16" - } - }, - "node_modules/playwright/node_modules/fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "hasInstallScript": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, - "node_modules/polished": { - "version": "4.3.1", - "resolved": "https://registry.npmjs.org/polished/-/polished-4.3.1.tgz", - "integrity": "sha512-OBatVyC/N7SCW/FaDHrSd+vn0o5cS855TOmYi4OkdWUMSJCET/xip//ch8xGUvtr3i44X9LVyWwQlRMTN3pwSA==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.17.8" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/possible-typed-array-names": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/possible-typed-array-names/-/possible-typed-array-names-1.0.0.tgz", - "integrity": "sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==", - "dev": true, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/postcss": { - "version": "8.4.38", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz", - "integrity": "sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/postcss" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "nanoid": "^3.3.7", - "picocolors": "^1.0.0", - "source-map-js": "^1.2.0" - }, - "engines": { - "node": "^10 || ^12 || >=14" - } - }, - "node_modules/postcss-import": { - "version": "15.1.0", - "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz", - "integrity": "sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==", - "dev": true, - "dependencies": { - "postcss-value-parser": "^4.0.0", - "read-cache": "^1.0.0", - "resolve": "^1.1.7" - }, - "engines": { - "node": ">=14.0.0" - }, - "peerDependencies": { - "postcss": "^8.0.0" - } - }, - "node_modules/postcss-js": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/postcss-js/-/postcss-js-4.0.1.tgz", - "integrity": "sha512-dDLF8pEO191hJMtlHFPRa8xsizHaM82MLfNkUHdUtVEV3tgTp5oj+8qbEqYM57SLfc74KSbw//4SeJma2LRVIw==", - "dev": true, - "dependencies": { - "camelcase-css": "^2.0.1" - }, - "engines": { - "node": "^12 || ^14 || >= 16" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - "peerDependencies": { - "postcss": "^8.4.21" - } - }, - "node_modules/postcss-load-config": { - "version": "3.1.4", - "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-3.1.4.tgz", - "integrity": "sha512-6DiM4E7v4coTE4uzA8U//WhtPwyhiim3eyjEMFCnUpzbrkK9wJHgKDT2mR+HbtSrd/NubVaYTOpSpjUl8NQeRg==", - "dev": true, - "dependencies": { - "lilconfig": "^2.0.5", - "yaml": "^1.10.2" - }, - "engines": { - "node": ">= 10" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - "peerDependencies": { - "postcss": ">=8.0.9", - "ts-node": ">=9.0.0" - }, - "peerDependenciesMeta": { - "postcss": { - "optional": true - }, - "ts-node": { - "optional": true - } - } - }, - "node_modules/postcss-nested": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz", - "integrity": "sha512-mEp4xPMi5bSWiMbsgoPfcP74lsWLHkQbZc3sY+jWYd65CUwXrUaTp0fmNpa01ZcETKlIgUdFN/MpS2xZtqL9dQ==", - "dev": true, - "dependencies": { - "postcss-selector-parser": "^6.0.11" - }, - "engines": { - "node": ">=12.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - "peerDependencies": { - "postcss": "^8.2.14" - } - }, - "node_modules/postcss-nested/node_modules/postcss-selector-parser": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.0.tgz", - "integrity": "sha512-UMz42UD0UY0EApS0ZL9o1XnLhSTtvvvLe5Dc2H2O56fvRZi+KulDyf5ctDhhtYJBGKStV2FL1fy6253cmLgqVQ==", - "dev": true, - "dependencies": { - "cssesc": "^3.0.0", - "util-deprecate": "^1.0.2" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/postcss-safe-parser": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/postcss-safe-parser/-/postcss-safe-parser-6.0.0.tgz", - "integrity": "sha512-FARHN8pwH+WiS2OPCxJI8FuRJpTVnn6ZNFiqAM2aeW2LwTHWWmWgIyKC6cUo0L8aeKiF/14MNvnpls6R2PBeMQ==", - "dev": true, - "engines": { - "node": ">=12.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - "peerDependencies": { - "postcss": "^8.3.3" - } - }, - "node_modules/postcss-scss": { - "version": "4.0.9", - "resolved": "https://registry.npmjs.org/postcss-scss/-/postcss-scss-4.0.9.tgz", - "integrity": "sha512-AjKOeiwAitL/MXxQW2DliT28EKukvvbEWx3LBmJIRN8KfBGZbRTxNYW0kSqi1COiTZ57nZ9NW06S6ux//N1c9A==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/postcss-scss" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "engines": { - "node": ">=12.0" - }, - "peerDependencies": { - "postcss": "^8.4.29" - } - }, - "node_modules/postcss-selector-parser": { - "version": "6.0.10", - "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.0.10.tgz", - "integrity": "sha512-IQ7TZdoaqbT+LCpShg46jnZVlhWD2w6iQYAcYXfHARZ7X1t/UGhhceQDs5X0cGqKvYlHNOuv7Oa1xmb0oQuA3w==", - "dev": true, - "dependencies": { - "cssesc": "^3.0.0", - "util-deprecate": "^1.0.2" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/postcss-value-parser": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz", - "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==", - "dev": true - }, - "node_modules/posthog-node": { - "version": "3.1.3", - "resolved": "https://registry.npmjs.org/posthog-node/-/posthog-node-3.1.3.tgz", - "integrity": "sha512-UaOOoWEUYTcaaDe1w0fgHW/sXvFr3RO0l7yI7RUDzkZNZCfwXNO9r3pc14d1EtNppF/SHBrV5hNiZZATpf/vUw==", - "dependencies": { - "axios": "^1.6.0", - "rusha": "^0.8.14" - }, - "engines": { - "node": ">=15.0.0" - } - }, - "node_modules/prelude-ls": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz", - "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==", - "dev": true, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/prettier": { - "version": "2.8.8", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-2.8.8.tgz", - "integrity": "sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q==", - "dev": true, - "bin": { - "prettier": "bin-prettier.js" - }, - "engines": { - "node": ">=10.13.0" - }, - "funding": { - "url": "https://github.com/prettier/prettier?sponsor=1" - } - }, - "node_modules/prettier-plugin-svelte": { - "version": "2.10.1", - "resolved": "https://registry.npmjs.org/prettier-plugin-svelte/-/prettier-plugin-svelte-2.10.1.tgz", - "integrity": "sha512-Wlq7Z5v2ueCubWo0TZzKc9XHcm7TDxqcuzRuGd0gcENfzfT4JZ9yDlCbEgxWgiPmLHkBjfOtpAWkcT28MCDpUQ==", - "dev": true, - "peerDependencies": { - "prettier": "^1.16.4 || ^2.0.0", - "svelte": "^3.2.0 || ^4.0.0-next.0" - } - }, - "node_modules/pretty-format": { - "version": "27.5.1", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-27.5.1.tgz", - "integrity": "sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==", - "dev": true, - "dependencies": { - "ansi-regex": "^5.0.1", - "ansi-styles": "^5.0.0", - "react-is": "^17.0.1" - }, - "engines": { - "node": "^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0" - } - }, - "node_modules/pretty-format/node_modules/ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/pretty-hrtime": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz", - "integrity": "sha512-66hKPCr+72mlfiSjlEB1+45IjXSqvVAIy6mocupoww4tBFE9R9IhwwUGoI4G++Tc9Aq+2rxOt0RFU6gPcrte0A==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/process": { - "version": "0.11.10", - "resolved": "https://registry.npmjs.org/process/-/process-0.11.10.tgz", - "integrity": "sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==", - "dev": true, - "engines": { - "node": ">= 0.6.0" - } - }, - "node_modules/process-nextick-args": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", - "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", - "dev": true - }, - "node_modules/progress": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", - "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==", - "dev": true, - "engines": { - "node": ">=0.4.0" - } - }, - "node_modules/prompts": { - "version": "2.4.2", - "resolved": "https://registry.npmjs.org/prompts/-/prompts-2.4.2.tgz", - "integrity": "sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==", - "dev": true, - "dependencies": { - "kleur": "^3.0.3", - "sisteransi": "^1.0.5" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/prompts/node_modules/kleur": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/kleur/-/kleur-3.0.3.tgz", - "integrity": "sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/property-expr": { - "version": "2.0.6", - "resolved": "https://registry.npmjs.org/property-expr/-/property-expr-2.0.6.tgz", - "integrity": "sha512-SVtmxhRE/CGkn3eZY1T6pC8Nln6Fr/lu1mKSgRud0eC73whjGfoAogbn78LkD8aFL0zz3bAFerKSnOl7NlErBA==", - "dev": true, - "optional": true - }, - "node_modules/proxy-addr": { - "version": "2.0.7", - "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", - "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", - "dev": true, - "dependencies": { - "forwarded": "0.2.0", - "ipaddr.js": "1.9.1" - }, - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/proxy-from-env": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", - "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" - }, - "node_modules/psl": { - "version": "1.9.0", - "resolved": "https://registry.npmjs.org/psl/-/psl-1.9.0.tgz", - "integrity": "sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==", - "dev": true - }, - "node_modules/pump": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.0.tgz", - "integrity": "sha512-LwZy+p3SFs1Pytd/jYct4wpv49HiYCqd9Rlc5ZVdk0V+8Yzv6jR5Blk3TRmPL1ft69TxP0IMZGJ+WPFU2BFhww==", - "dev": true, - "dependencies": { - "end-of-stream": "^1.1.0", - "once": "^1.3.1" - } - }, - "node_modules/pumpify": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/pumpify/-/pumpify-1.5.1.tgz", - "integrity": "sha512-oClZI37HvuUJJxSKKrC17bZ9Cu0ZYhEAGPsPUy9KlMUmv9dKX2o77RUmq7f3XjIxbwyGwYzbzQ1L2Ks8sIradQ==", - "dev": true, - "dependencies": { - "duplexify": "^3.6.0", - "inherits": "^2.0.3", - "pump": "^2.0.0" - } - }, - "node_modules/pumpify/node_modules/pump": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/pump/-/pump-2.0.1.tgz", - "integrity": "sha512-ruPMNRkN3MHP1cWJc9OWr+T/xDP0jhXYCLfJcBuX54hhfIBnaQmAUMfDcG4DM5UMWByBbJY69QSphm3jtDKIkA==", - "dev": true, - "dependencies": { - "end-of-stream": "^1.1.0", - "once": "^1.3.1" - } - }, - "node_modules/punycode": { - "version": "2.3.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", - "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/puppeteer-core": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/puppeteer-core/-/puppeteer-core-2.1.1.tgz", - "integrity": "sha512-n13AWriBMPYxnpbb6bnaY5YoY6rGj8vPLrz6CZF3o0qJNEwlcfJVxBzYZ0NJsQ21UbdJoijPCDrM++SUVEz7+w==", - "dev": true, - "dependencies": { - "@types/mime-types": "^2.1.0", - "debug": "^4.1.0", - "extract-zip": "^1.6.6", - "https-proxy-agent": "^4.0.0", - "mime": "^2.0.3", - "mime-types": "^2.1.25", - "progress": "^2.0.1", - "proxy-from-env": "^1.0.0", - "rimraf": "^2.6.1", - "ws": "^6.1.0" - }, - "engines": { - "node": ">=8.16.0" - } - }, - "node_modules/puppeteer-core/node_modules/agent-base": { - "version": "5.1.1", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-5.1.1.tgz", - "integrity": "sha512-TMeqbNl2fMW0nMjTEPOwe3J/PRFP4vqeoNuQMG0HlMrtm5QxKqdvAkZ1pRBQ/ulIyDD5Yq0nJ7YbdD8ey0TO3g==", - "dev": true, - "engines": { - "node": ">= 6.0.0" - } - }, - "node_modules/puppeteer-core/node_modules/glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "deprecated": "Glob versions prior to v9 are no longer supported", - "dev": true, - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, - "engines": { - "node": "*" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/puppeteer-core/node_modules/https-proxy-agent": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-4.0.0.tgz", - "integrity": "sha512-zoDhWrkR3of1l9QAL8/scJZyLu8j/gBkcwcaQOZh7Gyh/+uJQzGVETdgT30akuwkpL8HTRfssqI3BZuV18teDg==", - "dev": true, - "dependencies": { - "agent-base": "5", - "debug": "4" - }, - "engines": { - "node": ">= 6.0.0" - } - }, - "node_modules/puppeteer-core/node_modules/mime": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/mime/-/mime-2.6.0.tgz", - "integrity": "sha512-USPkMeET31rOMiarsBNIHZKLGgvKc/LrjofAnBlOttf5ajRvqiRA8QsenbcooctK6d6Ts6aqZXBA+XbkKthiQg==", - "dev": true, - "bin": { - "mime": "cli.js" - }, - "engines": { - "node": ">=4.0.0" - } - }, - "node_modules/puppeteer-core/node_modules/rimraf": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", - "deprecated": "Rimraf versions prior to v4 are no longer supported", - "dev": true, - "dependencies": { - "glob": "^7.1.3" - }, - "bin": { - "rimraf": "bin.js" - } - }, - "node_modules/puppeteer-core/node_modules/ws": { - "version": "6.2.3", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.3.tgz", - "integrity": "sha512-jmTjYU0j60B+vHey6TfR3Z7RD61z/hmxBS3VMSGIrroOWXQEneK1zNuotOUrGyBHQj0yrpsLHPWtigEFd13ndA==", - "dev": true, - "dependencies": { - "async-limiter": "~1.0.0" - } - }, - "node_modules/purgecss": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/purgecss/-/purgecss-6.0.0.tgz", - "integrity": "sha512-s3EBxg5RSWmpqd0KGzNqPiaBbWDz1/As+2MzoYVGMqgDqRTLBhJW6sywfTBek7OwNfoS/6pS0xdtvChNhFj2cw==", - "dev": true, - "dependencies": { - "commander": "^12.0.0", - "glob": "^10.3.10", - "postcss": "^8.4.4", - "postcss-selector-parser": "^6.0.7" - }, - "bin": { - "purgecss": "bin/purgecss.js" - } - }, - "node_modules/purgecss/node_modules/commander": { - "version": "12.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz", - "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==", - "dev": true, - "engines": { - "node": ">=18" - } - }, - "node_modules/qs": { - "version": "6.12.1", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.12.1.tgz", - "integrity": "sha512-zWmv4RSuB9r2mYQw3zxQuHWeU+42aKi1wWig/j4ele4ygELZ7PEO6MM7rim9oAQH2A5MWfsAVf/jPvTPgCbvUQ==", - "dev": true, - "dependencies": { - "side-channel": "^1.0.6" - }, - "engines": { - "node": ">=0.6" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/querystringify": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", - "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==", - "dev": true - }, - "node_modules/queue-microtask": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", - "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, - "node_modules/ramda": { - "version": "0.29.0", - "resolved": "https://registry.npmjs.org/ramda/-/ramda-0.29.0.tgz", - "integrity": "sha512-BBea6L67bYLtdbOqfp8f58fPMqEwx0doL+pAi8TZyp2YWz8R9G8z9x75CZI8W+ftqhFHCpEX2cRnUUXK130iKA==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/ramda" - } - }, - "node_modules/range-parser": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", - "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", - "dev": true, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/raw-body": { - "version": "2.5.2", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", - "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", - "dev": true, - "dependencies": { - "bytes": "3.1.2", - "http-errors": "2.0.0", - "iconv-lite": "0.4.24", - "unpipe": "1.0.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/react": { - "version": "18.3.1", - "resolved": "https://registry.npmjs.org/react/-/react-18.3.1.tgz", - "integrity": "sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==", - "dev": true, - "dependencies": { - "loose-envify": "^1.1.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/react-colorful": { - "version": "5.6.1", - "resolved": "https://registry.npmjs.org/react-colorful/-/react-colorful-5.6.1.tgz", - "integrity": "sha512-1exovf0uGTGyq5mXQT0zgQ80uvj2PCwvF8zY1RN9/vbJVSjSo3fsB/4L3ObbF7u70NduSiK4xu4Y6q1MHoUGEw==", - "dev": true, - "peerDependencies": { - "react": ">=16.8.0", - "react-dom": ">=16.8.0" - } - }, - "node_modules/react-dom": { - "version": "18.3.1", - "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-18.3.1.tgz", - "integrity": "sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==", - "dev": true, - "dependencies": { - "loose-envify": "^1.1.0", - "scheduler": "^0.23.2" - }, - "peerDependencies": { - "react": "^18.3.1" - } - }, - "node_modules/react-is": { - "version": "17.0.2", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-17.0.2.tgz", - "integrity": "sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==", - "dev": true - }, - "node_modules/react-remove-scroll": { - "version": "2.5.5", - "resolved": "https://registry.npmjs.org/react-remove-scroll/-/react-remove-scroll-2.5.5.tgz", - "integrity": "sha512-ImKhrzJJsyXJfBZ4bzu8Bwpka14c/fQt0k+cyFp/PBhTfyDnU5hjOtM4AG/0AMyy8oKzOTR0lDgJIM7pYXI0kw==", - "dev": true, - "dependencies": { - "react-remove-scroll-bar": "^2.3.3", - "react-style-singleton": "^2.2.1", - "tslib": "^2.1.0", - "use-callback-ref": "^1.3.0", - "use-sidecar": "^1.1.2" - }, - "engines": { - "node": ">=10" - }, - "peerDependencies": { - "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react": "^16.8.0 || ^17.0.0 || ^18.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/react-remove-scroll-bar": { - "version": "2.3.6", - "resolved": "https://registry.npmjs.org/react-remove-scroll-bar/-/react-remove-scroll-bar-2.3.6.tgz", - "integrity": "sha512-DtSYaao4mBmX+HDo5YWYdBWQwYIQQshUV/dVxFxK+KM26Wjwp1gZ6rv6OC3oujI6Bfu6Xyg3TwK533AQutsn/g==", - "dev": true, - "dependencies": { - "react-style-singleton": "^2.2.1", - "tslib": "^2.0.0" - }, - "engines": { - "node": ">=10" - }, - "peerDependencies": { - "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react": "^16.8.0 || ^17.0.0 || ^18.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/react-style-singleton": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/react-style-singleton/-/react-style-singleton-2.2.1.tgz", - "integrity": "sha512-ZWj0fHEMyWkHzKYUr2Bs/4zU6XLmq9HsgBURm7g5pAVfyn49DgUiNgY2d4lXRlYSiCif9YBGpQleewkcqddc7g==", - "dev": true, - "dependencies": { - "get-nonce": "^1.0.0", - "invariant": "^2.2.4", - "tslib": "^2.0.0" - }, - "engines": { - "node": ">=10" - }, - "peerDependencies": { - "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react": "^16.8.0 || ^17.0.0 || ^18.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/read-cache": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz", - "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==", - "dev": true, - "dependencies": { - "pify": "^2.3.0" - } - }, - "node_modules/read-cache/node_modules/pify": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", - "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/read-pkg": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-5.2.0.tgz", - "integrity": "sha512-Ug69mNOpfvKDAc2Q8DRpMjjzdtrnv9HcSMX+4VsZxD1aZ6ZzrIE7rlzXBtWTyhULSMKg076AW6WR5iZpD0JiOg==", - "dev": true, - "dependencies": { - "@types/normalize-package-data": "^2.4.0", - "normalize-package-data": "^2.5.0", - "parse-json": "^5.0.0", - "type-fest": "^0.6.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/read-pkg-up": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-7.0.1.tgz", - "integrity": "sha512-zK0TB7Xd6JpCLmlLmufqykGE+/TlOePD6qKClNW7hHDKFh/J7/7gCWGR7joEQEW1bKq3a3yUZSObOoWLFQ4ohg==", - "dev": true, - "dependencies": { - "find-up": "^4.1.0", - "read-pkg": "^5.2.0", - "type-fest": "^0.8.1" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/read-pkg-up/node_modules/find-up": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz", - "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==", - "dev": true, - "dependencies": { - "locate-path": "^5.0.0", - "path-exists": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/read-pkg-up/node_modules/locate-path": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz", - "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==", - "dev": true, - "dependencies": { - "p-locate": "^4.1.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/read-pkg-up/node_modules/p-limit": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz", - "integrity": "sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==", - "dev": true, - "dependencies": { - "p-try": "^2.0.0" - }, - "engines": { - "node": ">=6" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/read-pkg-up/node_modules/p-locate": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz", - "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==", - "dev": true, - "dependencies": { - "p-limit": "^2.2.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/read-pkg-up/node_modules/type-fest": { - "version": "0.8.1", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz", - "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/read-pkg/node_modules/type-fest": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.6.0.tgz", - "integrity": "sha512-q+MB8nYR1KDLrgr4G5yemftpMC7/QLqVndBmEEdqzmNj5dcFOO4Oo8qlwZE3ULT3+Zim1F8Kq4cBnikNhlCMlg==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/readable-stream": { - "version": "3.6.2", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", - "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", - "dev": true, - "dependencies": { - "inherits": "^2.0.3", - "string_decoder": "^1.1.1", - "util-deprecate": "^1.0.1" - }, - "engines": { - "node": ">= 6" - } - }, - "node_modules/readdirp": { - "version": "3.6.0", - "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", - "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", - "dependencies": { - "picomatch": "^2.2.1" - }, - "engines": { - "node": ">=8.10.0" - } - }, - "node_modules/recast": { - "version": "0.23.9", - "resolved": "https://registry.npmjs.org/recast/-/recast-0.23.9.tgz", - "integrity": "sha512-Hx/BGIbwj+Des3+xy5uAtAbdCyqK9y9wbBcDFDYanLS9JnMqf7OeF87HQwUimE87OEc72mr6tkKUKMBBL+hF9Q==", - "dev": true, - "dependencies": { - "ast-types": "^0.16.1", - "esprima": "~4.0.0", - "source-map": "~0.6.1", - "tiny-invariant": "^1.3.3", - "tslib": "^2.0.1" - }, - "engines": { - "node": ">= 4" - } - }, - "node_modules/redent": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/redent/-/redent-3.0.0.tgz", - "integrity": "sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==", - "dev": true, - "dependencies": { - "indent-string": "^4.0.0", - "strip-indent": "^3.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/regenerate": { - "version": "1.4.2", - "resolved": "https://registry.npmjs.org/regenerate/-/regenerate-1.4.2.tgz", - "integrity": "sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==", - "dev": true - }, - "node_modules/regenerate-unicode-properties": { - "version": "10.1.1", - "resolved": "https://registry.npmjs.org/regenerate-unicode-properties/-/regenerate-unicode-properties-10.1.1.tgz", - "integrity": "sha512-X007RyZLsCJVVrjgEFVpLUTZwyOZk3oiL75ZcuYjlIWd6rNJtOjkBwQc5AsRrpbKVkxN6sklw/k/9m2jJYOf8Q==", - "dev": true, - "dependencies": { - "regenerate": "^1.4.2" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/regenerator-runtime": { - "version": "0.14.1", - "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.14.1.tgz", - "integrity": "sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==", - "dev": true - }, - "node_modules/regenerator-transform": { - "version": "0.15.2", - "resolved": "https://registry.npmjs.org/regenerator-transform/-/regenerator-transform-0.15.2.tgz", - "integrity": "sha512-hfMp2BoF0qOk3uc5V20ALGDS2ddjQaLrdl7xrGXvAIow7qeWRM2VA2HuCHkUKk9slq3VwEwLNK3DFBqDfPGYtg==", - "dev": true, - "dependencies": { - "@babel/runtime": "^7.8.4" - } - }, - "node_modules/regexp.prototype.flags": { - "version": "1.5.2", - "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.5.2.tgz", - "integrity": "sha512-NcDiDkTLuPR+++OCKB0nWafEmhg/Da8aUPLPMQbK+bxKKCm1/S5he+AqYa4PlMCVBalb4/yxIRub6qkEx5yJbw==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.6", - "define-properties": "^1.2.1", - "es-errors": "^1.3.0", - "set-function-name": "^2.0.1" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/regexpp": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.2.0.tgz", - "integrity": "sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==", - "dev": true, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/mysticatea" - } - }, - "node_modules/regexpu-core": { - "version": "5.3.2", - "resolved": "https://registry.npmjs.org/regexpu-core/-/regexpu-core-5.3.2.tgz", - "integrity": "sha512-RAM5FlZz+Lhmo7db9L298p2vHP5ZywrVXmVXpmAD9GuL5MPH6t9ROw1iA/wfHkQ76Qe7AaPF0nGuim96/IrQMQ==", - "dev": true, - "dependencies": { - "@babel/regjsgen": "^0.8.0", - "regenerate": "^1.4.2", - "regenerate-unicode-properties": "^10.1.0", - "regjsparser": "^0.9.1", - "unicode-match-property-ecmascript": "^2.0.0", - "unicode-match-property-value-ecmascript": "^2.1.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/regjsparser": { - "version": "0.9.1", - "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.9.1.tgz", - "integrity": "sha512-dQUtn90WanSNl+7mQKcXAgZxvUe7Z0SqXlgzv0za4LwiUhyzBC58yQO3liFoUgu8GiJVInAhJjkj1N0EtQ5nkQ==", - "dev": true, - "dependencies": { - "jsesc": "~0.5.0" - }, - "bin": { - "regjsparser": "bin/parser" - } - }, - "node_modules/regjsparser/node_modules/jsesc": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-0.5.0.tgz", - "integrity": "sha512-uZz5UnB7u4T9LvwmFqXii7pZSouaRPorGs5who1Ip7VO0wxanFvBL7GkM6dTHlgX+jhBApRetaWpnDabOeTcnA==", - "dev": true, - "bin": { - "jsesc": "bin/jsesc" - } - }, - "node_modules/remark-external-links": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/remark-external-links/-/remark-external-links-8.0.0.tgz", - "integrity": "sha512-5vPSX0kHoSsqtdftSHhIYofVINC8qmp0nctkeU9YoJwV3YfiBRiI6cbFRJ0oI/1F9xS+bopXG0m2KS8VFscuKA==", - "dev": true, - "dependencies": { - "extend": "^3.0.0", - "is-absolute-url": "^3.0.0", - "mdast-util-definitions": "^4.0.0", - "space-separated-tokens": "^1.0.0", - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/remark-slug": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/remark-slug/-/remark-slug-6.1.0.tgz", - "integrity": "sha512-oGCxDF9deA8phWvxFuyr3oSJsdyUAxMFbA0mZ7Y1Sas+emILtO+e5WutF9564gDsEN4IXaQXm5pFo6MLH+YmwQ==", - "dev": true, - "dependencies": { - "github-slugger": "^1.0.0", - "mdast-util-to-string": "^1.0.0", - "unist-util-visit": "^2.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/requireindex": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/requireindex/-/requireindex-1.2.0.tgz", - "integrity": "sha512-L9jEkOi3ASd9PYit2cwRfyppc9NoABujTP8/5gFcbERmo5jUoAKovIC3fsF17pkTnGsrByysqX+Kxd2OTNI1ww==", - "dev": true, - "engines": { - "node": ">=0.10.5" - } - }, - "node_modules/requires-port": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", - "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", - "dev": true - }, - "node_modules/resolve": { - "version": "1.22.8", - "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz", - "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==", - "dev": true, - "dependencies": { - "is-core-module": "^2.13.0", - "path-parse": "^1.0.7", - "supports-preserve-symlinks-flag": "^1.0.0" - }, - "bin": { - "resolve": "bin/resolve" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/resolve-from": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz", - "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/restore-cursor": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-3.1.0.tgz", - "integrity": "sha512-l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA==", - "dev": true, - "dependencies": { - "onetime": "^5.1.0", - "signal-exit": "^3.0.2" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/restore-cursor/node_modules/signal-exit": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", - "dev": true - }, - "node_modules/reusify": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz", - "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", - "dev": true, - "engines": { - "iojs": ">=1.0.0", - "node": ">=0.10.0" - } - }, - "node_modules/rimraf": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", - "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==", - "deprecated": "Rimraf versions prior to v4 are no longer supported", - "dev": true, - "dependencies": { - "glob": "^7.1.3" - }, - "bin": { - "rimraf": "bin.js" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/rimraf/node_modules/glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "deprecated": "Glob versions prior to v9 are no longer supported", - "dev": true, - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, - "engines": { - "node": "*" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/rollup": { - "version": "3.29.4", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-3.29.4.tgz", - "integrity": "sha512-oWzmBZwvYrU0iJHtDmhsm662rC15FRXmcjCk1xD771dFDx5jJ02ufAQQTn0etB2emNk4J9EZg/yWKpsn9BWGRw==", - "dev": true, - "bin": { - "rollup": "dist/bin/rollup" - }, - "engines": { - "node": ">=14.18.0", - "npm": ">=8.0.0" - }, - "optionalDependencies": { - "fsevents": "~2.3.2" - } - }, - "node_modules/rrweb-cssom": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/rrweb-cssom/-/rrweb-cssom-0.6.0.tgz", - "integrity": "sha512-APM0Gt1KoXBz0iIkkdB/kfvGOwC4UuJFeG/c+yV7wSc7q96cG/kJ0HiYCnzivD9SB53cLV1MlHFNfOuPaadYSw==", - "dev": true - }, - "node_modules/run-parallel": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz", - "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], - "dependencies": { - "queue-microtask": "^1.2.2" - } - }, - "node_modules/rusha": { - "version": "0.8.14", - "resolved": "https://registry.npmjs.org/rusha/-/rusha-0.8.14.tgz", - "integrity": "sha512-cLgakCUf6PedEu15t8kbsjnwIFFR2D4RfL+W3iWFJ4iac7z4B0ZI8fxy4R3J956kAI68HclCFGL8MPoUVC3qVA==" - }, - "node_modules/sade": { - "version": "1.8.1", - "resolved": "https://registry.npmjs.org/sade/-/sade-1.8.1.tgz", - "integrity": "sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==", - "dev": true, - "dependencies": { - "mri": "^1.1.0" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, - "node_modules/safer-buffer": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", - "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", - "dev": true - }, - "node_modules/sander": { - "version": "0.5.1", - "resolved": "https://registry.npmjs.org/sander/-/sander-0.5.1.tgz", - "integrity": "sha512-3lVqBir7WuKDHGrKRDn/1Ye3kwpXaDOMsiRP1wd6wpZW56gJhsbp5RqQpA6JG/P+pkXizygnr1dKR8vzWaVsfA==", - "dev": true, - "dependencies": { - "es6-promise": "^3.1.2", - "graceful-fs": "^4.1.3", - "mkdirp": "^0.5.1", - "rimraf": "^2.5.2" - } - }, - "node_modules/sander/node_modules/glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "deprecated": "Glob versions prior to v9 are no longer supported", - "dev": true, - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, - "engines": { - "node": "*" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/sander/node_modules/rimraf": { - "version": "2.7.1", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", - "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", - "deprecated": "Rimraf versions prior to v4 are no longer supported", - "dev": true, - "dependencies": { - "glob": "^7.1.3" - }, - "bin": { - "rimraf": "bin.js" - } - }, - "node_modules/saxes": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/saxes/-/saxes-6.0.0.tgz", - "integrity": "sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==", - "dev": true, - "dependencies": { - "xmlchars": "^2.2.0" - }, - "engines": { - "node": ">=v12.22.7" - } - }, - "node_modules/scheduler": { - "version": "0.23.2", - "resolved": "https://registry.npmjs.org/scheduler/-/scheduler-0.23.2.tgz", - "integrity": "sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==", - "dev": true, - "dependencies": { - "loose-envify": "^1.1.0" - } - }, - "node_modules/semver": { - "version": "6.3.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz", - "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - } - }, - "node_modules/send": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", - "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==", - "dev": true, - "dependencies": { - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "mime": "1.6.0", - "ms": "2.1.3", - "on-finished": "2.4.1", - "range-parser": "~1.2.1", - "statuses": "2.0.1" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/send/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dev": true, - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/send/node_modules/debug/node_modules/ms": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", - "dev": true - }, - "node_modules/send/node_modules/ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", - "dev": true - }, - "node_modules/seroval": { - "version": "0.5.1", - "resolved": "https://registry.npmjs.org/seroval/-/seroval-0.5.1.tgz", - "integrity": "sha512-ZfhQVB59hmIauJG5Ydynupy8KHyr5imGNtdDhbZG68Ufh1Ynkv9KOYOAABf71oVbQxJ8VkWnMHAjEHE7fWkH5g==", - "engines": { - "node": ">=10" - } - }, - "node_modules/serve-static": { - "version": "1.15.0", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz", - "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==", - "dev": true, - "dependencies": { - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "parseurl": "~1.3.3", - "send": "0.18.0" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/set-cookie-parser": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/set-cookie-parser/-/set-cookie-parser-2.6.0.tgz", - "integrity": "sha512-RVnVQxTXuerk653XfuliOxBP81Sf0+qfQE73LIYKcyMYHG94AuH0kgrQpRDuTZnSmjpysHmzxJXKNfa6PjFhyQ==", - "dev": true - }, - "node_modules/set-function-length": { - "version": "1.2.2", - "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz", - "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==", - "dev": true, - "dependencies": { - "define-data-property": "^1.1.4", - "es-errors": "^1.3.0", - "function-bind": "^1.1.2", - "get-intrinsic": "^1.2.4", - "gopd": "^1.0.1", - "has-property-descriptors": "^1.0.2" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/set-function-name": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/set-function-name/-/set-function-name-2.0.2.tgz", - "integrity": "sha512-7PGFlmtwsEADb0WYyvCMa1t+yke6daIG4Wirafur5kcf+MhUnPms1UeR0CKQdTZD81yESwMHbtn+TR+dMviakQ==", - "dev": true, - "dependencies": { - "define-data-property": "^1.1.4", - "es-errors": "^1.3.0", - "functions-have-names": "^1.2.3", - "has-property-descriptors": "^1.0.2" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/setprototypeof": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", - "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", - "dev": true - }, - "node_modules/sha.js": { - "version": "2.4.11", - "resolved": "https://registry.npmjs.org/sha.js/-/sha.js-2.4.11.tgz", - "integrity": "sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==", - "dependencies": { - "inherits": "^2.0.1", - "safe-buffer": "^5.0.1" - }, - "bin": { - "sha.js": "bin.js" - } - }, - "node_modules/shallow-clone": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz", - "integrity": "sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==", - "dev": true, - "dependencies": { - "kind-of": "^6.0.2" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/shebang-command": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz", - "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==", - "dev": true, - "dependencies": { - "shebang-regex": "^3.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/shebang-regex": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz", - "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/side-channel": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz", - "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==", - "dev": true, - "dependencies": { - "call-bind": "^1.0.7", - "es-errors": "^1.3.0", - "get-intrinsic": "^1.2.4", - "object-inspect": "^1.13.1" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/siginfo": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/siginfo/-/siginfo-2.0.0.tgz", - "integrity": "sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==", - "dev": true - }, - "node_modules/signal-exit": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz", - "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==", - "dev": true, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/simple-concat": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/simple-concat/-/simple-concat-1.0.1.tgz", - "integrity": "sha512-cSFtAPtRhljv69IK0hTVZQ+OfE9nePi/rtJmw5UjHeVyVroEqJXP1sFztKUy1qU+xvz3u/sfYJLa947b7nAN2Q==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, - "node_modules/simple-get": { - "version": "4.0.1", - "resolved": "https://registry.npmjs.org/simple-get/-/simple-get-4.0.1.tgz", - "integrity": "sha512-brv7p5WgH0jmQJr1ZDDfKDOSeWWg+OVypG99A/5vYGPqJ6pxiaHLy8nxtFjBA7oMa01ebA9gfh1uMCFqOuXxvA==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ], - "dependencies": { - "decompress-response": "^6.0.0", - "once": "^1.3.1", - "simple-concat": "^1.0.0" - } - }, - "node_modules/sirv": { - "version": "2.0.4", - "resolved": "https://registry.npmjs.org/sirv/-/sirv-2.0.4.tgz", - "integrity": "sha512-94Bdh3cC2PKrbgSOUqTiGPWVZeSiXfKOVZNJniWoqrWrRkB1CJzBU3NEbiTsPcYy1lDsANA/THzS+9WBiy5nfQ==", - "dev": true, - "dependencies": { - "@polka/url": "^1.0.0-next.24", - "mrmime": "^2.0.0", - "totalist": "^3.0.0" - }, - "engines": { - "node": ">= 10" - } - }, - "node_modules/sisteransi": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/sisteransi/-/sisteransi-1.0.5.tgz", - "integrity": "sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==", - "dev": true - }, - "node_modules/slash": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", - "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/solid-js": { - "version": "1.6.12", - "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.6.12.tgz", - "integrity": "sha512-JFqRobfG3q5r1l4RYVOAukk6+FWtHpXGIjgh/GEsHKweN/kK+iHOtzUALE6+P5t/jIcSNeGiVitX8gmJg+cYvQ==", - "dependencies": { - "csstype": "^3.1.0" - } - }, - "node_modules/sorcery": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/sorcery/-/sorcery-0.11.0.tgz", - "integrity": "sha512-J69LQ22xrQB1cIFJhPfgtLuI6BpWRiWu1Y3vSsIwK/eAScqJxd/+CJlUuHQRdX2C9NGFamq+KqNywGgaThwfHw==", - "dev": true, - "dependencies": { - "@jridgewell/sourcemap-codec": "^1.4.14", - "buffer-crc32": "^0.2.5", - "minimist": "^1.2.0", - "sander": "^0.5.0" - }, - "bin": { - "sorcery": "bin/sorcery" - } - }, - "node_modules/source-map": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", - "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/source-map-js": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz", - "integrity": "sha512-itJW8lvSA0TXEphiRoawsCksnlf8SyvmFzIhltqAHluXd88pkCd+cXJVHTDwdCr0IzwptSm035IHQktUu1QUMg==", - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/source-map-support": { - "version": "0.5.21", - "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz", - "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==", - "dev": true, - "dependencies": { - "buffer-from": "^1.0.0", - "source-map": "^0.6.0" - } - }, - "node_modules/space-separated-tokens": { - "version": "1.1.5", - "resolved": "https://registry.npmjs.org/space-separated-tokens/-/space-separated-tokens-1.1.5.tgz", - "integrity": "sha512-q/JSVd1Lptzhf5bkYm4ob4iWPjx0KiRe3sRFBNrVqbJkFaBm5vbbowy1mymoPNLRa52+oadOhJ+K49wsSeSjTA==", - "dev": true, - "funding": { - "type": "github", - "url": "https://github.com/sponsors/wooorm" - } - }, - "node_modules/spdx-correct": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.2.0.tgz", - "integrity": "sha512-kN9dJbvnySHULIluDHy32WHRUu3Og7B9sbY7tsFLctQkIqnMh3hErYgdMjTYuqmcXX+lK5T1lnUt3G7zNswmZA==", - "dev": true, - "dependencies": { - "spdx-expression-parse": "^3.0.0", - "spdx-license-ids": "^3.0.0" - } - }, - "node_modules/spdx-exceptions": { - "version": "2.5.0", - "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.5.0.tgz", - "integrity": "sha512-PiU42r+xO4UbUS1buo3LPJkjlO7430Xn5SVAhdpzzsPHsjbYVflnnFdATgabnLude+Cqu25p6N+g2lw/PFsa4w==", - "dev": true - }, - "node_modules/spdx-expression-parse": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.1.tgz", - "integrity": "sha512-cbqHunsQWnJNE6KhVSMsMeH5H/L9EpymbzqTQ3uLwNCLZ1Q481oWaofqH7nO6V07xlXwY6PhQdQ2IedWx/ZK4Q==", - "dev": true, - "dependencies": { - "spdx-exceptions": "^2.1.0", - "spdx-license-ids": "^3.0.0" - } - }, - "node_modules/spdx-license-ids": { - "version": "3.0.18", - "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.18.tgz", - "integrity": "sha512-xxRs31BqRYHwiMzudOrpSiHtZ8i/GeionCBDSilhYRj+9gIcI8wCZTlXZKu9vZIVqViP3dcp9qE5G6AlIaD+TQ==", - "dev": true - }, - "node_modules/sprintf-js": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz", - "integrity": "sha512-D9cPgkvLlV3t3IzL0D0YLvGA9Ahk4PcvVwUbN0dSGr1aP0Nrt4AEnTUbuGvquEC0mA64Gqt1fzirlRs5ibXx8g==", - "dev": true - }, - "node_modules/stackback": { - "version": "0.0.2", - "resolved": "https://registry.npmjs.org/stackback/-/stackback-0.0.2.tgz", - "integrity": "sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==", - "dev": true - }, - "node_modules/statuses": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz", - "integrity": "sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/std-env": { - "version": "3.7.0", - "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.7.0.tgz", - "integrity": "sha512-JPbdCEQLj1w5GilpiHAx3qJvFndqybBysA3qUOnznweH4QbNYUsW/ea8QzSrnh0vNsezMMw5bcVool8lM0gwzg==", - "dev": true - }, - "node_modules/stop-iteration-iterator": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/stop-iteration-iterator/-/stop-iteration-iterator-1.0.0.tgz", - "integrity": "sha512-iCGQj+0l0HOdZ2AEeBADlsRC+vsnDsZsbdSiH1yNSjcfKM7fdpCMfqAL/dwF5BLiw/XhRft/Wax6zQbhq2BcjQ==", - "dev": true, - "dependencies": { - "internal-slot": "^1.0.4" - }, - "engines": { - "node": ">= 0.4" - } - }, - "node_modules/store2": { - "version": "2.14.3", - "resolved": "https://registry.npmjs.org/store2/-/store2-2.14.3.tgz", - "integrity": "sha512-4QcZ+yx7nzEFiV4BMLnr/pRa5HYzNITX2ri0Zh6sT9EyQHbBHacC6YigllUPU9X3D0f/22QCgfokpKs52YRrUg==", - "dev": true - }, - "node_modules/storybook": { - "version": "7.6.19", - "resolved": "https://registry.npmjs.org/storybook/-/storybook-7.6.19.tgz", - "integrity": "sha512-xWD1C4vD/4KMffCrBBrUpsLUO/9uNpm8BVW8+Vcb30gkQDfficZ0oziWkmLexpT53VSioa24iazGXMwBqllYjQ==", - "dev": true, - "dependencies": { - "@storybook/cli": "7.6.19" - }, - "bin": { - "sb": "index.js", - "storybook": "index.js" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/storybook" - } - }, - "node_modules/stream-shift": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/stream-shift/-/stream-shift-1.0.3.tgz", - "integrity": "sha512-76ORR0DO1o1hlKwTbi/DM3EXWGf3ZJYO8cXX5RJwnul2DEg2oyoZyjLNoQM8WsvZiFKCRfC1O0J7iCvie3RZmQ==", - "dev": true - }, - "node_modules/string_decoder": { - "version": "1.3.0", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.3.0.tgz", - "integrity": "sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.2.0" - } - }, - "node_modules/string-width": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz", - "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==", - "dev": true, - "dependencies": { - "eastasianwidth": "^0.2.0", - "emoji-regex": "^9.2.2", - "strip-ansi": "^7.0.1" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/string-width-cjs": { - "name": "string-width", - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/string-width-cjs/node_modules/emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true - }, - "node_modules/string-width/node_modules/ansi-regex": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", - "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/ansi-regex?sponsor=1" - } - }, - "node_modules/string-width/node_modules/strip-ansi": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", - "dev": true, - "dependencies": { - "ansi-regex": "^6.0.1" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/strip-ansi?sponsor=1" - } - }, - "node_modules/strip-ansi": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/strip-ansi-cjs": { - "name": "strip-ansi", - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz", - "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==", - "dev": true, - "dependencies": { - "ansi-regex": "^5.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/strip-final-newline": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-2.0.0.tgz", - "integrity": "sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/strip-indent": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/strip-indent/-/strip-indent-3.0.0.tgz", - "integrity": "sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==", - "dev": true, - "dependencies": { - "min-indent": "^1.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/strip-json-comments": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz", - "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==", - "dev": true, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/strip-literal": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/strip-literal/-/strip-literal-2.1.0.tgz", - "integrity": "sha512-Op+UycaUt/8FbN/Z2TWPBLge3jWrP3xj10f3fnYxf052bKuS3EKs1ZQcVGjnEMdsNVAM+plXRdmjrZ/KgG3Skw==", - "dev": true, - "dependencies": { - "js-tokens": "^9.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/antfu" - } - }, - "node_modules/strip-literal/node_modules/js-tokens": { - "version": "9.0.0", - "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.0.tgz", - "integrity": "sha512-WriZw1luRMlmV3LGJaR6QOJjWwgLUTf89OwT2lUOyjX2dJGBwgmIkbcz+7WFZjrZM635JOIR517++e/67CP9dQ==", - "dev": true - }, - "node_modules/sucrase": { - "version": "3.35.0", - "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz", - "integrity": "sha512-8EbVDiu9iN/nESwxeSxDKe0dunta1GOlHufmSSXxMD2z2/tMZpDMpvXQGsc+ajGo8y2uYUmixaSRUc/QPoQ0GA==", - "dev": true, - "dependencies": { - "@jridgewell/gen-mapping": "^0.3.2", - "commander": "^4.0.0", - "glob": "^10.3.10", - "lines-and-columns": "^1.1.6", - "mz": "^2.7.0", - "pirates": "^4.0.1", - "ts-interface-checker": "^0.1.9" - }, - "bin": { - "sucrase": "bin/sucrase", - "sucrase-node": "bin/sucrase-node" - }, - "engines": { - "node": ">=16 || 14 >=14.17" - } - }, - "node_modules/sucrase/node_modules/commander": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz", - "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==", - "dev": true, - "engines": { - "node": ">= 6" - } - }, - "node_modules/superstruct": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/superstruct/-/superstruct-1.0.4.tgz", - "integrity": "sha512-7JpaAoX2NGyoFlI9NBh66BQXGONc+uE+MRS5i2iOBKuS4e+ccgMDjATgZldkah+33DakBxDHiss9kvUcGAO8UQ==", - "dev": true, - "optional": true, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/supports-color": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz", - "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==", - "dev": true, - "dependencies": { - "has-flag": "^4.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/supports-preserve-symlinks-flag": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz", - "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==", - "dev": true, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/svelte": { - "version": "4.2.18", - "resolved": "https://registry.npmjs.org/svelte/-/svelte-4.2.18.tgz", - "integrity": "sha512-d0FdzYIiAePqRJEb90WlJDkjUEx42xhivxN8muUBmfZnP+tzUgz12DJ2hRJi8sIHCME7jeK1PTMgKPSfTd8JrA==", - "dev": true, - "dependencies": { - "@ampproject/remapping": "^2.2.1", - "@jridgewell/sourcemap-codec": "^1.4.15", - "@jridgewell/trace-mapping": "^0.3.18", - "@types/estree": "^1.0.1", - "acorn": "^8.9.0", - "aria-query": "^5.3.0", - "axobject-query": "^4.0.0", - "code-red": "^1.0.3", - "css-tree": "^2.3.1", - "estree-walker": "^3.0.3", - "is-reference": "^3.0.1", - "locate-character": "^3.0.0", - "magic-string": "^0.30.4", - "periscopic": "^3.1.0" - }, - "engines": { - "node": ">=16" - } - }, - "node_modules/svelte-check": { - "version": "3.8.0", - "resolved": "https://registry.npmjs.org/svelte-check/-/svelte-check-3.8.0.tgz", - "integrity": "sha512-7Nxn+3X97oIvMzYJ7t27w00qUf1Y52irE2RU2dQAd5PyvfGp4E7NLhFKVhb6PV2fx7dCRMpNKDIuazmGthjpSQ==", - "dev": true, - "dependencies": { - "@jridgewell/trace-mapping": "^0.3.17", - "chokidar": "^3.4.1", - "fast-glob": "^3.2.7", - "import-fresh": "^3.2.1", - "picocolors": "^1.0.0", - "sade": "^1.7.4", - "svelte-preprocess": "^5.1.3", - "typescript": "^5.0.3" - }, - "bin": { - "svelte-check": "bin/svelte-check" - }, - "peerDependencies": { - "svelte": "^3.55.0 || ^4.0.0-next.0 || ^4.0.0 || ^5.0.0-next.0" - } - }, - "node_modules/svelte-eslint-parser": { - "version": "0.36.0", - "resolved": "https://registry.npmjs.org/svelte-eslint-parser/-/svelte-eslint-parser-0.36.0.tgz", - "integrity": "sha512-/6YmUSr0FAVxW8dXNdIMydBnddPMHzaHirAZ7RrT21XYdgGGZMh0LQG6CZsvAFS4r2Y4ItUuCQc8TQ3urB30mQ==", - "dev": true, - "dependencies": { - "eslint-scope": "^7.2.2", - "eslint-visitor-keys": "^3.4.3", - "espree": "^9.6.1", - "postcss": "^8.4.38", - "postcss-scss": "^4.0.9" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/ota-meshi" - }, - "peerDependencies": { - "svelte": "^3.37.0 || ^4.0.0 || ^5.0.0-next.115" - }, - "peerDependenciesMeta": { - "svelte": { - "optional": true - } - } - }, - "node_modules/svelte-eslint-parser/node_modules/eslint-scope": { - "version": "7.2.2", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", - "integrity": "sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==", - "dev": true, - "dependencies": { - "esrecurse": "^4.3.0", - "estraverse": "^5.2.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/svelte-eslint-parser/node_modules/estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", - "dev": true, - "engines": { - "node": ">=4.0" - } - }, - "node_modules/svelte-hmr": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/svelte-hmr/-/svelte-hmr-0.16.0.tgz", - "integrity": "sha512-Gyc7cOS3VJzLlfj7wKS0ZnzDVdv3Pn2IuVeJPk9m2skfhcu5bq3wtIZyQGggr7/Iim5rH5cncyQft/kRLupcnA==", - "dev": true, - "engines": { - "node": "^12.20 || ^14.13.1 || >= 16" - }, - "peerDependencies": { - "svelte": "^3.19.0 || ^4.0.0" - } - }, - "node_modules/svelte-multiselect": { - "version": "10.3.0", - "resolved": "https://registry.npmjs.org/svelte-multiselect/-/svelte-multiselect-10.3.0.tgz", - "integrity": "sha512-Pyvlcn4TK3dB2WWo6hDEeNH+x2O/DP82UuUf61PQFX8KMB3cm1Cam+zTKrcrOoRRVI2SwH/8dPF8hSTfJFaMmA==", - "dependencies": { - "svelte": "4.2.12" - } - }, - "node_modules/svelte-multiselect/node_modules/aria-query": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.0.tgz", - "integrity": "sha512-b0P0sZPKtyu8HkeRAfCq0IfURZK+SuwMjY1UXGBU27wpAiTwQAIlq56IbIO+ytk/JjS1fMR14ee5WBBfKi5J6A==", - "dependencies": { - "dequal": "^2.0.3" - } - }, - "node_modules/svelte-multiselect/node_modules/estree-walker": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", - "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", - "dependencies": { - "@types/estree": "^1.0.0" - } - }, - "node_modules/svelte-multiselect/node_modules/is-reference": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/is-reference/-/is-reference-3.0.2.tgz", - "integrity": "sha512-v3rht/LgVcsdZa3O2Nqs+NMowLOxeOm7Ay9+/ARQ2F+qEoANRcqrjAZKGN0v8ymUetZGgkp26LTnGT7H0Qo9Pg==", - "dependencies": { - "@types/estree": "*" - } - }, - "node_modules/svelte-multiselect/node_modules/svelte": { - "version": "4.2.12", - "resolved": "https://registry.npmjs.org/svelte/-/svelte-4.2.12.tgz", - "integrity": "sha512-d8+wsh5TfPwqVzbm4/HCXC783/KPHV60NvwitJnyTA5lWn1elhXMNWhXGCJ7PwPa8qFUnyJNIyuIRt2mT0WMug==", - "dependencies": { - "@ampproject/remapping": "^2.2.1", - "@jridgewell/sourcemap-codec": "^1.4.15", - "@jridgewell/trace-mapping": "^0.3.18", - "@types/estree": "^1.0.1", - "acorn": "^8.9.0", - "aria-query": "^5.3.0", - "axobject-query": "^4.0.0", - "code-red": "^1.0.3", - "css-tree": "^2.3.1", - "estree-walker": "^3.0.3", - "is-reference": "^3.0.1", - "locate-character": "^3.0.0", - "magic-string": "^0.30.4", - "periscopic": "^3.1.0" - }, - "engines": { - "node": ">=16" - } - }, - "node_modules/svelte-preprocess": { - "version": "5.1.4", - "resolved": "https://registry.npmjs.org/svelte-preprocess/-/svelte-preprocess-5.1.4.tgz", - "integrity": "sha512-IvnbQ6D6Ao3Gg6ftiM5tdbR6aAETwjhHV+UKGf5bHGYR69RQvF1ho0JKPcbUON4vy4R7zom13jPjgdOWCQ5hDA==", - "dev": true, - "hasInstallScript": true, - "dependencies": { - "@types/pug": "^2.0.6", - "detect-indent": "^6.1.0", - "magic-string": "^0.30.5", - "sorcery": "^0.11.0", - "strip-indent": "^3.0.0" - }, - "engines": { - "node": ">= 16.0.0" - }, - "peerDependencies": { - "@babel/core": "^7.10.2", - "coffeescript": "^2.5.1", - "less": "^3.11.3 || ^4.0.0", - "postcss": "^7 || ^8", - "postcss-load-config": "^2.1.0 || ^3.0.0 || ^4.0.0 || ^5.0.0", - "pug": "^3.0.0", - "sass": "^1.26.8", - "stylus": "^0.55.0", - "sugarss": "^2.0.0 || ^3.0.0 || ^4.0.0", - "svelte": "^3.23.0 || ^4.0.0-next.0 || ^4.0.0 || ^5.0.0-next.0", - "typescript": ">=3.9.5 || ^4.0.0 || ^5.0.0" - }, - "peerDependenciesMeta": { - "@babel/core": { - "optional": true - }, - "coffeescript": { - "optional": true - }, - "less": { - "optional": true - }, - "postcss": { - "optional": true - }, - "postcss-load-config": { - "optional": true - }, - "pug": { - "optional": true - }, - "sass": { - "optional": true - }, - "stylus": { - "optional": true - }, - "sugarss": { - "optional": true - }, - "typescript": { - "optional": true - } - } - }, - "node_modules/svelte-typewriter": { - "version": "3.2.3", - "resolved": "https://registry.npmjs.org/svelte-typewriter/-/svelte-typewriter-3.2.3.tgz", - "integrity": "sha512-762k01kIU+IyXfe5f2MEYQ1yIfJZfueAEmJNbO36cxJG56/vciHiWacPQLnSECK/4cvlH/Ll1Mv6B45InMJ1zg==", - "dev": true, - "dependencies": { - "@formatjs/intl-segmenter": "^11.5.3" - }, - "peerDependencies": { - "svelte": ">=3.47.x" - } - }, - "node_modules/svelte/node_modules/aria-query": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/aria-query/-/aria-query-5.3.0.tgz", - "integrity": "sha512-b0P0sZPKtyu8HkeRAfCq0IfURZK+SuwMjY1UXGBU27wpAiTwQAIlq56IbIO+ytk/JjS1fMR14ee5WBBfKi5J6A==", - "dev": true, - "dependencies": { - "dequal": "^2.0.3" - } - }, - "node_modules/svelte/node_modules/estree-walker": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", - "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", - "dev": true, - "dependencies": { - "@types/estree": "^1.0.0" - } - }, - "node_modules/svelte/node_modules/is-reference": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/is-reference/-/is-reference-3.0.2.tgz", - "integrity": "sha512-v3rht/LgVcsdZa3O2Nqs+NMowLOxeOm7Ay9+/ARQ2F+qEoANRcqrjAZKGN0v8ymUetZGgkp26LTnGT7H0Qo9Pg==", - "dev": true, - "dependencies": { - "@types/estree": "*" - } - }, - "node_modules/sveltedoc-parser": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/sveltedoc-parser/-/sveltedoc-parser-4.2.1.tgz", - "integrity": "sha512-sWJRa4qOfRdSORSVw9GhfDEwsbsYsegnDzBevUCF6k/Eis/QqCu9lJ6I0+d/E2wOWCjOhlcJ3+jl/Iur+5mmCw==", - "dev": true, - "dependencies": { - "eslint": "8.4.1", - "espree": "9.2.0", - "htmlparser2-svelte": "4.1.0" - }, - "engines": { - "node": ">=10.0.0" - } - }, - "node_modules/sveltedoc-parser/node_modules/@eslint/eslintrc": { - "version": "1.4.1", - "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-1.4.1.tgz", - "integrity": "sha512-XXrH9Uarn0stsyldqDYq8r++mROmWRI1xKMXa640Bb//SY1+ECYX6VzT6Lcx5frD0V30XieqJ0oX9I2Xj5aoMA==", - "dev": true, - "dependencies": { - "ajv": "^6.12.4", - "debug": "^4.3.2", - "espree": "^9.4.0", - "globals": "^13.19.0", - "ignore": "^5.2.0", - "import-fresh": "^3.2.1", - "js-yaml": "^4.1.0", - "minimatch": "^3.1.2", - "strip-json-comments": "^3.1.1" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/sveltedoc-parser/node_modules/@eslint/eslintrc/node_modules/espree": { - "version": "9.6.1", - "resolved": "https://registry.npmjs.org/espree/-/espree-9.6.1.tgz", - "integrity": "sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==", - "dev": true, - "dependencies": { - "acorn": "^8.9.0", - "acorn-jsx": "^5.3.2", - "eslint-visitor-keys": "^3.4.1" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/sveltedoc-parser/node_modules/@humanwhocodes/config-array": { - "version": "0.9.5", - "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.9.5.tgz", - "integrity": "sha512-ObyMyWxZiCu/yTisA7uzx81s40xR2fD5Cg/2Kq7G02ajkNubJf6BopgDTmDyc3U7sXpNKM8cYOw7s7Tyr+DnCw==", - "dev": true, - "dependencies": { - "@humanwhocodes/object-schema": "^1.2.1", - "debug": "^4.1.1", - "minimatch": "^3.0.4" - }, - "engines": { - "node": ">=10.10.0" - } - }, - "node_modules/sveltedoc-parser/node_modules/@humanwhocodes/object-schema": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz", - "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==", - "dev": true - }, - "node_modules/sveltedoc-parser/node_modules/argparse": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz", - "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==", - "dev": true - }, - "node_modules/sveltedoc-parser/node_modules/eslint": { - "version": "8.4.1", - "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.4.1.tgz", - "integrity": "sha512-TxU/p7LB1KxQ6+7aztTnO7K0i+h0tDi81YRY9VzB6Id71kNz+fFYnf5HD5UOQmxkzcoa0TlVZf9dpMtUv0GpWg==", - "dev": true, - "dependencies": { - "@eslint/eslintrc": "^1.0.5", - "@humanwhocodes/config-array": "^0.9.2", - "ajv": "^6.10.0", - "chalk": "^4.0.0", - "cross-spawn": "^7.0.2", - "debug": "^4.3.2", - "doctrine": "^3.0.0", - "enquirer": "^2.3.5", - "escape-string-regexp": "^4.0.0", - "eslint-scope": "^7.1.0", - "eslint-utils": "^3.0.0", - "eslint-visitor-keys": "^3.1.0", - "espree": "^9.2.0", - "esquery": "^1.4.0", - "esutils": "^2.0.2", - "fast-deep-equal": "^3.1.3", - "file-entry-cache": "^6.0.1", - "functional-red-black-tree": "^1.0.1", - "glob-parent": "^6.0.1", - "globals": "^13.6.0", - "ignore": "^4.0.6", - "import-fresh": "^3.0.0", - "imurmurhash": "^0.1.4", - "is-glob": "^4.0.0", - "js-yaml": "^4.1.0", - "json-stable-stringify-without-jsonify": "^1.0.1", - "levn": "^0.4.1", - "lodash.merge": "^4.6.2", - "minimatch": "^3.0.4", - "natural-compare": "^1.4.0", - "optionator": "^0.9.1", - "progress": "^2.0.0", - "regexpp": "^3.2.0", - "semver": "^7.2.1", - "strip-ansi": "^6.0.1", - "strip-json-comments": "^3.1.0", - "text-table": "^0.2.0", - "v8-compile-cache": "^2.0.3" - }, - "bin": { - "eslint": "bin/eslint.js" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/sveltedoc-parser/node_modules/eslint-scope": { - "version": "7.2.2", - "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-7.2.2.tgz", - "integrity": "sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==", - "dev": true, - "dependencies": { - "esrecurse": "^4.3.0", - "estraverse": "^5.2.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - }, - "funding": { - "url": "https://opencollective.com/eslint" - } - }, - "node_modules/sveltedoc-parser/node_modules/eslint/node_modules/ignore": { - "version": "4.0.6", - "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz", - "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==", - "dev": true, - "engines": { - "node": ">= 4" - } - }, - "node_modules/sveltedoc-parser/node_modules/espree": { - "version": "9.2.0", - "resolved": "https://registry.npmjs.org/espree/-/espree-9.2.0.tgz", - "integrity": "sha512-oP3utRkynpZWF/F2x/HZJ+AGtnIclaR7z1pYPxy7NYM2fSO6LgK/Rkny8anRSPK/VwEA1eqm2squui0T7ZMOBg==", - "dev": true, - "dependencies": { - "acorn": "^8.6.0", - "acorn-jsx": "^5.3.1", - "eslint-visitor-keys": "^3.1.0" - }, - "engines": { - "node": "^12.22.0 || ^14.17.0 || >=16.0.0" - } - }, - "node_modules/sveltedoc-parser/node_modules/estraverse": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.3.0.tgz", - "integrity": "sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==", - "dev": true, - "engines": { - "node": ">=4.0" - } - }, - "node_modules/sveltedoc-parser/node_modules/globals": { - "version": "13.24.0", - "resolved": "https://registry.npmjs.org/globals/-/globals-13.24.0.tgz", - "integrity": "sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==", - "dev": true, - "dependencies": { - "type-fest": "^0.20.2" - }, - "engines": { - "node": ">=8" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/sveltedoc-parser/node_modules/js-yaml": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz", - "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==", - "dev": true, - "dependencies": { - "argparse": "^2.0.1" - }, - "bin": { - "js-yaml": "bin/js-yaml.js" - } - }, - "node_modules/sveltedoc-parser/node_modules/semver": { - "version": "7.6.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", - "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", - "dev": true, - "bin": { - "semver": "bin/semver.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/sveltedoc-parser/node_modules/type-fest": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.20.2.tgz", - "integrity": "sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/sveltekit-flash-message": { - "version": "2.4.4", - "resolved": "https://registry.npmjs.org/sveltekit-flash-message/-/sveltekit-flash-message-2.4.4.tgz", - "integrity": "sha512-CFN03chH/FMEJcBZ/8zKm7RqGee/pwb57Spbbx8QCQPhe7N9ofZHd9iYV2vVy4E9glBo/oQ1IG7VQje6L092wg==", - "dev": true, - "peerDependencies": { - "@sveltejs/kit": "1.x || 2.x", - "svelte": "3.x || 4.x || >=5.0.0-next.51" - } - }, - "node_modules/sveltekit-rate-limiter": { - "version": "0.4.3", - "resolved": "https://registry.npmjs.org/sveltekit-rate-limiter/-/sveltekit-rate-limiter-0.4.3.tgz", - "integrity": "sha512-BKkD2tvgyz5j4Fn1vt0y7FLF0zZ01f9thjWPGDb6fyX3tBXyMrtZ8ISK8M7zjz9Cik/2KrkvFtmldhXF6/hjqw==", - "dev": true, - "dependencies": { - "@isaacs/ttlcache": "^1.4.1" - }, - "peerDependencies": { - "@sveltejs/kit": "1.x || 2.x" - } - }, - "node_modules/sveltekit-superforms": { - "version": "2.14.0", - "resolved": "https://registry.npmjs.org/sveltekit-superforms/-/sveltekit-superforms-2.14.0.tgz", - "integrity": "sha512-TRN+x2+ENCnvDw70U5HLfmGQGFi4kpevpWaPpQ06AB0Wf5qCYxshbZBofMAXb8KOyetw8dhWpj86AQRPNwhzDg==", - "dev": true, - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/ciscoheat" - }, - { - "type": "ko-fi", - "url": "https://ko-fi.com/ciscoheat" - }, - { - "type": "paypal", - "url": "https://www.paypal.com/donate/?hosted_button_id=NY7F5ALHHSVQS" - } - ], - "dependencies": { - "devalue": "^5.0.0", - "just-clone": "^6.2.0", - "memoize-weak": "^1.0.2", - "ts-deepmerge": "^7.0.0" - }, - "optionalDependencies": { - "@exodus/schemasafe": "^1.3.0", - "@gcornut/valibot-json-schema": "^0.0.27", - "@sinclair/typebox": "^0.32.30", - "@sodaru/yup-to-json-schema": "^2.0.1", - "@vinejs/vine": "^1.8.0", - "arktype": "2.0.0-dev.15", - "joi": "^17.13.1", - "json-schema-to-ts": "^3.1.0", - "superstruct": "^1.0.4", - "valibot": "^0.30.0", - "yup": "^1.4.0", - "zod": "^3.23.8", - "zod-to-json-schema": "^3.23.0" - }, - "peerDependencies": { - "@exodus/schemasafe": "^1.3.0", - "@sinclair/typebox": ">=0.32.30 <1", - "@sveltejs/kit": "1.x || 2.x", - "@vinejs/vine": "^1.8.0", - "arktype": ">=2.0.0-dev.15", - "joi": "^17.13.1", - "superstruct": "^1.0.4", - "svelte": "3.x || 4.x || >=5.0.0-next.51", - "valibot": ">=0.28.1 <=0.30.0", - "yup": "^1.4.0", - "zod": "^3.23.8" - }, - "peerDependenciesMeta": { - "@exodus/schemasafe": { - "optional": true - }, - "@sinclair/typebox": { - "optional": true - }, - "@vinejs/vine": { - "optional": true - }, - "arktype": { - "optional": true - }, - "joi": { - "optional": true - }, - "superstruct": { - "optional": true - }, - "valibot": { - "optional": true - }, - "yup": { - "optional": true - }, - "zod": { - "optional": true - } - } - }, - "node_modules/sveltekit-superforms/node_modules/@sinclair/typebox": { - "version": "0.32.31", - "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.32.31.tgz", - "integrity": "sha512-rYB0tgGHawpom3ZwwsGidvI0NI+W/rRHu1dyyO1KlIoH8iMdg3esSnYQxQtyJ8eflhqxmzEV7Nu8zT4JY7CHKw==", - "dev": true, - "optional": true - }, - "node_modules/symbol-tree": { - "version": "3.2.4", - "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", - "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==", - "dev": true - }, - "node_modules/synchronous-promise": { - "version": "2.0.17", - "resolved": "https://registry.npmjs.org/synchronous-promise/-/synchronous-promise-2.0.17.tgz", - "integrity": "sha512-AsS729u2RHUfEra9xJrE39peJcc2stq2+poBXX8bcM08Y6g9j/i/PUzwNQqkaJde7Ntg1TO7bSREbR5sdosQ+g==", - "dev": true - }, - "node_modules/tailwindcss": { - "version": "3.4.4", - "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.4.tgz", - "integrity": "sha512-ZoyXOdJjISB7/BcLTR6SEsLgKtDStYyYZVLsUtWChO4Ps20CBad7lfJKVDiejocV4ME1hLmyY0WJE3hSDcmQ2A==", - "dev": true, - "dependencies": { - "@alloc/quick-lru": "^5.2.0", - "arg": "^5.0.2", - "chokidar": "^3.5.3", - "didyoumean": "^1.2.2", - "dlv": "^1.1.3", - "fast-glob": "^3.3.0", - "glob-parent": "^6.0.2", - "is-glob": "^4.0.3", - "jiti": "^1.21.0", - "lilconfig": "^2.1.0", - "micromatch": "^4.0.5", - "normalize-path": "^3.0.0", - "object-hash": "^3.0.0", - "picocolors": "^1.0.0", - "postcss": "^8.4.23", - "postcss-import": "^15.1.0", - "postcss-js": "^4.0.1", - "postcss-load-config": "^4.0.1", - "postcss-nested": "^6.0.1", - "postcss-selector-parser": "^6.0.11", - "resolve": "^1.22.2", - "sucrase": "^3.32.0" - }, - "bin": { - "tailwind": "lib/cli.js", - "tailwindcss": "lib/cli.js" - }, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/tailwindcss/node_modules/postcss-load-config": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz", - "integrity": "sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/postcss/" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "lilconfig": "^3.0.0", - "yaml": "^2.3.4" - }, - "engines": { - "node": ">= 14" - }, - "peerDependencies": { - "postcss": ">=8.0.9", - "ts-node": ">=9.0.0" - }, - "peerDependenciesMeta": { - "postcss": { - "optional": true - }, - "ts-node": { - "optional": true - } - } - }, - "node_modules/tailwindcss/node_modules/postcss-load-config/node_modules/lilconfig": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz", - "integrity": "sha512-O18pf7nyvHTckunPWCV1XUNXU1piu01y2b7ATJ0ppkUkk8ocqVWBrYjJBCwHDjD/ZWcfyrA0P4gKhzWGi5EINQ==", - "dev": true, - "engines": { - "node": ">=14" - }, - "funding": { - "url": "https://github.com/sponsors/antonk52" - } - }, - "node_modules/tailwindcss/node_modules/postcss-selector-parser": { - "version": "6.1.0", - "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.0.tgz", - "integrity": "sha512-UMz42UD0UY0EApS0ZL9o1XnLhSTtvvvLe5Dc2H2O56fvRZi+KulDyf5ctDhhtYJBGKStV2FL1fy6253cmLgqVQ==", - "dev": true, - "dependencies": { - "cssesc": "^3.0.0", - "util-deprecate": "^1.0.2" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/tailwindcss/node_modules/yaml": { - "version": "2.4.3", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.3.tgz", - "integrity": "sha512-sntgmxj8o7DE7g/Qi60cqpLBA3HG3STcDA0kO+WfB05jEKhZMbY7umNm2rBpQvsmZ16/lPXCJGW2672dgOUkrg==", - "dev": true, - "bin": { - "yaml": "bin.mjs" - }, - "engines": { - "node": ">= 14" - } - }, - "node_modules/tar": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/tar/-/tar-6.2.1.tgz", - "integrity": "sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==", - "dev": true, - "dependencies": { - "chownr": "^2.0.0", - "fs-minipass": "^2.0.0", - "minipass": "^5.0.0", - "minizlib": "^2.1.1", - "mkdirp": "^1.0.3", - "yallist": "^4.0.0" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/tar-fs": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-2.1.1.tgz", - "integrity": "sha512-V0r2Y9scmbDRLCNex/+hYzvp/zyYjvFbHPNgVTKfQvVrb6guiE/fxP+XblDNR011utopbkex2nM4dHNV6GDsng==", - "dev": true, - "dependencies": { - "chownr": "^1.1.1", - "mkdirp-classic": "^0.5.2", - "pump": "^3.0.0", - "tar-stream": "^2.1.4" - } - }, - "node_modules/tar-fs/node_modules/chownr": { - "version": "1.1.4", - "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz", - "integrity": "sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==", - "dev": true - }, - "node_modules/tar-stream": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-2.2.0.tgz", - "integrity": "sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ==", - "dev": true, - "dependencies": { - "bl": "^4.0.3", - "end-of-stream": "^1.4.1", - "fs-constants": "^1.0.0", - "inherits": "^2.0.3", - "readable-stream": "^3.1.1" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/tar/node_modules/minipass": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-5.0.0.tgz", - "integrity": "sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/tar/node_modules/mkdirp": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-1.0.4.tgz", - "integrity": "sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==", - "dev": true, - "bin": { - "mkdirp": "bin/cmd.js" - }, - "engines": { - "node": ">=10" - } - }, - "node_modules/tar/node_modules/yallist": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-4.0.0.tgz", - "integrity": "sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==", - "dev": true - }, - "node_modules/telejson": { - "version": "7.2.0", - "resolved": "https://registry.npmjs.org/telejson/-/telejson-7.2.0.tgz", - "integrity": "sha512-1QTEcJkJEhc8OnStBx/ILRu5J2p0GjvWsBx56bmZRqnrkdBMUe+nX92jxV+p3dB4CP6PZCdJMQJwCggkNBMzkQ==", - "dev": true, - "dependencies": { - "memoizerific": "^1.11.3" - } - }, - "node_modules/temp": { - "version": "0.8.4", - "resolved": "https://registry.npmjs.org/temp/-/temp-0.8.4.tgz", - "integrity": "sha512-s0ZZzd0BzYv5tLSptZooSjK8oj6C+c19p7Vqta9+6NPOf7r+fxq0cJe6/oN4LTC79sy5NY8ucOJNgwsKCSbfqg==", - "dev": true, - "dependencies": { - "rimraf": "~2.6.2" - }, - "engines": { - "node": ">=6.0.0" - } - }, - "node_modules/temp-dir": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/temp-dir/-/temp-dir-2.0.0.tgz", - "integrity": "sha512-aoBAniQmmwtcKp/7BzsH8Cxzv8OL736p7v1ihGb5e9DJ9kTwGWHrQrVB5+lfVDzfGrdRzXch+ig7LHaY1JTOrg==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/temp/node_modules/glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "deprecated": "Glob versions prior to v9 are no longer supported", - "dev": true, - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, - "engines": { - "node": "*" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/temp/node_modules/rimraf": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.3.tgz", - "integrity": "sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==", - "deprecated": "Rimraf versions prior to v4 are no longer supported", - "dev": true, - "dependencies": { - "glob": "^7.1.3" - }, - "bin": { - "rimraf": "bin.js" - } - }, - "node_modules/tempy": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/tempy/-/tempy-1.0.1.tgz", - "integrity": "sha512-biM9brNqxSc04Ee71hzFbryD11nX7VPhQQY32AdDmjFvodsRFz/3ufeoTZ6uYkRFfGo188tENcASNs3vTdsM0w==", - "dev": true, - "dependencies": { - "del": "^6.0.0", - "is-stream": "^2.0.0", - "temp-dir": "^2.0.0", - "type-fest": "^0.16.0", - "unique-string": "^2.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/tempy/node_modules/type-fest": { - "version": "0.16.0", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.16.0.tgz", - "integrity": "sha512-eaBzG6MxNzEn9kiwvtre90cXaNLkmadMWa1zQMs3XORCXNbsH/OewwbxC5ia9dCxIxnTAsSxXJaa/p5y8DlvJg==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/test-exclude": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz", - "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==", - "dev": true, - "dependencies": { - "@istanbuljs/schema": "^0.1.2", - "glob": "^7.1.4", - "minimatch": "^3.0.4" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/test-exclude/node_modules/glob": { - "version": "7.2.3", - "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz", - "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==", - "deprecated": "Glob versions prior to v9 are no longer supported", - "dev": true, - "dependencies": { - "fs.realpath": "^1.0.0", - "inflight": "^1.0.4", - "inherits": "2", - "minimatch": "^3.1.1", - "once": "^1.3.0", - "path-is-absolute": "^1.0.0" - }, - "engines": { - "node": "*" - }, - "funding": { - "url": "https://github.com/sponsors/isaacs" - } - }, - "node_modules/text-table": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz", - "integrity": "sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==", - "dev": true - }, - "node_modules/thenify": { - "version": "3.3.1", - "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz", - "integrity": "sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==", - "dev": true, - "dependencies": { - "any-promise": "^1.0.0" - } - }, - "node_modules/thenify-all": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz", - "integrity": "sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==", - "dev": true, - "dependencies": { - "thenify": ">= 3.1.0 < 4" - }, - "engines": { - "node": ">=0.8" - } - }, - "node_modules/throttle-debounce": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/throttle-debounce/-/throttle-debounce-5.0.0.tgz", - "integrity": "sha512-2iQTSgkkc1Zyk0MeVrt/3BvuOXYPl/R8Z0U2xxo9rjwNciaHDG3R+Lm6dh4EeUci49DanvBnuqI6jshoQQRGEg==", - "engines": { - "node": ">=12.22" - } - }, - "node_modules/through2": { - "version": "2.0.5", - "resolved": "https://registry.npmjs.org/through2/-/through2-2.0.5.tgz", - "integrity": "sha512-/mrRod8xqpA+IHSLyGCQ2s8SPHiCDEeQJSep1jqLYeEUClOFG2Qsh+4FU6G9VeqpZnGW/Su8LQGc4YKni5rYSQ==", - "dev": true, - "dependencies": { - "readable-stream": "~2.3.6", - "xtend": "~4.0.1" - } - }, - "node_modules/through2/node_modules/isarray": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", - "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", - "dev": true - }, - "node_modules/through2/node_modules/readable-stream": { - "version": "2.3.8", - "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", - "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", - "dev": true, - "dependencies": { - "core-util-is": "~1.0.0", - "inherits": "~2.0.3", - "isarray": "~1.0.0", - "process-nextick-args": "~2.0.0", - "safe-buffer": "~5.1.1", - "string_decoder": "~1.1.1", - "util-deprecate": "~1.0.1" - } - }, - "node_modules/through2/node_modules/safe-buffer": { - "version": "5.1.2", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", - "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", - "dev": true - }, - "node_modules/through2/node_modules/string_decoder": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", - "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", - "dev": true, - "dependencies": { - "safe-buffer": "~5.1.0" - } - }, - "node_modules/tiny-case": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/tiny-case/-/tiny-case-1.0.3.tgz", - "integrity": "sha512-Eet/eeMhkO6TX8mnUteS9zgPbUMQa4I6Kkp5ORiBD5476/m+PIRiumP5tmh5ioJpH7k51Kehawy2UDfsnxxY8Q==", - "dev": true, - "optional": true - }, - "node_modules/tiny-glob": { - "version": "0.2.9", - "resolved": "https://registry.npmjs.org/tiny-glob/-/tiny-glob-0.2.9.tgz", - "integrity": "sha512-g/55ssRPUjShh+xkfx9UPDXqhckHEsHr4Vd9zX55oSdGZc/MD0m3sferOkwWtp98bv+kcVfEHtRJgBVJzelrzg==", - "dev": true, - "dependencies": { - "globalyzer": "0.1.0", - "globrex": "^0.1.2" - } - }, - "node_modules/tiny-invariant": { - "version": "1.3.3", - "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.3.3.tgz", - "integrity": "sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==", - "dev": true - }, - "node_modules/tinybench": { - "version": "2.8.0", - "resolved": "https://registry.npmjs.org/tinybench/-/tinybench-2.8.0.tgz", - "integrity": "sha512-1/eK7zUnIklz4JUUlL+658n58XO2hHLQfSk1Zf2LKieUjxidN16eKFEoDEfjHc3ohofSSqK3X5yO6VGb6iW8Lw==", - "dev": true - }, - "node_modules/tinypool": { - "version": "0.8.4", - "resolved": "https://registry.npmjs.org/tinypool/-/tinypool-0.8.4.tgz", - "integrity": "sha512-i11VH5gS6IFeLY3gMBQ00/MmLncVP7JLXOw1vlgkytLmJK7QnEr7NXf0LBdxfmNPAeyetukOk0bOYrJrFGjYJQ==", - "dev": true, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/tinyspy": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/tinyspy/-/tinyspy-2.2.1.tgz", - "integrity": "sha512-KYad6Vy5VDWV4GH3fjpseMQ/XU2BhIYP7Vzd0LG44qRWm/Yt2WCOTicFdvmgo6gWaqooMQCawTtILVQJupKu7A==", - "dev": true, - "engines": { - "node": ">=14.0.0" - } - }, - "node_modules/tmpl": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/tmpl/-/tmpl-1.0.5.tgz", - "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==", - "dev": true - }, - "node_modules/to-fast-properties": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", - "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/to-regex-range": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", - "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", - "dependencies": { - "is-number": "^7.0.0" - }, - "engines": { - "node": ">=8.0" - } - }, - "node_modules/tocbot": { - "version": "4.28.2", - "resolved": "https://registry.npmjs.org/tocbot/-/tocbot-4.28.2.tgz", - "integrity": "sha512-/MaSa9xI6mIo84IxqqliSCtPlH0oy7sLcY9s26qPMyH/2CxtZ2vNAXYlIdEQ7kjAkCQnc0rbLygf//F5c663oQ==", - "dev": true - }, - "node_modules/toidentifier": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", - "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", - "dev": true, - "engines": { - "node": ">=0.6" - } - }, - "node_modules/toposort": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/toposort/-/toposort-2.0.2.tgz", - "integrity": "sha512-0a5EOkAUp8D4moMi2W8ZF8jcga7BgZd91O/yabJCFY8az+XSzeGyTKs0Aoo897iV1Nj6guFq8orWDS96z91oGg==", - "dev": true, - "optional": true - }, - "node_modules/totalist": { - "version": "3.0.1", - "resolved": "https://registry.npmjs.org/totalist/-/totalist-3.0.1.tgz", - "integrity": "sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==", - "dev": true, - "engines": { - "node": ">=6" - } - }, - "node_modules/tough-cookie": { - "version": "4.1.4", - "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.4.tgz", - "integrity": "sha512-Loo5UUvLD9ScZ6jh8beX1T6sO1w2/MpCRpEP7V280GKMVUQ0Jzar2U3UJPsrdbziLEMMhu3Ujnq//rhiFuIeag==", - "dev": true, - "dependencies": { - "psl": "^1.1.33", - "punycode": "^2.1.1", - "universalify": "^0.2.0", - "url-parse": "^1.5.3" - }, - "engines": { - "node": ">=6" - } - }, - "node_modules/tough-cookie/node_modules/universalify": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", - "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", - "dev": true, - "engines": { - "node": ">= 4.0.0" - } - }, - "node_modules/tr46": { - "version": "4.1.1", - "resolved": "https://registry.npmjs.org/tr46/-/tr46-4.1.1.tgz", - "integrity": "sha512-2lv/66T7e5yNyhAAC4NaKe5nVavzuGJQVVtRYLyQ2OI8tsJ61PMLlelehb0wi2Hx6+hT/OJUWZcw8MjlSRnxvw==", - "dev": true, - "dependencies": { - "punycode": "^2.3.0" - }, - "engines": { - "node": ">=14" - } - }, - "node_modules/ts-algebra": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ts-algebra/-/ts-algebra-2.0.0.tgz", - "integrity": "sha512-FPAhNPFMrkwz76P7cdjdmiShwMynZYN6SgOujD1urY4oNm80Ou9oMdmbR45LotcKOXoy7wSmHkRFE6Mxbrhefw==", - "dev": true, - "optional": true - }, - "node_modules/ts-dedent": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/ts-dedent/-/ts-dedent-2.2.0.tgz", - "integrity": "sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==", - "dev": true, - "engines": { - "node": ">=6.10" - } - }, - "node_modules/ts-deepmerge": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/ts-deepmerge/-/ts-deepmerge-7.0.0.tgz", - "integrity": "sha512-WZ/iAJrKDhdINv1WG6KZIGHrZDar6VfhftG1QJFpVbOYZMYJLJOvZOo1amictRXVdBXZIgBHKswMTXzElngprA==", - "dev": true, - "engines": { - "node": ">=14.13.1" - } - }, - "node_modules/ts-interface-checker": { - "version": "0.1.13", - "resolved": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz", - "integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==", - "dev": true - }, - "node_modules/tslib": { - "version": "2.6.3", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.3.tgz", - "integrity": "sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==", - "dev": true - }, - "node_modules/tsutils": { - "version": "3.21.0", - "resolved": "https://registry.npmjs.org/tsutils/-/tsutils-3.21.0.tgz", - "integrity": "sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==", - "dev": true, - "dependencies": { - "tslib": "^1.8.1" - }, - "engines": { - "node": ">= 6" - }, - "peerDependencies": { - "typescript": ">=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta" - } - }, - "node_modules/tsutils/node_modules/tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==", - "dev": true - }, - "node_modules/type-check": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", - "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==", - "dev": true, - "dependencies": { - "prelude-ls": "^1.2.1" - }, - "engines": { - "node": ">= 0.8.0" - } - }, - "node_modules/type-detect": { - "version": "4.0.8", - "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz", - "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/type-fest": { - "version": "2.19.0", - "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-2.19.0.tgz", - "integrity": "sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==", - "dev": true, - "engines": { - "node": ">=12.20" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/type-is": { - "version": "1.6.18", - "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", - "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", - "dev": true, - "dependencies": { - "media-typer": "0.3.0", - "mime-types": "~2.1.24" - }, - "engines": { - "node": ">= 0.6" - } - }, - "node_modules/typedarray": { - "version": "0.0.6", - "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz", - "integrity": "sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==", - "dev": true - }, - "node_modules/typescript": { - "version": "5.4.5", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.5.tgz", - "integrity": "sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==", - "dev": true, - "bin": { - "tsc": "bin/tsc", - "tsserver": "bin/tsserver" - }, - "engines": { - "node": ">=14.17" - } - }, - "node_modules/ufo": { - "version": "1.5.3", - "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.5.3.tgz", - "integrity": "sha512-Y7HYmWaFwPUmkoQCUIAYpKqkOf+SbVj/2fJJZ4RJMCfZp0rTGwRbzQD+HghfnhKOjL9E01okqz+ncJskGYfBNw==", - "dev": true - }, - "node_modules/uglify-js": { - "version": "3.17.4", - "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.17.4.tgz", - "integrity": "sha512-T9q82TJI9e/C1TAxYvfb16xO120tMVFZrGA3f9/P4424DNu6ypK103y0GPFVa17yotwSyZW5iYXgjYHkGrJW/g==", - "dev": true, - "optional": true, - "bin": { - "uglifyjs": "bin/uglifyjs" - }, - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/undici-types": { - "version": "5.26.5", - "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", - "integrity": "sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==" - }, - "node_modules/unicode-canonical-property-names-ecmascript": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/unicode-canonical-property-names-ecmascript/-/unicode-canonical-property-names-ecmascript-2.0.0.tgz", - "integrity": "sha512-yY5PpDlfVIU5+y/BSCxAJRBIS1Zc2dDG3Ujq+sR0U+JjUevW2JhocOF+soROYDSaAezOzOKuyyixhD6mBknSmQ==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/unicode-match-property-ecmascript": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/unicode-match-property-ecmascript/-/unicode-match-property-ecmascript-2.0.0.tgz", - "integrity": "sha512-5kaZCrbp5mmbz5ulBkDkbY0SsPOjKqVS35VpL9ulMPfSl0J0Xsm+9Evphv9CoIZFwre7aJoa94AY6seMKGVN5Q==", - "dev": true, - "dependencies": { - "unicode-canonical-property-names-ecmascript": "^2.0.0", - "unicode-property-aliases-ecmascript": "^2.0.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/unicode-match-property-value-ecmascript": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/unicode-match-property-value-ecmascript/-/unicode-match-property-value-ecmascript-2.1.0.tgz", - "integrity": "sha512-qxkjQt6qjg/mYscYMC0XKRn3Rh0wFPlfxB0xkt9CfyTvpX1Ra0+rAmdX2QyAobptSEvuy4RtpPRui6XkV+8wjA==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/unicode-property-aliases-ecmascript": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/unicode-property-aliases-ecmascript/-/unicode-property-aliases-ecmascript-2.1.0.tgz", - "integrity": "sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w==", - "dev": true, - "engines": { - "node": ">=4" - } - }, - "node_modules/unique-string": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/unique-string/-/unique-string-2.0.0.tgz", - "integrity": "sha512-uNaeirEPvpZWSgzwsPGtU2zVSTrn/8L5q/IexZmH0eH6SA73CmAA5U4GwORTxQAZs95TAXLNqeLoPPNO5gZfWg==", - "dev": true, - "dependencies": { - "crypto-random-string": "^2.0.0" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/unist-util-is": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/unist-util-is/-/unist-util-is-4.1.0.tgz", - "integrity": "sha512-ZOQSsnce92GrxSqlnEEseX0gi7GH9zTJZ0p9dtu87WRb/37mMPO2Ilx1s/t9vBHrFhbgweUwb+t7cIn5dxPhZg==", - "dev": true, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/unist-util-visit": { - "version": "2.0.3", - "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-2.0.3.tgz", - "integrity": "sha512-iJ4/RczbJMkD0712mGktuGpm/U4By4FfDonL7N/9tATGIF4imikjOuagyMY53tnZq3NP6BcmlrHhEKAfGWjh7Q==", - "dev": true, - "dependencies": { - "@types/unist": "^2.0.0", - "unist-util-is": "^4.0.0", - "unist-util-visit-parents": "^3.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/unist-util-visit-parents": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/unist-util-visit-parents/-/unist-util-visit-parents-3.1.1.tgz", - "integrity": "sha512-1KROIZWo6bcMrZEwiH2UrXDyalAa0uqzWCxCJj6lPOvTve2WkfgCytoDTPaMnodXh1WrXOq0haVYHj99ynJlsg==", - "dev": true, - "dependencies": { - "@types/unist": "^2.0.0", - "unist-util-is": "^4.0.0" - }, - "funding": { - "type": "opencollective", - "url": "https://opencollective.com/unified" - } - }, - "node_modules/universal-github-app-jwt": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/universal-github-app-jwt/-/universal-github-app-jwt-1.1.2.tgz", - "integrity": "sha512-t1iB2FmLFE+yyJY9+3wMx0ejB+MQpEVkH0gQv7dR6FZyltyq+ZZO0uDpbopxhrZ3SLEO4dCEkIujOMldEQ2iOA==", - "dependencies": { - "@types/jsonwebtoken": "^9.0.0", - "jsonwebtoken": "^9.0.2" - } - }, - "node_modules/universal-user-agent": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-6.0.1.tgz", - "integrity": "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ==" - }, - "node_modules/universalify": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/universalify/-/universalify-2.0.1.tgz", - "integrity": "sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==", - "dev": true, - "engines": { - "node": ">= 10.0.0" - } - }, - "node_modules/unpipe": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", - "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/unplugin": { - "version": "1.5.1", - "resolved": "https://registry.npmjs.org/unplugin/-/unplugin-1.5.1.tgz", - "integrity": "sha512-0QkvG13z6RD+1L1FoibQqnvTwVBXvS4XSPwAyinVgoOCl2jAgwzdUKmEj05o4Lt8xwQI85Hb6mSyYkcAGwZPew==", - "dependencies": { - "acorn": "^8.11.2", - "chokidar": "^3.5.3", - "webpack-sources": "^3.2.3", - "webpack-virtual-modules": "^0.6.0" - } - }, - "node_modules/untildify": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/untildify/-/untildify-4.0.0.tgz", - "integrity": "sha512-KK8xQ1mkzZeg9inewmFVDNkg3l5LUhoq9kN6iWYB/CC9YMG8HA+c1Q8HwDe6dEX7kErrEVNVBO3fWsVq5iDgtw==", - "dev": true, - "engines": { - "node": ">=8" - } - }, - "node_modules/update-browserslist-db": { - "version": "1.0.16", - "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.16.tgz", - "integrity": "sha512-KVbTxlBYlckhF5wgfyZXTWnMn7MMZjMu9XG8bPlliUOP9ThaF4QnhP8qrjrH7DRzHfSk0oQv1wToW+iA5GajEQ==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/browserslist" - }, - { - "type": "tidelift", - "url": "https://tidelift.com/funding/github/npm/browserslist" - }, - { - "type": "github", - "url": "https://github.com/sponsors/ai" - } - ], - "dependencies": { - "escalade": "^3.1.2", - "picocolors": "^1.0.1" - }, - "bin": { - "update-browserslist-db": "cli.js" - }, - "peerDependencies": { - "browserslist": ">= 4.21.0" - } - }, - "node_modules/uri-js": { - "version": "4.4.1", - "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz", - "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", - "dev": true, - "dependencies": { - "punycode": "^2.1.0" - } - }, - "node_modules/url-parse": { - "version": "1.5.10", - "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", - "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", - "dev": true, - "dependencies": { - "querystringify": "^2.1.1", - "requires-port": "^1.0.0" - } - }, - "node_modules/use-callback-ref": { - "version": "1.3.2", - "resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.3.2.tgz", - "integrity": "sha512-elOQwe6Q8gqZgDA8mrh44qRTQqpIHDcZ3hXTLjBe1i4ph8XpNJnO+aQf3NaG+lriLopI4HMx9VjQLfPQ6vhnoA==", - "dev": true, - "dependencies": { - "tslib": "^2.0.0" - }, - "engines": { - "node": ">=10" - }, - "peerDependencies": { - "@types/react": "^16.8.0 || ^17.0.0 || ^18.0.0", - "react": "^16.8.0 || ^17.0.0 || ^18.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/use-resize-observer": { - "version": "9.1.0", - "resolved": "https://registry.npmjs.org/use-resize-observer/-/use-resize-observer-9.1.0.tgz", - "integrity": "sha512-R25VqO9Wb3asSD4eqtcxk8sJalvIOYBqS8MNZlpDSQ4l4xMQxC/J7Id9HoTqPq8FwULIn0PVW+OAqF2dyYbjow==", - "dev": true, - "dependencies": { - "@juggle/resize-observer": "^3.3.1" - }, - "peerDependencies": { - "react": "16.8.0 - 18", - "react-dom": "16.8.0 - 18" - } - }, - "node_modules/use-sidecar": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/use-sidecar/-/use-sidecar-1.1.2.tgz", - "integrity": "sha512-epTbsLuzZ7lPClpz2TyryBfztm7m+28DlEv2ZCQ3MDr5ssiwyOwGH/e5F9CkfWjJ1t4clvI58yF822/GUkjjhw==", - "dev": true, - "dependencies": { - "detect-node-es": "^1.1.0", - "tslib": "^2.0.0" - }, - "engines": { - "node": ">=10" - }, - "peerDependencies": { - "@types/react": "^16.9.0 || ^17.0.0 || ^18.0.0", - "react": "^16.8.0 || ^17.0.0 || ^18.0.0" - }, - "peerDependenciesMeta": { - "@types/react": { - "optional": true - } - } - }, - "node_modules/util": { - "version": "0.12.5", - "resolved": "https://registry.npmjs.org/util/-/util-0.12.5.tgz", - "integrity": "sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA==", - "dev": true, - "dependencies": { - "inherits": "^2.0.3", - "is-arguments": "^1.0.4", - "is-generator-function": "^1.0.7", - "is-typed-array": "^1.1.3", - "which-typed-array": "^1.1.2" - } - }, - "node_modules/util-deprecate": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", - "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", - "dev": true - }, - "node_modules/utils-merge": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", - "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", - "dev": true, - "engines": { - "node": ">= 0.4.0" - } - }, - "node_modules/uuid": { - "version": "9.0.1", - "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", - "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==", - "dev": true, - "funding": [ - "https://github.com/sponsors/broofa", - "https://github.com/sponsors/ctavan" - ], - "bin": { - "uuid": "dist/bin/uuid" - } - }, - "node_modules/v8-compile-cache": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.4.0.tgz", - "integrity": "sha512-ocyWc3bAHBB/guyqJQVI5o4BZkPhznPYUG2ea80Gond/BgNWpap8TOmLSeeQG7bnh2KMISxskdADG59j7zruhw==", - "dev": true - }, - "node_modules/valibot": { - "version": "0.30.0", - "resolved": "https://registry.npmjs.org/valibot/-/valibot-0.30.0.tgz", - "integrity": "sha512-5POBdbSkM+3nvJ6ZlyQHsggisfRtyT4tVTo1EIIShs6qCdXJnyWU5TJ68vr8iTg5zpOLjXLRiBqNx+9zwZz/rA==", - "dev": true, - "optional": true - }, - "node_modules/validate-npm-package-license": { - "version": "3.0.4", - "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz", - "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==", - "dev": true, - "dependencies": { - "spdx-correct": "^3.0.0", - "spdx-expression-parse": "^3.0.0" - } - }, - "node_modules/validator": { - "version": "13.12.0", - "resolved": "https://registry.npmjs.org/validator/-/validator-13.12.0.tgz", - "integrity": "sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg==", - "dev": true, - "optional": true, - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/vary": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", - "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", - "dev": true, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/vite": { - "version": "5.2.12", - "resolved": "https://registry.npmjs.org/vite/-/vite-5.2.12.tgz", - "integrity": "sha512-/gC8GxzxMK5ntBwb48pR32GGhENnjtY30G4A0jemunsBkiEZFw60s8InGpN8gkhHEkjnRK1aSAxeQgwvFhUHAA==", - "dev": true, - "dependencies": { - "esbuild": "^0.20.1", - "postcss": "^8.4.38", - "rollup": "^4.13.0" - }, - "bin": { - "vite": "bin/vite.js" - }, - "engines": { - "node": "^18.0.0 || >=20.0.0" - }, - "funding": { - "url": "https://github.com/vitejs/vite?sponsor=1" - }, - "optionalDependencies": { - "fsevents": "~2.3.3" - }, - "peerDependencies": { - "@types/node": "^18.0.0 || >=20.0.0", - "less": "*", - "lightningcss": "^1.21.0", - "sass": "*", - "stylus": "*", - "sugarss": "*", - "terser": "^5.4.0" - }, - "peerDependenciesMeta": { - "@types/node": { - "optional": true - }, - "less": { - "optional": true - }, - "lightningcss": { - "optional": true - }, - "sass": { - "optional": true - }, - "stylus": { - "optional": true - }, - "sugarss": { - "optional": true - }, - "terser": { - "optional": true - } - } - }, - "node_modules/vite-node": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/vite-node/-/vite-node-1.6.0.tgz", - "integrity": "sha512-de6HJgzC+TFzOu0NTC4RAIsyf/DY/ibWDYQUcuEA84EMHhcefTUGkjFHKKEJhQN4A+6I0u++kr3l36ZF2d7XRw==", - "dev": true, - "dependencies": { - "cac": "^6.7.14", - "debug": "^4.3.4", - "pathe": "^1.1.1", - "picocolors": "^1.0.0", - "vite": "^5.0.0" - }, - "bin": { - "vite-node": "vite-node.mjs" - }, - "engines": { - "node": "^18.0.0 || >=20.0.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/vite-plugin-tailwind-purgecss": { - "version": "0.2.1", - "resolved": "https://registry.npmjs.org/vite-plugin-tailwind-purgecss/-/vite-plugin-tailwind-purgecss-0.2.1.tgz", - "integrity": "sha512-pJevMPGyEve5Z/KCXEbYiw7I11Skt+ZAc+GGa8HcJy4d+8OAzgYG3rdvv3NZOT3IJyErSGoLb8dFxj9elPudtw==", - "dev": true, - "dependencies": { - "estree-walker": "^3.0.3", - "purgecss": "^6.0.0" - }, - "peerDependencies": { - "vite": "^4.1.1 || ^5.0.0" - } - }, - "node_modules/vite-plugin-tailwind-purgecss/node_modules/estree-walker": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", - "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", - "dev": true, - "dependencies": { - "@types/estree": "^1.0.0" - } - }, - "node_modules/vite/node_modules/@esbuild/android-arm": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.20.2.tgz", - "integrity": "sha512-t98Ra6pw2VaDhqNWO2Oph2LXbz/EJcnLmKLGBJwEwXX/JAN83Fym1rU8l0JUWK6HkIbWONCSSatf4sf2NBRx/w==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/android-arm64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.20.2.tgz", - "integrity": "sha512-mRzjLacRtl/tWU0SvD8lUEwb61yP9cqQo6noDZP/O8VkwafSYwZ4yWy24kan8jE/IMERpYncRt2dw438LP3Xmg==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/android-x64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.20.2.tgz", - "integrity": "sha512-btzExgV+/lMGDDa194CcUQm53ncxzeBrWJcncOBxuC6ndBkKxnHdFJn86mCIgTELsooUmwUm9FkhSp5HYu00Rg==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "android" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/darwin-arm64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.20.2.tgz", - "integrity": "sha512-4J6IRT+10J3aJH3l1yzEg9y3wkTDgDk7TSDFX+wKFiWjqWp/iCfLIYzGyasx9l0SAFPT1HwSCR+0w/h1ES/MjA==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/darwin-x64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.20.2.tgz", - "integrity": "sha512-tBcXp9KNphnNH0dfhv8KYkZhjc+H3XBkF5DKtswJblV7KlT9EI2+jeA8DgBjp908WEuYll6pF+UStUCfEpdysA==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/freebsd-arm64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.20.2.tgz", - "integrity": "sha512-d3qI41G4SuLiCGCFGUrKsSeTXyWG6yem1KcGZVS+3FYlYhtNoNgYrWcvkOoaqMhwXSMrZRl69ArHsGJ9mYdbbw==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "freebsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/freebsd-x64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.20.2.tgz", - "integrity": "sha512-d+DipyvHRuqEeM5zDivKV1KuXn9WeRX6vqSqIDgwIfPQtwMP4jaDsQsDncjTDDsExT4lR/91OLjRo8bmC1e+Cw==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "freebsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-arm": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.20.2.tgz", - "integrity": "sha512-VhLPeR8HTMPccbuWWcEUD1Az68TqaTYyj6nfE4QByZIQEQVWBB8vup8PpR7y1QHL3CpcF6xd5WVBU/+SBEvGTg==", - "cpu": [ - "arm" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-arm64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.20.2.tgz", - "integrity": "sha512-9pb6rBjGvTFNira2FLIWqDk/uaf42sSyLE8j1rnUpuzsODBq7FvpwHYZxQ/It/8b+QOS1RYfqgGFNLRI+qlq2A==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-ia32": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.20.2.tgz", - "integrity": "sha512-o10utieEkNPFDZFQm9CoP7Tvb33UutoJqg3qKf1PWVeeJhJw0Q347PxMvBgVVFgouYLGIhFYG0UGdBumROyiig==", - "cpu": [ - "ia32" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-loong64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.20.2.tgz", - "integrity": "sha512-PR7sp6R/UC4CFVomVINKJ80pMFlfDfMQMYynX7t1tNTeivQ6XdX5r2XovMmha/VjR1YN/HgHWsVcTRIMkymrgQ==", - "cpu": [ - "loong64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-mips64el": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.20.2.tgz", - "integrity": "sha512-4BlTqeutE/KnOiTG5Y6Sb/Hw6hsBOZapOVF6njAESHInhlQAghVVZL1ZpIctBOoTFbQyGW+LsVYZ8lSSB3wkjA==", - "cpu": [ - "mips64el" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-ppc64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.20.2.tgz", - "integrity": "sha512-rD3KsaDprDcfajSKdn25ooz5J5/fWBylaaXkuotBDGnMnDP1Uv5DLAN/45qfnf3JDYyJv/ytGHQaziHUdyzaAg==", - "cpu": [ - "ppc64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-riscv64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.20.2.tgz", - "integrity": "sha512-snwmBKacKmwTMmhLlz/3aH1Q9T8v45bKYGE3j26TsaOVtjIag4wLfWSiZykXzXuE1kbCE+zJRmwp+ZbIHinnVg==", - "cpu": [ - "riscv64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-s390x": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.20.2.tgz", - "integrity": "sha512-wcWISOobRWNm3cezm5HOZcYz1sKoHLd8VL1dl309DiixxVFoFe/o8HnwuIwn6sXre88Nwj+VwZUvJf4AFxkyrQ==", - "cpu": [ - "s390x" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/linux-x64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.20.2.tgz", - "integrity": "sha512-1MdwI6OOTsfQfek8sLwgyjOXAu+wKhLEoaOLTjbijk6E2WONYpH9ZU2mNtR+lZ2B4uwr+usqGuVfFT9tMtGvGw==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "linux" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/netbsd-x64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.20.2.tgz", - "integrity": "sha512-K8/DhBxcVQkzYc43yJXDSyjlFeHQJBiowJ0uVL6Tor3jGQfSGHNNJcWxNbOI8v5k82prYqzPuwkzHt3J1T1iZQ==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "netbsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/openbsd-x64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.20.2.tgz", - "integrity": "sha512-eMpKlV0SThJmmJgiVyN9jTPJ2VBPquf6Kt/nAoo6DgHAoN57K15ZghiHaMvqjCye/uU4X5u3YSMgVBI1h3vKrQ==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "openbsd" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/sunos-x64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.20.2.tgz", - "integrity": "sha512-2UyFtRC6cXLyejf/YEld4Hajo7UHILetzE1vsRcGL3earZEW77JxrFjH4Ez2qaTiEfMgAXxfAZCm1fvM/G/o8w==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "sunos" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/win32-arm64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.20.2.tgz", - "integrity": "sha512-GRibxoawM9ZCnDxnP3usoUDO9vUkpAxIIZ6GQI+IlVmr5kP3zUq+l17xELTHMWTWzjxa2guPNyrpq1GWmPvcGQ==", - "cpu": [ - "arm64" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/win32-ia32": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.20.2.tgz", - "integrity": "sha512-HfLOfn9YWmkSKRQqovpnITazdtquEW8/SoHW7pWpuEeguaZI4QnCRW6b+oZTztdBnZOS2hqJ6im/D5cPzBTTlQ==", - "cpu": [ - "ia32" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/@esbuild/win32-x64": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.20.2.tgz", - "integrity": "sha512-N49X4lJX27+l9jbLKSqZ6bKNjzQvHaT8IIFUy+YIqmXQdjYCToGWwOItDrfby14c78aDd5NHQl29xingXfCdLQ==", - "cpu": [ - "x64" - ], - "dev": true, - "optional": true, - "os": [ - "win32" - ], - "engines": { - "node": ">=12" - } - }, - "node_modules/vite/node_modules/esbuild": { - "version": "0.20.2", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.20.2.tgz", - "integrity": "sha512-WdOOppmUNU+IbZ0PaDiTst80zjnrOkyJNHoKupIcVyU8Lvla3Ugx94VzkQ32Ijqd7UhHJy75gNWDMUekcrSJ6g==", - "dev": true, - "hasInstallScript": true, - "bin": { - "esbuild": "bin/esbuild" - }, - "engines": { - "node": ">=12" - }, - "optionalDependencies": { - "@esbuild/aix-ppc64": "0.20.2", - "@esbuild/android-arm": "0.20.2", - "@esbuild/android-arm64": "0.20.2", - "@esbuild/android-x64": "0.20.2", - "@esbuild/darwin-arm64": "0.20.2", - "@esbuild/darwin-x64": "0.20.2", - "@esbuild/freebsd-arm64": "0.20.2", - "@esbuild/freebsd-x64": "0.20.2", - "@esbuild/linux-arm": "0.20.2", - "@esbuild/linux-arm64": "0.20.2", - "@esbuild/linux-ia32": "0.20.2", - "@esbuild/linux-loong64": "0.20.2", - "@esbuild/linux-mips64el": "0.20.2", - "@esbuild/linux-ppc64": "0.20.2", - "@esbuild/linux-riscv64": "0.20.2", - "@esbuild/linux-s390x": "0.20.2", - "@esbuild/linux-x64": "0.20.2", - "@esbuild/netbsd-x64": "0.20.2", - "@esbuild/openbsd-x64": "0.20.2", - "@esbuild/sunos-x64": "0.20.2", - "@esbuild/win32-arm64": "0.20.2", - "@esbuild/win32-ia32": "0.20.2", - "@esbuild/win32-x64": "0.20.2" - } - }, - "node_modules/vite/node_modules/rollup": { - "version": "4.18.0", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.18.0.tgz", - "integrity": "sha512-QmJz14PX3rzbJCN1SG4Xe/bAAX2a6NpCP8ab2vfu2GiUr8AQcr2nCV/oEO3yneFarB67zk8ShlIyWb2LGTb3Sg==", - "dev": true, - "dependencies": { - "@types/estree": "1.0.5" - }, - "bin": { - "rollup": "dist/bin/rollup" - }, - "engines": { - "node": ">=18.0.0", - "npm": ">=8.0.0" - }, - "optionalDependencies": { - "@rollup/rollup-android-arm-eabi": "4.18.0", - "@rollup/rollup-android-arm64": "4.18.0", - "@rollup/rollup-darwin-arm64": "4.18.0", - "@rollup/rollup-darwin-x64": "4.18.0", - "@rollup/rollup-linux-arm-gnueabihf": "4.18.0", - "@rollup/rollup-linux-arm-musleabihf": "4.18.0", - "@rollup/rollup-linux-arm64-gnu": "4.18.0", - "@rollup/rollup-linux-arm64-musl": "4.18.0", - "@rollup/rollup-linux-powerpc64le-gnu": "4.18.0", - "@rollup/rollup-linux-riscv64-gnu": "4.18.0", - "@rollup/rollup-linux-s390x-gnu": "4.18.0", - "@rollup/rollup-linux-x64-gnu": "4.18.0", - "@rollup/rollup-linux-x64-musl": "4.18.0", - "@rollup/rollup-win32-arm64-msvc": "4.18.0", - "@rollup/rollup-win32-ia32-msvc": "4.18.0", - "@rollup/rollup-win32-x64-msvc": "4.18.0", - "fsevents": "~2.3.2" - } - }, - "node_modules/vitefu": { - "version": "0.2.5", - "resolved": "https://registry.npmjs.org/vitefu/-/vitefu-0.2.5.tgz", - "integrity": "sha512-SgHtMLoqaeeGnd2evZ849ZbACbnwQCIwRH57t18FxcXoZop0uQu0uzlIhJBlF/eWVzuce0sHeqPcDo+evVcg8Q==", - "dev": true, - "peerDependencies": { - "vite": "^3.0.0 || ^4.0.0 || ^5.0.0" - }, - "peerDependenciesMeta": { - "vite": { - "optional": true - } - } - }, - "node_modules/vitest": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/vitest/-/vitest-1.6.0.tgz", - "integrity": "sha512-H5r/dN06swuFnzNFhq/dnz37bPXnq8xB2xB5JOVk8K09rUtoeNN+LHWkoQ0A/i3hvbUKKcCei9KpbxqHMLhLLA==", - "dev": true, - "dependencies": { - "@vitest/expect": "1.6.0", - "@vitest/runner": "1.6.0", - "@vitest/snapshot": "1.6.0", - "@vitest/spy": "1.6.0", - "@vitest/utils": "1.6.0", - "acorn-walk": "^8.3.2", - "chai": "^4.3.10", - "debug": "^4.3.4", - "execa": "^8.0.1", - "local-pkg": "^0.5.0", - "magic-string": "^0.30.5", - "pathe": "^1.1.1", - "picocolors": "^1.0.0", - "std-env": "^3.5.0", - "strip-literal": "^2.0.0", - "tinybench": "^2.5.1", - "tinypool": "^0.8.3", - "vite": "^5.0.0", - "vite-node": "1.6.0", - "why-is-node-running": "^2.2.2" - }, - "bin": { - "vitest": "vitest.mjs" - }, - "engines": { - "node": "^18.0.0 || >=20.0.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - }, - "peerDependencies": { - "@edge-runtime/vm": "*", - "@types/node": "^18.0.0 || >=20.0.0", - "@vitest/browser": "1.6.0", - "@vitest/ui": "1.6.0", - "happy-dom": "*", - "jsdom": "*" - }, - "peerDependenciesMeta": { - "@edge-runtime/vm": { - "optional": true - }, - "@types/node": { - "optional": true - }, - "@vitest/browser": { - "optional": true - }, - "@vitest/ui": { - "optional": true - }, - "happy-dom": { - "optional": true - }, - "jsdom": { - "optional": true - } - } - }, - "node_modules/vitest/node_modules/@vitest/expect": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-1.6.0.tgz", - "integrity": "sha512-ixEvFVQjycy/oNgHjqsL6AZCDduC+tflRluaHIzKIsdbzkLn2U/iBnVeJwB6HsIjQBdfMR8Z0tRxKUsvFJEeWQ==", - "dev": true, - "dependencies": { - "@vitest/spy": "1.6.0", - "@vitest/utils": "1.6.0", - "chai": "^4.3.10" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/vitest/node_modules/@vitest/spy": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-1.6.0.tgz", - "integrity": "sha512-leUTap6B/cqi/bQkXUu6bQV5TZPx7pmMBKBQiI0rJA8c3pB56ZsaTbREnF7CJfmvAS4V2cXIBAh/3rVwrrCYgw==", - "dev": true, - "dependencies": { - "tinyspy": "^2.2.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/vitest/node_modules/@vitest/utils": { - "version": "1.6.0", - "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-1.6.0.tgz", - "integrity": "sha512-21cPiuGMoMZwiOHa2i4LXkMkMkCGzA+MVFV70jRwHo95dL4x/ts5GZhML1QWuy7yfp3WzK3lRvZi3JnXTYqrBw==", - "dev": true, - "dependencies": { - "diff-sequences": "^29.6.3", - "estree-walker": "^3.0.3", - "loupe": "^2.3.7", - "pretty-format": "^29.7.0" - }, - "funding": { - "url": "https://opencollective.com/vitest" - } - }, - "node_modules/vitest/node_modules/ansi-styles": { - "version": "5.2.0", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-5.2.0.tgz", - "integrity": "sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/vitest/node_modules/estree-walker": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/estree-walker/-/estree-walker-3.0.3.tgz", - "integrity": "sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==", - "dev": true, - "dependencies": { - "@types/estree": "^1.0.0" - } - }, - "node_modules/vitest/node_modules/execa": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/execa/-/execa-8.0.1.tgz", - "integrity": "sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==", - "dev": true, - "dependencies": { - "cross-spawn": "^7.0.3", - "get-stream": "^8.0.1", - "human-signals": "^5.0.0", - "is-stream": "^3.0.0", - "merge-stream": "^2.0.0", - "npm-run-path": "^5.1.0", - "onetime": "^6.0.0", - "signal-exit": "^4.1.0", - "strip-final-newline": "^3.0.0" - }, - "engines": { - "node": ">=16.17" - }, - "funding": { - "url": "https://github.com/sindresorhus/execa?sponsor=1" - } - }, - "node_modules/vitest/node_modules/get-stream": { - "version": "8.0.1", - "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-8.0.1.tgz", - "integrity": "sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==", - "dev": true, - "engines": { - "node": ">=16" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/vitest/node_modules/human-signals": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-5.0.0.tgz", - "integrity": "sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==", - "dev": true, - "engines": { - "node": ">=16.17.0" - } - }, - "node_modules/vitest/node_modules/is-stream": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-3.0.0.tgz", - "integrity": "sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==", - "dev": true, - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/vitest/node_modules/mimic-fn": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-4.0.0.tgz", - "integrity": "sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/vitest/node_modules/npm-run-path": { - "version": "5.3.0", - "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-5.3.0.tgz", - "integrity": "sha512-ppwTtiJZq0O/ai0z7yfudtBpWIoxM8yE6nHi1X47eFR2EWORqfbu6CnPlNsjeN683eT0qG6H/Pyf9fCcvjnnnQ==", - "dev": true, - "dependencies": { - "path-key": "^4.0.0" - }, - "engines": { - "node": "^12.20.0 || ^14.13.1 || >=16.0.0" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/vitest/node_modules/onetime": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/onetime/-/onetime-6.0.0.tgz", - "integrity": "sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==", - "dev": true, - "dependencies": { - "mimic-fn": "^4.0.0" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/vitest/node_modules/path-key": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/path-key/-/path-key-4.0.0.tgz", - "integrity": "sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/vitest/node_modules/pretty-format": { - "version": "29.7.0", - "resolved": "https://registry.npmjs.org/pretty-format/-/pretty-format-29.7.0.tgz", - "integrity": "sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==", - "dev": true, - "dependencies": { - "@jest/schemas": "^29.6.3", - "ansi-styles": "^5.0.0", - "react-is": "^18.0.0" - }, - "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" - } - }, - "node_modules/vitest/node_modules/react-is": { - "version": "18.3.1", - "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz", - "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==", - "dev": true - }, - "node_modules/vitest/node_modules/strip-final-newline": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/strip-final-newline/-/strip-final-newline-3.0.0.tgz", - "integrity": "sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/w3c-xmlserializer": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-4.0.0.tgz", - "integrity": "sha512-d+BFHzbiCx6zGfz0HyQ6Rg69w9k19nviJspaj4yNscGjrHu94sVP+aRm75yEbCh+r2/yR+7q6hux9LVtbuTGBw==", - "dev": true, - "dependencies": { - "xml-name-validator": "^4.0.0" - }, - "engines": { - "node": ">=14" - } - }, - "node_modules/walker": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/walker/-/walker-1.0.8.tgz", - "integrity": "sha512-ts/8E8l5b7kY0vlWLewOkDXMmPdLcVV4GmOQLyxuSswIJsweeFZtAsMF7k1Nszz+TYBQrlYRmzOnr398y1JemQ==", - "dev": true, - "dependencies": { - "makeerror": "1.0.12" - } - }, - "node_modules/watchpack": { - "version": "2.4.1", - "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.1.tgz", - "integrity": "sha512-8wrBCMtVhqcXP2Sup1ctSkga6uc2Bx0IIvKyT7yTFier5AXHooSI+QyQQAtTb7+E0IUCCKyTFmXqdqgum2XWGg==", - "dev": true, - "dependencies": { - "glob-to-regexp": "^0.4.1", - "graceful-fs": "^4.1.2" - }, - "engines": { - "node": ">=10.13.0" - } - }, - "node_modules/wcwidth": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/wcwidth/-/wcwidth-1.0.1.tgz", - "integrity": "sha512-XHPEwS0q6TaxcvG85+8EYkbiCux2XtWG2mkc47Ng2A77BQu9+DqIOJldST4HgPkuea7dvKSj5VgX3P1d4rW8Tg==", - "dev": true, - "dependencies": { - "defaults": "^1.0.3" - } - }, - "node_modules/webidl-conversions": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz", - "integrity": "sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==", - "dev": true, - "engines": { - "node": ">=12" - } - }, - "node_modules/webpack-sources": { - "version": "3.2.3", - "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz", - "integrity": "sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==", - "engines": { - "node": ">=10.13.0" - } - }, - "node_modules/webpack-virtual-modules": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/webpack-virtual-modules/-/webpack-virtual-modules-0.6.2.tgz", - "integrity": "sha512-66/V2i5hQanC51vBQKPH4aI8NMAcBW59FVBs+rC7eGHupMyfn34q7rZIE+ETlJ+XTevqfUhVVBgSUNSW2flEUQ==" - }, - "node_modules/whatwg-encoding": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/whatwg-encoding/-/whatwg-encoding-2.0.0.tgz", - "integrity": "sha512-p41ogyeMUrw3jWclHWTQg1k05DSVXPLcVxRTYsXUk+ZooOCZLcoYgPZ/HL/D/N+uQPOtcp1me1WhBEaX02mhWg==", - "dev": true, - "dependencies": { - "iconv-lite": "0.6.3" - }, - "engines": { - "node": ">=12" - } - }, - "node_modules/whatwg-encoding/node_modules/iconv-lite": { - "version": "0.6.3", - "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", - "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", - "dev": true, - "dependencies": { - "safer-buffer": ">= 2.1.2 < 3.0.0" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/whatwg-mimetype": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz", - "integrity": "sha512-nt+N2dzIutVRxARx1nghPKGv1xHikU7HKdfafKkLNLindmPU/ch3U31NOCGGA/dmPcmb1VlofO0vnKAcsm0o/Q==", - "dev": true, - "engines": { - "node": ">=12" - } - }, - "node_modules/whatwg-url": { - "version": "12.0.1", - "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-12.0.1.tgz", - "integrity": "sha512-Ed/LrqB8EPlGxjS+TrsXcpUond1mhccS3pchLhzSgPCnTimUCKj3IZE75pAs5m6heB2U2TMerKFUXheyHY+VDQ==", - "dev": true, - "dependencies": { - "tr46": "^4.1.1", - "webidl-conversions": "^7.0.0" - }, - "engines": { - "node": ">=14" - } - }, - "node_modules/which": { - "version": "2.0.2", - "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz", - "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==", - "dev": true, - "dependencies": { - "isexe": "^2.0.0" - }, - "bin": { - "node-which": "bin/node-which" - }, - "engines": { - "node": ">= 8" - } - }, - "node_modules/which-boxed-primitive": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.0.2.tgz", - "integrity": "sha512-bwZdv0AKLpplFY2KZRX6TvyuN7ojjr7lwkg6ml0roIy9YeuSr7JS372qlNW18UQYzgYK9ziGcerWqZOmEn9VNg==", - "dev": true, - "dependencies": { - "is-bigint": "^1.0.1", - "is-boolean-object": "^1.1.0", - "is-number-object": "^1.0.4", - "is-string": "^1.0.5", - "is-symbol": "^1.0.3" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/which-collection": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/which-collection/-/which-collection-1.0.2.tgz", - "integrity": "sha512-K4jVyjnBdgvc86Y6BkaLZEN933SwYOuBFkdmBu9ZfkcAbdVbpITnDmjvZ/aQjRXQrv5EPkTnD1s39GiiqbngCw==", - "dev": true, - "dependencies": { - "is-map": "^2.0.3", - "is-set": "^2.0.3", - "is-weakmap": "^2.0.2", - "is-weakset": "^2.0.3" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/which-typed-array": { - "version": "1.1.15", - "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.15.tgz", - "integrity": "sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==", - "dev": true, - "dependencies": { - "available-typed-arrays": "^1.0.7", - "call-bind": "^1.0.7", - "for-each": "^0.3.3", - "gopd": "^1.0.1", - "has-tostringtag": "^1.0.2" - }, - "engines": { - "node": ">= 0.4" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, - "node_modules/why-is-node-running": { - "version": "2.2.2", - "resolved": "https://registry.npmjs.org/why-is-node-running/-/why-is-node-running-2.2.2.tgz", - "integrity": "sha512-6tSwToZxTOcotxHeA+qGCq1mVzKR3CwcJGmVcY+QE8SHy6TnpFnh8PAvPNHYr7EcuVeG0QSMxtYCuO1ta/G/oA==", - "dev": true, - "dependencies": { - "siginfo": "^2.0.0", - "stackback": "0.0.2" - }, - "bin": { - "why-is-node-running": "cli.js" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/word-wrap": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz", - "integrity": "sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/wordwrap": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", - "integrity": "sha512-gvVzJFlPycKc5dZN4yPkP8w7Dc37BtP1yczEneOb4uq34pXZcvrtRTmWV8W+Ume+XCxKgbjM+nevkyFPMybd4Q==", - "dev": true - }, - "node_modules/wrap-ansi": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz", - "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==", - "dev": true, - "dependencies": { - "ansi-styles": "^6.1.0", - "string-width": "^5.0.1", - "strip-ansi": "^7.0.1" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/wrap-ansi-cjs": { - "name": "wrap-ansi", - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz", - "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==", - "dev": true, - "dependencies": { - "ansi-styles": "^4.0.0", - "string-width": "^4.1.0", - "strip-ansi": "^6.0.0" - }, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/chalk/wrap-ansi?sponsor=1" - } - }, - "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": { - "version": "8.0.0", - "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz", - "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==", - "dev": true - }, - "node_modules/wrap-ansi-cjs/node_modules/string-width": { - "version": "4.2.3", - "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", - "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==", - "dev": true, - "dependencies": { - "emoji-regex": "^8.0.0", - "is-fullwidth-code-point": "^3.0.0", - "strip-ansi": "^6.0.1" - }, - "engines": { - "node": ">=8" - } - }, - "node_modules/wrap-ansi/node_modules/ansi-regex": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz", - "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/ansi-regex?sponsor=1" - } - }, - "node_modules/wrap-ansi/node_modules/ansi-styles": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz", - "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==", - "dev": true, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/ansi-styles?sponsor=1" - } - }, - "node_modules/wrap-ansi/node_modules/strip-ansi": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz", - "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==", - "dev": true, - "dependencies": { - "ansi-regex": "^6.0.1" - }, - "engines": { - "node": ">=12" - }, - "funding": { - "url": "https://github.com/chalk/strip-ansi?sponsor=1" - } - }, - "node_modules/wrappy": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", - "integrity": "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==" - }, - "node_modules/write-file-atomic": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-4.0.2.tgz", - "integrity": "sha512-7KxauUdBmSdWnmpaGFg+ppNjKF8uNLry8LyzjauQDOVONfFLNKrKvQOxZ/VuTIcS/gge/YNahf5RIIQWTSarlg==", - "dev": true, - "dependencies": { - "imurmurhash": "^0.1.4", - "signal-exit": "^3.0.7" - }, - "engines": { - "node": "^12.13.0 || ^14.15.0 || >=16.0.0" - } - }, - "node_modules/write-file-atomic/node_modules/signal-exit": { - "version": "3.0.7", - "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", - "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==", - "dev": true - }, - "node_modules/ws": { - "version": "8.17.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-8.17.1.tgz", - "integrity": "sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ==", - "dev": true, - "engines": { - "node": ">=10.0.0" - }, - "peerDependencies": { - "bufferutil": "^4.0.1", - "utf-8-validate": ">=5.0.2" - }, - "peerDependenciesMeta": { - "bufferutil": { - "optional": true - }, - "utf-8-validate": { - "optional": true - } - } - }, - "node_modules/xml-name-validator": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-4.0.0.tgz", - "integrity": "sha512-ICP2e+jsHvAj2E2lIHxa5tjXRlKDJo4IdvPvCXbXQGdzSfmSpNVyIKMvoZHjDY9DP0zV17iI85o90vRFXNccRw==", - "dev": true, - "engines": { - "node": ">=12" - } - }, - "node_modules/xmlchars": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz", - "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==", - "dev": true - }, - "node_modules/xtend": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", - "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==", - "dev": true, - "engines": { - "node": ">=0.4" - } - }, - "node_modules/yallist": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz", - "integrity": "sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==", - "dev": true - }, - "node_modules/yaml": { - "version": "1.10.2", - "resolved": "https://registry.npmjs.org/yaml/-/yaml-1.10.2.tgz", - "integrity": "sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==", - "dev": true, - "engines": { - "node": ">= 6" - } - }, - "node_modules/yauzl": { - "version": "2.10.0", - "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz", - "integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==", - "dev": true, - "dependencies": { - "buffer-crc32": "~0.2.3", - "fd-slicer": "~1.1.0" - } - }, - "node_modules/yocto-queue": { - "version": "0.1.0", - "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz", - "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==", - "dev": true, - "engines": { - "node": ">=10" - }, - "funding": { - "url": "https://github.com/sponsors/sindresorhus" - } - }, - "node_modules/yup": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/yup/-/yup-1.4.0.tgz", - "integrity": "sha512-wPbgkJRCqIf+OHyiTBQoJiP5PFuAXaWiJK6AmYkzQAh5/c2K9hzSApBZG5wV9KoKSePF7sAxmNSvh/13YHkFDg==", - "dev": true, - "optional": true, - "dependencies": { - "property-expr": "^2.0.5", - "tiny-case": "^1.0.3", - "toposort": "^2.0.2", - "type-fest": "^2.19.0" - } - }, - "node_modules/zod": { - "version": "3.23.8", - "resolved": "https://registry.npmjs.org/zod/-/zod-3.23.8.tgz", - "integrity": "sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==", - "dev": true, - "funding": { - "url": "https://github.com/sponsors/colinhacks" - } - }, - "node_modules/zod-to-json-schema": { - "version": "3.23.0", - "resolved": "https://registry.npmjs.org/zod-to-json-schema/-/zod-to-json-schema-3.23.0.tgz", - "integrity": "sha512-az0uJ243PxsRIa2x1WmNE/pnuA05gUq/JB8Lwe1EDCCL/Fz9MgjYQ0fPlyc2Tcv6aF2ZA7WM5TWaRZVEFaAIag==", - "dev": true, - "optional": true, - "peerDependencies": { - "zod": "^3.23.3" - } - }, - "node_modules/zrender": { - "version": "5.5.0", - "resolved": "https://registry.npmjs.org/zrender/-/zrender-5.5.0.tgz", - "integrity": "sha512-O3MilSi/9mwoovx77m6ROZM7sXShR/O/JIanvzTwjN3FORfLSr81PsUGd7jlaYOeds9d8tw82oP44+3YucVo+w==", - "dependencies": { - "tslib": "2.3.0" - } - }, - "node_modules/zrender/node_modules/tslib": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", - "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" - } - } -} diff --git a/frontend/package.json b/frontend/package.json index b43728af4..3dd78dd72 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -13,71 +13,73 @@ "test:ui": "vitest --ui", "test:e2e": "ARGS=\"$npm_config_args\" docker compose -f ./tests/docker-compose.e2e-tests.yml up --force-recreate --build -V", "coverage": "vitest run --coverage", - "lint": "prettier --plugin-search-dir . --check . && eslint .", - "format": "prettier --plugin-search-dir . --write .", + "lint": "prettier --check . && eslint .", + "format": "prettier --write .", "postinstall": "paraglide-js compile --project ./project.inlang", "storybook": "storybook dev -p 6006", "build-storybook": "storybook build" }, "devDependencies": { - "@inlang/paraglide-js": "1.2.5", - "@playwright/test": "^1.40.1", - "@skeletonlabs/skeleton": "^2.3.0", - "@skeletonlabs/tw-plugin": "^0.2.2", - "@storybook/addon-essentials": "^7.6.17", - "@storybook/addon-interactions": "^7.6.17", - "@storybook/addon-links": "^7.6.17", - "@storybook/blocks": "^7.6.17", - "@storybook/svelte": "^7.6.17", - "@storybook/sveltekit": "^7.6.17", - "@storybook/test": "^7.6.17", - "@sveltejs/adapter-auto": "^3.0.0", - "@sveltejs/adapter-node": "^4.0.1", - "@sveltejs/kit": "^2.0.0", - "@sveltejs/vite-plugin-svelte": "^3.0.0", - "@tailwindcss/forms": "^0.5.3", - "@tailwindcss/typography": "^0.5.9", - "@testing-library/jest-dom": "^6.1.4", - "@testing-library/svelte": "^4.0.4", - "@types/node": "^20.8.7", - "@typescript-eslint/eslint-plugin": "^5.62.0", - "@typescript-eslint/parser": "^5.62.0", - "@vincjo/datatables": "^1.14.0", - "@vitest/coverage-v8": "^1.1.1", - "@vitest/ui": "^1.1.1", - "autoprefixer": "^10.4.14", - "eslint": "^8.53.0", - "eslint-config-prettier": "^8.5.0", + "@inlang/paraglide-js": "1.11.1", + "@playwright/test": "^1.45.2", + "@skeletonlabs/skeleton": "^2.10.2", + "@skeletonlabs/tw-plugin": "^0.4.0", + "@storybook/addon-essentials": "^8.2.4", + "@storybook/addon-interactions": "^8.2.4", + "@storybook/addon-links": "^8.2.4", + "@storybook/blocks": "^8.2.4", + "@storybook/svelte": "^8.2.4", + "@storybook/sveltekit": "^8.2.4", + "@storybook/test": "^8.2.4", + "@sveltejs/adapter-auto": "^3.2.2", + "@sveltejs/adapter-node": "^5.2.0", + "@sveltejs/kit": "^2.5.18", + "@sveltejs/vite-plugin-svelte": "^3.1.1", + "@tailwindcss/forms": "^0.5.7", + "@tailwindcss/typography": "^0.5.13", + "@testing-library/dom": "^10.3.2", + "@testing-library/jest-dom": "^6.4.6", + "@testing-library/svelte": "^5.2.0", + "@types/node": "^20.14.11", + "@typescript-eslint/eslint-plugin": "^7.16.1", + "@typescript-eslint/parser": "^7.16.1", + "@vincjo/datatables": "^1.14.10", + "@vitest/coverage-v8": "^1.6.0", + "@vitest/ui": "^1.6.0", + "autoprefixer": "^10.4.19", + "eslint": "^8.57.0", + "eslint-config-prettier": "^9.1.0", "eslint-plugin-storybook": "^0.8.0", - "eslint-plugin-svelte": "^2.35.1", - "jsdom": "^22.1.0", - "postcss": "^8.4.23", - "prettier": "^2.8.0", - "prettier-plugin-svelte": "^2.10.1", - "react": "^18.2.0", - "react-dom": "^18.2.0", - "storybook": "^7.6.17", - "svelte": "^4.0.0", - "svelte-check": "^3.4.3", + "eslint-plugin-svelte": "^2.42.0", + "jsdom": "^24.1.0", + "postcss": "^8.4.39", + "prettier": "^3.3.3", + "prettier-plugin-svelte": "^3.2.6", + "react": "^18.3.1", + "react-dom": "^18.3.1", + "storybook": "^8.2.4", + "svelte": "^4.2.18", + "svelte-check": "^3.8.4", "svelte-typewriter": "^3.2.3", - "sveltekit-flash-message": "^2.2.1", - "sveltekit-rate-limiter": "^0.4.1", - "sveltekit-superforms": "^2.12.5", - "tailwindcss": "^3.3.2", - "tslib": "^2.4.1", - "typescript": "^5.0.0", - "vite": "^5.0.0", - "vite-plugin-tailwind-purgecss": "^0.2.0", - "vitest": "^1.1.1", - "zod": "^3.22.2" + "sveltekit-flash-message": "^2.4.4", + "sveltekit-rate-limiter": "^0.5.2", + "sveltekit-superforms": "^2.16.1", + "tailwindcss": "^3.4.6", + "tslib": "^2.6.3", + "typescript": "^5.5.3", + "vite": "^5.3.4", + "vite-plugin-tailwind-purgecss": "^0.3.3", + "vitest": "^1.6.0", + "zod": "^3.23.8" }, "type": "module", "dependencies": { - "@floating-ui/dom": "^1.5.1", - "@fortawesome/fontawesome-free": "^6.5.1", - "@inlang/paraglide-js-adapter-vite": "^1.2.14", - "dotenv": "^16.4.1", - "echarts": "^5.4.3", - "svelte-multiselect": "^10.2.0" + "@floating-ui/dom": "^1.6.7", + "@fortawesome/fontawesome-free": "^6.6.0", + "@inlang/paraglide-js-adapter-vite": "^1.2.40", + "dotenv": "^16.4.5", + "echarts": "^5.5.1", + "svelte-multiselect": "^10.3.0", + "svelte-persisted-store": "^0.11.0" } } diff --git a/frontend/playwright.config.ts b/frontend/playwright.config.ts index 5091057de..85cedf92e 100644 --- a/frontend/playwright.config.ts +++ b/frontend/playwright.config.ts @@ -5,7 +5,7 @@ const config: PlaywrightTestConfig = { webServer: { command: process.env.COMPOSE_TEST ? 'echo "The docker compose frontend server didn\'t start correctly"' - : 'npm run build && npm run preview', + : 'npm install -g pnpm && pnpm install && pnpm run build && pnpm run preview', port: process.env.COMPOSE_TEST ? 3000 : 4173, reuseExistingServer: process.env.COMPOSE_TEST }, diff --git a/frontend/pnpm-lock.yaml b/frontend/pnpm-lock.yaml new file mode 100644 index 000000000..498816c43 --- /dev/null +++ b/frontend/pnpm-lock.yaml @@ -0,0 +1,10148 @@ +lockfileVersion: '9.0' + +settings: + autoInstallPeers: true + excludeLinksFromLockfile: false + +importers: + + .: + dependencies: + '@floating-ui/dom': + specifier: ^1.6.7 + version: 1.6.7 + '@fortawesome/fontawesome-free': + specifier: ^6.6.0 + version: 6.6.0 + '@inlang/paraglide-js-adapter-vite': + specifier: ^1.2.40 + version: 1.2.40 + dotenv: + specifier: ^16.4.5 + version: 16.4.5 + echarts: + specifier: ^5.5.1 + version: 5.5.1 + svelte-multiselect: + specifier: ^10.3.0 + version: 10.3.0 + svelte-persisted-store: + specifier: ^0.11.0 + version: 0.11.0(svelte@4.2.18) + devDependencies: + '@inlang/paraglide-js': + specifier: 1.11.1 + version: 1.11.1 + '@playwright/test': + specifier: ^1.45.2 + version: 1.45.2 + '@skeletonlabs/skeleton': + specifier: ^2.10.2 + version: 2.10.2(svelte@4.2.18) + '@skeletonlabs/tw-plugin': + specifier: ^0.4.0 + version: 0.4.0(tailwindcss@3.4.6) + '@storybook/addon-essentials': + specifier: ^8.2.4 + version: 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-interactions': + specifier: ^8.2.4 + version: 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0)) + '@storybook/addon-links': + specifier: ^8.2.4 + version: 8.2.4(react@18.3.1)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/blocks': + specifier: ^8.2.4 + version: 8.2.4(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/svelte': + specifier: ^8.2.4 + version: 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(svelte@4.2.18) + '@storybook/sveltekit': + specifier: ^8.2.4 + version: 8.2.4(@babel/core@7.24.9)(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(svelte@4.2.18)(typescript@5.5.3)(vite@5.3.4(@types/node@20.14.11)) + '@storybook/test': + specifier: ^8.2.4 + version: 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0)) + '@sveltejs/adapter-auto': + specifier: ^3.2.2 + version: 3.2.2(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))) + '@sveltejs/adapter-node': + specifier: ^5.2.0 + version: 5.2.0(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))) + '@sveltejs/kit': + specifier: ^2.5.18 + version: 2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + '@sveltejs/vite-plugin-svelte': + specifier: ^3.1.1 + version: 3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + '@tailwindcss/forms': + specifier: ^0.5.7 + version: 0.5.7(tailwindcss@3.4.6) + '@tailwindcss/typography': + specifier: ^0.5.13 + version: 0.5.13(tailwindcss@3.4.6) + '@testing-library/dom': + specifier: ^10.3.2 + version: 10.3.2 + '@testing-library/jest-dom': + specifier: ^6.4.6 + version: 6.4.6(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0)) + '@testing-library/svelte': + specifier: ^5.2.0 + version: 5.2.0(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0)) + '@types/node': + specifier: ^20.14.11 + version: 20.14.11 + '@typescript-eslint/eslint-plugin': + specifier: ^7.16.1 + version: 7.16.1(@typescript-eslint/parser@7.16.1(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3) + '@typescript-eslint/parser': + specifier: ^7.16.1 + version: 7.16.1(eslint@8.57.0)(typescript@5.5.3) + '@vincjo/datatables': + specifier: ^1.14.10 + version: 1.14.10(svelte@4.2.18) + '@vitest/coverage-v8': + specifier: ^1.6.0 + version: 1.6.0(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0)) + '@vitest/ui': + specifier: ^1.6.0 + version: 1.6.0(vitest@1.6.0) + autoprefixer: + specifier: ^10.4.19 + version: 10.4.19(postcss@8.4.39) + eslint: + specifier: ^8.57.0 + version: 8.57.0 + eslint-config-prettier: + specifier: ^9.1.0 + version: 9.1.0(eslint@8.57.0) + eslint-plugin-storybook: + specifier: ^0.8.0 + version: 0.8.0(eslint@8.57.0)(typescript@5.5.3) + eslint-plugin-svelte: + specifier: ^2.42.0 + version: 2.42.0(eslint@8.57.0)(svelte@4.2.18) + jsdom: + specifier: ^24.1.0 + version: 24.1.0 + postcss: + specifier: ^8.4.39 + version: 8.4.39 + prettier: + specifier: ^3.3.3 + version: 3.3.3 + prettier-plugin-svelte: + specifier: ^3.2.6 + version: 3.2.6(prettier@3.3.3)(svelte@4.2.18) + react: + specifier: ^18.3.1 + version: 18.3.1 + react-dom: + specifier: ^18.3.1 + version: 18.3.1(react@18.3.1) + storybook: + specifier: ^8.2.4 + version: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + svelte: + specifier: ^4.2.18 + version: 4.2.18 + svelte-check: + specifier: ^3.8.4 + version: 3.8.4(@babel/core@7.24.9)(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(svelte@4.2.18) + svelte-typewriter: + specifier: ^3.2.3 + version: 3.2.3(svelte@4.2.18) + sveltekit-flash-message: + specifier: ^2.4.4 + version: 2.4.4(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18) + sveltekit-rate-limiter: + specifier: ^0.5.2 + version: 0.5.2(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))) + sveltekit-superforms: + specifier: ^2.16.1 + version: 2.16.1(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18) + tailwindcss: + specifier: ^3.4.6 + version: 3.4.6 + tslib: + specifier: ^2.6.3 + version: 2.6.3 + typescript: + specifier: ^5.5.3 + version: 5.5.3 + vite: + specifier: ^5.3.4 + version: 5.3.4(@types/node@20.14.11) + vite-plugin-tailwind-purgecss: + specifier: ^0.3.3 + version: 0.3.3(tailwindcss@3.4.6)(vite@5.3.4(@types/node@20.14.11)) + vitest: + specifier: ^1.6.0 + version: 1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0) + zod: + specifier: ^3.23.8 + version: 3.23.8 + +packages: + + '@adobe/css-tools@4.4.0': + resolution: {integrity: sha512-Ff9+ksdQQB3rMncgqDK78uLznstjyfIf2Arnh22pW8kBpLs6rpKDwgnZT46hin5Hl1WzazzK64DOrhSwYpS7bQ==} + + '@alloc/quick-lru@5.2.0': + resolution: {integrity: sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==} + engines: {node: '>=10'} + + '@ampproject/remapping@2.3.0': + resolution: {integrity: sha512-30iZtAPgz+LTIYoeivqYo853f02jBYSd5uGnGpkFV0M3xOt9aN73erkgYAmZU43x4VfqcnLxW9Kpg3R5LC4YYw==} + engines: {node: '>=6.0.0'} + + '@ark/schema@0.2.0': + resolution: {integrity: sha512-IkNWCSHdjaoemMXpps4uFHEAQzwJPbTAS8K2vcQpk90sa+eNBuPSVyB/81/Qyl1VYW0iX3ceGC5NL/OznQv1jg==} + + '@ark/util@0.1.0': + resolution: {integrity: sha512-qCLYICQoCy3kEKDVwirQp8qvxhY7NJd8BhhoHaj1l3wCFAk9NUbcDsxAkPStZEMdPI/d7NcbGJe8SWZuRG2twQ==} + + '@babel/code-frame@7.24.7': + resolution: {integrity: sha512-BcYH1CVJBO9tvyIZ2jVeXgSIMvGZ2FDRvDdOIVQyuklNKSsx+eppDEBq/g47Ayw+RqNFE+URvOShmf+f/qwAlA==} + engines: {node: '>=6.9.0'} + + '@babel/compat-data@7.24.9': + resolution: {integrity: sha512-e701mcfApCJqMMueQI0Fb68Amflj83+dvAvHawoBpAz+GDjCIyGHzNwnefjsWJ3xiYAqqiQFoWbspGYBdb2/ng==} + engines: {node: '>=6.9.0'} + + '@babel/core@7.24.9': + resolution: {integrity: sha512-5e3FI4Q3M3Pbr21+5xJwCv6ZT6KmGkI0vw3Tozy5ODAQFTIWe37iT8Cr7Ice2Ntb+M3iSKCEWMB1MBgKrW3whg==} + engines: {node: '>=6.9.0'} + + '@babel/generator@7.24.10': + resolution: {integrity: sha512-o9HBZL1G2129luEUlG1hB4N/nlYNWHnpwlND9eOMclRqqu1YDy2sSYVCFUZwl8I1Gxh+QSRrP2vD7EpUmFVXxg==} + engines: {node: '>=6.9.0'} + + '@babel/helper-annotate-as-pure@7.24.7': + resolution: {integrity: sha512-BaDeOonYvhdKw+JoMVkAixAAJzG2jVPIwWoKBPdYuY9b452e2rPuI9QPYh3KpofZ3pW2akOmwZLOiOsHMiqRAg==} + engines: {node: '>=6.9.0'} + + '@babel/helper-builder-binary-assignment-operator-visitor@7.24.7': + resolution: {integrity: sha512-xZeCVVdwb4MsDBkkyZ64tReWYrLRHlMN72vP7Bdm3OUOuyFZExhsHUUnuWnm2/XOlAJzR0LfPpB56WXZn0X/lA==} + engines: {node: '>=6.9.0'} + + '@babel/helper-compilation-targets@7.24.8': + resolution: {integrity: sha512-oU+UoqCHdp+nWVDkpldqIQL/i/bvAv53tRqLG/s+cOXxe66zOYLU7ar/Xs3LdmBihrUMEUhwu6dMZwbNOYDwvw==} + engines: {node: '>=6.9.0'} + + '@babel/helper-create-class-features-plugin@7.24.8': + resolution: {integrity: sha512-4f6Oqnmyp2PP3olgUMmOwC3akxSm5aBYraQ6YDdKy7NcAMkDECHWG0DEnV6M2UAkERgIBhYt8S27rURPg7SxWA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/helper-create-regexp-features-plugin@7.24.7': + resolution: {integrity: sha512-03TCmXy2FtXJEZfbXDTSqq1fRJArk7lX9DOFC/47VthYcxyIOx+eXQmdo6DOQvrbpIix+KfXwvuXdFDZHxt+rA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/helper-define-polyfill-provider@0.6.2': + resolution: {integrity: sha512-LV76g+C502biUK6AyZ3LK10vDpDyCzZnhZFXkH1L75zHPj68+qc8Zfpx2th+gzwA2MzyK+1g/3EPl62yFnVttQ==} + peerDependencies: + '@babel/core': ^7.4.0 || ^8.0.0-0 <8.0.0 + + '@babel/helper-environment-visitor@7.24.7': + resolution: {integrity: sha512-DoiN84+4Gnd0ncbBOM9AZENV4a5ZiL39HYMyZJGZ/AZEykHYdJw0wW3kdcsh9/Kn+BRXHLkkklZ51ecPKmI1CQ==} + engines: {node: '>=6.9.0'} + + '@babel/helper-function-name@7.24.7': + resolution: {integrity: sha512-FyoJTsj/PEUWu1/TYRiXTIHc8lbw+TDYkZuoE43opPS5TrI7MyONBE1oNvfguEXAD9yhQRrVBnXdXzSLQl9XnA==} + engines: {node: '>=6.9.0'} + + '@babel/helper-hoist-variables@7.24.7': + resolution: {integrity: sha512-MJJwhkoGy5c4ehfoRyrJ/owKeMl19U54h27YYftT0o2teQ3FJ3nQUf/I3LlJsX4l3qlw7WRXUmiyajvHXoTubQ==} + engines: {node: '>=6.9.0'} + + '@babel/helper-member-expression-to-functions@7.24.8': + resolution: {integrity: sha512-LABppdt+Lp/RlBxqrh4qgf1oEH/WxdzQNDJIu5gC/W1GyvPVrOBiItmmM8wan2fm4oYqFuFfkXmlGpLQhPY8CA==} + engines: {node: '>=6.9.0'} + + '@babel/helper-module-imports@7.24.7': + resolution: {integrity: sha512-8AyH3C+74cgCVVXow/myrynrAGv+nTVg5vKu2nZph9x7RcRwzmh0VFallJuFTZ9mx6u4eSdXZfcOzSqTUm0HCA==} + engines: {node: '>=6.9.0'} + + '@babel/helper-module-transforms@7.24.9': + resolution: {integrity: sha512-oYbh+rtFKj/HwBQkFlUzvcybzklmVdVV3UU+mN7n2t/q3yGHbuVdNxyFvSBO1tfvjyArpHNcWMAzsSPdyI46hw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/helper-optimise-call-expression@7.24.7': + resolution: {integrity: sha512-jKiTsW2xmWwxT1ixIdfXUZp+P5yURx2suzLZr5Hi64rURpDYdMW0pv+Uf17EYk2Rd428Lx4tLsnjGJzYKDM/6A==} + engines: {node: '>=6.9.0'} + + '@babel/helper-plugin-utils@7.24.8': + resolution: {integrity: sha512-FFWx5142D8h2Mgr/iPVGH5G7w6jDn4jUSpZTyDnQO0Yn7Ks2Kuz6Pci8H6MPCoUJegd/UZQ3tAvfLCxQSnWWwg==} + engines: {node: '>=6.9.0'} + + '@babel/helper-remap-async-to-generator@7.24.7': + resolution: {integrity: sha512-9pKLcTlZ92hNZMQfGCHImUpDOlAgkkpqalWEeftW5FBya75k8Li2ilerxkM/uBEj01iBZXcCIB/bwvDYgWyibA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/helper-replace-supers@7.24.7': + resolution: {integrity: sha512-qTAxxBM81VEyoAY0TtLrx1oAEJc09ZK67Q9ljQToqCnA+55eNwCORaxlKyu+rNfX86o8OXRUSNUnrtsAZXM9sg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/helper-simple-access@7.24.7': + resolution: {integrity: sha512-zBAIvbCMh5Ts+b86r/CjU+4XGYIs+R1j951gxI3KmmxBMhCg4oQMsv6ZXQ64XOm/cvzfU1FmoCyt6+owc5QMYg==} + engines: {node: '>=6.9.0'} + + '@babel/helper-skip-transparent-expression-wrappers@7.24.7': + resolution: {integrity: sha512-IO+DLT3LQUElMbpzlatRASEyQtfhSE0+m465v++3jyyXeBTBUjtVZg28/gHeV5mrTJqvEKhKroBGAvhW+qPHiQ==} + engines: {node: '>=6.9.0'} + + '@babel/helper-split-export-declaration@7.24.7': + resolution: {integrity: sha512-oy5V7pD+UvfkEATUKvIjvIAH/xCzfsFVw7ygW2SI6NClZzquT+mwdTfgfdbUiceh6iQO0CHtCPsyze/MZ2YbAA==} + engines: {node: '>=6.9.0'} + + '@babel/helper-string-parser@7.24.8': + resolution: {integrity: sha512-pO9KhhRcuUyGnJWwyEgnRJTSIZHiT+vMD0kPeD+so0l7mxkMT19g3pjY9GTnHySck/hDzq+dtW/4VgnMkippsQ==} + engines: {node: '>=6.9.0'} + + '@babel/helper-validator-identifier@7.24.7': + resolution: {integrity: sha512-rR+PBcQ1SMQDDyF6X0wxtG8QyLCgUB0eRAGguqRLfkCA87l7yAP7ehq8SNj96OOGTO8OBV70KhuFYcIkHXOg0w==} + engines: {node: '>=6.9.0'} + + '@babel/helper-validator-option@7.24.8': + resolution: {integrity: sha512-xb8t9tD1MHLungh/AIoWYN+gVHaB9kwlu8gffXGSt3FFEIT7RjS+xWbc2vUD1UTZdIpKj/ab3rdqJ7ufngyi2Q==} + engines: {node: '>=6.9.0'} + + '@babel/helper-wrap-function@7.24.7': + resolution: {integrity: sha512-N9JIYk3TD+1vq/wn77YnJOqMtfWhNewNE+DJV4puD2X7Ew9J4JvrzrFDfTfyv5EgEXVy9/Wt8QiOErzEmv5Ifw==} + engines: {node: '>=6.9.0'} + + '@babel/helpers@7.24.8': + resolution: {integrity: sha512-gV2265Nkcz7weJJfvDoAEVzC1e2OTDpkGbEsebse8koXUJUXPsCMi7sRo/+SPMuMZ9MtUPnGwITTnQnU5YjyaQ==} + engines: {node: '>=6.9.0'} + + '@babel/highlight@7.24.7': + resolution: {integrity: sha512-EStJpq4OuY8xYfhGVXngigBJRWxftKX9ksiGDnmlY3o7B/V7KIAc9X4oiK87uPJSc/vs5L869bem5fhZa8caZw==} + engines: {node: '>=6.9.0'} + + '@babel/parser@7.24.8': + resolution: {integrity: sha512-WzfbgXOkGzZiXXCqk43kKwZjzwx4oulxZi3nq2TYL9mOjQv6kYwul9mz6ID36njuL7Xkp6nJEfok848Zj10j/w==} + engines: {node: '>=6.0.0'} + hasBin: true + + '@babel/plugin-bugfix-firefox-class-in-computed-class-key@7.24.7': + resolution: {integrity: sha512-TiT1ss81W80eQsN+722OaeQMY/G4yTb4G9JrqeiDADs3N8lbPMGldWi9x8tyqCW5NLx1Jh2AvkE6r6QvEltMMQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.24.7': + resolution: {integrity: sha512-unaQgZ/iRu/By6tsjMZzpeBZjChYfLYry6HrEXPoz3KmfF0sVBQ1l8zKMQ4xRGLWVsjuvB8nQfjNP/DcfEOCsg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.24.7': + resolution: {integrity: sha512-+izXIbke1T33mY4MSNnrqhPXDz01WYhEf3yF5NbnUtkiNnm+XBZJl3kNfoK6NKmYlz/D07+l2GWVK/QfDkNCuQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.13.0 + + '@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@7.24.7': + resolution: {integrity: sha512-utA4HuR6F4Vvcr+o4DnjL8fCOlgRFGbeeBEGNg3ZTrLFw6VWG5XmUrvcQ0FjIYMU2ST4XcR2Wsp7t9qOAPnxMg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/plugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2': + resolution: {integrity: sha512-SOSkfJDddaM7mak6cPEpswyTRnuRltl429hMraQEglW+OkovnCzsiszTmsrlY//qLFjCpQDFRvjdm2wA5pPm9w==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-async-generators@7.8.4': + resolution: {integrity: sha512-tycmZxkGfZaxhMRbXlPXuVFpdWlXpir2W4AMhSJgRKzk/eDlIXOhb2LHWoLpDF7TEHylV5zNhykX6KAgHJmTNw==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-class-properties@7.12.13': + resolution: {integrity: sha512-fm4idjKla0YahUNgFNLCB0qySdsoPiZP3iQE3rky0mBUtMZ23yDJ9SJdg6dXTSDnulOVqiF3Hgr9nbXvXTQZYA==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-class-static-block@7.14.5': + resolution: {integrity: sha512-b+YyPmr6ldyNnM6sqYeMWE+bgJcJpO6yS4QD7ymxgH34GBPNDM/THBh8iunyvKIZztiwLH4CJZ0RxTk9emgpjw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-dynamic-import@7.8.3': + resolution: {integrity: sha512-5gdGbFon+PszYzqs83S3E5mpi7/y/8M9eC90MRTZfduQOYW76ig6SOSPNe41IG5LoP3FGBn2N0RjVDSQiS94kQ==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-export-namespace-from@7.8.3': + resolution: {integrity: sha512-MXf5laXo6c1IbEbegDmzGPwGNTsHZmEy6QGznu5Sh2UCWvueywb2ee+CCE4zQiZstxU9BMoQO9i6zUFSY0Kj0Q==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-flow@7.24.7': + resolution: {integrity: sha512-9G8GYT/dxn/D1IIKOUBmGX0mnmj46mGH9NnZyJLwtCpgh5f7D2VbuKodb+2s9m1Yavh1s7ASQN8lf0eqrb1LTw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-import-assertions@7.24.7': + resolution: {integrity: sha512-Ec3NRUMoi8gskrkBe3fNmEQfxDvY8bgfQpz6jlk/41kX9eUjvpyqWU7PBP/pLAvMaSQjbMNKJmvX57jP+M6bPg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-import-attributes@7.24.7': + resolution: {integrity: sha512-hbX+lKKeUMGihnK8nvKqmXBInriT3GVjzXKFriV3YC6APGxMbP8RZNFwy91+hocLXq90Mta+HshoB31802bb8A==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-import-meta@7.10.4': + resolution: {integrity: sha512-Yqfm+XDx0+Prh3VSeEQCPU81yC+JWZ2pDPFSS4ZdpfZhp4MkFMaDC1UqseovEKwSUpnIL7+vK+Clp7bfh0iD7g==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-json-strings@7.8.3': + resolution: {integrity: sha512-lY6kdGpWHvjoe2vk4WrAapEuBR69EMxZl+RoGRhrFGNYVK8mOPAW8VfbT/ZgrFbXlDNiiaxQnAtgVCZ6jv30EA==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-jsx@7.24.7': + resolution: {integrity: sha512-6ddciUPe/mpMnOKv/U+RSd2vvVy+Yw/JfBB0ZHYjEZt9NLHmCUylNYlsbqCCS1Bffjlb0fCwC9Vqz+sBz6PsiQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-logical-assignment-operators@7.10.4': + resolution: {integrity: sha512-d8waShlpFDinQ5MtvGU9xDAOzKH47+FFoney2baFIoMr952hKOLp1HR7VszoZvOsV/4+RRszNY7D17ba0te0ig==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-nullish-coalescing-operator@7.8.3': + resolution: {integrity: sha512-aSff4zPII1u2QD7y+F8oDsz19ew4IGEJg9SVW+bqwpwtfFleiQDMdzA/R+UlWDzfnHFCxxleFT0PMIrR36XLNQ==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-numeric-separator@7.10.4': + resolution: {integrity: sha512-9H6YdfkcK/uOnY/K7/aA2xpzaAgkQn37yzWUMRK7OaPOqOpGS1+n0H5hxT9AUw9EsSjPW8SVyMJwYRtWs3X3ug==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-object-rest-spread@7.8.3': + resolution: {integrity: sha512-XoqMijGZb9y3y2XskN+P1wUGiVwWZ5JmoDRwx5+3GmEplNyVM2s2Dg8ILFQm8rWM48orGy5YpI5Bl8U1y7ydlA==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-optional-catch-binding@7.8.3': + resolution: {integrity: sha512-6VPD0Pc1lpTqw0aKoeRTMiB+kWhAoT24PA+ksWSBrFtl5SIRVpZlwN3NNPQjehA2E/91FV3RjLWoVTglWcSV3Q==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-optional-chaining@7.8.3': + resolution: {integrity: sha512-KoK9ErH1MBlCPxV0VANkXW2/dw4vlbGDrFgz8bmUsBGYkFRcbRwMh6cIJubdPrkxRwuGdtCk0v/wPTKbQgBjkg==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-private-property-in-object@7.14.5': + resolution: {integrity: sha512-0wVnp9dxJ72ZUJDV27ZfbSj6iHLoytYZmh3rFcxNnvsJF3ktkzLDZPy/mA17HGsaQT3/DQsWYX1f1QGWkCoVUg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-top-level-await@7.14.5': + resolution: {integrity: sha512-hx++upLv5U1rgYfwe1xBQUhRmU41NEvpUvrp8jkrSCdvGSnM5/qdRMtylJ6PG5OFkBaHkbTAKTnd3/YyESRHFw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-typescript@7.24.7': + resolution: {integrity: sha512-c/+fVeJBB0FeKsFvwytYiUD+LBvhHjGSI0g446PRGdSVGZLRNArBUno2PETbAly3tpiNAQR5XaZ+JslxkotsbA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-syntax-unicode-sets-regex@7.18.6': + resolution: {integrity: sha512-727YkEAPwSIQTv5im8QHz3upqp92JTWhidIC81Tdx4VJYIte/VndKf1qKrfnnhPLiPghStWfvC/iFaMCQu7Nqg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/plugin-transform-arrow-functions@7.24.7': + resolution: {integrity: sha512-Dt9LQs6iEY++gXUwY03DNFat5C2NbO48jj+j/bSAz6b3HgPs39qcPiYt77fDObIcFwj3/C2ICX9YMwGflUoSHQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-async-generator-functions@7.24.7': + resolution: {integrity: sha512-o+iF77e3u7ZS4AoAuJvapz9Fm001PuD2V3Lp6OSE4FYQke+cSewYtnek+THqGRWyQloRCyvWL1OkyfNEl9vr/g==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-async-to-generator@7.24.7': + resolution: {integrity: sha512-SQY01PcJfmQ+4Ash7NE+rpbLFbmqA2GPIgqzxfFTL4t1FKRq4zTms/7htKpoCUI9OcFYgzqfmCdH53s6/jn5fA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-block-scoped-functions@7.24.7': + resolution: {integrity: sha512-yO7RAz6EsVQDaBH18IDJcMB1HnrUn2FJ/Jslc/WtPPWcjhpUJXU/rjbwmluzp7v/ZzWcEhTMXELnnsz8djWDwQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-block-scoping@7.24.7': + resolution: {integrity: sha512-Nd5CvgMbWc+oWzBsuaMcbwjJWAcp5qzrbg69SZdHSP7AMY0AbWFqFO0WTFCA1jxhMCwodRwvRec8k0QUbZk7RQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-class-properties@7.24.7': + resolution: {integrity: sha512-vKbfawVYayKcSeSR5YYzzyXvsDFWU2mD8U5TFeXtbCPLFUqe7GyCgvO6XDHzje862ODrOwy6WCPmKeWHbCFJ4w==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-class-static-block@7.24.7': + resolution: {integrity: sha512-HMXK3WbBPpZQufbMG4B46A90PkuuhN9vBCb5T8+VAHqvAqvcLi+2cKoukcpmUYkszLhScU3l1iudhrks3DggRQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.12.0 + + '@babel/plugin-transform-classes@7.24.8': + resolution: {integrity: sha512-VXy91c47uujj758ud9wx+OMgheXm4qJfyhj1P18YvlrQkNOSrwsteHk+EFS3OMGfhMhpZa0A+81eE7G4QC+3CA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-computed-properties@7.24.7': + resolution: {integrity: sha512-25cS7v+707Gu6Ds2oY6tCkUwsJ9YIDbggd9+cu9jzzDgiNq7hR/8dkzxWfKWnTic26vsI3EsCXNd4iEB6e8esQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-destructuring@7.24.8': + resolution: {integrity: sha512-36e87mfY8TnRxc7yc6M9g9gOB7rKgSahqkIKwLpz4Ppk2+zC2Cy1is0uwtuSG6AE4zlTOUa+7JGz9jCJGLqQFQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-dotall-regex@7.24.7': + resolution: {integrity: sha512-ZOA3W+1RRTSWvyqcMJDLqbchh7U4NRGqwRfFSVbOLS/ePIP4vHB5e8T8eXcuqyN1QkgKyj5wuW0lcS85v4CrSw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-duplicate-keys@7.24.7': + resolution: {integrity: sha512-JdYfXyCRihAe46jUIliuL2/s0x0wObgwwiGxw/UbgJBr20gQBThrokO4nYKgWkD7uBaqM7+9x5TU7NkExZJyzw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-dynamic-import@7.24.7': + resolution: {integrity: sha512-sc3X26PhZQDb3JhORmakcbvkeInvxz+A8oda99lj7J60QRuPZvNAk9wQlTBS1ZynelDrDmTU4pw1tyc5d5ZMUg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-exponentiation-operator@7.24.7': + resolution: {integrity: sha512-Rqe/vSc9OYgDajNIK35u7ot+KeCoetqQYFXM4Epf7M7ez3lWlOjrDjrwMei6caCVhfdw+mIKD4cgdGNy5JQotQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-export-namespace-from@7.24.7': + resolution: {integrity: sha512-v0K9uNYsPL3oXZ/7F9NNIbAj2jv1whUEtyA6aujhekLs56R++JDQuzRcP2/z4WX5Vg/c5lE9uWZA0/iUoFhLTA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-flow-strip-types@7.24.7': + resolution: {integrity: sha512-cjRKJ7FobOH2eakx7Ja+KpJRj8+y+/SiB3ooYm/n2UJfxu0oEaOoxOinitkJcPqv9KxS0kxTGPUaR7L2XcXDXA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-for-of@7.24.7': + resolution: {integrity: sha512-wo9ogrDG1ITTTBsy46oGiN1dS9A7MROBTcYsfS8DtsImMkHk9JXJ3EWQM6X2SUw4x80uGPlwj0o00Uoc6nEE3g==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-function-name@7.24.7': + resolution: {integrity: sha512-U9FcnA821YoILngSmYkW6FjyQe2TyZD5pHt4EVIhmcTkrJw/3KqcrRSxuOo5tFZJi7TE19iDyI1u+weTI7bn2w==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-json-strings@7.24.7': + resolution: {integrity: sha512-2yFnBGDvRuxAaE/f0vfBKvtnvvqU8tGpMHqMNpTN2oWMKIR3NqFkjaAgGwawhqK/pIN2T3XdjGPdaG0vDhOBGw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-literals@7.24.7': + resolution: {integrity: sha512-vcwCbb4HDH+hWi8Pqenwnjy+UiklO4Kt1vfspcQYFhJdpthSnW8XvWGyDZWKNVrVbVViI/S7K9PDJZiUmP2fYQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-logical-assignment-operators@7.24.7': + resolution: {integrity: sha512-4D2tpwlQ1odXmTEIFWy9ELJcZHqrStlzK/dAOWYyxX3zT0iXQB6banjgeOJQXzEc4S0E0a5A+hahxPaEFYftsw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-member-expression-literals@7.24.7': + resolution: {integrity: sha512-T/hRC1uqrzXMKLQ6UCwMT85S3EvqaBXDGf0FaMf4446Qx9vKwlghvee0+uuZcDUCZU5RuNi4781UQ7R308zzBw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-modules-amd@7.24.7': + resolution: {integrity: sha512-9+pB1qxV3vs/8Hdmz/CulFB8w2tuu6EB94JZFsjdqxQokwGa9Unap7Bo2gGBGIvPmDIVvQrom7r5m/TCDMURhg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-modules-commonjs@7.24.8': + resolution: {integrity: sha512-WHsk9H8XxRs3JXKWFiqtQebdh9b/pTk4EgueygFzYlTKAg0Ud985mSevdNjdXdFBATSKVJGQXP1tv6aGbssLKA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-modules-systemjs@7.24.7': + resolution: {integrity: sha512-GYQE0tW7YoaN13qFh3O1NCY4MPkUiAH3fiF7UcV/I3ajmDKEdG3l+UOcbAm4zUE3gnvUU+Eni7XrVKo9eO9auw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-modules-umd@7.24.7': + resolution: {integrity: sha512-3aytQvqJ/h9z4g8AsKPLvD4Zqi2qT+L3j7XoFFu1XBlZWEl2/1kWnhmAbxpLgPrHSY0M6UA02jyTiwUVtiKR6A==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-named-capturing-groups-regex@7.24.7': + resolution: {integrity: sha512-/jr7h/EWeJtk1U/uz2jlsCioHkZk1JJZVcc8oQsJ1dUlaJD83f4/6Zeh2aHt9BIFokHIsSeDfhUmju0+1GPd6g==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/plugin-transform-new-target@7.24.7': + resolution: {integrity: sha512-RNKwfRIXg4Ls/8mMTza5oPF5RkOW8Wy/WgMAp1/F1yZ8mMbtwXW+HDoJiOsagWrAhI5f57Vncrmr9XeT4CVapA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-nullish-coalescing-operator@7.24.7': + resolution: {integrity: sha512-Ts7xQVk1OEocqzm8rHMXHlxvsfZ0cEF2yomUqpKENHWMF4zKk175Y4q8H5knJes6PgYad50uuRmt3UJuhBw8pQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-numeric-separator@7.24.7': + resolution: {integrity: sha512-e6q1TiVUzvH9KRvicuxdBTUj4AdKSRwzIyFFnfnezpCfP2/7Qmbb8qbU2j7GODbl4JMkblitCQjKYUaX/qkkwA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-object-rest-spread@7.24.7': + resolution: {integrity: sha512-4QrHAr0aXQCEFni2q4DqKLD31n2DL+RxcwnNjDFkSG0eNQ/xCavnRkfCUjsyqGC2OviNJvZOF/mQqZBw7i2C5Q==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-object-super@7.24.7': + resolution: {integrity: sha512-A/vVLwN6lBrMFmMDmPPz0jnE6ZGx7Jq7d6sT/Ev4H65RER6pZ+kczlf1DthF5N0qaPHBsI7UXiE8Zy66nmAovg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-optional-catch-binding@7.24.7': + resolution: {integrity: sha512-uLEndKqP5BfBbC/5jTwPxLh9kqPWWgzN/f8w6UwAIirAEqiIVJWWY312X72Eub09g5KF9+Zn7+hT7sDxmhRuKA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-optional-chaining@7.24.8': + resolution: {integrity: sha512-5cTOLSMs9eypEy8JUVvIKOu6NgvbJMnpG62VpIHrTmROdQ+L5mDAaI40g25k5vXti55JWNX5jCkq3HZxXBQANw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-parameters@7.24.7': + resolution: {integrity: sha512-yGWW5Rr+sQOhK0Ot8hjDJuxU3XLRQGflvT4lhlSY0DFvdb3TwKaY26CJzHtYllU0vT9j58hc37ndFPsqT1SrzA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-private-methods@7.24.7': + resolution: {integrity: sha512-COTCOkG2hn4JKGEKBADkA8WNb35TGkkRbI5iT845dB+NyqgO8Hn+ajPbSnIQznneJTa3d30scb6iz/DhH8GsJQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-private-property-in-object@7.24.7': + resolution: {integrity: sha512-9z76mxwnwFxMyxZWEgdgECQglF2Q7cFLm0kMf8pGwt+GSJsY0cONKj/UuO4bOH0w/uAel3ekS4ra5CEAyJRmDA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-property-literals@7.24.7': + resolution: {integrity: sha512-EMi4MLQSHfd2nrCqQEWxFdha2gBCqU4ZcCng4WBGZ5CJL4bBRW0ptdqqDdeirGZcpALazVVNJqRmsO8/+oNCBA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-regenerator@7.24.7': + resolution: {integrity: sha512-lq3fvXPdimDrlg6LWBoqj+r/DEWgONuwjuOuQCSYgRroXDH/IdM1C0IZf59fL5cHLpjEH/O6opIRBbqv7ELnuA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-reserved-words@7.24.7': + resolution: {integrity: sha512-0DUq0pHcPKbjFZCfTss/pGkYMfy3vFWydkUBd9r0GHpIyfs2eCDENvqadMycRS9wZCXR41wucAfJHJmwA0UmoQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-shorthand-properties@7.24.7': + resolution: {integrity: sha512-KsDsevZMDsigzbA09+vacnLpmPH4aWjcZjXdyFKGzpplxhbeB4wYtury3vglQkg6KM/xEPKt73eCjPPf1PgXBA==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-spread@7.24.7': + resolution: {integrity: sha512-x96oO0I09dgMDxJaANcRyD4ellXFLLiWhuwDxKZX5g2rWP1bTPkBSwCYv96VDXVT1bD9aPj8tppr5ITIh8hBng==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-sticky-regex@7.24.7': + resolution: {integrity: sha512-kHPSIJc9v24zEml5geKg9Mjx5ULpfncj0wRpYtxbvKyTtHCYDkVE3aHQ03FrpEo4gEe2vrJJS1Y9CJTaThA52g==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-template-literals@7.24.7': + resolution: {integrity: sha512-AfDTQmClklHCOLxtGoP7HkeMw56k1/bTQjwsfhL6pppo/M4TOBSq+jjBUBLmV/4oeFg4GWMavIl44ZeCtmmZTw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-typeof-symbol@7.24.8': + resolution: {integrity: sha512-adNTUpDCVnmAE58VEqKlAA6ZBlNkMnWD0ZcW76lyNFN3MJniyGFZfNwERVk8Ap56MCnXztmDr19T4mPTztcuaw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-typescript@7.24.8': + resolution: {integrity: sha512-CgFgtN61BbdOGCP4fLaAMOPkzWUh6yQZNMr5YSt8uz2cZSSiQONCQFWqsE4NeVfOIhqDOlS9CR3WD91FzMeB2Q==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-unicode-escapes@7.24.7': + resolution: {integrity: sha512-U3ap1gm5+4edc2Q/P+9VrBNhGkfnf+8ZqppY71Bo/pzZmXhhLdqgaUl6cuB07O1+AQJtCLfaOmswiNbSQ9ivhw==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-unicode-property-regex@7.24.7': + resolution: {integrity: sha512-uH2O4OV5M9FZYQrwc7NdVmMxQJOCCzFeYudlZSzUAHRFeOujQefa92E74TQDVskNHCzOXoigEuoyzHDhaEaK5w==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-unicode-regex@7.24.7': + resolution: {integrity: sha512-hlQ96MBZSAXUq7ltkjtu3FJCCSMx/j629ns3hA3pXnBXjanNP0LHi+JpPeA81zaWgVK1VGH95Xuy7u0RyQ8kMg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/plugin-transform-unicode-sets-regex@7.24.7': + resolution: {integrity: sha512-2G8aAvF4wy1w/AGZkemprdGMRg5o6zPNhbHVImRz3lss55TYCBd6xStN19rt8XJHq20sqV0JbyWjOWwQRwV/wg==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0 + + '@babel/preset-env@7.24.8': + resolution: {integrity: sha512-vObvMZB6hNWuDxhSaEPTKCwcqkAIuDtE+bQGn4XMXne1DSLzFVY8Vmj1bm+mUQXYNN8NmaQEO+r8MMbzPr1jBQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/preset-flow@7.24.7': + resolution: {integrity: sha512-NL3Lo0NorCU607zU3NwRyJbpaB6E3t0xtd3LfAQKDfkeX4/ggcDXvkmkW42QWT5owUeW/jAe4hn+2qvkV1IbfQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/preset-modules@0.1.6-no-external-plugins': + resolution: {integrity: sha512-HrcgcIESLm9aIR842yhJ5RWan/gebQUJ6E/E5+rf0y9o6oj7w0Br+sWuL6kEQ/o/AdfvR1Je9jG18/gnpwjEyA==} + peerDependencies: + '@babel/core': ^7.0.0-0 || ^8.0.0-0 <8.0.0 + + '@babel/preset-typescript@7.24.7': + resolution: {integrity: sha512-SyXRe3OdWwIwalxDg5UtJnJQO+YPcTfwiIY2B0Xlddh9o7jpWLvv8X1RthIeDOxQ+O1ML5BLPCONToObyVQVuQ==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/register@7.24.6': + resolution: {integrity: sha512-WSuFCc2wCqMeXkz/i3yfAAsxwWflEgbVkZzivgAmXl/MxrXeoYFZOOPllbC8R8WTF7u61wSRQtDVZ1879cdu6w==} + engines: {node: '>=6.9.0'} + peerDependencies: + '@babel/core': ^7.0.0-0 + + '@babel/regjsgen@0.8.0': + resolution: {integrity: sha512-x/rqGMdzj+fWZvCOYForTghzbtqPDZ5gPwaoNGHdgDfF2QA/XZbCBp4Moo5scrkAMPhB7z26XM/AaHuIJdgauA==} + + '@babel/runtime@7.24.8': + resolution: {integrity: sha512-5F7SDGs1T72ZczbRwbGO9lQi0NLjQxzl6i4lJxLxfW9U5UluCSyEJeniWvnhl3/euNiqQVbo8zruhsDfid0esA==} + engines: {node: '>=6.9.0'} + + '@babel/template@7.24.7': + resolution: {integrity: sha512-jYqfPrU9JTF0PmPy1tLYHW4Mp4KlgxJD9l2nP9fD6yT/ICi554DmrWBAEYpIelzjHf1msDP3PxJIRt/nFNfBig==} + engines: {node: '>=6.9.0'} + + '@babel/traverse@7.24.8': + resolution: {integrity: sha512-t0P1xxAPzEDcEPmjprAQq19NWum4K0EQPjMwZQZbHt+GiZqvjCHjj755Weq1YRPVzBI+3zSfvScfpnuIecVFJQ==} + engines: {node: '>=6.9.0'} + + '@babel/types@7.24.9': + resolution: {integrity: sha512-xm8XrMKz0IlUdocVbYJe0Z9xEgidU7msskG8BbhnTPK/HZ2z/7FP7ykqPgrUH+C+r414mNfNWam1f2vqOjqjYQ==} + engines: {node: '>=6.9.0'} + + '@bcoe/v8-coverage@0.2.3': + resolution: {integrity: sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==} + + '@esbuild/aix-ppc64@0.21.5': + resolution: {integrity: sha512-1SDgH6ZSPTlggy1yI6+Dbkiz8xzpHJEVAlF/AM1tHPLsf5STom9rwtjE4hKAF20FfXXNTFqEYXyJNWh1GiZedQ==} + engines: {node: '>=12'} + cpu: [ppc64] + os: [aix] + + '@esbuild/aix-ppc64@0.23.0': + resolution: {integrity: sha512-3sG8Zwa5fMcA9bgqB8AfWPQ+HFke6uD3h1s3RIwUNK8EG7a4buxvuFTs3j1IMs2NXAk9F30C/FF4vxRgQCcmoQ==} + engines: {node: '>=18'} + cpu: [ppc64] + os: [aix] + + '@esbuild/android-arm64@0.21.5': + resolution: {integrity: sha512-c0uX9VAUBQ7dTDCjq+wdyGLowMdtR/GoC2U5IYk/7D1H1JYC0qseD7+11iMP2mRLN9RcCMRcjC4YMclCzGwS/A==} + engines: {node: '>=12'} + cpu: [arm64] + os: [android] + + '@esbuild/android-arm64@0.23.0': + resolution: {integrity: sha512-EuHFUYkAVfU4qBdyivULuu03FhJO4IJN9PGuABGrFy4vUuzk91P2d+npxHcFdpUnfYKy0PuV+n6bKIpHOB3prQ==} + engines: {node: '>=18'} + cpu: [arm64] + os: [android] + + '@esbuild/android-arm@0.21.5': + resolution: {integrity: sha512-vCPvzSjpPHEi1siZdlvAlsPxXl7WbOVUBBAowWug4rJHb68Ox8KualB+1ocNvT5fjv6wpkX6o/iEpbDrf68zcg==} + engines: {node: '>=12'} + cpu: [arm] + os: [android] + + '@esbuild/android-arm@0.23.0': + resolution: {integrity: sha512-+KuOHTKKyIKgEEqKbGTK8W7mPp+hKinbMBeEnNzjJGyFcWsfrXjSTNluJHCY1RqhxFurdD8uNXQDei7qDlR6+g==} + engines: {node: '>=18'} + cpu: [arm] + os: [android] + + '@esbuild/android-x64@0.21.5': + resolution: {integrity: sha512-D7aPRUUNHRBwHxzxRvp856rjUHRFW1SdQATKXH2hqA0kAZb1hKmi02OpYRacl0TxIGz/ZmXWlbZgjwWYaCakTA==} + engines: {node: '>=12'} + cpu: [x64] + os: [android] + + '@esbuild/android-x64@0.23.0': + resolution: {integrity: sha512-WRrmKidLoKDl56LsbBMhzTTBxrsVwTKdNbKDalbEZr0tcsBgCLbEtoNthOW6PX942YiYq8HzEnb4yWQMLQuipQ==} + engines: {node: '>=18'} + cpu: [x64] + os: [android] + + '@esbuild/darwin-arm64@0.21.5': + resolution: {integrity: sha512-DwqXqZyuk5AiWWf3UfLiRDJ5EDd49zg6O9wclZ7kUMv2WRFr4HKjXp/5t8JZ11QbQfUS6/cRCKGwYhtNAY88kQ==} + engines: {node: '>=12'} + cpu: [arm64] + os: [darwin] + + '@esbuild/darwin-arm64@0.23.0': + resolution: {integrity: sha512-YLntie/IdS31H54Ogdn+v50NuoWF5BDkEUFpiOChVa9UnKpftgwzZRrI4J132ETIi+D8n6xh9IviFV3eXdxfow==} + engines: {node: '>=18'} + cpu: [arm64] + os: [darwin] + + '@esbuild/darwin-x64@0.21.5': + resolution: {integrity: sha512-se/JjF8NlmKVG4kNIuyWMV/22ZaerB+qaSi5MdrXtd6R08kvs2qCN4C09miupktDitvh8jRFflwGFBQcxZRjbw==} + engines: {node: '>=12'} + cpu: [x64] + os: [darwin] + + '@esbuild/darwin-x64@0.23.0': + resolution: {integrity: sha512-IMQ6eme4AfznElesHUPDZ+teuGwoRmVuuixu7sv92ZkdQcPbsNHzutd+rAfaBKo8YK3IrBEi9SLLKWJdEvJniQ==} + engines: {node: '>=18'} + cpu: [x64] + os: [darwin] + + '@esbuild/freebsd-arm64@0.21.5': + resolution: {integrity: sha512-5JcRxxRDUJLX8JXp/wcBCy3pENnCgBR9bN6JsY4OmhfUtIHe3ZW0mawA7+RDAcMLrMIZaf03NlQiX9DGyB8h4g==} + engines: {node: '>=12'} + cpu: [arm64] + os: [freebsd] + + '@esbuild/freebsd-arm64@0.23.0': + resolution: {integrity: sha512-0muYWCng5vqaxobq6LB3YNtevDFSAZGlgtLoAc81PjUfiFz36n4KMpwhtAd4he8ToSI3TGyuhyx5xmiWNYZFyw==} + engines: {node: '>=18'} + cpu: [arm64] + os: [freebsd] + + '@esbuild/freebsd-x64@0.21.5': + resolution: {integrity: sha512-J95kNBj1zkbMXtHVH29bBriQygMXqoVQOQYA+ISs0/2l3T9/kj42ow2mpqerRBxDJnmkUDCaQT/dfNXWX/ZZCQ==} + engines: {node: '>=12'} + cpu: [x64] + os: [freebsd] + + '@esbuild/freebsd-x64@0.23.0': + resolution: {integrity: sha512-XKDVu8IsD0/q3foBzsXGt/KjD/yTKBCIwOHE1XwiXmrRwrX6Hbnd5Eqn/WvDekddK21tfszBSrE/WMaZh+1buQ==} + engines: {node: '>=18'} + cpu: [x64] + os: [freebsd] + + '@esbuild/linux-arm64@0.21.5': + resolution: {integrity: sha512-ibKvmyYzKsBeX8d8I7MH/TMfWDXBF3db4qM6sy+7re0YXya+K1cem3on9XgdT2EQGMu4hQyZhan7TeQ8XkGp4Q==} + engines: {node: '>=12'} + cpu: [arm64] + os: [linux] + + '@esbuild/linux-arm64@0.23.0': + resolution: {integrity: sha512-j1t5iG8jE7BhonbsEg5d9qOYcVZv/Rv6tghaXM/Ug9xahM0nX/H2gfu6X6z11QRTMT6+aywOMA8TDkhPo8aCGw==} + engines: {node: '>=18'} + cpu: [arm64] + os: [linux] + + '@esbuild/linux-arm@0.21.5': + resolution: {integrity: sha512-bPb5AHZtbeNGjCKVZ9UGqGwo8EUu4cLq68E95A53KlxAPRmUyYv2D6F0uUI65XisGOL1hBP5mTronbgo+0bFcA==} + engines: {node: '>=12'} + cpu: [arm] + os: [linux] + + '@esbuild/linux-arm@0.23.0': + resolution: {integrity: sha512-SEELSTEtOFu5LPykzA395Mc+54RMg1EUgXP+iw2SJ72+ooMwVsgfuwXo5Fn0wXNgWZsTVHwY2cg4Vi/bOD88qw==} + engines: {node: '>=18'} + cpu: [arm] + os: [linux] + + '@esbuild/linux-ia32@0.21.5': + resolution: {integrity: sha512-YvjXDqLRqPDl2dvRODYmmhz4rPeVKYvppfGYKSNGdyZkA01046pLWyRKKI3ax8fbJoK5QbxblURkwK/MWY18Tg==} + engines: {node: '>=12'} + cpu: [ia32] + os: [linux] + + '@esbuild/linux-ia32@0.23.0': + resolution: {integrity: sha512-P7O5Tkh2NbgIm2R6x1zGJJsnacDzTFcRWZyTTMgFdVit6E98LTxO+v8LCCLWRvPrjdzXHx9FEOA8oAZPyApWUA==} + engines: {node: '>=18'} + cpu: [ia32] + os: [linux] + + '@esbuild/linux-loong64@0.21.5': + resolution: {integrity: sha512-uHf1BmMG8qEvzdrzAqg2SIG/02+4/DHB6a9Kbya0XDvwDEKCoC8ZRWI5JJvNdUjtciBGFQ5PuBlpEOXQj+JQSg==} + engines: {node: '>=12'} + cpu: [loong64] + os: [linux] + + '@esbuild/linux-loong64@0.23.0': + resolution: {integrity: sha512-InQwepswq6urikQiIC/kkx412fqUZudBO4SYKu0N+tGhXRWUqAx+Q+341tFV6QdBifpjYgUndV1hhMq3WeJi7A==} + engines: {node: '>=18'} + cpu: [loong64] + os: [linux] + + '@esbuild/linux-mips64el@0.21.5': + resolution: {integrity: sha512-IajOmO+KJK23bj52dFSNCMsz1QP1DqM6cwLUv3W1QwyxkyIWecfafnI555fvSGqEKwjMXVLokcV5ygHW5b3Jbg==} + engines: {node: '>=12'} + cpu: [mips64el] + os: [linux] + + '@esbuild/linux-mips64el@0.23.0': + resolution: {integrity: sha512-J9rflLtqdYrxHv2FqXE2i1ELgNjT+JFURt/uDMoPQLcjWQA5wDKgQA4t/dTqGa88ZVECKaD0TctwsUfHbVoi4w==} + engines: {node: '>=18'} + cpu: [mips64el] + os: [linux] + + '@esbuild/linux-ppc64@0.21.5': + resolution: {integrity: sha512-1hHV/Z4OEfMwpLO8rp7CvlhBDnjsC3CttJXIhBi+5Aj5r+MBvy4egg7wCbe//hSsT+RvDAG7s81tAvpL2XAE4w==} + engines: {node: '>=12'} + cpu: [ppc64] + os: [linux] + + '@esbuild/linux-ppc64@0.23.0': + resolution: {integrity: sha512-cShCXtEOVc5GxU0fM+dsFD10qZ5UpcQ8AM22bYj0u/yaAykWnqXJDpd77ublcX6vdDsWLuweeuSNZk4yUxZwtw==} + engines: {node: '>=18'} + cpu: [ppc64] + os: [linux] + + '@esbuild/linux-riscv64@0.21.5': + resolution: {integrity: sha512-2HdXDMd9GMgTGrPWnJzP2ALSokE/0O5HhTUvWIbD3YdjME8JwvSCnNGBnTThKGEB91OZhzrJ4qIIxk/SBmyDDA==} + engines: {node: '>=12'} + cpu: [riscv64] + os: [linux] + + '@esbuild/linux-riscv64@0.23.0': + resolution: {integrity: sha512-HEtaN7Y5UB4tZPeQmgz/UhzoEyYftbMXrBCUjINGjh3uil+rB/QzzpMshz3cNUxqXN7Vr93zzVtpIDL99t9aRw==} + engines: {node: '>=18'} + cpu: [riscv64] + os: [linux] + + '@esbuild/linux-s390x@0.21.5': + resolution: {integrity: sha512-zus5sxzqBJD3eXxwvjN1yQkRepANgxE9lgOW2qLnmr8ikMTphkjgXu1HR01K4FJg8h1kEEDAqDcZQtbrRnB41A==} + engines: {node: '>=12'} + cpu: [s390x] + os: [linux] + + '@esbuild/linux-s390x@0.23.0': + resolution: {integrity: sha512-WDi3+NVAuyjg/Wxi+o5KPqRbZY0QhI9TjrEEm+8dmpY9Xir8+HE/HNx2JoLckhKbFopW0RdO2D72w8trZOV+Wg==} + engines: {node: '>=18'} + cpu: [s390x] + os: [linux] + + '@esbuild/linux-x64@0.21.5': + resolution: {integrity: sha512-1rYdTpyv03iycF1+BhzrzQJCdOuAOtaqHTWJZCWvijKD2N5Xu0TtVC8/+1faWqcP9iBCWOmjmhoH94dH82BxPQ==} + engines: {node: '>=12'} + cpu: [x64] + os: [linux] + + '@esbuild/linux-x64@0.23.0': + resolution: {integrity: sha512-a3pMQhUEJkITgAw6e0bWA+F+vFtCciMjW/LPtoj99MhVt+Mfb6bbL9hu2wmTZgNd994qTAEw+U/r6k3qHWWaOQ==} + engines: {node: '>=18'} + cpu: [x64] + os: [linux] + + '@esbuild/netbsd-x64@0.21.5': + resolution: {integrity: sha512-Woi2MXzXjMULccIwMnLciyZH4nCIMpWQAs049KEeMvOcNADVxo0UBIQPfSmxB3CWKedngg7sWZdLvLczpe0tLg==} + engines: {node: '>=12'} + cpu: [x64] + os: [netbsd] + + '@esbuild/netbsd-x64@0.23.0': + resolution: {integrity: sha512-cRK+YDem7lFTs2Q5nEv/HHc4LnrfBCbH5+JHu6wm2eP+d8OZNoSMYgPZJq78vqQ9g+9+nMuIsAO7skzphRXHyw==} + engines: {node: '>=18'} + cpu: [x64] + os: [netbsd] + + '@esbuild/openbsd-arm64@0.23.0': + resolution: {integrity: sha512-suXjq53gERueVWu0OKxzWqk7NxiUWSUlrxoZK7usiF50C6ipColGR5qie2496iKGYNLhDZkPxBI3erbnYkU0rQ==} + engines: {node: '>=18'} + cpu: [arm64] + os: [openbsd] + + '@esbuild/openbsd-x64@0.21.5': + resolution: {integrity: sha512-HLNNw99xsvx12lFBUwoT8EVCsSvRNDVxNpjZ7bPn947b8gJPzeHWyNVhFsaerc0n3TsbOINvRP2byTZ5LKezow==} + engines: {node: '>=12'} + cpu: [x64] + os: [openbsd] + + '@esbuild/openbsd-x64@0.23.0': + resolution: {integrity: sha512-6p3nHpby0DM/v15IFKMjAaayFhqnXV52aEmv1whZHX56pdkK+MEaLoQWj+H42ssFarP1PcomVhbsR4pkz09qBg==} + engines: {node: '>=18'} + cpu: [x64] + os: [openbsd] + + '@esbuild/sunos-x64@0.21.5': + resolution: {integrity: sha512-6+gjmFpfy0BHU5Tpptkuh8+uw3mnrvgs+dSPQXQOv3ekbordwnzTVEb4qnIvQcYXq6gzkyTnoZ9dZG+D4garKg==} + engines: {node: '>=12'} + cpu: [x64] + os: [sunos] + + '@esbuild/sunos-x64@0.23.0': + resolution: {integrity: sha512-BFelBGfrBwk6LVrmFzCq1u1dZbG4zy/Kp93w2+y83Q5UGYF1d8sCzeLI9NXjKyujjBBniQa8R8PzLFAUrSM9OA==} + engines: {node: '>=18'} + cpu: [x64] + os: [sunos] + + '@esbuild/win32-arm64@0.21.5': + resolution: {integrity: sha512-Z0gOTd75VvXqyq7nsl93zwahcTROgqvuAcYDUr+vOv8uHhNSKROyU961kgtCD1e95IqPKSQKH7tBTslnS3tA8A==} + engines: {node: '>=12'} + cpu: [arm64] + os: [win32] + + '@esbuild/win32-arm64@0.23.0': + resolution: {integrity: sha512-lY6AC8p4Cnb7xYHuIxQ6iYPe6MfO2CC43XXKo9nBXDb35krYt7KGhQnOkRGar5psxYkircpCqfbNDB4uJbS2jQ==} + engines: {node: '>=18'} + cpu: [arm64] + os: [win32] + + '@esbuild/win32-ia32@0.21.5': + resolution: {integrity: sha512-SWXFF1CL2RVNMaVs+BBClwtfZSvDgtL//G/smwAc5oVK/UPu2Gu9tIaRgFmYFFKrmg3SyAjSrElf0TiJ1v8fYA==} + engines: {node: '>=12'} + cpu: [ia32] + os: [win32] + + '@esbuild/win32-ia32@0.23.0': + resolution: {integrity: sha512-7L1bHlOTcO4ByvI7OXVI5pNN6HSu6pUQq9yodga8izeuB1KcT2UkHaH6118QJwopExPn0rMHIseCTx1CRo/uNA==} + engines: {node: '>=18'} + cpu: [ia32] + os: [win32] + + '@esbuild/win32-x64@0.21.5': + resolution: {integrity: sha512-tQd/1efJuzPC6rCFwEvLtci/xNFcTZknmXs98FYDfGE4wP9ClFV98nyKrzJKVPMhdDnjzLhdUyMX4PsQAPjwIw==} + engines: {node: '>=12'} + cpu: [x64] + os: [win32] + + '@esbuild/win32-x64@0.23.0': + resolution: {integrity: sha512-Arm+WgUFLUATuoxCJcahGuk6Yj9Pzxd6l11Zb/2aAuv5kWWvvfhLFo2fni4uSK5vzlUdCGZ/BdV5tH8klj8p8g==} + engines: {node: '>=18'} + cpu: [x64] + os: [win32] + + '@eslint-community/eslint-utils@4.4.0': + resolution: {integrity: sha512-1/sA4dwrzBAyeUoQ6oxahHKmrZvsnLCg4RfxW3ZFGGmQkSNQPFNLV9CUEFQP1x9EYXHTo5p6xdhZM1Ne9p/AfA==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + peerDependencies: + eslint: ^6.0.0 || ^7.0.0 || >=8.0.0 + + '@eslint-community/regexpp@4.11.0': + resolution: {integrity: sha512-G/M/tIiMrTAxEWRfLfQJMmGNX28IxBg4PBz8XqQhqUHLFI6TL2htpIB1iQCj144V5ee/JaKyT9/WZ0MGZWfA7A==} + engines: {node: ^12.0.0 || ^14.0.0 || >=16.0.0} + + '@eslint/eslintrc@1.4.1': + resolution: {integrity: sha512-XXrH9Uarn0stsyldqDYq8r++mROmWRI1xKMXa640Bb//SY1+ECYX6VzT6Lcx5frD0V30XieqJ0oX9I2Xj5aoMA==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + '@eslint/eslintrc@2.1.4': + resolution: {integrity: sha512-269Z39MS6wVJtsoUl10L60WdkhJVdPG24Q4eZTH3nnF6lpvSShEK3wQjDX9JRWAUPvPh7COouPpU9IrqaZFvtQ==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + '@eslint/js@8.57.0': + resolution: {integrity: sha512-Ys+3g2TaW7gADOJzPt83SJtCDhMjndcDMFVQ/Tj9iA1BfJzFKD9mAUXT3OenpuPHbI6P/myECxRJrofUsDx/5g==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + '@exodus/schemasafe@1.3.0': + resolution: {integrity: sha512-5Aap/GaRupgNx/feGBwLLTVv8OQFfv3pq2lPRzPg9R+IOBnDgghTGW7l7EuVXOvg5cc/xSAlRW8rBrjIC3Nvqw==} + + '@floating-ui/core@1.6.4': + resolution: {integrity: sha512-a4IowK4QkXl4SCWTGUR0INAfEOX3wtsYw3rKK5InQEHMGObkR8Xk44qYQD9P4r6HHw0iIfK6GUKECmY8sTkqRA==} + + '@floating-ui/dom@1.6.7': + resolution: {integrity: sha512-wmVfPG5o2xnKDU4jx/m4w5qva9FWHcnZ8BvzEe90D/RpwsJaTAVYPEPdQ8sbr/N8zZTAHlZUTQdqg8ZUbzHmng==} + + '@floating-ui/utils@0.2.4': + resolution: {integrity: sha512-dWO2pw8hhi+WrXq1YJy2yCuWoL20PddgGaqTgVe4cOS9Q6qklXCiA1tJEqX6BEwRNSCP84/afac9hd4MS+zEUA==} + + '@formatjs/ecma402-abstract@2.0.0': + resolution: {integrity: sha512-rRqXOqdFmk7RYvj4khklyqzcfQl9vEL/usogncBHRZfZBDOwMGuSRNFl02fu5KGHXdbinju+YXyuR+Nk8xlr/g==} + + '@formatjs/intl-localematcher@0.5.4': + resolution: {integrity: sha512-zTwEpWOzZ2CiKcB93BLngUX59hQkuZjT2+SAQEscSm52peDW/getsawMcWF1rGRpMCX6D7nSJA3CzJ8gn13N/g==} + + '@formatjs/intl-segmenter@11.5.7': + resolution: {integrity: sha512-MPvUKOURPY1aHc/d3YtLKp4hamrJtdBRc/AZVt9zRitrNeRszSwpIIYDHka9chQJTRIJlIfS4S9FGMdA1PE3Xw==} + + '@fortawesome/fontawesome-free@6.6.0': + resolution: {integrity: sha512-60G28ke/sXdtS9KZCpZSHHkCbdsOGEhIUGlwq6yhY74UpTiToIh8np7A8yphhM4BWsvNFtIvLpi4co+h9Mr9Ow==} + engines: {node: '>=6'} + + '@gcornut/valibot-json-schema@0.31.0': + resolution: {integrity: sha512-3xGptCurm23e7nuPQkdrE5rEs1FeTPHhAUsBuwwqG4/YeZLwJOoYZv+fmsppUEfo5y9lzUwNQrNqLS/q7HMc7g==} + hasBin: true + + '@hapi/hoek@9.3.0': + resolution: {integrity: sha512-/c6rf4UJlmHlC9b5BaNvzAcFv7HZ2QHaV0D4/HNlBdvFnvQq8RI4kYdhyPCl7Xj+oWvTWQ8ujhqS53LIgAe6KQ==} + + '@hapi/topo@5.1.0': + resolution: {integrity: sha512-foQZKJig7Ob0BMAYBfcJk8d77QtOe7Wo4ox7ff1lQYoNNAb6jwcY1ncdoy2e9wQZzvNy7ODZCYJkK8kzmcAnAg==} + + '@humanwhocodes/config-array@0.11.14': + resolution: {integrity: sha512-3T8LkOmg45BV5FICb15QQMsyUSWrQ8AygVfC7ZG32zOalnqrilm018ZVCw0eapXux8FtA33q8PSRSstjee3jSg==} + engines: {node: '>=10.10.0'} + deprecated: Use @eslint/config-array instead + + '@humanwhocodes/config-array@0.9.5': + resolution: {integrity: sha512-ObyMyWxZiCu/yTisA7uzx81s40xR2fD5Cg/2Kq7G02ajkNubJf6BopgDTmDyc3U7sXpNKM8cYOw7s7Tyr+DnCw==} + engines: {node: '>=10.10.0'} + deprecated: Use @eslint/config-array instead + + '@humanwhocodes/module-importer@1.0.1': + resolution: {integrity: sha512-bxveV4V8v5Yb4ncFTT3rPSgZBOpCkjfK0y4oVVVJwIuDVBRMDXrPyXRL988i5ap9m9bnyEEjWfm5WkBmtffLfA==} + engines: {node: '>=12.22'} + + '@humanwhocodes/object-schema@1.2.1': + resolution: {integrity: sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==} + deprecated: Use @eslint/object-schema instead + + '@humanwhocodes/object-schema@2.0.3': + resolution: {integrity: sha512-93zYdMES/c1D69yZiKDBj0V24vqNzB/koF26KPaagAfd3P/4gUlh3Dys5ogAK+Exi9QyzlD8x/08Zt7wIKcDcA==} + deprecated: Use @eslint/object-schema instead + + '@inlang/detect-json-formatting@1.0.0': + resolution: {integrity: sha512-o0jeI8U4TgNlsPwI0y92jld8/18Loh2KEgHCYCJ42rCOdxFrA8R60cydlEd2/6jkdHFn5DxKj8rOyiKv3z9uOw==} + + '@inlang/json-types@1.1.0': + resolution: {integrity: sha512-n6vS6AqETsCFbV4TdBvR/EH57waVXzKsMqeUQ+eH2Q6NUATfKhfLabgNms2A+QV3aedH/hLtb1pRmjl2ykBVZg==} + peerDependencies: + '@sinclair/typebox': ^0.31.0 + + '@inlang/language-tag@1.5.1': + resolution: {integrity: sha512-+NlYDxDvN5h/TKUmkuQv+Ct1flxaVRousCbek7oFEk3/afZPVLNTJhm+cX2xiOg3tmi2KKrBLfy/V9oUDHj6GQ==} + + '@inlang/message-lint-rule@1.4.5': + resolution: {integrity: sha512-pyLSUhcoOYaFlYrk8d/OSpev/IaxAv/LBhKIa/ZEaycwFOBtuxDnFXEwQf9cWuPMeiPVsU83X8rgEEfOzWwupw==} + peerDependencies: + '@sinclair/typebox': ^0.31.17 + + '@inlang/message@2.1.0': + resolution: {integrity: sha512-Gr3wiErI7fW4iW11xgZzsJEUTjlZuz02fB/EO+ENTBlSHGyI1kzbCCeNqLr1mnGdQYiOxfuZxY0S4G5C6Pju3Q==} + peerDependencies: + '@sinclair/typebox': ^0.31.17 + + '@inlang/module@1.2.9': + resolution: {integrity: sha512-+nGyReKCcqtzhkryEguN8ftL2gvr8vukGBKWzGx0hq3ul0i3JNVwlzFohU+TKpRyUE36DzffngVQX3khH0Gu8g==} + peerDependencies: + '@sinclair/typebox': ^0.31.17 + + '@inlang/paraglide-js-adapter-unplugin@1.4.29': + resolution: {integrity: sha512-CDhQ69M9Ej8wfY/8P2rdNzwq6ux69A4nlFJqPcWffEX21xMaWGlt8JNspjMjc158KpAYyBGB8bFgTZ5K6o1fwg==} + deprecated: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. + + '@inlang/paraglide-js-adapter-vite@1.2.40': + resolution: {integrity: sha512-2+mAYI4hDMTr7AAei5CNzjqpjzOvsnlGrVvHrohtYs+Jn+tayokDaO7iL5o9k9SYrlXBZ7tUshAw88UQ1+f82Q==} + deprecated: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info. + + '@inlang/paraglide-js@1.11.1': + resolution: {integrity: sha512-WSAsGiSQ1lRWMB4sj/gIykrlRvyXWNde+Lv+/4DYxIc5122FBnWl3X2dGJeBCUHOFKmQbgJL1XKrjVDfWyRrXg==} + hasBin: true + + '@inlang/paraglide-js@1.7.0': + resolution: {integrity: sha512-FkyOqMAPd8iks66xZpIqzepzlnMPT/t7sHmZkwN9QzjFu6RUjdSbHSP6dZPdmD1puobhtDQcbbub6NA/OmpuzA==} + hasBin: true + + '@inlang/plugin@2.4.9': + resolution: {integrity: sha512-zWYUUlHsHvjAnwz7ep2eIBE+3PNQ6QKDSuF4HezJaBnJGC2fkijuPhuNqPfn+1tH8rxHQbfuNeWqwfco0dsf+A==} + peerDependencies: + '@sinclair/typebox': ^0.31.17 + + '@inlang/project-settings@2.4.0': + resolution: {integrity: sha512-hzrO07YiZM6rf6HwgdYofQa+rfcy13MV2u0pEPyfthnz/wB3Il4JOUKw0fIhQMj5Hz8097LWVi1mniJ6xWGyqA==} + peerDependencies: + '@sinclair/typebox': ^0.31.17 + + '@inlang/result@1.1.0': + resolution: {integrity: sha512-zLGroi9EUiHuOjUOaglUVTFO7EWdo2OARMJLBO1Q5Ga/xJmSQb6XS1lhqEXBFAjgFarfEMX5YEJWWALogYV3wA==} + + '@inlang/sdk@0.33.0': + resolution: {integrity: sha512-bwSGay4kg9RmqxqBVQuSxCl8ZFqOKDvvvxpb7oAQoMVbDL+dX0J5pc8Yh7AMzY9TYWXwt7yT2umeZtHz9UvfZw==} + engines: {node: '>=18.0.0'} + + '@inlang/translatable@1.3.1': + resolution: {integrity: sha512-VAtle21vRpIrB+axtHFrFB0d1HtDaaNj+lV77eZQTJyOWbTFYTVIQJ8WAbyw9eu4F6h6QC2FutLyxjMomxfpcQ==} + + '@isaacs/cliui@8.0.2': + resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} + engines: {node: '>=12'} + + '@isaacs/ttlcache@1.4.1': + resolution: {integrity: sha512-RQgQ4uQ+pLbqXfOmieB91ejmLwvSgv9nLx6sT6sD83s7umBypgg+OIBOBbEUiJXrfpnp9j0mRhYYdzp9uqq3lA==} + engines: {node: '>=12'} + + '@istanbuljs/schema@0.1.3': + resolution: {integrity: sha512-ZXRY4jNvVgSVQ8DL3LTcakaAtXwTVUxE81hslsyD2AtoXW/wVob10HkOJ1X/pAlcI7D+2YoZKg5do8G/w6RYgA==} + engines: {node: '>=8'} + + '@jest/schemas@29.6.3': + resolution: {integrity: sha512-mo5j5X+jIZmJQveBKeS/clAueipV7KgiX1vMgCxam1RNYiqE1w62n0/tJJnHtjW8ZHcQco5gY85jA3mi0L+nSA==} + engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} + + '@jridgewell/gen-mapping@0.3.5': + resolution: {integrity: sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==} + engines: {node: '>=6.0.0'} + + '@jridgewell/resolve-uri@3.1.2': + resolution: {integrity: sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==} + engines: {node: '>=6.0.0'} + + '@jridgewell/set-array@1.2.1': + resolution: {integrity: sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==} + engines: {node: '>=6.0.0'} + + '@jridgewell/sourcemap-codec@1.5.0': + resolution: {integrity: sha512-gv3ZRaISU3fjPAgNsriBRqGWQL6quFx04YMPW/zD8XMLsU32mhCCbfbO6KZFLjvYpCZ8zyDEgqsgf+PwPaM7GQ==} + + '@jridgewell/trace-mapping@0.3.25': + resolution: {integrity: sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==} + + '@lix-js/client@1.2.1': + resolution: {integrity: sha512-9EjzAWX2GAUk1LPdG8JZoAjQUYVSENQ7GesDMdvvkbE86cwpOfIf79aRcVCDF0zuBk5ferikGLSv5IJD/+i6Ig==} + + '@lix-js/fs@1.0.0': + resolution: {integrity: sha512-B3gnR0B7mOiYePnxh+XNU1OpVvvRYcLJ3MrdqkFVKiXz1fbKKCEMA53Vwhu3ehAMFFDB1Mo9+GVjiY2ssbA/ZQ==} + + '@mdx-js/react@3.0.1': + resolution: {integrity: sha512-9ZrPIU4MGf6et1m1ov3zKf+q9+deetI51zprKB1D/z3NOb+rUxxtEl3mCjW5wTGh6VhRdwPueh1oRzi6ezkA8A==} + peerDependencies: + '@types/react': '>=16' + react: '>=16' + + '@nodelib/fs.scandir@2.1.5': + resolution: {integrity: sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==} + engines: {node: '>= 8'} + + '@nodelib/fs.stat@2.0.5': + resolution: {integrity: sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==} + engines: {node: '>= 8'} + + '@nodelib/fs.walk@1.2.8': + resolution: {integrity: sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==} + engines: {node: '>= 8'} + + '@octokit/app@14.1.0': + resolution: {integrity: sha512-g3uEsGOQCBl1+W1rgfwoRFUIR6PtvB2T1E4RpygeUU5LrLvlOqcxrt5lfykIeRpUPpupreGJUYl70fqMDXdTpw==} + engines: {node: '>= 18'} + + '@octokit/auth-app@6.1.1': + resolution: {integrity: sha512-VrTtzRpyuT5nYGUWeGWQqH//hqEZDV+/yb6+w5wmWpmmUA1Tx950XsAc2mBBfvusfcdF2E7w8jZ1r1WwvfZ9pA==} + engines: {node: '>= 18'} + + '@octokit/auth-oauth-app@7.1.0': + resolution: {integrity: sha512-w+SyJN/b0l/HEb4EOPRudo7uUOSW51jcK1jwLa+4r7PA8FPFpoxEnHBHMITqCsc/3Vo2qqFjgQfz/xUUvsSQnA==} + engines: {node: '>= 18'} + + '@octokit/auth-oauth-device@6.1.0': + resolution: {integrity: sha512-FNQ7cb8kASufd6Ej4gnJ3f1QB5vJitkoV1O0/g6e6lUsQ7+VsSNRHRmFScN2tV4IgKA12frrr/cegUs0t+0/Lw==} + engines: {node: '>= 18'} + + '@octokit/auth-oauth-user@4.1.0': + resolution: {integrity: sha512-FrEp8mtFuS/BrJyjpur+4GARteUCrPeR/tZJzD8YourzoVhRics7u7we/aDcKv+yywRNwNi/P4fRi631rG/OyQ==} + engines: {node: '>= 18'} + + '@octokit/auth-token@4.0.0': + resolution: {integrity: sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA==} + engines: {node: '>= 18'} + + '@octokit/auth-unauthenticated@5.0.1': + resolution: {integrity: sha512-oxeWzmBFxWd+XolxKTc4zr+h3mt+yofn4r7OfoIkR/Cj/o70eEGmPsFbueyJE2iBAGpjgTnEOKM3pnuEGVmiqg==} + engines: {node: '>= 18'} + + '@octokit/core@5.2.0': + resolution: {integrity: sha512-1LFfa/qnMQvEOAdzlQymH0ulepxbxnCYAKJZfMci/5XJyIHWgEYnDmgnKakbTh7CH2tFQ5O60oYDvns4i9RAIg==} + engines: {node: '>= 18'} + + '@octokit/endpoint@9.0.5': + resolution: {integrity: sha512-ekqR4/+PCLkEBF6qgj8WqJfvDq65RH85OAgrtnVp1mSxaXF03u2xW/hUdweGS5654IlC0wkNYC18Z50tSYTAFw==} + engines: {node: '>= 18'} + + '@octokit/graphql@7.1.0': + resolution: {integrity: sha512-r+oZUH7aMFui1ypZnAvZmn0KSqAUgE1/tUXIWaqUCa1758ts/Jio84GZuzsvUkme98kv0WFY8//n0J1Z+vsIsQ==} + engines: {node: '>= 18'} + + '@octokit/oauth-app@6.1.0': + resolution: {integrity: sha512-nIn/8eUJ/BKUVzxUXd5vpzl1rwaVxMyYbQkNZjHrF7Vk/yu98/YDF/N2KeWO7uZ0g3b5EyiFXFkZI8rJ+DH1/g==} + engines: {node: '>= 18'} + + '@octokit/oauth-authorization-url@6.0.2': + resolution: {integrity: sha512-CdoJukjXXxqLNK4y/VOiVzQVjibqoj/xHgInekviUJV73y/BSIcwvJ/4aNHPBPKcPWFnd4/lO9uqRV65jXhcLA==} + engines: {node: '>= 18'} + + '@octokit/oauth-methods@4.1.0': + resolution: {integrity: sha512-4tuKnCRecJ6CG6gr0XcEXdZtkTDbfbnD5oaHBmLERTjTMZNi2CbfEHZxPU41xXLDG4DfKf+sonu00zvKI9NSbw==} + engines: {node: '>= 18'} + + '@octokit/openapi-types@19.1.0': + resolution: {integrity: sha512-6G+ywGClliGQwRsjvqVYpklIfa7oRPA0vyhPQG/1Feh+B+wU0vGH1JiJ5T25d3g1JZYBHzR2qefLi9x8Gt+cpw==} + + '@octokit/openapi-types@20.0.0': + resolution: {integrity: sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA==} + + '@octokit/openapi-types@22.2.0': + resolution: {integrity: sha512-QBhVjcUa9W7Wwhm6DBFu6ZZ+1/t/oYxqc2tp81Pi41YNuJinbFRx8B133qVOrAaBbF7D/m0Et6f9/pZt9Rc+tg==} + + '@octokit/plugin-paginate-graphql@4.0.1': + resolution: {integrity: sha512-R8ZQNmrIKKpHWC6V2gum4x9LG2qF1RxRjo27gjQcG3j+vf2tLsEfE7I/wRWEPzYMaenr1M+qDAtNcwZve1ce1A==} + engines: {node: '>= 18'} + peerDependencies: + '@octokit/core': '>=5' + + '@octokit/plugin-paginate-rest@9.2.1': + resolution: {integrity: sha512-wfGhE/TAkXZRLjksFXuDZdmGnJQHvtU/joFQdweXUgzo1XwvBCD4o4+75NtFfjfLK5IwLf9vHTfSiU3sLRYpRw==} + engines: {node: '>= 18'} + peerDependencies: + '@octokit/core': '5' + + '@octokit/plugin-rest-endpoint-methods@10.4.1': + resolution: {integrity: sha512-xV1b+ceKV9KytQe3zCVqjg+8GTGfDYwaT1ATU5isiUyVtlVAO3HNdzpS4sr4GBx4hxQ46s7ITtZrAsxG22+rVg==} + engines: {node: '>= 18'} + peerDependencies: + '@octokit/core': '5' + + '@octokit/plugin-retry@6.0.1': + resolution: {integrity: sha512-SKs+Tz9oj0g4p28qkZwl/topGcb0k0qPNX/i7vBKmDsjoeqnVfFUquqrE/O9oJY7+oLzdCtkiWSXLpLjvl6uog==} + engines: {node: '>= 18'} + peerDependencies: + '@octokit/core': '>=5' + + '@octokit/plugin-throttling@8.2.0': + resolution: {integrity: sha512-nOpWtLayKFpgqmgD0y3GqXafMFuKcA4tRPZIfu7BArd2lEZeb1988nhWhwx4aZWmjDmUfdgVf7W+Tt4AmvRmMQ==} + engines: {node: '>= 18'} + peerDependencies: + '@octokit/core': ^5.0.0 + + '@octokit/request-error@5.1.0': + resolution: {integrity: sha512-GETXfE05J0+7H2STzekpKObFe765O5dlAKUTLNGeH+x47z7JjXHfsHKo5z21D/o/IOZTUEI6nyWyR+bZVP/n5Q==} + engines: {node: '>= 18'} + + '@octokit/request@8.4.0': + resolution: {integrity: sha512-9Bb014e+m2TgBeEJGEbdplMVWwPmL1FPtggHQRkV+WVsMggPtEkLKPlcVYm/o8xKLkpJ7B+6N8WfQMtDLX2Dpw==} + engines: {node: '>= 18'} + + '@octokit/types@12.4.0': + resolution: {integrity: sha512-FLWs/AvZllw/AGVs+nJ+ELCDZZJk+kY0zMen118xhL2zD0s1etIUHm1odgjP7epxYU1ln7SZxEUWYop5bhsdgQ==} + + '@octokit/types@12.6.0': + resolution: {integrity: sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw==} + + '@octokit/types@13.5.0': + resolution: {integrity: sha512-HdqWTf5Z3qwDVlzCrP8UJquMwunpDiMPt5er+QjGzL4hqr/vBVY/MauQgS1xWxCDT1oMx1EULyqxncdCY/NVSQ==} + + '@octokit/webhooks-methods@4.1.0': + resolution: {integrity: sha512-zoQyKw8h9STNPqtm28UGOYFE7O6D4Il8VJwhAtMHFt2C4L0VQT1qGKLeefUOqHNs1mNRYSadVv7x0z8U2yyeWQ==} + engines: {node: '>= 18'} + + '@octokit/webhooks-types@7.4.0': + resolution: {integrity: sha512-FE2V+QZ2UYlh+9wWd5BPLNXG+J/XUD/PPq0ovS+nCcGX4+3qVbi3jYOmCTW48hg9SBBLtInx9+o7fFt4H5iP0Q==} + + '@octokit/webhooks@12.2.0': + resolution: {integrity: sha512-CyuLJ0/P7bKZ+kIYw+fnkeVdhUzNuDKgNSI7pU/m7Nod0T7kP+s4s2f0pNmG9HL8/RZN1S0ZWTDll3VTMrFLAw==} + engines: {node: '>= 18'} + + '@pkgjs/parseargs@0.11.0': + resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==} + engines: {node: '>=14'} + + '@playwright/test@1.45.2': + resolution: {integrity: sha512-JxG9eq92ET75EbVi3s+4sYbcG7q72ECeZNbdBlaMkGcNbiDQ4cAi8U2QP5oKkOx+1gpaiL1LDStmzCaEM1Z6fQ==} + engines: {node: '>=18'} + hasBin: true + + '@polka/url@1.0.0-next.25': + resolution: {integrity: sha512-j7P6Rgr3mmtdkeDGTe0E/aYyWEWVtc5yFXtHCRHs28/jptDEWfaVOc5T7cblqy1XKPPfCxJc/8DwQ5YgLOZOVQ==} + + '@poppinss/macroable@1.0.2': + resolution: {integrity: sha512-xhhEcEvhQC8mP5oOr5hbE4CmUgmw/IPV1jhpGg2xSkzoFrt9i8YVqBQt9744EFesi5F7pBheWozg63RUBM/5JA==} + engines: {node: '>=18.16.0'} + + '@rollup/plugin-commonjs@26.0.1': + resolution: {integrity: sha512-UnsKoZK6/aGIH6AdkptXhNvhaqftcjq3zZdT+LY5Ftms6JR06nADcDsYp5hTU9E2lbJUEOhdlY5J4DNTneM+jQ==} + engines: {node: '>=16.0.0 || 14 >= 14.17'} + peerDependencies: + rollup: ^2.68.0||^3.0.0||^4.0.0 + peerDependenciesMeta: + rollup: + optional: true + + '@rollup/plugin-json@6.1.0': + resolution: {integrity: sha512-EGI2te5ENk1coGeADSIwZ7G2Q8CJS2sF120T7jLw4xFw9n7wIOXHo+kIYRAoVpJAN+kmqZSoO3Fp4JtoNF4ReA==} + engines: {node: '>=14.0.0'} + peerDependencies: + rollup: ^1.20.0||^2.0.0||^3.0.0||^4.0.0 + peerDependenciesMeta: + rollup: + optional: true + + '@rollup/plugin-node-resolve@15.2.3': + resolution: {integrity: sha512-j/lym8nf5E21LwBT4Df1VD6hRO2L2iwUeUmP7litikRsVp1H6NWx20NEp0Y7su+7XGc476GnXXc4kFeZNGmaSQ==} + engines: {node: '>=14.0.0'} + peerDependencies: + rollup: ^2.78.0||^3.0.0||^4.0.0 + peerDependenciesMeta: + rollup: + optional: true + + '@rollup/pluginutils@5.1.0': + resolution: {integrity: sha512-XTIWOPPcpvyKI6L1NHo0lFlCyznUEyPmPY1mc3KpPVDYulHSTvyeLNVW00QTLIAFNhR3kYnJTQHeGqU4M3n09g==} + engines: {node: '>=14.0.0'} + peerDependencies: + rollup: ^1.20.0||^2.0.0||^3.0.0||^4.0.0 + peerDependenciesMeta: + rollup: + optional: true + + '@rollup/rollup-android-arm-eabi@4.18.1': + resolution: {integrity: sha512-lncuC4aHicncmbORnx+dUaAgzee9cm/PbIqgWz1PpXuwc+sa1Ct83tnqUDy/GFKleLiN7ZIeytM6KJ4cAn1SxA==} + cpu: [arm] + os: [android] + + '@rollup/rollup-android-arm64@4.18.1': + resolution: {integrity: sha512-F/tkdw0WSs4ojqz5Ovrw5r9odqzFjb5LIgHdHZG65dFI1lWTWRVy32KDJLKRISHgJvqUeUhdIvy43fX41znyDg==} + cpu: [arm64] + os: [android] + + '@rollup/rollup-darwin-arm64@4.18.1': + resolution: {integrity: sha512-vk+ma8iC1ebje/ahpxpnrfVQJibTMyHdWpOGZ3JpQ7Mgn/3QNHmPq7YwjZbIE7km73dH5M1e6MRRsnEBW7v5CQ==} + cpu: [arm64] + os: [darwin] + + '@rollup/rollup-darwin-x64@4.18.1': + resolution: {integrity: sha512-IgpzXKauRe1Tafcej9STjSSuG0Ghu/xGYH+qG6JwsAUxXrnkvNHcq/NL6nz1+jzvWAnQkuAJ4uIwGB48K9OCGA==} + cpu: [x64] + os: [darwin] + + '@rollup/rollup-linux-arm-gnueabihf@4.18.1': + resolution: {integrity: sha512-P9bSiAUnSSM7EmyRK+e5wgpqai86QOSv8BwvkGjLwYuOpaeomiZWifEos517CwbG+aZl1T4clSE1YqqH2JRs+g==} + cpu: [arm] + os: [linux] + + '@rollup/rollup-linux-arm-musleabihf@4.18.1': + resolution: {integrity: sha512-5RnjpACoxtS+aWOI1dURKno11d7krfpGDEn19jI8BuWmSBbUC4ytIADfROM1FZrFhQPSoP+KEa3NlEScznBTyQ==} + cpu: [arm] + os: [linux] + + '@rollup/rollup-linux-arm64-gnu@4.18.1': + resolution: {integrity: sha512-8mwmGD668m8WaGbthrEYZ9CBmPug2QPGWxhJxh/vCgBjro5o96gL04WLlg5BA233OCWLqERy4YUzX3bJGXaJgQ==} + cpu: [arm64] + os: [linux] + + '@rollup/rollup-linux-arm64-musl@4.18.1': + resolution: {integrity: sha512-dJX9u4r4bqInMGOAQoGYdwDP8lQiisWb9et+T84l2WXk41yEej8v2iGKodmdKimT8cTAYt0jFb+UEBxnPkbXEQ==} + cpu: [arm64] + os: [linux] + + '@rollup/rollup-linux-powerpc64le-gnu@4.18.1': + resolution: {integrity: sha512-V72cXdTl4EI0x6FNmho4D502sy7ed+LuVW6Ym8aI6DRQ9hQZdp5sj0a2usYOlqvFBNKQnLQGwmYnujo2HvjCxQ==} + cpu: [ppc64] + os: [linux] + + '@rollup/rollup-linux-riscv64-gnu@4.18.1': + resolution: {integrity: sha512-f+pJih7sxoKmbjghrM2RkWo2WHUW8UbfxIQiWo5yeCaCM0TveMEuAzKJte4QskBp1TIinpnRcxkquY+4WuY/tg==} + cpu: [riscv64] + os: [linux] + + '@rollup/rollup-linux-s390x-gnu@4.18.1': + resolution: {integrity: sha512-qb1hMMT3Fr/Qz1OKovCuUM11MUNLUuHeBC2DPPAWUYYUAOFWaxInaTwTQmc7Fl5La7DShTEpmYwgdt2hG+4TEg==} + cpu: [s390x] + os: [linux] + + '@rollup/rollup-linux-x64-gnu@4.18.1': + resolution: {integrity: sha512-7O5u/p6oKUFYjRbZkL2FLbwsyoJAjyeXHCU3O4ndvzg2OFO2GinFPSJFGbiwFDaCFc+k7gs9CF243PwdPQFh5g==} + cpu: [x64] + os: [linux] + + '@rollup/rollup-linux-x64-musl@4.18.1': + resolution: {integrity: sha512-pDLkYITdYrH/9Cv/Vlj8HppDuLMDUBmgsM0+N+xLtFd18aXgM9Nyqupb/Uw+HeidhfYg2lD6CXvz6CjoVOaKjQ==} + cpu: [x64] + os: [linux] + + '@rollup/rollup-win32-arm64-msvc@4.18.1': + resolution: {integrity: sha512-W2ZNI323O/8pJdBGil1oCauuCzmVd9lDmWBBqxYZcOqWD6aWqJtVBQ1dFrF4dYpZPks6F+xCZHfzG5hYlSHZ6g==} + cpu: [arm64] + os: [win32] + + '@rollup/rollup-win32-ia32-msvc@4.18.1': + resolution: {integrity: sha512-ELfEX1/+eGZYMaCIbK4jqLxO1gyTSOIlZr6pbC4SRYFaSIDVKOnZNMdoZ+ON0mrFDp4+H5MhwNC1H/AhE3zQLg==} + cpu: [ia32] + os: [win32] + + '@rollup/rollup-win32-x64-msvc@4.18.1': + resolution: {integrity: sha512-yjk2MAkQmoaPYCSu35RLJ62+dz358nE83VfTePJRp8CG7aMg25mEJYpXFiD+NcevhX8LxD5OP5tktPXnXN7GDw==} + cpu: [x64] + os: [win32] + + '@sideway/address@4.1.5': + resolution: {integrity: sha512-IqO/DUQHUkPeixNQ8n0JA6102hT9CmaljNTPmQ1u8MEhBo/R4Q8eKLN/vGZxuebwOroDB4cbpjheD4+/sKFK4Q==} + + '@sideway/formula@3.0.1': + resolution: {integrity: sha512-/poHZJJVjx3L+zVD6g9KgHfYnb443oi7wLu/XKojDviHy6HOEOA6z1Trk5aR1dGcmPenJEgb2sK2I80LeS3MIg==} + + '@sideway/pinpoint@2.0.0': + resolution: {integrity: sha512-RNiOoTPkptFtSVzQevY/yWtZwf/RxyVnPy/OcA9HBM3MlGDnBEYL5B41H0MTn0Uec8Hi+2qUtTfG2WWZBmMejQ==} + + '@sinclair/typebox@0.27.8': + resolution: {integrity: sha512-+Fj43pSMwJs4KRrH/938Uf+uAELIgVBmQzg/q1YG10djyfA3TnrU8N8XzqCh/okZdszqBQTZf96idMfE5lnwTA==} + + '@sinclair/typebox@0.31.28': + resolution: {integrity: sha512-/s55Jujywdw/Jpan+vsy6JZs1z2ZTGxTmbZTPiuSL2wz9mfzA2gN1zzaqmvfi4pq+uOt7Du85fkiwv5ymW84aQ==} + + '@sinclair/typebox@0.32.34': + resolution: {integrity: sha512-a3Z3ytYl6R/+7ldxx04PO1semkwWlX/8pTqxsPw4quIcIXDFPZhOc1Wx8azWmkU26ccK3mHwcWenn0avNgAKQg==} + + '@sindresorhus/merge-streams@2.3.0': + resolution: {integrity: sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg==} + engines: {node: '>=18'} + + '@skeletonlabs/skeleton@2.10.2': + resolution: {integrity: sha512-TV2yWjvHpmtaF1F5luB8n7UbjKZcsrJMMiiJQHbZvqXjBWvudAcL8zywhE/NFKW5rYU//MtgOODdMZPZxvKu6w==} + peerDependencies: + svelte: ^3.56.0 || ^4.0.0 + + '@skeletonlabs/tw-plugin@0.4.0': + resolution: {integrity: sha512-v6Y4deBq9ByRx3kTRGgekhhYkWEYgNNNu8UXOwJngCStB7w8SwmbNFSeHkluxMbgCgMnJyp220EMpw9nj/rEsQ==} + peerDependencies: + tailwindcss: '>=3.0.0' + + '@sodaru/yup-to-json-schema@2.0.1': + resolution: {integrity: sha512-lWb0Wiz8KZ9ip/dY1eUqt7fhTPmL24p6Hmv5Fd9pzlzAdw/YNcWZr+tiCT4oZ4Zyxzi9+1X4zv82o7jYvcFxYA==} + + '@storybook/addon-actions@8.2.4': + resolution: {integrity: sha512-l1dlzWBBkR/5aullsX8N1ZbYr2bkeHPAaMCRy1jG5BBA8IHbi55JFwmJ8XF2gXkT2GyAZnePzb43RuLXz4KxFQ==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-backgrounds@8.2.4': + resolution: {integrity: sha512-4oU25rFyr4OgMxHe4RpLJ7lxVwUDfdTi1j/YVyHfYv8koTqjagso8bv0uj0ujP5C3dSsVO0sp3/JOfPDkEUtrA==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-controls@8.2.4': + resolution: {integrity: sha512-e56aUYhxyR8zJJstRAUP3WILhWTcvgRf5bysTtiyjFAL7U47cuCr043+IYEsxLkXhuZTKX2pcYSrjBtT5bYkVA==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-docs@8.2.4': + resolution: {integrity: sha512-oyrDw4nGfntu5Hkhr2Qt1wUOyLaVVERQekYyejyir92QhM10UeA7ZarPXNLfCTj7rbTrWmM1Waka9Tsf8TGMrw==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-essentials@8.2.4': + resolution: {integrity: sha512-4upNauDJAJxauxnoUpUvzDnLo18C2yTVxgg+Id9wrKpt9C+CYH2oXyXzxoYGucYWZEe7zgCO6rWrGrKEisiLPQ==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-highlight@8.2.4': + resolution: {integrity: sha512-Ll/2y0m/q9ko9jFt40qsiee4fds6vpcwwxi3mPAVwRV/J7PpMzPkoLxM54bKpeHiWdTeGCXRguXNvyeQMQf3pg==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-interactions@8.2.4': + resolution: {integrity: sha512-jGGTCKfqZzq3DSZF+cimD8FBcO8X9yu/cNTcxHtx6TN9McV69sTiSzOpGgbWkLjLjP0XU12NQGqFw38tIn7n9Q==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-links@8.2.4': + resolution: {integrity: sha512-1FgD6YXdXXSEDrp2aO4LxYt/X7LnBYx7cLlFla+xbn1CZLGqWLLeOT+BFd29wxpzs3u1Tap9r1iz1vRYL5ziyg==} + peerDependencies: + react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0-beta + storybook: ^8.2.4 + peerDependenciesMeta: + react: + optional: true + + '@storybook/addon-measure@8.2.4': + resolution: {integrity: sha512-bSyE3mGDaaIKoe6Kt/f20YXKsn8WSoJUHrfKA68gbb+H3tegVQaqeS2KY5YzLqvjHe1qSmrO132NJt8RixLOPQ==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-outline@8.2.4': + resolution: {integrity: sha512-1C6NrvSDREgCZ7o/1n7Ca81uDDzrSrzWiOkh4OeA7PPQ/445cAOX2OMvxzNkKDIT9GLCLNi9M5XIVyGxJVS4dQ==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-toolbars@8.2.4': + resolution: {integrity: sha512-iPnSr+hdz40Uoqg2cimyWf01/Y8GdgdMKB+b47TGIxtn9SEFBXck00ZG8ttwBvEsecu9K9CDt20fIOnr6oK5tQ==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/addon-viewport@8.2.4': + resolution: {integrity: sha512-58DcoX0xGpWlJfc0iLDjggkVPYzT4JdCZA2ioK9SQXQMsUzGFwR5PAAJv1tivYp7467tNkXvcM3QTb3Q3g8p4g==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/blocks@8.2.4': + resolution: {integrity: sha512-Hl2Dpg41YiJLSVXxjEJPjgPShrDJM3RY6HEEOjqTcAADsheX1IHAWXMJSJGMmne3Sew6VdJXPuHBIOFV4suZxg==} + peerDependencies: + react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0-beta + react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0-beta + storybook: ^8.2.4 + peerDependenciesMeta: + react: + optional: true + react-dom: + optional: true + + '@storybook/builder-vite@8.2.4': + resolution: {integrity: sha512-hDx0ZLcnFrIJaVoFMu41d9w1uWmwy/DDUuIbSd0T7xHwWyVqgI8lmaQlBIp81/QmSKaUB964UduHcdIjkoWoYA==} + peerDependencies: + '@preact/preset-vite': '*' + storybook: ^8.2.4 + typescript: '>= 4.3.x' + vite: ^4.0.0 || ^5.0.0 + vite-plugin-glimmerx: '*' + peerDependenciesMeta: + '@preact/preset-vite': + optional: true + typescript: + optional: true + vite-plugin-glimmerx: + optional: true + + '@storybook/codemod@8.2.4': + resolution: {integrity: sha512-QcZdqjX4NvkVcWR3yI9it3PfqmBOCR+3iY6j4PmG7p5IE0j9kXMKBbeFrBRprSijHKlwcjbc3bRx2SnKF6AFEg==} + + '@storybook/components@8.2.4': + resolution: {integrity: sha512-JLT1RoR/RXX+ZTeFoY85CRHb9Zz3l0PRRUSetEjoIJdnBGeL5C38bs0s9QnYjpCDLUlhdYhTln+GzmbyH8ocpA==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/core@8.2.4': + resolution: {integrity: sha512-jePmsGZT2hhUNQs8ED6+hFVt2m4hrMseO8kkN7Mcsve1MIujzHUS7Gjo4uguBwHJJOtiXB2fw4OSiQCmsXscZA==} + + '@storybook/csf-plugin@8.2.4': + resolution: {integrity: sha512-7V2tmeyAwv4/AQiBpB+7fCpphnY1yhcz+Zv9esUOHKqFn5+7u9FKpEXFFcf6fcbqXr2KoNw2F1EnTv3K/SxXrg==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/csf@0.0.1': + resolution: {integrity: sha512-USTLkZze5gkel8MYCujSRBVIrUQ3YPBrLOx7GNk/0wttvVtlzWXAq9eLbQ4p/NicGxP+3T7KPEMVV//g+yubpw==} + + '@storybook/csf@0.1.11': + resolution: {integrity: sha512-dHYFQH3mA+EtnCkHXzicbLgsvzYjcDJ1JWsogbItZogkPHgSJM/Wr71uMkcvw8v9mmCyP4NpXJuu6bPoVsOnzg==} + + '@storybook/global@5.0.0': + resolution: {integrity: sha512-FcOqPAXACP0I3oJ/ws6/rrPT9WGhu915Cg8D02a9YxLo0DE9zI+a9A5gRGvmQ09fiWPukqI8ZAEoQEdWUKMQdQ==} + + '@storybook/icons@1.2.9': + resolution: {integrity: sha512-cOmylsz25SYXaJL/gvTk/dl3pyk7yBFRfeXTsHvTA3dfhoU/LWSq0NKL9nM7WBasJyn6XPSGnLS4RtKXLw5EUg==} + engines: {node: '>=14.0.0'} + peerDependencies: + react: ^16.8.0 || ^17.0.0 || ^18.0.0 + react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0 + + '@storybook/instrumenter@8.2.4': + resolution: {integrity: sha512-szcRjg7XhtobDW4omexWqBRlmRyrKW9p8uF9k6hanJqhHl4iG9D8xbi3SdaRhcn5KN1Wqv6RDAB+kXzHlFfdKA==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/manager-api@8.2.4': + resolution: {integrity: sha512-ayiOtcGupSeLCi2doEsRpALNPo4MBWYruc+e3jjkeVJQIg9A1ipSogNQh8unuOmq9rezO4/vcNBd6MxLs3xLWg==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/preview-api@8.2.4': + resolution: {integrity: sha512-IxOiUYYzNnk1OOz3zQBhsa3P1fsgqeMBZcH7TjiQWs9osuWG20oqsFR6+Z3dxoW8IuQHvpnREGKvAbRsDsThcA==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/react-dom-shim@8.2.4': + resolution: {integrity: sha512-p2ypPWuKKFY/ij7yYjvdnrOcfdpxnAJd9D4/2Hm2eVioE4y8HQSND54t9OfkW+498Ez7ph4zW9ez005XqzH/+w==} + peerDependencies: + react: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0-beta + react-dom: ^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0-beta + storybook: ^8.2.4 + + '@storybook/svelte-vite@8.2.4': + resolution: {integrity: sha512-h2wUY7bYNOmAlhXemkW/gU7Uf0rPwTfxIq6D4tgHhMyw1UCcYjscp6QE7CoSgOxA5piTsqaYBlCsLC+4Ac2GWA==} + engines: {node: '>=18.0.0'} + peerDependencies: + '@sveltejs/vite-plugin-svelte': ^2.0.0 || ^3.0.0 + storybook: ^8.2.4 + svelte: ^4.0.0 || ^5.0.0-next.65 + vite: ^4.0.0 || ^5.0.0 + + '@storybook/svelte@8.2.4': + resolution: {integrity: sha512-GAVFD3YZ2Eo/0nw+UnkfMRCJb6kdeom+hKrt9ehtkztWoQ5JZRfHC6C0Y/n01DcYTnZnwL/HBN3RALG6D1iIqw==} + engines: {node: '>=18.0.0'} + peerDependencies: + storybook: ^8.2.4 + svelte: ^4.0.0 || ^5.0.0-next.65 + + '@storybook/sveltekit@8.2.4': + resolution: {integrity: sha512-d2klafU3zLW1PsuMof5pU8Hhk736FX7W5BJyLC9Z3Xe0j9qHaD4RQzvmo1qLdo3dhqMr85Llzolz7offoJW3Pw==} + engines: {node: '>=18.0.0'} + peerDependencies: + storybook: ^8.2.4 + svelte: ^4.0.0 || ^5.0.0-next.65 + vite: ^4.0.0 || ^5.0.0 + + '@storybook/test@8.2.4': + resolution: {integrity: sha512-boFjNFja4BNSbQhvmMlTVdQmZh36iM9+8w0sb7IK2e9Xnoi4+utupPNwBLvSsw4bRayK8+mP4Vk46O8h3TaiMw==} + peerDependencies: + storybook: ^8.2.4 + + '@storybook/theming@8.2.4': + resolution: {integrity: sha512-B4HQMzTeg1TgV9uPDIoDkMSnP839Y05I9+Tw60cilAD+jTqrCvMlccHfehsTzJk+gioAflunATcbU05TMZoeIQ==} + peerDependencies: + storybook: ^8.2.4 + + '@sveltejs/adapter-auto@3.2.2': + resolution: {integrity: sha512-Mso5xPCA8zgcKrv+QioVlqMZkyUQ5MjDJiEPuG/Z7cV/5tmwV7LmcVWk5tZ+H0NCOV1x12AsoSpt/CwFwuVXMA==} + peerDependencies: + '@sveltejs/kit': ^2.0.0 + + '@sveltejs/adapter-node@5.2.0': + resolution: {integrity: sha512-HVZoei2078XSyPmvdTHE03VXDUD0ytTvMuMHMQP0j6zX4nPDpCcKrgvU7baEblMeCCMdM/shQvstFxOJPQKlUQ==} + peerDependencies: + '@sveltejs/kit': ^2.4.0 + + '@sveltejs/kit@2.5.18': + resolution: {integrity: sha512-+g06hvpVAnH7b4CDjhnTDgFWBKBiQJpuSmQeGYOuzbO3SC3tdYjRNlDCrafvDtKbGiT2uxY5Dn9qdEUGVZdWOQ==} + engines: {node: '>=18.13'} + hasBin: true + peerDependencies: + '@sveltejs/vite-plugin-svelte': ^3.0.0 + svelte: ^4.0.0 || ^5.0.0-next.0 + vite: ^5.0.3 + + '@sveltejs/vite-plugin-svelte-inspector@2.1.0': + resolution: {integrity: sha512-9QX28IymvBlSCqsCll5t0kQVxipsfhFFL+L2t3nTWfXnddYwxBuAEtTtlaVQpRz9c37BhJjltSeY4AJSC03SSg==} + engines: {node: ^18.0.0 || >=20} + peerDependencies: + '@sveltejs/vite-plugin-svelte': ^3.0.0 + svelte: ^4.0.0 || ^5.0.0-next.0 + vite: ^5.0.0 + + '@sveltejs/vite-plugin-svelte@3.1.1': + resolution: {integrity: sha512-rimpFEAboBBHIlzISibg94iP09k/KYdHgVhJlcsTfn7KMBhc70jFX/GRWkRdFCc2fdnk+4+Bdfej23cMDnJS6A==} + engines: {node: ^18.0.0 || >=20} + peerDependencies: + svelte: ^4.0.0 || ^5.0.0-next.0 + vite: ^5.0.0 + + '@tailwindcss/forms@0.5.7': + resolution: {integrity: sha512-QE7X69iQI+ZXwldE+rzasvbJiyV/ju1FGHH0Qn2W3FKbuYtqp8LKcy6iSw79fVUT5/Vvf+0XgLCeYVG+UV6hOw==} + peerDependencies: + tailwindcss: '>=3.0.0 || >= 3.0.0-alpha.1' + + '@tailwindcss/typography@0.5.13': + resolution: {integrity: sha512-ADGcJ8dX21dVVHIwTRgzrcunY6YY9uSlAHHGVKvkA+vLc5qLwEszvKts40lx7z0qc4clpjclwLeK5rVCV2P/uw==} + peerDependencies: + tailwindcss: '>=3.0.0 || insiders' + + '@testing-library/dom@10.1.0': + resolution: {integrity: sha512-wdsYKy5zupPyLCW2Je5DLHSxSfbIp6h80WoHOQc+RPtmPGA52O9x5MJEkv92Sjonpq+poOAtUKhh1kBGAXBrNA==} + engines: {node: '>=18'} + + '@testing-library/dom@10.3.2': + resolution: {integrity: sha512-0bxIdP9mmPiOJ6wHLj8bdJRq+51oddObeCGdEf6PNEhYd93ZYAN+lPRnEOVFtheVwDM7+p+tza3LAQgp0PTudg==} + engines: {node: '>=18'} + + '@testing-library/jest-dom@6.4.5': + resolution: {integrity: sha512-AguB9yvTXmCnySBP1lWjfNNUwpbElsaQ567lt2VdGqAdHtpieLgjmcVyv1q7PMIvLbgpDdkWV5Ydv3FEejyp2A==} + engines: {node: '>=14', npm: '>=6', yarn: '>=1'} + peerDependencies: + '@jest/globals': '>= 28' + '@types/bun': latest + '@types/jest': '>= 28' + jest: '>= 28' + vitest: '>= 0.32' + peerDependenciesMeta: + '@jest/globals': + optional: true + '@types/bun': + optional: true + '@types/jest': + optional: true + jest: + optional: true + vitest: + optional: true + + '@testing-library/jest-dom@6.4.6': + resolution: {integrity: sha512-8qpnGVincVDLEcQXWaHOf6zmlbwTKc6Us6PPu4CRnPXCzo2OGBS5cwgMMOWdxDpEz1mkbvXHpEy99M5Yvt682w==} + engines: {node: '>=14', npm: '>=6', yarn: '>=1'} + peerDependencies: + '@jest/globals': '>= 28' + '@types/bun': latest + '@types/jest': '>= 28' + jest: '>= 28' + vitest: '>= 0.32' + peerDependenciesMeta: + '@jest/globals': + optional: true + '@types/bun': + optional: true + '@types/jest': + optional: true + jest: + optional: true + vitest: + optional: true + + '@testing-library/svelte@5.2.0': + resolution: {integrity: sha512-oMIFfxMcaPOXp+BQTRVgkeKzfAx7ee9fMrWaiKbMN36tN61kLl4Uj5ZZ/y1w9aL3a0BuBEoErV5iorYwCHqVUA==} + engines: {node: '>= 10'} + peerDependencies: + svelte: ^3 || ^4 || ^5 || ^5.0.0-next.0 + vite: '*' + vitest: '*' + peerDependenciesMeta: + vite: + optional: true + vitest: + optional: true + + '@testing-library/user-event@14.5.2': + resolution: {integrity: sha512-YAh82Wh4TIrxYLmfGcixwD18oIjyC1pFQC2Y01F2lzV2HTMiYrI0nze0FD0ocB//CKS/7jIUgae+adPqxK5yCQ==} + engines: {node: '>=12', npm: '>=6'} + peerDependencies: + '@testing-library/dom': '>=7.21.4' + + '@types/aria-query@5.0.4': + resolution: {integrity: sha512-rfT93uj5s0PRL7EzccGMs3brplhcrghnDoV26NqKhCAS1hVo+WdNsPvE/yb6ilfr5hi2MEk6d5EWJTKdxg8jVw==} + + '@types/aws-lambda@8.10.141': + resolution: {integrity: sha512-SMWlRBukG9KV8ZNjwemp2AzDibp/czIAeKKTw09nCPbWxVskIxactCJCGOp4y6I1hCMY7T7UGfySvBLXNeUbEw==} + + '@types/body-parser@1.19.5': + resolution: {integrity: sha512-fB3Zu92ucau0iQ0JMCFQE7b/dv8Ot07NI3KaZIkIUNXq82k4eBAqUaneXfleGY9JWskeS9y+u0nXMyspcuQrCg==} + + '@types/btoa-lite@1.0.2': + resolution: {integrity: sha512-ZYbcE2x7yrvNFJiU7xJGrpF/ihpkM7zKgw8bha3LNJSesvTtUNxbpzaT7WXBIryf6jovisrxTBvymxMeLLj1Mg==} + + '@types/connect@3.4.38': + resolution: {integrity: sha512-K6uROf1LD88uDQqJCktA4yzL1YYAK6NgfsI0v/mTgyPKWsX1CnJ0XPSDhViejru1GcRkLWb8RlzFYJRqGUbaug==} + + '@types/cookie@0.6.0': + resolution: {integrity: sha512-4Kh9a6B2bQciAhf7FSuMRRkUWecJgJu9nPnx3yzpsfXX/c50REIqpHY4C82bXP90qrLtXtkDxTZosYO3UpOwlA==} + + '@types/cross-spawn@6.0.6': + resolution: {integrity: sha512-fXRhhUkG4H3TQk5dBhQ7m/JDdSNHKwR2BBia62lhwEIq9xGiQKLxd6LymNhn47SjXhsUEPmxi+PKw2OkW4LLjA==} + + '@types/emscripten@1.39.13': + resolution: {integrity: sha512-cFq+fO/isvhvmuP/+Sl4K4jtU6E23DoivtbO4r50e3odaxAiVdbfSYRDdJ4gCdxx+3aRjhphS5ZMwIH4hFy/Cw==} + + '@types/estree@1.0.5': + resolution: {integrity: sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==} + + '@types/express-serve-static-core@4.19.5': + resolution: {integrity: sha512-y6W03tvrACO72aijJ5uF02FRq5cgDR9lUxddQ8vyF+GvmjJQqbzDcJngEjURc+ZsG31VI3hODNZJ2URj86pzmg==} + + '@types/express@4.17.21': + resolution: {integrity: sha512-ejlPM315qwLpaQlQDTjPdsUFSc6ZsP4AN6AlWnogPjQ7CVi7PYF3YVz+CY3jE2pwYf7E/7HlDAN0rV2GxTG0HQ==} + + '@types/find-cache-dir@3.2.1': + resolution: {integrity: sha512-frsJrz2t/CeGifcu/6uRo4b+SzAwT4NYCVPu1GN8IB9XTzrpPkGuV0tmh9mN+/L0PklAlsC3u5Fxt0ju00LXIw==} + + '@types/hast@3.0.4': + resolution: {integrity: sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==} + + '@types/http-errors@2.0.4': + resolution: {integrity: sha512-D0CFMMtydbJAegzOyHjtiKPLlvnm3iTZyZRSZoLq2mRhDdmLfIWOCYPfQJ4cu2erKghU++QvjcUjp/5h7hESpA==} + + '@types/json-schema@7.0.15': + resolution: {integrity: sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==} + + '@types/jsonwebtoken@9.0.6': + resolution: {integrity: sha512-/5hndP5dCjloafCXns6SZyESp3Ldq7YjH3zwzwczYnjxIT0Fqzk5ROSYVGfFyczIue7IUEj8hkvLbPoLQ18vQw==} + + '@types/lodash@4.17.7': + resolution: {integrity: sha512-8wTvZawATi/lsmNu10/j2hk1KEP0IvjubqPE3cu1Xz7xfXXt5oCq3SNUz4fMIP4XGF9Ky+Ue2tBA3hcS7LSBlA==} + + '@types/mdx@2.0.13': + resolution: {integrity: sha512-+OWZQfAYyio6YkJb3HLxDrvnx6SWWDbC0zVPfBRzUk0/nqoDyf6dNxQi3eArPe8rJ473nobTMQ/8Zk+LxJ+Yuw==} + + '@types/mime@1.3.5': + resolution: {integrity: sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==} + + '@types/node@18.19.40': + resolution: {integrity: sha512-MIxieZHrm4Ee8XArBIc+Or9HINt2StOmCbgRcXGSJl8q14svRvkZPe7LJq9HKtTI1SK3wU8b91TjntUm7T69Pg==} + + '@types/node@20.14.11': + resolution: {integrity: sha512-kprQpL8MMeszbz6ojB5/tU8PLN4kesnN8Gjzw349rDlNgsSzg90lAVj3llK99Dh7JON+t9AuscPPFW6mPbTnSA==} + + '@types/prop-types@15.7.12': + resolution: {integrity: sha512-5zvhXYtRNRluoE/jAp4GVsSduVUzNWKkOZrCDBWYtE7biZywwdC2AcEzg+cSMLFRfVgeAFqpfNabiPjxFddV1Q==} + + '@types/pug@2.0.10': + resolution: {integrity: sha512-Sk/uYFOBAB7mb74XcpizmH0KOR2Pv3D2Hmrh1Dmy5BmK3MpdSa5kqZcg6EKBdklU0bFXX9gCfzvpnyUehrPIuA==} + + '@types/qs@6.9.15': + resolution: {integrity: sha512-uXHQKES6DQKKCLh441Xv/dwxOq1TVS3JPUMlEqoEglvlhR6Mxnlew/Xq/LRVHpLyk7iK3zODe1qYHIMltO7XGg==} + + '@types/range-parser@1.2.7': + resolution: {integrity: sha512-hKormJbkJqzQGhziax5PItDUTMAM9uE2XXQmM37dyd4hVM+5aVl7oVxMVUiVQn2oCQFN/LKCZdvSM0pFRqbSmQ==} + + '@types/react@18.3.3': + resolution: {integrity: sha512-hti/R0pS0q1/xx+TsI73XIqk26eBsISZ2R0wUijXIngRK9R/e7Xw/cXVxQK7R5JjW+SV4zGcn5hXjudkN/pLIw==} + + '@types/resolve@1.20.2': + resolution: {integrity: sha512-60BCwRFOZCQhDncwQdxxeOEEkbc5dIMccYLwbxsS4TUNeVECQ/pBJ0j09mrHOl/JJvpRPGwO9SvE4nR2Nb/a4Q==} + + '@types/semver@7.5.8': + resolution: {integrity: sha512-I8EUhyrgfLrcTkzV3TSsGyl1tSuPrEDzr0yd5m90UgNxQkyDXULk3b6MlQqTCpZpNtWe1K0hzclnZkTcLBe2UQ==} + + '@types/send@0.17.4': + resolution: {integrity: sha512-x2EM6TJOybec7c52BX0ZspPodMsQUd5L6PRwOunVyVUhXiBSKf3AezDL8Dgvgt5o0UfKNfuA0eMLr2wLT4AiBA==} + + '@types/serve-static@1.15.7': + resolution: {integrity: sha512-W8Ym+h8nhuRwaKPaDw34QUkwsGi6Rc4yYqvKFo5rm2FUEhCFbzVWrxXUxuKK8TASjWsysJY0nsmNCGhCOIsrOw==} + + '@types/unist@3.0.2': + resolution: {integrity: sha512-dqId9J8K/vGi5Zr7oo212BGii5m3q5Hxlkwy3WpYuKPklmBEvsbMYYyLxAQpSffdLl/gdW0XUpKWFvYmyoWCoQ==} + + '@types/uuid@9.0.8': + resolution: {integrity: sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==} + + '@types/validator@13.12.0': + resolution: {integrity: sha512-nH45Lk7oPIJ1RVOF6JgFI6Dy0QpHEzq4QecZhvguxYPDwT8c93prCMqAtiIttm39voZ+DDR+qkNnMpJmMBRqag==} + + '@typescript-eslint/eslint-plugin@7.16.1': + resolution: {integrity: sha512-SxdPak/5bO0EnGktV05+Hq8oatjAYVY3Zh2bye9pGZy6+jwyR3LG3YKkV4YatlsgqXP28BTeVm9pqwJM96vf2A==} + engines: {node: ^18.18.0 || >=20.0.0} + peerDependencies: + '@typescript-eslint/parser': ^7.0.0 + eslint: ^8.56.0 + typescript: '*' + peerDependenciesMeta: + typescript: + optional: true + + '@typescript-eslint/parser@7.16.1': + resolution: {integrity: sha512-u+1Qx86jfGQ5i4JjK33/FnawZRpsLxRnKzGE6EABZ40KxVT/vWsiZFEBBHjFOljmmV3MBYOHEKi0Jm9hbAOClA==} + engines: {node: ^18.18.0 || >=20.0.0} + peerDependencies: + eslint: ^8.56.0 + typescript: '*' + peerDependenciesMeta: + typescript: + optional: true + + '@typescript-eslint/scope-manager@5.62.0': + resolution: {integrity: sha512-VXuvVvZeQCQb5Zgf4HAxc04q5j+WrNAtNh9OwCsCgpKqESMTu3tF/jhZ3xG6T4NZwWl65Bg8KuS2uEvhSfLl0w==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + '@typescript-eslint/scope-manager@7.16.1': + resolution: {integrity: sha512-nYpyv6ALte18gbMz323RM+vpFpTjfNdyakbf3nsLvF43uF9KeNC289SUEW3QLZ1xPtyINJ1dIsZOuWuSRIWygw==} + engines: {node: ^18.18.0 || >=20.0.0} + + '@typescript-eslint/type-utils@7.16.1': + resolution: {integrity: sha512-rbu/H2MWXN4SkjIIyWcmYBjlp55VT+1G3duFOIukTNFxr9PI35pLc2ydwAfejCEitCv4uztA07q0QWanOHC7dA==} + engines: {node: ^18.18.0 || >=20.0.0} + peerDependencies: + eslint: ^8.56.0 + typescript: '*' + peerDependenciesMeta: + typescript: + optional: true + + '@typescript-eslint/types@5.62.0': + resolution: {integrity: sha512-87NVngcbVXUahrRTqIK27gD2t5Cu1yuCXxbLcFtCzZGlfyVWWh8mLHkoxzjsB6DDNnvdL+fW8MiwPEJyGJQDgQ==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + '@typescript-eslint/types@7.16.1': + resolution: {integrity: sha512-AQn9XqCzUXd4bAVEsAXM/Izk11Wx2u4H3BAfQVhSfzfDOm/wAON9nP7J5rpkCxts7E5TELmN845xTUCQrD1xIQ==} + engines: {node: ^18.18.0 || >=20.0.0} + + '@typescript-eslint/typescript-estree@5.62.0': + resolution: {integrity: sha512-CmcQ6uY7b9y694lKdRB8FEel7JbU/40iSAPomu++SjLMntB+2Leay2LO6i8VnJk58MtE9/nQSFIH6jpyRWyYzA==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + peerDependencies: + typescript: '*' + peerDependenciesMeta: + typescript: + optional: true + + '@typescript-eslint/typescript-estree@7.16.1': + resolution: {integrity: sha512-0vFPk8tMjj6apaAZ1HlwM8w7jbghC8jc1aRNJG5vN8Ym5miyhTQGMqU++kuBFDNKe9NcPeZ6x0zfSzV8xC1UlQ==} + engines: {node: ^18.18.0 || >=20.0.0} + peerDependencies: + typescript: '*' + peerDependenciesMeta: + typescript: + optional: true + + '@typescript-eslint/utils@5.62.0': + resolution: {integrity: sha512-n8oxjeb5aIbPFEtmQxQYOLI0i9n5ySBEY/ZEHHZqKQSFnxio1rv6dthascc9dLuwrL0RC5mPCxB7vnAVGAYWAQ==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + peerDependencies: + eslint: ^6.0.0 || ^7.0.0 || ^8.0.0 + + '@typescript-eslint/utils@7.16.1': + resolution: {integrity: sha512-WrFM8nzCowV0he0RlkotGDujx78xudsxnGMBHI88l5J8wEhED6yBwaSLP99ygfrzAjsQvcYQ94quDwI0d7E1fA==} + engines: {node: ^18.18.0 || >=20.0.0} + peerDependencies: + eslint: ^8.56.0 + + '@typescript-eslint/visitor-keys@5.62.0': + resolution: {integrity: sha512-07ny+LHRzQXepkGg6w0mFY41fVUNBrL2Roj/++7V1txKugfjm/Ci/qSND03r2RhlJhJYMcTn9AhhSSqQp0Ysyw==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + '@typescript-eslint/visitor-keys@7.16.1': + resolution: {integrity: sha512-Qlzzx4sE4u3FsHTPQAAQFJFNOuqtuY0LFrZHwQ8IHK705XxBiWOFkfKRWu6niB7hwfgnwIpO4jTC75ozW1PHWg==} + engines: {node: ^18.18.0 || >=20.0.0} + + '@ungap/structured-clone@1.2.0': + resolution: {integrity: sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==} + + '@vincjo/datatables@1.14.10': + resolution: {integrity: sha512-gtojSC/LKDHbh2ZGZeaAQ+lLltcmcSDDLkecgb9WpG7lHmd4b/1HUTtFWAJt43TnaK8SrciGugh9VRRZN53bpw==} + peerDependencies: + svelte: ^3.56.0 || ^4.0.0 || ^5.0.0-next.120 + + '@vinejs/compiler@2.5.0': + resolution: {integrity: sha512-hg4ekaB5Y2zh+IWzBiC/WCDWrIfpVnKu/ubUvelKlidc/VbulsexoFRw5kJGHZenPVI5YzNnDeTdYSALkTV7jQ==} + engines: {node: '>=18.0.0'} + + '@vinejs/vine@1.8.0': + resolution: {integrity: sha512-Qq3XxbA26jzqS9ICifkqzT399lMQZ2fWtqeV3luI2as+UIK7qDifJFU2Q4W3q3IB5VXoWxgwAZSZEO0em9I/qQ==} + engines: {node: '>=18.16.0'} + + '@vitest/coverage-v8@1.6.0': + resolution: {integrity: sha512-KvapcbMY/8GYIG0rlwwOKCVNRc0OL20rrhFkg/CHNzncV03TE2XWvO5w9uZYoxNiMEBacAJt3unSOiZ7svePew==} + peerDependencies: + vitest: 1.6.0 + + '@vitest/expect@1.6.0': + resolution: {integrity: sha512-ixEvFVQjycy/oNgHjqsL6AZCDduC+tflRluaHIzKIsdbzkLn2U/iBnVeJwB6HsIjQBdfMR8Z0tRxKUsvFJEeWQ==} + + '@vitest/runner@1.6.0': + resolution: {integrity: sha512-P4xgwPjwesuBiHisAVz/LSSZtDjOTPYZVmNAnpHHSR6ONrf8eCJOFRvUwdHn30F5M1fxhqtl7QZQUk2dprIXAg==} + + '@vitest/snapshot@1.6.0': + resolution: {integrity: sha512-+Hx43f8Chus+DCmygqqfetcAZrDJwvTj0ymqjQq4CvmpKFSTVteEOBzCusu1x2tt4OJcvBflyHUE0DZSLgEMtQ==} + + '@vitest/spy@1.6.0': + resolution: {integrity: sha512-leUTap6B/cqi/bQkXUu6bQV5TZPx7pmMBKBQiI0rJA8c3pB56ZsaTbREnF7CJfmvAS4V2cXIBAh/3rVwrrCYgw==} + + '@vitest/ui@1.6.0': + resolution: {integrity: sha512-k3Lyo+ONLOgylctiGovRKy7V4+dIN2yxstX3eY5cWFXH6WP+ooVX79YSyi0GagdTQzLmT43BF27T0s6dOIPBXA==} + peerDependencies: + vitest: 1.6.0 + + '@vitest/utils@1.6.0': + resolution: {integrity: sha512-21cPiuGMoMZwiOHa2i4LXkMkMkCGzA+MVFV70jRwHo95dL4x/ts5GZhML1QWuy7yfp3WzK3lRvZi3JnXTYqrBw==} + + '@yarnpkg/fslib@2.10.3': + resolution: {integrity: sha512-41H+Ga78xT9sHvWLlFOZLIhtU6mTGZ20pZ29EiZa97vnxdohJD2AF42rCoAoWfqUz486xY6fhjMH+DYEM9r14A==} + engines: {node: '>=12 <14 || 14.2 - 14.9 || >14.10.0'} + + '@yarnpkg/libzip@2.3.0': + resolution: {integrity: sha512-6xm38yGVIa6mKm/DUCF2zFFJhERh/QWp1ufm4cNUvxsONBmfPg8uZ9pZBdOmF6qFGr/HlT6ABBkCSx/dlEtvWg==} + engines: {node: '>=12 <14 || 14.2 - 14.9 || >14.10.0'} + + accepts@1.3.8: + resolution: {integrity: sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==} + engines: {node: '>= 0.6'} + + acorn-jsx@5.3.2: + resolution: {integrity: sha512-rq9s+JNhf0IChjtDXxllJ7g41oZk5SlXtp0LHwyA5cejwn7vKmKp4pPri6YEePv2PU65sAsegbXtIinmDFDXgQ==} + peerDependencies: + acorn: ^6.0.0 || ^7.0.0 || ^8.0.0 + + acorn-walk@8.3.3: + resolution: {integrity: sha512-MxXdReSRhGO7VlFe1bRG/oI7/mdLV9B9JJT0N8vZOhF7gFRR5l3M8W9G8JxmKV+JC5mGqJ0QvqfSOLsCPa4nUw==} + engines: {node: '>=0.4.0'} + + acorn@8.12.1: + resolution: {integrity: sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==} + engines: {node: '>=0.4.0'} + hasBin: true + + agent-base@7.1.1: + resolution: {integrity: sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==} + engines: {node: '>= 14'} + + aggregate-error@3.1.0: + resolution: {integrity: sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA==} + engines: {node: '>=8'} + + ajv@6.12.6: + resolution: {integrity: sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==} + + ansi-colors@4.1.3: + resolution: {integrity: sha512-/6w/C21Pm1A7aZitlI5Ni/2J6FFQN8i1Cvz3kHABAAbw93v/NlvKdVOqz7CCWz/3iv/JplRSEEZ83XION15ovw==} + engines: {node: '>=6'} + + ansi-regex@5.0.1: + resolution: {integrity: sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==} + engines: {node: '>=8'} + + ansi-regex@6.0.1: + resolution: {integrity: sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==} + engines: {node: '>=12'} + + ansi-styles@3.2.1: + resolution: {integrity: sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==} + engines: {node: '>=4'} + + ansi-styles@4.3.0: + resolution: {integrity: sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==} + engines: {node: '>=8'} + + ansi-styles@5.2.0: + resolution: {integrity: sha512-Cxwpt2SfTzTtXcfOlzGEee8O+c+MmUgGrNiBcXnuWxuFJHe6a5Hz7qwhwe5OgaSYI0IJvkLqWX1ASG+cJOkEiA==} + engines: {node: '>=10'} + + ansi-styles@6.2.1: + resolution: {integrity: sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==} + engines: {node: '>=12'} + + any-promise@1.3.0: + resolution: {integrity: sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==} + + anymatch@3.1.3: + resolution: {integrity: sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==} + engines: {node: '>= 8'} + + arg@5.0.2: + resolution: {integrity: sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==} + + argparse@2.0.1: + resolution: {integrity: sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==} + + aria-query@5.3.0: + resolution: {integrity: sha512-b0P0sZPKtyu8HkeRAfCq0IfURZK+SuwMjY1UXGBU27wpAiTwQAIlq56IbIO+ytk/JjS1fMR14ee5WBBfKi5J6A==} + + arktype@2.0.0-beta.0: + resolution: {integrity: sha512-fE3ssMiXjr/bLqFPzlDhRlXngdyHQreu7p7i8+dtcY1CA+f8WrVUcue6JxywhnqEJXPG4HOcIwQcC+q4VfeUMQ==} + + array-flatten@1.1.1: + resolution: {integrity: sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==} + + array-union@2.1.0: + resolution: {integrity: sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw==} + engines: {node: '>=8'} + + assertion-error@1.1.0: + resolution: {integrity: sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==} + + ast-types@0.16.1: + resolution: {integrity: sha512-6t10qk83GOG8p0vKmaCr8eiilZwO171AvbROMtvvNiwrTly62t+7XkA8RdIIVbpMhCASAsxgAzdRSwh6nw/5Dg==} + engines: {node: '>=4'} + + async-lock@1.4.1: + resolution: {integrity: sha512-Az2ZTpuytrtqENulXwO3GGv1Bztugx6TT37NIo7imr/Qo0gsYiGtSdBa2B6fsXhTpVZDNfu1Qn3pk531e3q+nQ==} + + asynckit@0.4.0: + resolution: {integrity: sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==} + + autoprefixer@10.4.19: + resolution: {integrity: sha512-BaENR2+zBZ8xXhM4pUaKUxlVdxZ0EZhjvbopwnXmxRUfqDmwSpC2lAi/QXvx7NRdPCo1WKEcEF6mV64si1z4Ew==} + engines: {node: ^10 || ^12 || >=14} + hasBin: true + peerDependencies: + postcss: ^8.1.0 + + available-typed-arrays@1.0.7: + resolution: {integrity: sha512-wvUjBtSGN7+7SjNpq/9M2Tg350UZD3q62IFZLbRAR1bSMlCo1ZaeW+BJ+D090e4hIIZLBcTDWe4Mh4jvUDajzQ==} + engines: {node: '>= 0.4'} + + axios@1.7.2: + resolution: {integrity: sha512-2A8QhOMrbomlDuiLeK9XibIBzuHeRcqqNOHp0Cyp5EoJ1IFDh+XZH3A6BkXtv0K4gFGCI0Y4BM7B1wOEi0Rmgw==} + + axobject-query@4.1.0: + resolution: {integrity: sha512-qIj0G9wZbMGNLjLmg1PT6v2mE9AH2zlnADJD/2tC6E00hgmhUOfEB6greHPAfLRSufHqROIUTkw6E+M3lH0PTQ==} + engines: {node: '>= 0.4'} + + babel-core@7.0.0-bridge.0: + resolution: {integrity: sha512-poPX9mZH/5CSanm50Q+1toVci6pv5KSRv/5TWCwtzQS5XEwn40BcCrgIeMFWP9CKKIniKXNxoIOnOq4VVlGXhg==} + peerDependencies: + '@babel/core': ^7.0.0-0 + + babel-plugin-polyfill-corejs2@0.4.11: + resolution: {integrity: sha512-sMEJ27L0gRHShOh5G54uAAPaiCOygY/5ratXuiyb2G46FmlSpc9eFCzYVyDiPxfNbwzA7mYahmjQc5q+CZQ09Q==} + peerDependencies: + '@babel/core': ^7.4.0 || ^8.0.0-0 <8.0.0 + + babel-plugin-polyfill-corejs3@0.10.4: + resolution: {integrity: sha512-25J6I8NGfa5YkCDogHRID3fVCadIR8/pGl1/spvCkzb6lVn6SR3ojpx9nOn9iEBcUsjY24AmdKm5khcfKdylcg==} + peerDependencies: + '@babel/core': ^7.4.0 || ^8.0.0-0 <8.0.0 + + babel-plugin-polyfill-regenerator@0.6.2: + resolution: {integrity: sha512-2R25rQZWP63nGwaAswvDazbPXfrM3HwVoBXK6HcqeKrSrL/JqcC/rDcf95l4r7LXLyxDXc8uQDa064GubtCABg==} + peerDependencies: + '@babel/core': ^7.4.0 || ^8.0.0-0 <8.0.0 + + balanced-match@1.0.2: + resolution: {integrity: sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==} + + base64-js@1.5.1: + resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==} + + before-after-hook@2.2.3: + resolution: {integrity: sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ==} + + binary-extensions@2.3.0: + resolution: {integrity: sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==} + engines: {node: '>=8'} + + bl@4.1.0: + resolution: {integrity: sha512-1W07cM9gS6DcLperZfFSj+bWLtaPGSOHWhPiGzXmvVJbRLdG82sH/Kn8EtW1VqWVA54AKf2h5k5BbnIbwF3h6w==} + + body-parser@1.20.2: + resolution: {integrity: sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==} + engines: {node: '>= 0.8', npm: 1.2.8000 || >= 1.4.16} + + bottleneck@2.19.5: + resolution: {integrity: sha512-VHiNCbI1lKdl44tGrhNfU3lup0Tj/ZBMJB5/2ZbNXRCPuRCO7ed2mgcK4r17y+KB2EfuYuRaVlwNbAeaWGSpbw==} + + brace-expansion@1.1.11: + resolution: {integrity: sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==} + + brace-expansion@2.0.1: + resolution: {integrity: sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==} + + braces@3.0.3: + resolution: {integrity: sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==} + engines: {node: '>=8'} + + browser-assert@1.2.1: + resolution: {integrity: sha512-nfulgvOR6S4gt9UKCeGJOuSGBPGiFT6oQ/2UBnvTY/5aQ1PnksW72fhZkM30DzoRRv2WpwZf1vHHEr3mtuXIWQ==} + + browserslist@4.23.2: + resolution: {integrity: sha512-qkqSyistMYdxAcw+CzbZwlBy8AGmS/eEWs+sEV5TnLRGDOL+C5M2EnH6tlZyg0YoAxGJAFKh61En9BR941GnHA==} + engines: {node: ^6 || ^7 || ^8 || ^9 || ^10 || ^11 || ^12 || >=13.7} + hasBin: true + + btoa-lite@1.0.0: + resolution: {integrity: sha512-gvW7InbIyF8AicrqWoptdW08pUxuhq8BEgowNajy9RhiE86fmGAGl+bLKo6oB8QP0CkqHLowfN0oJdKC/J6LbA==} + + buffer-crc32@1.0.0: + resolution: {integrity: sha512-Db1SbgBS/fg/392AblrMJk97KggmvYhr4pB5ZIMTWtaivCPMWLkmb7m21cJvpvgK+J3nsU2CmmixNBZx4vFj/w==} + engines: {node: '>=8.0.0'} + + buffer-equal-constant-time@1.0.1: + resolution: {integrity: sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==} + + buffer-from@1.1.2: + resolution: {integrity: sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==} + + buffer@5.7.1: + resolution: {integrity: sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==} + + builtin-modules@3.3.0: + resolution: {integrity: sha512-zhaCDicdLuWN5UbN5IMnFqNMhNfo919sH85y2/ea+5Yg9TsTkeZxpL+JLbp6cgYFS4sRLp3YV4S6yDuqVWHYOw==} + engines: {node: '>=6'} + + bytes@3.1.2: + resolution: {integrity: sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==} + engines: {node: '>= 0.8'} + + cac@6.7.14: + resolution: {integrity: sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==} + engines: {node: '>=8'} + + call-bind@1.0.7: + resolution: {integrity: sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==} + engines: {node: '>= 0.4'} + + callsites@3.1.0: + resolution: {integrity: sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==} + engines: {node: '>=6'} + + camelcase-css@2.0.1: + resolution: {integrity: sha512-QOSvevhslijgYwRx6Rv7zKdMF8lbRmx+uQGx2+vDc+KI/eBnsy9kit5aj23AgGu3pa4t9AgwbnXWqS+iOY+2aA==} + engines: {node: '>= 6'} + + camelcase@8.0.0: + resolution: {integrity: sha512-8WB3Jcas3swSvjIeA2yvCJ+Miyz5l1ZmB6HFb9R1317dt9LCQoswg/BGrmAmkWVEszSrrg4RwmO46qIm2OEnSA==} + engines: {node: '>=16'} + + caniuse-lite@1.0.30001642: + resolution: {integrity: sha512-3XQ0DoRgLijXJErLSl+bLnJ+Et4KqV1PY6JJBGAFlsNsz31zeAIncyeZfLCabHK/jtSh+671RM9YMldxjUPZtA==} + + chai@4.4.1: + resolution: {integrity: sha512-13sOfMv2+DWduEU+/xbun3LScLoqN17nBeTLUsmDfKdoiC1fr0n9PU4guu4AhRcOVFk/sW8LyZWHuhWtQZiF+g==} + engines: {node: '>=4'} + + chalk@2.4.2: + resolution: {integrity: sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==} + engines: {node: '>=4'} + + chalk@3.0.0: + resolution: {integrity: sha512-4D3B6Wf41KOYRFdszmDqMCGq5VV/uMAB273JILmO+3jAlh8X4qDtdtgCR3fxtbLEMzSx22QdhnDcJvu2u1fVwg==} + engines: {node: '>=8'} + + chalk@4.1.2: + resolution: {integrity: sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==} + engines: {node: '>=10'} + + chalk@5.3.0: + resolution: {integrity: sha512-dLitG79d+GV1Nb/VYcCDFivJeK1hiukt9QjRNVOsUtTy1rR1YJsmpGGTZ3qJos+uw7WmWF4wUwBd9jxjocFC2w==} + engines: {node: ^12.17.0 || ^14.13 || >=16.0.0} + + check-error@1.0.3: + resolution: {integrity: sha512-iKEoDYaRmd1mxM90a2OEfWhjsjPpYPuQ+lMYsoxB126+t8fw7ySEO48nmDg5COTjxDI65/Y2OWpeEHk3ZOe8zg==} + + chokidar@3.6.0: + resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==} + engines: {node: '>= 8.10.0'} + + chownr@2.0.0: + resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} + engines: {node: '>=10'} + + citty@0.1.6: + resolution: {integrity: sha512-tskPPKEs8D2KPafUypv2gxwJP8h/OaJmC82QQGGDQcHvXX43xF2VDACcJVmZ0EuSxkpO9Kc4MlrA3q0+FG58AQ==} + + clean-git-ref@2.0.1: + resolution: {integrity: sha512-bLSptAy2P0s6hU4PzuIMKmMJJSE6gLXGH1cntDu7bWJUksvuM+7ReOK61mozULErYvP6a15rnYl0zFDef+pyPw==} + + clean-stack@2.2.0: + resolution: {integrity: sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==} + engines: {node: '>=6'} + + cli-cursor@3.1.0: + resolution: {integrity: sha512-I/zHAwsKf9FqGoXM4WWRACob9+SNukZTd94DWF57E4toouRulbCxcUh6RKUEOQlYTHJnzkPMySvPNaaSLNfLZw==} + engines: {node: '>=8'} + + cli-spinners@2.9.2: + resolution: {integrity: sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg==} + engines: {node: '>=6'} + + clone-deep@4.0.1: + resolution: {integrity: sha512-neHB9xuzh/wk0dIHweyAXv2aPGZIVk3pLMe+/RNzINf17fe0OG96QroktYAUm7SM1PBnzTabaLboqqxDyMU+SQ==} + engines: {node: '>=6'} + + clone@1.0.4: + resolution: {integrity: sha512-JQHZ2QMW6l3aH/j6xCqQThY/9OH4D/9ls34cgkUBiEeocRTU04tHfKPBsUK1PqZCUQM7GiA0IIXJSuXHI64Kbg==} + engines: {node: '>=0.8'} + + code-red@1.0.4: + resolution: {integrity: sha512-7qJWqItLA8/VPVlKJlFXU+NBlo/qyfs39aJcuMT/2ere32ZqvF5OSxgdM5xOfJJ7O429gg2HM47y8v9P+9wrNw==} + + color-convert@1.9.3: + resolution: {integrity: sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==} + + color-convert@2.0.1: + resolution: {integrity: sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==} + engines: {node: '>=7.0.0'} + + color-name@1.1.3: + resolution: {integrity: sha512-72fSenhMw2HZMTVHeCA9KCmpEIbzWiQsjN+BHcBbS9vr1mtt+vJjPdksIBNUmKAW8TFUDPJK5SUU3QhE9NEXDw==} + + color-name@1.1.4: + resolution: {integrity: sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==} + + combined-stream@1.0.8: + resolution: {integrity: sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==} + engines: {node: '>= 0.8'} + + commander@11.1.0: + resolution: {integrity: sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==} + engines: {node: '>=16'} + + commander@12.1.0: + resolution: {integrity: sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==} + engines: {node: '>=18'} + + commander@4.1.1: + resolution: {integrity: sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==} + engines: {node: '>= 6'} + + commander@6.2.1: + resolution: {integrity: sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==} + engines: {node: '>= 6'} + + commondir@1.0.1: + resolution: {integrity: sha512-W9pAhw0ja1Edb5GVdIF1mjZw/ASI0AlShXM83UUGe2DVr5TdAPEA1OA8m/g8zWp9x6On7gqufY+FatDbC3MDQg==} + + concat-map@0.0.1: + resolution: {integrity: sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==} + + confbox@0.1.7: + resolution: {integrity: sha512-uJcB/FKZtBMCJpK8MQji6bJHgu1tixKPxRLeGkNzBoOZzpnZUJm0jm2/sBDWcuBx1dYgxV4JU+g5hmNxCyAmdA==} + + consola@3.2.3: + resolution: {integrity: sha512-I5qxpzLv+sJhTVEoLYNcTW+bThDCPsit0vLNKShZx6rLtpilNpmmeTPaeqJb9ZE9dV3DGaeby6Vuhrw38WjeyQ==} + engines: {node: ^14.18.0 || >=16.10.0} + + content-disposition@0.5.4: + resolution: {integrity: sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==} + engines: {node: '>= 0.6'} + + content-type@1.0.5: + resolution: {integrity: sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==} + engines: {node: '>= 0.6'} + + convert-source-map@2.0.0: + resolution: {integrity: sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==} + + cookie-signature@1.0.6: + resolution: {integrity: sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ==} + + cookie@0.6.0: + resolution: {integrity: sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==} + engines: {node: '>= 0.6'} + + core-js-compat@3.37.1: + resolution: {integrity: sha512-9TNiImhKvQqSUkOvk/mMRZzOANTiEVC7WaBNhHcKM7x+/5E1l5NvsysR19zuDQScE8k+kfQXWRN3AtS/eOSHpg==} + + crc-32@1.2.2: + resolution: {integrity: sha512-ROmzCKrTnOwybPcJApAA6WBWij23HVfGVNKqqrZpuyZOHqK2CwHSvpGuyt/UNNvaIjEd8X5IFGp4Mh+Ie1IHJQ==} + engines: {node: '>=0.8'} + hasBin: true + + cross-spawn@7.0.3: + resolution: {integrity: sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==} + engines: {node: '>= 8'} + + crypto-random-string@4.0.0: + resolution: {integrity: sha512-x8dy3RnvYdlUcPOjkEHqozhiwzKNSq7GcPuXFbnyMOCHxX8V3OgIg/pYuabl2sbUPfIJaeAQB7PMOK8DFIdoRA==} + engines: {node: '>=12'} + + css-tree@2.3.1: + resolution: {integrity: sha512-6Fv1DV/TYw//QF5IzQdqsNDjx/wc8TrMBZsqjL9eW01tWb7R7k/mq+/VXfJCl7SoD5emsJop9cOByJZfs8hYIw==} + engines: {node: ^10 || ^12.20.0 || ^14.13.0 || >=15.0.0} + + css.escape@1.5.1: + resolution: {integrity: sha512-YUifsXXuknHlUsmlgyY0PKzgPOr7/FjCePfHNt0jxm83wHZi44VDMQ7/fGNkjY3/jV1MC+1CmZbaHzugyeRtpg==} + + cssesc@3.0.0: + resolution: {integrity: sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg==} + engines: {node: '>=4'} + hasBin: true + + cssstyle@4.0.1: + resolution: {integrity: sha512-8ZYiJ3A/3OkDd093CBT/0UKDWry7ak4BdPTFP2+QEP7cmhouyq/Up709ASSj2cK02BbZiMgk7kYjZNS4QP5qrQ==} + engines: {node: '>=18'} + + csstype@3.1.3: + resolution: {integrity: sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw==} + + data-urls@5.0.0: + resolution: {integrity: sha512-ZYP5VBHshaDAiVZxjbRVcFJpc+4xGgT0bK3vzy1HLN8jTO975HEbuYzZJcHoQEY5K1a0z8YayJkyVETa08eNTg==} + engines: {node: '>=18'} + + dayjs@1.11.12: + resolution: {integrity: sha512-Rt2g+nTbLlDWZTwwrIXjy9MeiZmSDI375FvZs72ngxx8PDC6YXOeR3q5LAuPzjZQxhiWdRKac7RKV+YyQYfYIg==} + + debug@2.6.9: + resolution: {integrity: sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==} + peerDependencies: + supports-color: '*' + peerDependenciesMeta: + supports-color: + optional: true + + debug@4.3.5: + resolution: {integrity: sha512-pt0bNEmneDIvdL1Xsd9oDQ/wrQRkXDT4AUWlNZNPKvW5x/jyO9VFXkJUP07vQ2upmw5PlaITaPKc31jK13V+jg==} + engines: {node: '>=6.0'} + peerDependencies: + supports-color: '*' + peerDependenciesMeta: + supports-color: + optional: true + + decimal.js@10.4.3: + resolution: {integrity: sha512-VBBaLc1MgL5XpzgIP7ny5Z6Nx3UrRkIViUkPUdtl9aya5amy3De1gsUUSB1g3+3sExYNjCAsAznmukyxCb1GRA==} + + dedent@1.5.1: + resolution: {integrity: sha512-+LxW+KLWxu3HW3M2w2ympwtqPrqYRzU8fqi6Fhd18fBALe15blJPI/I4+UHveMVG6lJqB4JNd4UG0S5cnVHwIg==} + peerDependencies: + babel-plugin-macros: ^3.1.0 + peerDependenciesMeta: + babel-plugin-macros: + optional: true + + deep-eql@4.1.4: + resolution: {integrity: sha512-SUwdGfqdKOwxCPeVYjwSyRpJ7Z+fhpwIAtmCUdZIWZ/YP5R9WAsyuSgpLVDi9bjWoN2LXHNss/dk3urXtdQxGg==} + engines: {node: '>=6'} + + deep-is@0.1.4: + resolution: {integrity: sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ==} + + deepmerge-ts@5.1.0: + resolution: {integrity: sha512-eS8dRJOckyo9maw9Tu5O5RUi/4inFLrnoLkBe3cPfDMx3WZioXtmOew4TXQaxq7Rhl4xjDtR7c6x8nNTxOvbFw==} + engines: {node: '>=16.0.0'} + + deepmerge@4.3.1: + resolution: {integrity: sha512-3sUqbMEc77XqpdNO7FRyRog+eW3ph+GYCbj+rK+uYyRMuwsVy0rMiVtPn+QJlKFvWP/1PYpapqYn0Me2knFn+A==} + engines: {node: '>=0.10.0'} + + defaults@1.0.4: + resolution: {integrity: sha512-eFuaLoy/Rxalv2kr+lqMlUnrDWV+3j4pljOIJgLIhI058IQfWJ7vXhyEIHu+HtC738klGALYxOKDO0bQP3tg8A==} + + define-data-property@1.1.4: + resolution: {integrity: sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==} + engines: {node: '>= 0.4'} + + defu@6.1.4: + resolution: {integrity: sha512-mEQCMmwJu317oSz8CwdIOdwf3xMif1ttiM8LTufzc3g6kR+9Pe236twL8j3IYT1F7GfRgGcW6MWxzZjLIkuHIg==} + + delayed-stream@1.0.0: + resolution: {integrity: sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==} + engines: {node: '>=0.4.0'} + + depd@2.0.0: + resolution: {integrity: sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==} + engines: {node: '>= 0.8'} + + deprecation@2.3.1: + resolution: {integrity: sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ==} + + dequal@2.0.3: + resolution: {integrity: sha512-0je+qPKHEMohvfRTCEo3CrPG6cAzAYgmzKyxRiYSSDkS6eGJdyVJm7WaYA5ECaAD9wLB2T4EEeymA5aFVcYXCA==} + engines: {node: '>=6'} + + destroy@1.2.0: + resolution: {integrity: sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==} + engines: {node: '>= 0.8', npm: 1.2.8000 || >= 1.4.16} + + detect-indent@6.1.0: + resolution: {integrity: sha512-reYkTUJAZb9gUuZ2RvVCNhVHdg62RHnJ7WJl8ftMi4diZ6NWlciOzQN88pUhSELEwflJht4oQDv0F0BMlwaYtA==} + engines: {node: '>=8'} + + devalue@5.0.0: + resolution: {integrity: sha512-gO+/OMXF7488D+u3ue+G7Y4AA3ZmUnB3eHJXmBTgNHvr4ZNzl36A0ZtG+XCRNYCkYx/bFmw4qtkoFLa+wSrwAA==} + + didyoumean@1.2.2: + resolution: {integrity: sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==} + + diff-sequences@29.6.3: + resolution: {integrity: sha512-EjePK1srD3P08o2j4f0ExnylqRs5B9tJjcp9t1krH2qRi8CCdsYfwe9JgSLurFBWwq4uOlipzfk5fHNvwFKr8Q==} + engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} + + diff3@0.0.4: + resolution: {integrity: sha512-f1rQ7jXDn/3i37hdwRk9ohqcvLRH3+gEIgmA6qEM280WUOh7cOr3GXV8Jm5sPwUs46Nzl48SE8YNLGJoaLuodg==} + + dir-glob@3.0.1: + resolution: {integrity: sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA==} + engines: {node: '>=8'} + + dlv@1.1.3: + resolution: {integrity: sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==} + + doctrine@3.0.0: + resolution: {integrity: sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==} + engines: {node: '>=6.0.0'} + + dom-accessibility-api@0.5.16: + resolution: {integrity: sha512-X7BJ2yElsnOJ30pZF4uIIDfBEVgF4XEBxL9Bxhy6dnrm5hkzqmsWHGTiHqRiITNhMyFLyAiWndIJP7Z1NTteDg==} + + dom-accessibility-api@0.6.3: + resolution: {integrity: sha512-7ZgogeTnjuHbo+ct10G9Ffp0mif17idi0IyWNVA/wcwcm7NPOD/WEHVP3n7n3MhXqxoIYm8d6MuZohYWIZ4T3w==} + + dom-serializer@1.4.1: + resolution: {integrity: sha512-VHwB3KfrcOOkelEG2ZOfxqLZdfkil8PtJi4P8N2MMXucZq2yLp75ClViUlOVwyoHEDjYU433Aq+5zWP61+RGag==} + + domelementtype@2.3.0: + resolution: {integrity: sha512-OLETBj6w0OsagBwdXnPdN0cnMfF9opN69co+7ZrbfPGrdpPVNBUj02spi6B1N7wChLQiPn4CSH/zJvXw56gmHw==} + + domhandler@3.3.0: + resolution: {integrity: sha512-J1C5rIANUbuYK+FuFL98650rihynUOEzRLxW+90bKZRWB6A1X1Tf82GxR1qAWLyfNPRvjqfip3Q5tdYlmAa9lA==} + engines: {node: '>= 4'} + + domhandler@4.3.1: + resolution: {integrity: sha512-GrwoxYN+uWlzO8uhUXRl0P+kHE4GtVPfYzVLcUxPL7KNdHKj66vvlhiweIHqYYXWlw+T8iLMp42Lm67ghw4WMQ==} + engines: {node: '>= 4'} + + domhandler@5.0.3: + resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==} + engines: {node: '>= 4'} + + domutils@2.8.0: + resolution: {integrity: sha512-w96Cjofp72M5IIhpjgobBimYEfoPjx1Vx0BSX9P30WBdZW2WIKU0T1Bd0kz2eNZ9ikjKgHbEyKx8BB6H1L3h3A==} + + dotenv@16.4.5: + resolution: {integrity: sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==} + engines: {node: '>=12'} + + eastasianwidth@0.2.0: + resolution: {integrity: sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==} + + ecdsa-sig-formatter@1.0.11: + resolution: {integrity: sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==} + + echarts@5.5.1: + resolution: {integrity: sha512-Fce8upazaAXUVUVsjgV6mBnGuqgO+JNDlcgF79Dksy4+wgGpQB2lmYoO4TSweFg/mZITdpGHomw/cNBJZj1icA==} + + ee-first@1.1.1: + resolution: {integrity: sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==} + + electron-to-chromium@1.4.829: + resolution: {integrity: sha512-5qp1N2POAfW0u1qGAxXEtz6P7bO1m6gpZr5hdf5ve6lxpLM7MpiM4jIPz7xcrNlClQMafbyUDDWjlIQZ1Mw0Rw==} + + emoji-regex@8.0.0: + resolution: {integrity: sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==} + + emoji-regex@9.2.2: + resolution: {integrity: sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==} + + encodeurl@1.0.2: + resolution: {integrity: sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==} + engines: {node: '>= 0.8'} + + enquirer@2.4.1: + resolution: {integrity: sha512-rRqJg/6gd538VHvR3PSrdRBb/1Vy2YfzHqzvbhGIQpDRKIa4FgV/54b5Q1xYSxOOwKvjXweS26E0Q+nAMwp2pQ==} + engines: {node: '>=8.6'} + + entities@2.2.0: + resolution: {integrity: sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==} + + entities@4.5.0: + resolution: {integrity: sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==} + engines: {node: '>=0.12'} + + envinfo@7.13.0: + resolution: {integrity: sha512-cvcaMr7KqXVh4nyzGTVqTum+gAiL265x5jUWQIDLq//zOGbW+gSW/C+OWLleY/rs9Qole6AZLMXPbtIFQbqu+Q==} + engines: {node: '>=4'} + hasBin: true + + es-define-property@1.0.0: + resolution: {integrity: sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==} + engines: {node: '>= 0.4'} + + es-errors@1.3.0: + resolution: {integrity: sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==} + engines: {node: '>= 0.4'} + + es-module-lexer@1.5.4: + resolution: {integrity: sha512-MVNK56NiMrOwitFB7cqDwq0CQutbw+0BvLshJSse0MUNU+y1FC3bUS/AQg7oUng+/wKrrki7JfmwtVHkVfPLlw==} + + es6-promise@3.3.1: + resolution: {integrity: sha512-SOp9Phqvqn7jtEUxPWdWfWoLmyt2VaJ6MpvP9Comy1MceMXqE6bxvaTu4iaxpYYPzhny28Lc+M87/c2cPK6lDg==} + + esbuild-register@3.5.0: + resolution: {integrity: sha512-+4G/XmakeBAsvJuDugJvtyF1x+XJT4FMocynNpxrvEBViirpfUn2PgNpCHedfWhF4WokNsO/OvMKrmJOIJsI5A==} + peerDependencies: + esbuild: '>=0.12 <1' + + esbuild-runner@2.2.2: + resolution: {integrity: sha512-fRFVXcmYVmSmtYm2mL8RlUASt2TDkGh3uRcvHFOKNr/T58VrfVeKD9uT9nlgxk96u0LS0ehS/GY7Da/bXWKkhw==} + hasBin: true + peerDependencies: + esbuild: '*' + + esbuild@0.21.5: + resolution: {integrity: sha512-mg3OPMV4hXywwpoDxu3Qda5xCKQi+vCTZq8S9J/EpkhB2HzKXq4SNFZE3+NK93JYxc8VMSep+lOUSC/RVKaBqw==} + engines: {node: '>=12'} + hasBin: true + + esbuild@0.23.0: + resolution: {integrity: sha512-1lvV17H2bMYda/WaFb2jLPeHU3zml2k4/yagNMG8Q/YtfMjCwEUZa2eXXMgZTVSL5q1n4H7sQ0X6CdJDqqeCFA==} + engines: {node: '>=18'} + hasBin: true + + escalade@3.1.2: + resolution: {integrity: sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==} + engines: {node: '>=6'} + + escape-html@1.0.3: + resolution: {integrity: sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==} + + escape-string-regexp@1.0.5: + resolution: {integrity: sha512-vbRorB5FUQWvla16U8R/qgaFIya2qGzwDrNmCZuYKrbdSUMG6I1ZCGQRefkRVhuOkIGVne7BQ35DSfo1qvJqFg==} + engines: {node: '>=0.8.0'} + + escape-string-regexp@4.0.0: + resolution: {integrity: sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==} + engines: {node: '>=10'} + + eslint-compat-utils@0.5.1: + resolution: {integrity: sha512-3z3vFexKIEnjHE3zCMRo6fn/e44U7T1khUjg+Hp0ZQMCigh28rALD0nPFBcGZuiLC5rLZa2ubQHDRln09JfU2Q==} + engines: {node: '>=12'} + peerDependencies: + eslint: '>=6.0.0' + + eslint-config-prettier@9.1.0: + resolution: {integrity: sha512-NSWl5BFQWEPi1j4TjVNItzYV7dZXZ+wP6I6ZhrBGpChQhZRUaElihE9uRRkcbRnNb76UMKDF3r+WTmNcGPKsqw==} + hasBin: true + peerDependencies: + eslint: '>=7.0.0' + + eslint-plugin-storybook@0.8.0: + resolution: {integrity: sha512-CZeVO5EzmPY7qghO2t64oaFM+8FTaD4uzOEjHKp516exyTKo+skKAL9GI3QALS2BXhyALJjNtwbmr1XinGE8bA==} + engines: {node: '>= 18'} + peerDependencies: + eslint: '>=6' + + eslint-plugin-svelte@2.42.0: + resolution: {integrity: sha512-mHP6z0DWq97KZvoQcApZHdF9m9epcDV/ICKufeEH18Vh+8vl7S+gwt8WdUohEqKNVMuXRkbvy1suMcVvUDiOGw==} + engines: {node: ^14.17.0 || >=16.0.0} + peerDependencies: + eslint: ^7.0.0 || ^8.0.0-0 || ^9.0.0-0 + svelte: ^3.37.0 || ^4.0.0 || ^5.0.0-next.181 + peerDependenciesMeta: + svelte: + optional: true + + eslint-scope@5.1.1: + resolution: {integrity: sha512-2NxwbF/hZ0KpepYN0cNbo+FN6XoK7GaHlQhgx/hIZl6Va0bF45RQOOwhLIy8lQDbuCiadSLCBnH2CFYquit5bw==} + engines: {node: '>=8.0.0'} + + eslint-scope@7.2.2: + resolution: {integrity: sha512-dOt21O7lTMhDM+X9mB4GX+DZrZtCUJPL/wlcTqxyrx5IvO0IYtILdtrQGQp+8n5S0gwSVmOf9NQrjMOgfQZlIg==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + eslint-utils@3.0.0: + resolution: {integrity: sha512-uuQC43IGctw68pJA1RgbQS8/NP7rch6Cwd4j3ZBtgo4/8Flj4eGE7ZYSZRN3iq5pVUv6GPdW5Z1RFleo84uLDA==} + engines: {node: ^10.0.0 || ^12.0.0 || >= 14.0.0} + peerDependencies: + eslint: '>=5' + + eslint-visitor-keys@2.1.0: + resolution: {integrity: sha512-0rSmRBzXgDzIsD6mGdJgevzgezI534Cer5L/vyMX0kHzT/jiB43jRhd9YUlMGYLQy2zprNmoT8qasCGtY+QaKw==} + engines: {node: '>=10'} + + eslint-visitor-keys@3.4.3: + resolution: {integrity: sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + eslint@8.4.1: + resolution: {integrity: sha512-TxU/p7LB1KxQ6+7aztTnO7K0i+h0tDi81YRY9VzB6Id71kNz+fFYnf5HD5UOQmxkzcoa0TlVZf9dpMtUv0GpWg==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + hasBin: true + + eslint@8.57.0: + resolution: {integrity: sha512-dZ6+mexnaTIbSBZWgou51U6OmzIhYM2VcNdtiTtI7qPNZm35Akpr0f6vtw3w1Kmn5PYo+tZVfh13WrhpS6oLqQ==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + hasBin: true + + esm-env@1.0.0: + resolution: {integrity: sha512-Cf6VksWPsTuW01vU9Mk/3vRue91Zevka5SjyNf3nEpokFRuqt/KjUQoGAwq9qMmhpLTHmXzSIrFRw8zxWzmFBA==} + + espree@9.2.0: + resolution: {integrity: sha512-oP3utRkynpZWF/F2x/HZJ+AGtnIclaR7z1pYPxy7NYM2fSO6LgK/Rkny8anRSPK/VwEA1eqm2squui0T7ZMOBg==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + espree@9.6.1: + resolution: {integrity: sha512-oruZaFkjorTpF32kDSI5/75ViwGeZginGGy2NoOSg3Q9bnwlnmDm4HLnkl0RE3n+njDXR037aY1+x58Z/zFdwQ==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + + esprima@4.0.1: + resolution: {integrity: sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==} + engines: {node: '>=4'} + hasBin: true + + esquery@1.6.0: + resolution: {integrity: sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==} + engines: {node: '>=0.10'} + + esrecurse@4.3.0: + resolution: {integrity: sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==} + engines: {node: '>=4.0'} + + estraverse@4.3.0: + resolution: {integrity: sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==} + engines: {node: '>=4.0'} + + estraverse@5.3.0: + resolution: {integrity: sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA==} + engines: {node: '>=4.0'} + + estree-walker@2.0.2: + resolution: {integrity: sha512-Rfkk/Mp/DL7JVje3u18FxFujQlTNR2q6QfMSMB7AvCBx91NGj/ba3kCfza0f6dVDbw7YlRf/nDrn7pQrCCyQ/w==} + + estree-walker@3.0.3: + resolution: {integrity: sha512-7RUKfXgSMMkzt6ZuXmqapOurLGPPfgj6l9uRZ7lRGolvk0y2yocc35LdcxKC5PQZdn2DMqioAQ2NoWcrTKmm6g==} + + esutils@2.0.3: + resolution: {integrity: sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==} + engines: {node: '>=0.10.0'} + + etag@1.8.1: + resolution: {integrity: sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==} + engines: {node: '>= 0.6'} + + execa@5.1.1: + resolution: {integrity: sha512-8uSpZZocAZRBAPIEINJj3Lo9HyGitllczc27Eh5YYojjMFMn8yHMDMaUHE2Jqfq05D/wucwI4JGURyXt1vchyg==} + engines: {node: '>=10'} + + execa@8.0.1: + resolution: {integrity: sha512-VyhnebXciFV2DESc+p6B+y0LjSm0krU4OgJN44qFAhBY0TJ+1V61tYD2+wHusZ6F9n5K+vl8k0sTy7PEfV4qpg==} + engines: {node: '>=16.17'} + + express@4.19.2: + resolution: {integrity: sha512-5T6nhjsT+EOMzuck8JjBHARTHfMht0POzlA60WV2pMD3gyXw2LZnZ+ueGdNxG+0calOJcWKbpFcuzLZ91YWq9Q==} + engines: {node: '>= 0.10.0'} + + fast-deep-equal@3.1.3: + resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==} + + fast-glob@3.3.2: + resolution: {integrity: sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==} + engines: {node: '>=8.6.0'} + + fast-json-stable-stringify@2.1.0: + resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==} + + fast-levenshtein@2.0.6: + resolution: {integrity: sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==} + + fastq@1.17.1: + resolution: {integrity: sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==} + + fd-package-json@1.2.0: + resolution: {integrity: sha512-45LSPmWf+gC5tdCQMNH4s9Sr00bIkiD9aN7dc5hqkrEw1geRYyDQS1v1oMHAW3ysfxfndqGsrDREHHjNNbKUfA==} + + fflate@0.8.2: + resolution: {integrity: sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==} + + file-entry-cache@6.0.1: + resolution: {integrity: sha512-7Gps/XWymbLk2QLYK4NzpMOrYjMhdIxXuIvy2QBsLE6ljuodKvdkWs/cpyJJ3CVIVpH0Oi1Hvg1ovbMzLdFBBg==} + engines: {node: ^10.12.0 || >=12.0.0} + + fill-range@7.1.1: + resolution: {integrity: sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==} + engines: {node: '>=8'} + + finalhandler@1.2.0: + resolution: {integrity: sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==} + engines: {node: '>= 0.8'} + + find-cache-dir@2.1.0: + resolution: {integrity: sha512-Tq6PixE0w/VMFfCgbONnkiQIVol/JJL7nRMi20fqzA4NRs9AfeqMGeRdPi3wIhYkxjeBaWh2rxwapn5Tu3IqOQ==} + engines: {node: '>=6'} + + find-cache-dir@3.3.2: + resolution: {integrity: sha512-wXZV5emFEjrridIgED11OoUKLxiYjAcqot/NJdAkOhlJ+vGzwhOAfcG5OX1jP+S0PcjEn8bdMJv+g2jwQ3Onig==} + engines: {node: '>=8'} + + find-up@3.0.0: + resolution: {integrity: sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg==} + engines: {node: '>=6'} + + find-up@4.1.0: + resolution: {integrity: sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==} + engines: {node: '>=8'} + + find-up@5.0.0: + resolution: {integrity: sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==} + engines: {node: '>=10'} + + flat-cache@3.2.0: + resolution: {integrity: sha512-CYcENa+FtcUKLmhhqyctpclsq7QF38pKjZHsGNiSQF5r4FtoKDWabFDl3hzaEQMvT1LHEysw5twgLvpYYb4vbw==} + engines: {node: ^10.12.0 || >=12.0.0} + + flatted@3.3.1: + resolution: {integrity: sha512-X8cqMLLie7KsNUDSdzeN8FYK9rEt4Dt67OsG/DNGnYTSDBG4uFAJFBnUeiV+zCVAvwFy56IjM9sH51jVaEhNxw==} + + flow-parser@0.241.0: + resolution: {integrity: sha512-82yKXpz7iWknWFsognZUf5a6mBQLnVrYoYSU9Nbu7FTOpKlu3v9ehpiI9mYXuaIO3J0ojX1b83M/InXvld9HUw==} + engines: {node: '>=0.4.0'} + + follow-redirects@1.15.6: + resolution: {integrity: sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==} + engines: {node: '>=4.0'} + peerDependencies: + debug: '*' + peerDependenciesMeta: + debug: + optional: true + + for-each@0.3.3: + resolution: {integrity: sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==} + + foreground-child@3.2.1: + resolution: {integrity: sha512-PXUUyLqrR2XCWICfv6ukppP96sdFwWbNEnfEMt7jNsISjMsvaLNinAHNDYyvkyU+SZG2BTSbT5NjG+vZslfGTA==} + engines: {node: '>=14'} + + form-data@4.0.0: + resolution: {integrity: sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==} + engines: {node: '>= 6'} + + forwarded@0.2.0: + resolution: {integrity: sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==} + engines: {node: '>= 0.6'} + + fraction.js@4.3.7: + resolution: {integrity: sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==} + + fresh@0.5.2: + resolution: {integrity: sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==} + engines: {node: '>= 0.6'} + + fs-extra@11.2.0: + resolution: {integrity: sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw==} + engines: {node: '>=14.14'} + + fs-minipass@2.1.0: + resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==} + engines: {node: '>= 8'} + + fs.realpath@1.0.0: + resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} + + fsevents@2.3.2: + resolution: {integrity: sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==} + engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0} + os: [darwin] + + fsevents@2.3.3: + resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==} + engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0} + os: [darwin] + + function-bind@1.1.2: + resolution: {integrity: sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==} + + functional-red-black-tree@1.0.1: + resolution: {integrity: sha512-dsKNQNdj6xA3T+QlADDA7mOSlX0qiMINjn0cgr+eGHGsbSHzTabcIogz2+p/iqP1Xs6EP/sS2SbqH+brGTbq0g==} + + gensync@1.0.0-beta.2: + resolution: {integrity: sha512-3hN7NaskYvMDLQY55gnW3NQ+mesEAepTqlg+VEbj7zzqEMBVNhzcGYYeqFo/TlYz6eQiFcp1HcsCZO+nGgS8zg==} + engines: {node: '>=6.9.0'} + + get-func-name@2.0.2: + resolution: {integrity: sha512-8vXOvuE167CtIc3OyItco7N/dpRtBbYOsPsXCz7X/PMnlGjYjSGuZJgM1Y7mmew7BKf9BqvLX2tnOVy1BBUsxQ==} + + get-intrinsic@1.2.4: + resolution: {integrity: sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==} + engines: {node: '>= 0.4'} + + get-stream@6.0.1: + resolution: {integrity: sha512-ts6Wi+2j3jQjqi70w5AlN8DFnkSwC+MqmxEzdEALB2qXZYV3X/b1CTfgPLGJNMeAWxdPfU8FO1ms3NUfaHCPYg==} + engines: {node: '>=10'} + + get-stream@8.0.1: + resolution: {integrity: sha512-VaUJspBffn/LMCJVoMvSAdmscJyS1auj5Zulnn5UoYcY531UWmdwhRWkcGKnGU93m5HSXP9LP2usOryrBtQowA==} + engines: {node: '>=16'} + + giget@1.2.3: + resolution: {integrity: sha512-8EHPljDvs7qKykr6uw8b+lqLiUc/vUg+KVTI0uND4s63TdsZM2Xus3mflvF0DDG9SiM4RlCkFGL+7aAjRmV7KA==} + hasBin: true + + github-slugger@2.0.0: + resolution: {integrity: sha512-IaOQ9puYtjrkq7Y0Ygl9KDZnrf/aiUJYUpVf89y8kyaxbRG7Y1SrX/jaumrv81vc61+kiMempujsM3Yw7w5qcw==} + + glob-parent@5.1.2: + resolution: {integrity: sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==} + engines: {node: '>= 6'} + + glob-parent@6.0.2: + resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==} + engines: {node: '>=10.13.0'} + + glob@10.4.5: + resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==} + hasBin: true + + glob@7.2.3: + resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} + deprecated: Glob versions prior to v9 are no longer supported + + globals@11.12.0: + resolution: {integrity: sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==} + engines: {node: '>=4'} + + globals@13.24.0: + resolution: {integrity: sha512-AhO5QUcj8llrbG09iWhPU2B204J1xnPeL8kQmVorSsy+Sjj1sk8gIyh6cUocGmH4L0UuhAJy+hJMRA4mgA4mFQ==} + engines: {node: '>=8'} + + globalyzer@0.1.0: + resolution: {integrity: sha512-40oNTM9UfG6aBmuKxk/giHn5nQ8RVz/SS4Ir6zgzOv9/qC3kKZ9v4etGTcJbEl/NyVQH7FGU7d+X1egr57Md2Q==} + + globby@11.1.0: + resolution: {integrity: sha512-jhIXaOzy1sb8IyocaruWSn1TjmnBVs8Ayhcy83rmxNJ8q2uWKCAj3CnJY+KpGSXCueAPc0i05kVvVKtP1t9S3g==} + engines: {node: '>=10'} + + globby@14.0.2: + resolution: {integrity: sha512-s3Fq41ZVh7vbbe2PN3nrW7yC7U7MFVc5c98/iTl9c2GawNMKx/J648KQRW6WKkuU8GIbbh2IXfIRQjOZnXcTnw==} + engines: {node: '>=18'} + + globrex@0.1.2: + resolution: {integrity: sha512-uHJgbwAMwNFf5mLst7IWLNg14x1CkeqglJb/K3doi4dw6q2IvAAmM/Y81kevy83wP+Sst+nutFTYOGg3d1lsxg==} + + gopd@1.0.1: + resolution: {integrity: sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==} + + graceful-fs@4.2.11: + resolution: {integrity: sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==} + + graphemer@1.4.0: + resolution: {integrity: sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==} + + guess-json-indent@2.0.0: + resolution: {integrity: sha512-3Tm6R43KhtZWEVSHZnFmYMV9+gf3Vu0HXNNYtPVk2s7o8eGwYlJPHrjLtYw/7HBc10YxV+bfzKMuOf24z5qFng==} + engines: {node: '>=16.17.0'} + + has-flag@3.0.0: + resolution: {integrity: sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==} + engines: {node: '>=4'} + + has-flag@4.0.0: + resolution: {integrity: sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==} + engines: {node: '>=8'} + + has-property-descriptors@1.0.2: + resolution: {integrity: sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==} + + has-proto@1.0.3: + resolution: {integrity: sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==} + engines: {node: '>= 0.4'} + + has-symbols@1.0.3: + resolution: {integrity: sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==} + engines: {node: '>= 0.4'} + + has-tostringtag@1.0.2: + resolution: {integrity: sha512-NqADB8VjPFLM2V0VvHUewwwsw0ZWBaIdgo+ieHtK3hasLz4qeCRjYcqfB6AQrBggRKppKF8L52/VqdVsO47Dlw==} + engines: {node: '>= 0.4'} + + hasown@2.0.2: + resolution: {integrity: sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==} + engines: {node: '>= 0.4'} + + hast-util-heading-rank@3.0.0: + resolution: {integrity: sha512-EJKb8oMUXVHcWZTDepnr+WNbfnXKFNf9duMesmr4S8SXTJBJ9M4Yok08pu9vxdJwdlGRhVumk9mEhkEvKGifwA==} + + hast-util-is-element@3.0.0: + resolution: {integrity: sha512-Val9mnv2IWpLbNPqc/pUem+a7Ipj2aHacCwgNfTiK0vJKl0LF+4Ba4+v1oPHFpf3bLYmreq0/l3Gud9S5OH42g==} + + hast-util-to-string@3.0.0: + resolution: {integrity: sha512-OGkAxX1Ua3cbcW6EJ5pT/tslVb90uViVkcJ4ZZIMW/R33DX/AkcJcRrPebPwJkHYwlDHXz4aIwvAAaAdtrACFA==} + + html-encoding-sniffer@4.0.0: + resolution: {integrity: sha512-Y22oTqIU4uuPgEemfz7NDJz6OeKf12Lsu+QC+s3BVpda64lTiMYCyGwg5ki4vFxkMwQdeZDl2adZoqUgdFuTgQ==} + engines: {node: '>=18'} + + html-escaper@2.0.2: + resolution: {integrity: sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==} + + htmlparser2-svelte@4.1.0: + resolution: {integrity: sha512-+4f4RBFz7Rj2Hp0ZbFbXC+Kzbd6S9PgjiuFtdT76VMNgKogrEZy0pG2UrPycPbrZzVEIM5lAT3lAdkSTCHLPjg==} + + http-errors@2.0.0: + resolution: {integrity: sha512-FtwrG/euBzaEjYeRqOgly7G0qviiXoJWnvEH2Z1plBdXgbyjv34pHTSb9zoeHMyDy33+DWy5Wt9Wo+TURtOYSQ==} + engines: {node: '>= 0.8'} + + http-proxy-agent@7.0.2: + resolution: {integrity: sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==} + engines: {node: '>= 14'} + + https-proxy-agent@7.0.5: + resolution: {integrity: sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==} + engines: {node: '>= 14'} + + human-signals@2.1.0: + resolution: {integrity: sha512-B4FFZ6q/T2jhhksgkbEW3HBvWIfDW85snkQgawt07S7J5QXTk6BkNV+0yAeZrM5QpMAdYlocGoljn0sJ/WQkFw==} + engines: {node: '>=10.17.0'} + + human-signals@5.0.0: + resolution: {integrity: sha512-AXcZb6vzzrFAUE61HnN4mpLqd/cSIwNQjtNWR0euPm6y0iqx3G4gOXaIDdtdDwZmhwe82LA6+zinmW4UBWVePQ==} + engines: {node: '>=16.17.0'} + + iconv-lite@0.4.24: + resolution: {integrity: sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==} + engines: {node: '>=0.10.0'} + + iconv-lite@0.6.3: + resolution: {integrity: sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==} + engines: {node: '>=0.10.0'} + + ieee754@1.2.1: + resolution: {integrity: sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA==} + + ignore@4.0.6: + resolution: {integrity: sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==} + engines: {node: '>= 4'} + + ignore@5.3.1: + resolution: {integrity: sha512-5Fytz/IraMjqpwfd34ke28PTVMjZjJG2MPn5t7OE4eUCUNf8BAa7b5WUS9/Qvr6mwOQS7Mk6vdsMno5he+T8Xw==} + engines: {node: '>= 4'} + + import-fresh@3.3.0: + resolution: {integrity: sha512-veYYhQa+D1QBKznvhUHxb8faxlrwUnxseDAbAp457E0wLNio2bOSKnjYDhMj+YiAq61xrMGhQk9iXVk5FzgQMw==} + engines: {node: '>=6'} + + import-meta-resolve@4.1.0: + resolution: {integrity: sha512-I6fiaX09Xivtk+THaMfAwnA3MVA5Big1WHF1Dfx9hFuvNIWpXnorlkzhcQf6ehrqQiiZECRt1poOAkPmer3ruw==} + + imurmurhash@0.1.4: + resolution: {integrity: sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==} + engines: {node: '>=0.8.19'} + + indent-string@4.0.0: + resolution: {integrity: sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==} + engines: {node: '>=8'} + + inflight@1.0.6: + resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} + deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. + + inherits@2.0.4: + resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} + + ipaddr.js@1.9.1: + resolution: {integrity: sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==} + engines: {node: '>= 0.10'} + + is-absolute-url@4.0.1: + resolution: {integrity: sha512-/51/TKE88Lmm7Gc4/8btclNXWS+g50wXhYJq8HWIBAGUBnoAdRu1aXeh364t/O7wXDAcTJDP8PNuNKWUDWie+A==} + engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} + + is-arguments@1.1.1: + resolution: {integrity: sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==} + engines: {node: '>= 0.4'} + + is-binary-path@2.1.0: + resolution: {integrity: sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==} + engines: {node: '>=8'} + + is-builtin-module@3.2.1: + resolution: {integrity: sha512-BSLE3HnV2syZ0FK0iMA/yUGplUeMmNz4AW5fnTunbCIqZi4vG3WjJT9FHMy5D69xmAYBHXQhJdALdpwVxV501A==} + engines: {node: '>=6'} + + is-callable@1.2.7: + resolution: {integrity: sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==} + engines: {node: '>= 0.4'} + + is-core-module@2.15.0: + resolution: {integrity: sha512-Dd+Lb2/zvk9SKy1TGCt1wFJFo/MWBPMX5x7KcvLajWTGuomczdQX61PvY5yK6SVACwpoexWo81IfFyoKY2QnTA==} + engines: {node: '>= 0.4'} + + is-extglob@2.1.1: + resolution: {integrity: sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==} + engines: {node: '>=0.10.0'} + + is-fullwidth-code-point@3.0.0: + resolution: {integrity: sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==} + engines: {node: '>=8'} + + is-generator-function@1.0.10: + resolution: {integrity: sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==} + engines: {node: '>= 0.4'} + + is-glob@4.0.3: + resolution: {integrity: sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==} + engines: {node: '>=0.10.0'} + + is-interactive@1.0.0: + resolution: {integrity: sha512-2HvIEKRoqS62guEC+qBjpvRubdX910WCMuJTZ+I9yvqKU2/12eSL549HMwtabb4oupdj2sMP50k+XJfB/8JE6w==} + engines: {node: '>=8'} + + is-module@1.0.0: + resolution: {integrity: sha512-51ypPSPCoTEIN9dy5Oy+h4pShgJmPCygKfyRCISBI+JoWT/2oJvK8QPxmwv7b/p239jXrm9M1mlQbyKJ5A152g==} + + is-number@7.0.0: + resolution: {integrity: sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==} + engines: {node: '>=0.12.0'} + + is-path-inside@3.0.3: + resolution: {integrity: sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ==} + engines: {node: '>=8'} + + is-plain-object@2.0.4: + resolution: {integrity: sha512-h5PpgXkWitc38BBMYawTYMWJHFZJVnBquFE57xFpjB8pJFiF6gZ+bU+WyI/yqXiFR5mdLsgYNaPe8uao6Uv9Og==} + engines: {node: '>=0.10.0'} + + is-potential-custom-element-name@1.0.1: + resolution: {integrity: sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==} + + is-reference@1.2.1: + resolution: {integrity: sha512-U82MsXXiFIrjCK4otLT+o2NA2Cd2g5MLoOVXUZjIOhLurrRxpEXzI8O0KZHr3IjLvlAH1kTPYSuqer5T9ZVBKQ==} + + is-reference@3.0.2: + resolution: {integrity: sha512-v3rht/LgVcsdZa3O2Nqs+NMowLOxeOm7Ay9+/ARQ2F+qEoANRcqrjAZKGN0v8ymUetZGgkp26LTnGT7H0Qo9Pg==} + + is-stream@2.0.1: + resolution: {integrity: sha512-hFoiJiTl63nn+kstHGBtewWSKnQLpyb155KHheA1l39uvtO9nWIop1p3udqPcUd/xbF1VLMO4n7OI6p7RbngDg==} + engines: {node: '>=8'} + + is-stream@3.0.0: + resolution: {integrity: sha512-LnQR4bZ9IADDRSkvpqMGvt/tEJWclzklNgSw48V5EAaAeDd6qGvN8ei6k5p0tvxSR171VmGyHuTiAOfxAbr8kA==} + engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} + + is-typed-array@1.1.13: + resolution: {integrity: sha512-uZ25/bUAlUY5fR4OKT4rZQEBrzQWYV9ZJYGGsUmEJ6thodVJ1HX64ePQ6Z0qPWP+m+Uq6e9UugrE38jeYsDSMw==} + engines: {node: '>= 0.4'} + + is-unicode-supported@0.1.0: + resolution: {integrity: sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==} + engines: {node: '>=10'} + + isexe@2.0.0: + resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} + + isobject@3.0.1: + resolution: {integrity: sha512-WhB9zCku7EGTj/HQQRz5aUQEUeoQZH2bWcltRErOpymJ4boYE6wL9Tbr23krRPSZ+C5zqNSrSw+Cc7sZZ4b7vg==} + engines: {node: '>=0.10.0'} + + istanbul-lib-coverage@3.2.2: + resolution: {integrity: sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==} + engines: {node: '>=8'} + + istanbul-lib-report@3.0.1: + resolution: {integrity: sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==} + engines: {node: '>=10'} + + istanbul-lib-source-maps@5.0.6: + resolution: {integrity: sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==} + engines: {node: '>=10'} + + istanbul-reports@3.1.7: + resolution: {integrity: sha512-BewmUXImeuRk2YY0PVbxgKAysvhRPUQE0h5QRM++nVWyubKGV0l8qQ5op8+B2DOmwSe63Jivj0BjkPQVf8fP5g==} + engines: {node: '>=8'} + + jackspeak@3.4.3: + resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} + + jiti@1.21.6: + resolution: {integrity: sha512-2yTgeWTWzMWkHu6Jp9NKgePDaYHbntiwvYuuJLbbN9vl7DC9DvXKOB2BC3ZZ92D3cvV/aflH0osDfwpHepQ53w==} + hasBin: true + + joi@17.13.3: + resolution: {integrity: sha512-otDA4ldcIx+ZXsKHWmp0YizCweVRZG96J10b0FevjfuncLO1oX59THoAmHkNubYJ+9gWsYsp5k8v4ib6oDv1fA==} + + js-tokens@4.0.0: + resolution: {integrity: sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==} + + js-tokens@9.0.0: + resolution: {integrity: sha512-WriZw1luRMlmV3LGJaR6QOJjWwgLUTf89OwT2lUOyjX2dJGBwgmIkbcz+7WFZjrZM635JOIR517++e/67CP9dQ==} + + js-yaml@4.1.0: + resolution: {integrity: sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==} + hasBin: true + + jscodeshift@0.15.2: + resolution: {integrity: sha512-FquR7Okgmc4Sd0aEDwqho3rEiKR3BdvuG9jfdHjLJ6JQoWSMpavug3AoIfnfWhxFlf+5pzQh8qjqz0DWFrNQzA==} + hasBin: true + peerDependencies: + '@babel/preset-env': ^7.1.6 + peerDependenciesMeta: + '@babel/preset-env': + optional: true + + jsdom@24.1.0: + resolution: {integrity: sha512-6gpM7pRXCwIOKxX47cgOyvyQDN/Eh0f1MeKySBV2xGdKtqJBLj8P25eY3EVCWo2mglDDzozR2r2MW4T+JiNUZA==} + engines: {node: '>=18'} + peerDependencies: + canvas: ^2.11.2 + peerDependenciesMeta: + canvas: + optional: true + + jsesc@0.5.0: + resolution: {integrity: sha512-uZz5UnB7u4T9LvwmFqXii7pZSouaRPorGs5who1Ip7VO0wxanFvBL7GkM6dTHlgX+jhBApRetaWpnDabOeTcnA==} + hasBin: true + + jsesc@2.5.2: + resolution: {integrity: sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==} + engines: {node: '>=4'} + hasBin: true + + json-buffer@3.0.1: + resolution: {integrity: sha512-4bV5BfR2mqfQTJm+V5tPPdf+ZpuhiIvTuAB5g8kcrXOZpTT/QwwVRWBywX1ozr6lEuPdbHxwaJlm9G6mI2sfSQ==} + + json-schema-to-ts@3.1.0: + resolution: {integrity: sha512-UeVN/ery4/JeXI8h4rM8yZPxsH+KqPi/84qFxHfTGHZnWnK9D0UU9ZGYO+6XAaJLqCWMiks+ARuFOKAiSxJCHA==} + engines: {node: '>=16'} + + json-schema-traverse@0.4.1: + resolution: {integrity: sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==} + + json-stable-stringify-without-jsonify@1.0.1: + resolution: {integrity: sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==} + + json5@2.2.3: + resolution: {integrity: sha512-XmOWe7eyHYH14cLdVPoyg+GOH3rYX++KpzrylJwSW98t3Nk+U8XOl8FWKOgwtzdb8lXGf6zYwDUzeHMWfxasyg==} + engines: {node: '>=6'} + hasBin: true + + jsonfile@6.1.0: + resolution: {integrity: sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ==} + + jsonwebtoken@9.0.2: + resolution: {integrity: sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==} + engines: {node: '>=12', npm: '>=6'} + + just-clone@6.2.0: + resolution: {integrity: sha512-1IynUYEc/HAwxhi3WDpIpxJbZpMCvvrrmZVqvj9EhpvbH8lls7HhdhiByjL7DkAaWlLIzpC0Xc/VPvy/UxLNjA==} + + jwa@1.4.1: + resolution: {integrity: sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==} + + jws@3.2.2: + resolution: {integrity: sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==} + + keyv@4.5.4: + resolution: {integrity: sha512-oxVHkHR/EJf2CNXnWxRLW6mg7JyCCUcG0DtEGmL2ctUo1PNTin1PUil+r/+4r5MpVgC/fn1kjsx7mjSujKqIpw==} + + kind-of@6.0.3: + resolution: {integrity: sha512-dcS1ul+9tmeD95T+x28/ehLgd9mENa3LsvDTtzm3vyBEO7RPptvAD+t44WVXaUjTBRcrpFeFlC8WCruUR456hw==} + engines: {node: '>=0.10.0'} + + kleur@3.0.3: + resolution: {integrity: sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==} + engines: {node: '>=6'} + + kleur@4.1.5: + resolution: {integrity: sha512-o+NO+8WrRiQEE4/7nwRJhN1HWpVmJm511pBHUxPLtp0BUISzlBplORYSmTclCnJvQq2tKu/sgl3xVpkc7ZWuQQ==} + engines: {node: '>=6'} + + known-css-properties@0.34.0: + resolution: {integrity: sha512-tBECoUqNFbyAY4RrbqsBQqDFpGXAEbdD5QKr8kACx3+rnArmuuR22nKQWKazvp07N9yjTyDZaw/20UIH8tL9DQ==} + + leven@3.1.0: + resolution: {integrity: sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==} + engines: {node: '>=6'} + + levn@0.4.1: + resolution: {integrity: sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==} + engines: {node: '>= 0.8.0'} + + lilconfig@2.1.0: + resolution: {integrity: sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==} + engines: {node: '>=10'} + + lilconfig@3.1.2: + resolution: {integrity: sha512-eop+wDAvpItUys0FWkHIKeC9ybYrTGbU41U5K7+bttZZeohvnY7M9dZ5kB21GNWiFT2q1OoPTvncPCgSOVO5ow==} + engines: {node: '>=14'} + + lines-and-columns@1.2.4: + resolution: {integrity: sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==} + + local-pkg@0.5.0: + resolution: {integrity: sha512-ok6z3qlYyCDS4ZEU27HaU6x/xZa9Whf8jD4ptH5UZTQYZVYeb9bnZ3ojVhiJNLiXK1Hfc0GNbLXcmZ5plLDDBg==} + engines: {node: '>=14'} + + locate-character@3.0.0: + resolution: {integrity: sha512-SW13ws7BjaeJ6p7Q6CO2nchbYEc3X3J6WrmTTDto7yMPqVSZTUyY5Tjbid+Ab8gLnATtygYtiDIJGQRRn2ZOiA==} + + locate-path@3.0.0: + resolution: {integrity: sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A==} + engines: {node: '>=6'} + + locate-path@5.0.0: + resolution: {integrity: sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==} + engines: {node: '>=8'} + + locate-path@6.0.0: + resolution: {integrity: sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==} + engines: {node: '>=10'} + + lodash.castarray@4.4.0: + resolution: {integrity: sha512-aVx8ztPv7/2ULbArGJ2Y42bG1mEQ5mGjpdvrbJcJFU3TbYybe+QlLS4pst9zV52ymy2in1KpFPiZnAOATxD4+Q==} + + lodash.debounce@4.0.8: + resolution: {integrity: sha512-FT1yDzDYEoYWhnSGnpE/4Kj1fLZkDFyqRb7fNt6FdYOSxlUWAtp42Eh6Wb0rGIv/m9Bgo7x4GhQbm5Ys4SG5ow==} + + lodash.includes@4.3.0: + resolution: {integrity: sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==} + + lodash.isboolean@3.0.3: + resolution: {integrity: sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==} + + lodash.isinteger@4.0.4: + resolution: {integrity: sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==} + + lodash.isnumber@3.0.3: + resolution: {integrity: sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==} + + lodash.isplainobject@4.0.6: + resolution: {integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==} + + lodash.isstring@4.0.1: + resolution: {integrity: sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==} + + lodash.merge@4.6.2: + resolution: {integrity: sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ==} + + lodash.once@4.1.1: + resolution: {integrity: sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==} + + lodash@4.17.21: + resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} + + log-symbols@4.1.0: + resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==} + engines: {node: '>=10'} + + loose-envify@1.4.0: + resolution: {integrity: sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==} + hasBin: true + + loupe@2.3.7: + resolution: {integrity: sha512-zSMINGVYkdpYSOBmLi0D1Uo7JU9nVdQKrHxC8eYlV+9YKK9WePqAlL7lSlorG/U2Fw1w0hTBmaa/jrQ3UbPHtA==} + + lru-cache@10.4.3: + resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==} + + lru-cache@5.1.1: + resolution: {integrity: sha512-KpNARQA3Iwv+jTA0utUVVbrh+Jlrr1Fv0e56GGzAFOXN7dk/FviaDW8LHmK52DlcH4WP2n6gI8vN1aesBFgo9w==} + + lz-string@1.5.0: + resolution: {integrity: sha512-h5bgJWpxJNswbU7qCrV0tIKQCaS3blPDrqKWx+QxzuzL1zGUzij9XCWLrSLsJPu5t+eWA/ycetzYAO5IOMcWAQ==} + hasBin: true + + magic-string@0.30.10: + resolution: {integrity: sha512-iIRwTIf0QKV3UAnYK4PU8uiEc4SRh5jX0mwpIwETPpHdhVM4f53RSwS/vXvN1JhGX+Cs7B8qIq3d6AH49O5fAQ==} + + magicast@0.3.4: + resolution: {integrity: sha512-TyDF/Pn36bBji9rWKHlZe+PZb6Mx5V8IHCSxk7X4aljM4e/vyDvZZYwHewdVaqiA0nb3ghfHU/6AUpDxWoER2Q==} + + make-dir@2.1.0: + resolution: {integrity: sha512-LS9X+dc8KLxXCb8dni79fLIIUA5VyZoyjSMCwTluaXA0o27cCK0bhXkpgw+sTXVpPy/lSO57ilRixqk0vDmtRA==} + engines: {node: '>=6'} + + make-dir@3.1.0: + resolution: {integrity: sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==} + engines: {node: '>=8'} + + make-dir@4.0.0: + resolution: {integrity: sha512-hXdUTZYIVOt1Ex//jAQi+wTZZpUpwBj/0QsOzqegb3rGMMeJiSEu5xLHnYfBrRV4RH2+OCSOO95Is/7x1WJ4bw==} + engines: {node: '>=10'} + + map-or-similar@1.5.0: + resolution: {integrity: sha512-0aF7ZmVon1igznGI4VS30yugpduQW3y3GkcgGJOp7d8x8QrizhigUxjI/m2UojsXXto+jLAH3KSz+xOJTiORjg==} + + markdown-to-jsx@7.4.7: + resolution: {integrity: sha512-0+ls1IQZdU6cwM1yu0ZjjiVWYtkbExSyUIFU2ZeDIFuZM1W42Mh4OlJ4nb4apX4H8smxDHRdFaoIVJGwfv5hkg==} + engines: {node: '>= 10'} + peerDependencies: + react: '>= 0.14.0' + + mdn-data@2.0.30: + resolution: {integrity: sha512-GaqWWShW4kv/G9IEucWScBx9G1/vsFZZJUO+tD26M8J8z3Kw5RDQjaoZe03YAClgeS/SWPOcb4nkFBTEi5DUEA==} + + media-typer@0.3.0: + resolution: {integrity: sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==} + engines: {node: '>= 0.6'} + + memoize-weak@1.0.2: + resolution: {integrity: sha512-gj39xkrjEw7nCn4nJ1M5ms6+MyMlyiGmttzsqAUsAKn6bYKwuTHh/AO3cKPF8IBrTIYTxb0wWXFs3E//Y8VoWQ==} + + memoizerific@1.11.3: + resolution: {integrity: sha512-/EuHYwAPdLtXwAwSZkh/Gutery6pD2KYd44oQLhAvQp/50mpyduZh8Q7PYHXTCJ+wuXxt7oij2LXyIJOOYFPog==} + + merge-descriptors@1.0.1: + resolution: {integrity: sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w==} + + merge-stream@2.0.0: + resolution: {integrity: sha512-abv/qOcuPfk3URPfDzmZU1LKmuw8kT+0nIHvKrKgFrwifol/doWcdA4ZqsWQ8ENrFKkd67Mfpo/LovbIUsbt3w==} + + merge2@1.4.1: + resolution: {integrity: sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==} + engines: {node: '>= 8'} + + methods@1.1.2: + resolution: {integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==} + engines: {node: '>= 0.6'} + + micromatch@4.0.7: + resolution: {integrity: sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==} + engines: {node: '>=8.6'} + + mime-db@1.52.0: + resolution: {integrity: sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==} + engines: {node: '>= 0.6'} + + mime-types@2.1.35: + resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==} + engines: {node: '>= 0.6'} + + mime@1.6.0: + resolution: {integrity: sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==} + engines: {node: '>=4'} + hasBin: true + + mimic-fn@2.1.0: + resolution: {integrity: sha512-OqbOk5oEQeAZ8WXWydlu9HJjz9WVdEIvamMCcXmuqUYjTknH/sqsWvhQ3vgwKFRR1HpjvNBKQ37nbJgYzGqGcg==} + engines: {node: '>=6'} + + mimic-fn@4.0.0: + resolution: {integrity: sha512-vqiC06CuhBTUdZH+RYl8sFrL096vA45Ok5ISO6sE/Mr1jRbGH4Csnhi8f3wKVl7x8mO4Au7Ir9D3Oyv1VYMFJw==} + engines: {node: '>=12'} + + min-indent@1.0.1: + resolution: {integrity: sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg==} + engines: {node: '>=4'} + + mini-svg-data-uri@1.4.4: + resolution: {integrity: sha512-r9deDe9p5FJUPZAk3A59wGH7Ii9YrjjWw0jmw/liSbHl2CHiyXj6FcDXDu2K3TjVAXqiJdaw3xxwlZZr9E6nHg==} + hasBin: true + + minimatch@3.1.2: + resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} + + minimatch@9.0.5: + resolution: {integrity: sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==} + engines: {node: '>=16 || 14 >=14.17'} + + minimist@1.2.8: + resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} + + minipass@3.3.6: + resolution: {integrity: sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==} + engines: {node: '>=8'} + + minipass@5.0.0: + resolution: {integrity: sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==} + engines: {node: '>=8'} + + minipass@7.1.2: + resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} + engines: {node: '>=16 || 14 >=14.17'} + + minizlib@2.1.2: + resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} + engines: {node: '>= 8'} + + mkdirp@0.5.6: + resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} + hasBin: true + + mkdirp@1.0.4: + resolution: {integrity: sha512-vVqVZQyf3WLx2Shd0qJ9xuvqgAyKPLAiqITEtqW0oIUjzo3PePDd6fW9iFz30ef7Ysp/oiWqbhszeGWW2T6Gzw==} + engines: {node: '>=10'} + hasBin: true + + mlly@1.7.1: + resolution: {integrity: sha512-rrVRZRELyQzrIUAVMHxP97kv+G786pHmOKzuFII8zDYahFBS7qnHh2AlYSl1GAHhaMPCz6/oHjVMcfFYgFYHgA==} + + mri@1.2.0: + resolution: {integrity: sha512-tzzskb3bG8LvYGFF/mDTpq3jpI6Q9wc3LEmBaghu+DdCssd1FakN7Bc0hVNmEyGq1bq3RgfkCb3cmQLpNPOroA==} + engines: {node: '>=4'} + + mrmime@2.0.0: + resolution: {integrity: sha512-eu38+hdgojoyq63s+yTpN4XMBdt5l8HhMhc4VKLO9KM5caLIBvUm4thi7fFaxyTmCKeNnXZ5pAlBwCUnhA09uw==} + engines: {node: '>=10'} + + ms@2.0.0: + resolution: {integrity: sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==} + + ms@2.1.2: + resolution: {integrity: sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==} + + ms@2.1.3: + resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==} + + murmurhash3js@3.0.1: + resolution: {integrity: sha512-KL8QYUaxq7kUbcl0Yto51rMcYt7E/4N4BG3/c96Iqw1PQrTRspu8Cpx4TZ4Nunib1d4bEkIH3gjCYlP2RLBdow==} + engines: {node: '>=0.10.0'} + + mz@2.7.0: + resolution: {integrity: sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==} + + nanoid@3.3.7: + resolution: {integrity: sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==} + engines: {node: ^10 || ^12 || ^13.7 || ^14 || >=15.0.1} + hasBin: true + + natural-compare@1.4.0: + resolution: {integrity: sha512-OWND8ei3VtNC9h7V60qff3SVobHr996CTwgxubgyQYEpg290h9J0buyECNNJexkFm5sOajh5G116RYA1c8ZMSw==} + + negotiator@0.6.3: + resolution: {integrity: sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==} + engines: {node: '>= 0.6'} + + neo-async@2.6.2: + resolution: {integrity: sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==} + + node-dir@0.1.17: + resolution: {integrity: sha512-tmPX422rYgofd4epzrNoOXiE8XFZYOcCq1vD7MAXCDO+O+zndlA2ztdKKMa+EeuBG5tHETpr4ml4RGgpqDCCAg==} + engines: {node: '>= 0.10.5'} + + node-fetch-native@1.6.4: + resolution: {integrity: sha512-IhOigYzAKHd244OC0JIMIUrjzctirCmPkaIfhDeGcEETWof5zKYUW7e7MYvChGWh/4CJeXEgsRyGzuF334rOOQ==} + + node-releases@2.0.17: + resolution: {integrity: sha512-Ww6ZlOiEQfPfXM45v17oabk77Z7mg5bOt7AjDyzy7RjK9OrLrLC8dyZQoAPEOtFX9SaNf1Tdvr5gRJWdTJj7GA==} + + normalize-path@3.0.0: + resolution: {integrity: sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==} + engines: {node: '>=0.10.0'} + + normalize-range@0.1.2: + resolution: {integrity: sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==} + engines: {node: '>=0.10.0'} + + normalize-url@8.0.1: + resolution: {integrity: sha512-IO9QvjUMWxPQQhs60oOu10CRkWCiZzSUkzbXGGV9pviYl1fXYcvkzQ5jV9z8Y6un8ARoVRl4EtC6v6jNqbaJ/w==} + engines: {node: '>=14.16'} + + npm-run-path@4.0.1: + resolution: {integrity: sha512-S48WzZW777zhNIrn7gxOlISNAqi9ZC/uQFnRdbeIHhZhCA6UqpkOT8T1G7BvfdgP4Er8gF4sUbaS0i7QvIfCWw==} + engines: {node: '>=8'} + + npm-run-path@5.3.0: + resolution: {integrity: sha512-ppwTtiJZq0O/ai0z7yfudtBpWIoxM8yE6nHi1X47eFR2EWORqfbu6CnPlNsjeN683eT0qG6H/Pyf9fCcvjnnnQ==} + engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} + + nwsapi@2.2.12: + resolution: {integrity: sha512-qXDmcVlZV4XRtKFzddidpfVP4oMSGhga+xdMc25mv8kaLUHtgzCDhUxkrN8exkGdTlLNaXj7CV3GtON7zuGZ+w==} + + nypm@0.3.9: + resolution: {integrity: sha512-BI2SdqqTHg2d4wJh8P9A1W+bslg33vOE9IZDY6eR2QC+Pu1iNBVZUqczrd43rJb+fMzHU7ltAYKsEFY/kHMFcw==} + engines: {node: ^14.16.0 || >=16.10.0} + hasBin: true + + object-assign@4.1.1: + resolution: {integrity: sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==} + engines: {node: '>=0.10.0'} + + object-hash@3.0.0: + resolution: {integrity: sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==} + engines: {node: '>= 6'} + + object-inspect@1.13.2: + resolution: {integrity: sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==} + engines: {node: '>= 0.4'} + + octokit@3.1.2: + resolution: {integrity: sha512-MG5qmrTL5y8KYwFgE1A4JWmgfQBaIETE/lOlfwNYx1QOtCQHGVxkRJmdUJltFc1HVn73d61TlMhMyNTOtMl+ng==} + engines: {node: '>= 18'} + + ohash@1.1.3: + resolution: {integrity: sha512-zuHHiGTYTA1sYJ/wZN+t5HKZaH23i4yI1HMwbuXm24Nid7Dv0KcuRlKoNKS9UNfAVSBlnGLcuQrnOKWOZoEGaw==} + + on-finished@2.4.1: + resolution: {integrity: sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==} + engines: {node: '>= 0.8'} + + once@1.4.0: + resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==} + + onetime@5.1.2: + resolution: {integrity: sha512-kbpaSSGJTWdAY5KPVeMOKXSrPtr8C8C7wodJbcsd51jRnmD+GZu8Y0VoU6Dm5Z4vWr0Ig/1NKuWRKf7j5aaYSg==} + engines: {node: '>=6'} + + onetime@6.0.0: + resolution: {integrity: sha512-1FlR+gjXK7X+AsAHso35MnyN5KqGwJRi/31ft6x0M194ht7S+rWAvd7PHss9xSKMzE0asv1pyIHaJYq+BbacAQ==} + engines: {node: '>=12'} + + optionator@0.9.4: + resolution: {integrity: sha512-6IpQ7mKUxRcZNLIObR0hz7lxsapSSIYNZJwXPGeF0mTVqGKFIXj1DQcMoT22S3ROcLyY/rz0PWaWZ9ayWmad9g==} + engines: {node: '>= 0.8.0'} + + ora@5.4.1: + resolution: {integrity: sha512-5b6Y85tPxZZ7QytO+BQzysW31HJku27cRIlkbAXaNx+BdcVi+LlRFmVXzeF6a7JCwJpyw5c4b+YSVImQIrBpuQ==} + engines: {node: '>=10'} + + p-limit@2.3.0: + resolution: {integrity: sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w==} + engines: {node: '>=6'} + + p-limit@3.1.0: + resolution: {integrity: sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==} + engines: {node: '>=10'} + + p-limit@5.0.0: + resolution: {integrity: sha512-/Eaoq+QyLSiXQ4lyYV23f14mZRQcXnxfHrN0vCai+ak9G0pp9iEQukIIZq5NccEvwRB8PUnZT0KsOoDCINS1qQ==} + engines: {node: '>=18'} + + p-locate@3.0.0: + resolution: {integrity: sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ==} + engines: {node: '>=6'} + + p-locate@4.1.0: + resolution: {integrity: sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==} + engines: {node: '>=8'} + + p-locate@5.0.0: + resolution: {integrity: sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==} + engines: {node: '>=10'} + + p-try@2.2.0: + resolution: {integrity: sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==} + engines: {node: '>=6'} + + package-json-from-dist@1.0.0: + resolution: {integrity: sha512-dATvCeZN/8wQsGywez1mzHtTlP22H8OEfPrVMLNr4/eGa+ijtLn/6M5f0dY8UKNrC2O9UCU6SSoG3qRKnt7STw==} + + pako@1.0.11: + resolution: {integrity: sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw==} + + parent-module@1.0.1: + resolution: {integrity: sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==} + engines: {node: '>=6'} + + parse5-htmlparser2-tree-adapter@7.0.0: + resolution: {integrity: sha512-B77tOZrqqfUfnVcOrUvfdLbz4pu4RopLD/4vmu3HUPswwTA8OH0EMW9BlWR2B0RCoiZRAHEUu7IxeP1Pd1UU+g==} + + parse5@7.1.2: + resolution: {integrity: sha512-Czj1WaSVpaoj0wbhMzLmWD69anp2WH7FXMB9n1Sy8/ZFF9jolSQVMu1Ij5WIyGmcBmhk7EOndpO4mIpihVqAXw==} + + parseurl@1.3.3: + resolution: {integrity: sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==} + engines: {node: '>= 0.8'} + + path-exists@3.0.0: + resolution: {integrity: sha512-bpC7GYwiDYQ4wYLe+FA8lhRjhQCMcQGuSgGGqDkg/QerRWw9CmGRT0iSOVRSZJ29NMLZgIzqaljJ63oaL4NIJQ==} + engines: {node: '>=4'} + + path-exists@4.0.0: + resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==} + engines: {node: '>=8'} + + path-is-absolute@1.0.1: + resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} + engines: {node: '>=0.10.0'} + + path-key@3.1.1: + resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==} + engines: {node: '>=8'} + + path-key@4.0.0: + resolution: {integrity: sha512-haREypq7xkM7ErfgIyA0z+Bj4AGKlMSdlQE2jvJo6huWD1EdkKYV+G/T4nq0YEF2vgTT8kqMFKo1uHn950r4SQ==} + engines: {node: '>=12'} + + path-parse@1.0.7: + resolution: {integrity: sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==} + + path-scurry@1.11.1: + resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==} + engines: {node: '>=16 || 14 >=14.18'} + + path-to-regexp@0.1.7: + resolution: {integrity: sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ==} + + path-type@4.0.0: + resolution: {integrity: sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==} + engines: {node: '>=8'} + + path-type@5.0.0: + resolution: {integrity: sha512-5HviZNaZcfqP95rwpv+1HDgUamezbqdSYTyzjTvwtJSnIH+3vnbmWsItli8OFEndS984VT55M3jduxZbX351gg==} + engines: {node: '>=12'} + + pathe@1.1.2: + resolution: {integrity: sha512-whLdWMYL2TwI08hn8/ZqAbrVemu0LNaNNJZX73O6qaIdCTfXutsLhMkjdENX0qhsQ9uIimo4/aQOmXkoon2nDQ==} + + pathval@1.1.1: + resolution: {integrity: sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==} + + periscopic@3.1.0: + resolution: {integrity: sha512-vKiQ8RRtkl9P+r/+oefh25C3fhybptkHKCZSPlcXiJux2tJF55GnEj3BVn4A5gKfq9NWWXXrxkHBwVPUfH0opw==} + + picocolors@1.0.1: + resolution: {integrity: sha512-anP1Z8qwhkbmu7MFP5iTt+wQKXgwzf7zTyGlcdzabySa9vd0Xt392U0rVmz9poOaBj0uHJKyyo9/upk0HrEQew==} + + picomatch@2.3.1: + resolution: {integrity: sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==} + engines: {node: '>=8.6'} + + pify@2.3.0: + resolution: {integrity: sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==} + engines: {node: '>=0.10.0'} + + pify@4.0.1: + resolution: {integrity: sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g==} + engines: {node: '>=6'} + + pify@5.0.0: + resolution: {integrity: sha512-eW/gHNMlxdSP6dmG6uJip6FXN0EQBwm2clYYd8Wul42Cwu/DK8HEftzsapcNdYe2MfLiIwZqsDk2RDEsTE79hA==} + engines: {node: '>=10'} + + pirates@4.0.6: + resolution: {integrity: sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg==} + engines: {node: '>= 6'} + + pkg-dir@3.0.0: + resolution: {integrity: sha512-/E57AYkoeQ25qkxMj5PBOVgF8Kiu/h7cYS30Z5+R7WaiCCBfLq58ZI/dSeaEKb9WVJV5n/03QwrN3IeWIFllvw==} + engines: {node: '>=6'} + + pkg-dir@4.2.0: + resolution: {integrity: sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==} + engines: {node: '>=8'} + + pkg-types@1.1.3: + resolution: {integrity: sha512-+JrgthZG6m3ckicaOB74TwQ+tBWsFl3qVQg7mN8ulwSOElJ7gBhKzj2VkCPnZ4NlF6kEquYU+RIYNVAvzd54UA==} + + playwright-core@1.45.2: + resolution: {integrity: sha512-ha175tAWb0dTK0X4orvBIqi3jGEt701SMxMhyujxNrgd8K0Uy5wMSwwcQHtyB4om7INUkfndx02XnQ2p6dvLDw==} + engines: {node: '>=18'} + hasBin: true + + playwright@1.45.2: + resolution: {integrity: sha512-ReywF2t/0teRvNBpfIgh5e4wnrI/8Su8ssdo5XsQKpjxJj+jspm00jSoz9BTg91TT0c9HRjXO7LBNVrgYj9X0g==} + engines: {node: '>=18'} + hasBin: true + + polished@4.3.1: + resolution: {integrity: sha512-OBatVyC/N7SCW/FaDHrSd+vn0o5cS855TOmYi4OkdWUMSJCET/xip//ch8xGUvtr3i44X9LVyWwQlRMTN3pwSA==} + engines: {node: '>=10'} + + possible-typed-array-names@1.0.0: + resolution: {integrity: sha512-d7Uw+eZoloe0EHDIYoe+bQ5WXnGMOpmiZFTuMWCwpjzzkL2nTjcKiAk4hh8TjnGye2TwWOk3UXucZ+3rbmBa8Q==} + engines: {node: '>= 0.4'} + + postcss-import@15.1.0: + resolution: {integrity: sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==} + engines: {node: '>=14.0.0'} + peerDependencies: + postcss: ^8.0.0 + + postcss-js@4.0.1: + resolution: {integrity: sha512-dDLF8pEO191hJMtlHFPRa8xsizHaM82MLfNkUHdUtVEV3tgTp5oj+8qbEqYM57SLfc74KSbw//4SeJma2LRVIw==} + engines: {node: ^12 || ^14 || >= 16} + peerDependencies: + postcss: ^8.4.21 + + postcss-load-config@3.1.4: + resolution: {integrity: sha512-6DiM4E7v4coTE4uzA8U//WhtPwyhiim3eyjEMFCnUpzbrkK9wJHgKDT2mR+HbtSrd/NubVaYTOpSpjUl8NQeRg==} + engines: {node: '>= 10'} + peerDependencies: + postcss: '>=8.0.9' + ts-node: '>=9.0.0' + peerDependenciesMeta: + postcss: + optional: true + ts-node: + optional: true + + postcss-load-config@4.0.2: + resolution: {integrity: sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==} + engines: {node: '>= 14'} + peerDependencies: + postcss: '>=8.0.9' + ts-node: '>=9.0.0' + peerDependenciesMeta: + postcss: + optional: true + ts-node: + optional: true + + postcss-nested@6.0.1: + resolution: {integrity: sha512-mEp4xPMi5bSWiMbsgoPfcP74lsWLHkQbZc3sY+jWYd65CUwXrUaTp0fmNpa01ZcETKlIgUdFN/MpS2xZtqL9dQ==} + engines: {node: '>=12.0'} + peerDependencies: + postcss: ^8.2.14 + + postcss-safe-parser@6.0.0: + resolution: {integrity: sha512-FARHN8pwH+WiS2OPCxJI8FuRJpTVnn6ZNFiqAM2aeW2LwTHWWmWgIyKC6cUo0L8aeKiF/14MNvnpls6R2PBeMQ==} + engines: {node: '>=12.0'} + peerDependencies: + postcss: ^8.3.3 + + postcss-scss@4.0.9: + resolution: {integrity: sha512-AjKOeiwAitL/MXxQW2DliT28EKukvvbEWx3LBmJIRN8KfBGZbRTxNYW0kSqi1COiTZ57nZ9NW06S6ux//N1c9A==} + engines: {node: '>=12.0'} + peerDependencies: + postcss: ^8.4.29 + + postcss-selector-parser@6.0.10: + resolution: {integrity: sha512-IQ7TZdoaqbT+LCpShg46jnZVlhWD2w6iQYAcYXfHARZ7X1t/UGhhceQDs5X0cGqKvYlHNOuv7Oa1xmb0oQuA3w==} + engines: {node: '>=4'} + + postcss-selector-parser@6.1.1: + resolution: {integrity: sha512-b4dlw/9V8A71rLIDsSwVmak9z2DuBUB7CA1/wSdelNEzqsjoSPeADTWNO09lpH49Diy3/JIZ2bSPB1dI3LJCHg==} + engines: {node: '>=4'} + + postcss-value-parser@4.2.0: + resolution: {integrity: sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==} + + postcss@8.4.39: + resolution: {integrity: sha512-0vzE+lAiG7hZl1/9I8yzKLx3aR9Xbof3fBHKunvMfOCYAtMhrsnccJY2iTURb9EZd5+pLuiNV9/c/GZJOHsgIw==} + engines: {node: ^10 || ^12 || >=14} + + posthog-node@3.1.3: + resolution: {integrity: sha512-UaOOoWEUYTcaaDe1w0fgHW/sXvFr3RO0l7yI7RUDzkZNZCfwXNO9r3pc14d1EtNppF/SHBrV5hNiZZATpf/vUw==} + engines: {node: '>=15.0.0'} + + prelude-ls@1.2.1: + resolution: {integrity: sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==} + engines: {node: '>= 0.8.0'} + + prettier-plugin-svelte@3.2.6: + resolution: {integrity: sha512-Y1XWLw7vXUQQZmgv1JAEiLcErqUniAF2wO7QJsw8BVMvpLET2dI5WpEIEJx1r11iHVdSMzQxivyfrH9On9t2IQ==} + peerDependencies: + prettier: ^3.0.0 + svelte: ^3.2.0 || ^4.0.0-next.0 || ^5.0.0-next.0 + + prettier@3.3.3: + resolution: {integrity: sha512-i2tDNA0O5IrMO757lfrdQZCc2jPNDVntV0m/+4whiDfWaTKfMNgR7Qz0NAeGz/nRqF4m5/6CLzbP4/liHt12Ew==} + engines: {node: '>=14'} + hasBin: true + + pretty-format@27.5.1: + resolution: {integrity: sha512-Qb1gy5OrP5+zDf2Bvnzdl3jsTf1qXVMazbvCoKhtKqVs4/YK4ozX4gKQJJVyNe+cajNPn0KoC0MC3FUmaHWEmQ==} + engines: {node: ^10.13.0 || ^12.13.0 || ^14.15.0 || >=15.0.0} + + pretty-format@29.7.0: + resolution: {integrity: sha512-Pdlw/oPxN+aXdmM9R00JVC9WVFoCLTKJvDVLgmJ+qAffBMxsV85l/Lu7sNx4zSzPyoL2euImuEwHhOXdEgNFZQ==} + engines: {node: ^14.15.0 || ^16.10.0 || >=18.0.0} + + process@0.11.10: + resolution: {integrity: sha512-cdGef/drWFoydD1JsMzuFf8100nZl+GT+yacc2bEced5f9Rjk4z+WtFUTBu9PhOi9j/jfmBPu0mMEY4wIdAF8A==} + engines: {node: '>= 0.6.0'} + + progress@2.0.3: + resolution: {integrity: sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==} + engines: {node: '>=0.4.0'} + + prompts@2.4.2: + resolution: {integrity: sha512-NxNv/kLguCA7p3jE8oL2aEBsrJWgAakBpgmgK6lpPWV+WuOmY6r2/zbAVnP+T8bQlA0nzHXSJSJW0Hq7ylaD2Q==} + engines: {node: '>= 6'} + + property-expr@2.0.6: + resolution: {integrity: sha512-SVtmxhRE/CGkn3eZY1T6pC8Nln6Fr/lu1mKSgRud0eC73whjGfoAogbn78LkD8aFL0zz3bAFerKSnOl7NlErBA==} + + proxy-addr@2.0.7: + resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==} + engines: {node: '>= 0.10'} + + proxy-from-env@1.1.0: + resolution: {integrity: sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==} + + psl@1.9.0: + resolution: {integrity: sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag==} + + punycode@2.3.1: + resolution: {integrity: sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==} + engines: {node: '>=6'} + + purgecss-from-html@6.0.0: + resolution: {integrity: sha512-GkgAUzgyC4kwcVY5+QOI2eqQghV1Lq7q2uIODAPIueiBn3mHpJOh9boSMjfUQg0/YU/ZEWq7SzjwetuqxTvD4g==} + + purgecss@6.0.0: + resolution: {integrity: sha512-s3EBxg5RSWmpqd0KGzNqPiaBbWDz1/As+2MzoYVGMqgDqRTLBhJW6sywfTBek7OwNfoS/6pS0xdtvChNhFj2cw==} + hasBin: true + + qs@6.11.0: + resolution: {integrity: sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==} + engines: {node: '>=0.6'} + + querystringify@2.2.0: + resolution: {integrity: sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==} + + queue-microtask@1.2.3: + resolution: {integrity: sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==} + + range-parser@1.2.1: + resolution: {integrity: sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==} + engines: {node: '>= 0.6'} + + raw-body@2.5.2: + resolution: {integrity: sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==} + engines: {node: '>= 0.8'} + + react-colorful@5.6.1: + resolution: {integrity: sha512-1exovf0uGTGyq5mXQT0zgQ80uvj2PCwvF8zY1RN9/vbJVSjSo3fsB/4L3ObbF7u70NduSiK4xu4Y6q1MHoUGEw==} + peerDependencies: + react: '>=16.8.0' + react-dom: '>=16.8.0' + + react-dom@18.3.1: + resolution: {integrity: sha512-5m4nQKp+rZRb09LNH59GM4BxTh9251/ylbKIbpe7TpGxfJ+9kv6BLkLBXIjjspbgbnIBNqlI23tRnTWT0snUIw==} + peerDependencies: + react: ^18.3.1 + + react-is@17.0.2: + resolution: {integrity: sha512-w2GsyukL62IJnlaff/nRegPQR94C/XXamvMWmSHRJ4y7Ts/4ocGRmTHvOs8PSE6pB3dWOrD/nueuU5sduBsQ4w==} + + react-is@18.3.1: + resolution: {integrity: sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==} + + react@18.3.1: + resolution: {integrity: sha512-wS+hAgJShR0KhEvPJArfuPVN1+Hz1t0Y6n5jLrGQbkb4urgPE/0Rve+1kMB1v/oWgHgm4WIcV+i7F2pTVj+2iQ==} + engines: {node: '>=0.10.0'} + + read-cache@1.0.0: + resolution: {integrity: sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==} + + readable-stream@3.6.2: + resolution: {integrity: sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==} + engines: {node: '>= 6'} + + readdirp@3.6.0: + resolution: {integrity: sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==} + engines: {node: '>=8.10.0'} + + recast@0.23.9: + resolution: {integrity: sha512-Hx/BGIbwj+Des3+xy5uAtAbdCyqK9y9wbBcDFDYanLS9JnMqf7OeF87HQwUimE87OEc72mr6tkKUKMBBL+hF9Q==} + engines: {node: '>= 4'} + + redent@3.0.0: + resolution: {integrity: sha512-6tDA8g98We0zd0GvVeMT9arEOnTw9qM03L9cJXaCjrip1OO764RDBLBfrB4cwzNGDj5OA5ioymC9GkizgWJDUg==} + engines: {node: '>=8'} + + regenerate-unicode-properties@10.1.1: + resolution: {integrity: sha512-X007RyZLsCJVVrjgEFVpLUTZwyOZk3oiL75ZcuYjlIWd6rNJtOjkBwQc5AsRrpbKVkxN6sklw/k/9m2jJYOf8Q==} + engines: {node: '>=4'} + + regenerate@1.4.2: + resolution: {integrity: sha512-zrceR/XhGYU/d/opr2EKO7aRHUeiBI8qjtfHqADTwZd6Szfy16la6kqD0MIUs5z5hx6AaKa+PixpPrR289+I0A==} + + regenerator-runtime@0.14.1: + resolution: {integrity: sha512-dYnhHh0nJoMfnkZs6GmmhFknAGRrLznOu5nc9ML+EJxGvrx6H7teuevqVqCuPcPK//3eDrrjQhehXVx9cnkGdw==} + + regenerator-transform@0.15.2: + resolution: {integrity: sha512-hfMp2BoF0qOk3uc5V20ALGDS2ddjQaLrdl7xrGXvAIow7qeWRM2VA2HuCHkUKk9slq3VwEwLNK3DFBqDfPGYtg==} + + regexpp@3.2.0: + resolution: {integrity: sha512-pq2bWo9mVD43nbts2wGv17XLiNLya+GklZ8kaDLV2Z08gDCsGpnKn9BFMepvWuHCbyVvY7J5o5+BVvoQbmlJLg==} + engines: {node: '>=8'} + + regexpu-core@5.3.2: + resolution: {integrity: sha512-RAM5FlZz+Lhmo7db9L298p2vHP5ZywrVXmVXpmAD9GuL5MPH6t9ROw1iA/wfHkQ76Qe7AaPF0nGuim96/IrQMQ==} + engines: {node: '>=4'} + + regjsparser@0.9.1: + resolution: {integrity: sha512-dQUtn90WanSNl+7mQKcXAgZxvUe7Z0SqXlgzv0za4LwiUhyzBC58yQO3liFoUgu8GiJVInAhJjkj1N0EtQ5nkQ==} + hasBin: true + + rehype-external-links@3.0.0: + resolution: {integrity: sha512-yp+e5N9V3C6bwBeAC4n796kc86M4gJCdlVhiMTxIrJG5UHDMh+PJANf9heqORJbt1nrCbDwIlAZKjANIaVBbvw==} + + rehype-slug@6.0.0: + resolution: {integrity: sha512-lWyvf/jwu+oS5+hL5eClVd3hNdmwM1kAC0BUvEGD19pajQMIzcNUd/k9GsfQ+FfECvX+JE+e9/btsKH0EjJT6A==} + + requireindex@1.2.0: + resolution: {integrity: sha512-L9jEkOi3ASd9PYit2cwRfyppc9NoABujTP8/5gFcbERmo5jUoAKovIC3fsF17pkTnGsrByysqX+Kxd2OTNI1ww==} + engines: {node: '>=0.10.5'} + + requires-port@1.0.0: + resolution: {integrity: sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==} + + resolve-from@4.0.0: + resolution: {integrity: sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==} + engines: {node: '>=4'} + + resolve@1.22.8: + resolution: {integrity: sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==} + hasBin: true + + restore-cursor@3.1.0: + resolution: {integrity: sha512-l+sSefzHpj5qimhFSE5a8nufZYAM3sBSVMAPtYkmC+4EH2anSGaEMXSD0izRQbu9nfyQ9y5JrVmp7E8oZrUjvA==} + engines: {node: '>=8'} + + reusify@1.0.4: + resolution: {integrity: sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==} + engines: {iojs: '>=1.0.0', node: '>=0.10.0'} + + rimraf@2.6.3: + resolution: {integrity: sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==} + deprecated: Rimraf versions prior to v4 are no longer supported + hasBin: true + + rimraf@2.7.1: + resolution: {integrity: sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==} + deprecated: Rimraf versions prior to v4 are no longer supported + hasBin: true + + rimraf@3.0.2: + resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==} + deprecated: Rimraf versions prior to v4 are no longer supported + hasBin: true + + rollup@4.18.1: + resolution: {integrity: sha512-Elx2UT8lzxxOXMpy5HWQGZqkrQOtrVDDa/bm9l10+U4rQnVzbL/LgZ4NOM1MPIDyHk69W4InuYDF5dzRh4Kw1A==} + engines: {node: '>=18.0.0', npm: '>=8.0.0'} + hasBin: true + + rrweb-cssom@0.6.0: + resolution: {integrity: sha512-APM0Gt1KoXBz0iIkkdB/kfvGOwC4UuJFeG/c+yV7wSc7q96cG/kJ0HiYCnzivD9SB53cLV1MlHFNfOuPaadYSw==} + + rrweb-cssom@0.7.1: + resolution: {integrity: sha512-TrEMa7JGdVm0UThDJSx7ddw5nVm3UJS9o9CCIZ72B1vSyEZoziDqBYP3XIoi/12lKrJR8rE3jeFHMok2F/Mnsg==} + + run-parallel@1.2.0: + resolution: {integrity: sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==} + + rusha@0.8.14: + resolution: {integrity: sha512-cLgakCUf6PedEu15t8kbsjnwIFFR2D4RfL+W3iWFJ4iac7z4B0ZI8fxy4R3J956kAI68HclCFGL8MPoUVC3qVA==} + + sade@1.8.1: + resolution: {integrity: sha512-xal3CZX1Xlo/k4ApwCFrHVACi9fBqJ7V+mwhBsuf/1IOKbBy098Fex+Wa/5QMubw09pSZ/u8EY8PWgevJsXp1A==} + engines: {node: '>=6'} + + safe-buffer@5.2.1: + resolution: {integrity: sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==} + + safer-buffer@2.1.2: + resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==} + + sander@0.5.1: + resolution: {integrity: sha512-3lVqBir7WuKDHGrKRDn/1Ye3kwpXaDOMsiRP1wd6wpZW56gJhsbp5RqQpA6JG/P+pkXizygnr1dKR8vzWaVsfA==} + + saxes@6.0.0: + resolution: {integrity: sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==} + engines: {node: '>=v12.22.7'} + + scheduler@0.23.2: + resolution: {integrity: sha512-UOShsPwz7NrMUqhR6t0hWjFduvOzbtv7toDH1/hIrfRNIDBnnBWd0CwJTGvTpngVlmwGCdP9/Zl/tVrDqcuYzQ==} + + semver@5.7.2: + resolution: {integrity: sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g==} + hasBin: true + + semver@6.3.1: + resolution: {integrity: sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==} + hasBin: true + + semver@7.6.3: + resolution: {integrity: sha512-oVekP1cKtI+CTDvHWYFUcMtsK/00wmAEfyqKfNdARm8u1wNVhSgaX7A8d4UuIlUI5e84iEwOhs7ZPYRmzU9U6A==} + engines: {node: '>=10'} + hasBin: true + + send@0.18.0: + resolution: {integrity: sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==} + engines: {node: '>= 0.8.0'} + + seroval@0.5.1: + resolution: {integrity: sha512-ZfhQVB59hmIauJG5Ydynupy8KHyr5imGNtdDhbZG68Ufh1Ynkv9KOYOAABf71oVbQxJ8VkWnMHAjEHE7fWkH5g==} + engines: {node: '>=10'} + + serve-static@1.15.0: + resolution: {integrity: sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==} + engines: {node: '>= 0.8.0'} + + set-cookie-parser@2.6.0: + resolution: {integrity: sha512-RVnVQxTXuerk653XfuliOxBP81Sf0+qfQE73LIYKcyMYHG94AuH0kgrQpRDuTZnSmjpysHmzxJXKNfa6PjFhyQ==} + + set-function-length@1.2.2: + resolution: {integrity: sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==} + engines: {node: '>= 0.4'} + + setprototypeof@1.2.0: + resolution: {integrity: sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==} + + sha.js@2.4.11: + resolution: {integrity: sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==} + hasBin: true + + shallow-clone@3.0.1: + resolution: {integrity: sha512-/6KqX+GVUdqPuPPd2LxDDxzX6CAbjJehAAOKlNpqqUpAqPM6HeL8f+o3a+JsyGjn2lv0WY8UsTgUJjU9Ok55NA==} + engines: {node: '>=8'} + + shebang-command@2.0.0: + resolution: {integrity: sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==} + engines: {node: '>=8'} + + shebang-regex@3.0.0: + resolution: {integrity: sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==} + engines: {node: '>=8'} + + side-channel@1.0.6: + resolution: {integrity: sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==} + engines: {node: '>= 0.4'} + + siginfo@2.0.0: + resolution: {integrity: sha512-ybx0WO1/8bSBLEWXZvEd7gMW3Sn3JFlW3TvX1nREbDLRNQNaeNN8WK0meBwPdAaOI7TtRRRJn/Es1zhrrCHu7g==} + + signal-exit@3.0.7: + resolution: {integrity: sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==} + + signal-exit@4.1.0: + resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==} + engines: {node: '>=14'} + + sirv@2.0.4: + resolution: {integrity: sha512-94Bdh3cC2PKrbgSOUqTiGPWVZeSiXfKOVZNJniWoqrWrRkB1CJzBU3NEbiTsPcYy1lDsANA/THzS+9WBiy5nfQ==} + engines: {node: '>= 10'} + + sisteransi@1.0.5: + resolution: {integrity: sha512-bLGGlR1QxBcynn2d5YmDX4MGjlZvy2MRBDRNHLJ8VI6l6+9FUiyTFNJ0IveOSP0bcXgVDPRcfGqA0pjaqUpfVg==} + + slash@3.0.0: + resolution: {integrity: sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==} + engines: {node: '>=8'} + + slash@5.1.0: + resolution: {integrity: sha512-ZA6oR3T/pEyuqwMgAKT0/hAv8oAXckzbkmR0UkUosQ+Mc4RxGoJkRmwHgHufaenlyAgE1Mxgpdcrf75y6XcnDg==} + engines: {node: '>=14.16'} + + solid-js@1.6.12: + resolution: {integrity: sha512-JFqRobfG3q5r1l4RYVOAukk6+FWtHpXGIjgh/GEsHKweN/kK+iHOtzUALE6+P5t/jIcSNeGiVitX8gmJg+cYvQ==} + + solid-js@1.7.11: + resolution: {integrity: sha512-JkuvsHt8jqy7USsy9xJtT18aF9r2pFO+GB8JQ2XGTvtF49rGTObB46iebD25sE3qVNvIbwglXOXdALnJq9IHtQ==} + + sorcery@0.11.1: + resolution: {integrity: sha512-o7npfeJE6wi6J9l0/5LKshFzZ2rMatRiCDwYeDQaOzqdzRJwALhX7mk/A/ecg6wjMu7wdZbmXfD2S/vpOg0bdQ==} + hasBin: true + + source-map-js@1.2.0: + resolution: {integrity: sha512-itJW8lvSA0TXEphiRoawsCksnlf8SyvmFzIhltqAHluXd88pkCd+cXJVHTDwdCr0IzwptSm035IHQktUu1QUMg==} + engines: {node: '>=0.10.0'} + + source-map-support@0.5.21: + resolution: {integrity: sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==} + + source-map@0.6.1: + resolution: {integrity: sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==} + engines: {node: '>=0.10.0'} + + space-separated-tokens@2.0.2: + resolution: {integrity: sha512-PEGlAwrG8yXGXRjW32fGbg66JAlOAwbObuqVoJpv/mRgoWDQfgH1wDPvtzWyUSNAXBGSk8h755YDbbcEy3SH2Q==} + + stackback@0.0.2: + resolution: {integrity: sha512-1XMJE5fQo1jGH6Y/7ebnwPOBEkIEnT4QF32d5R1+VXdXveM0IBMJt8zfaxX1P3QhVwrYe+576+jkANtSS2mBbw==} + + statuses@2.0.1: + resolution: {integrity: sha512-RwNA9Z/7PrK06rYLIzFMlaF+l73iwpzsqRIFgbMLbTcLD6cOao82TaWefPXQvB2fOC4AjuYSEndS7N/mTCbkdQ==} + engines: {node: '>= 0.8'} + + std-env@3.7.0: + resolution: {integrity: sha512-JPbdCEQLj1w5GilpiHAx3qJvFndqybBysA3qUOnznweH4QbNYUsW/ea8QzSrnh0vNsezMMw5bcVool8lM0gwzg==} + + storybook@8.2.4: + resolution: {integrity: sha512-ASavW8vIHiWpFY+4M6ngeqK5oL4OkxqdpmQYxvRqH0gA1G1hfq/vmDw4YC4GnqKwyWPQh2kaV5JFurKZVaeaDQ==} + hasBin: true + + string-width@4.2.3: + resolution: {integrity: sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==} + engines: {node: '>=8'} + + string-width@5.1.2: + resolution: {integrity: sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==} + engines: {node: '>=12'} + + string_decoder@1.3.0: + resolution: {integrity: sha512-hkRX8U1WjJFd8LsDJ2yQ/wWWxaopEsABU1XfkM8A+j0+85JAGppt16cr1Whg6KIbb4okU6Mql6BOj+uup/wKeA==} + + strip-ansi@6.0.1: + resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==} + engines: {node: '>=8'} + + strip-ansi@7.1.0: + resolution: {integrity: sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==} + engines: {node: '>=12'} + + strip-final-newline@2.0.0: + resolution: {integrity: sha512-BrpvfNAE3dcvq7ll3xVumzjKjZQ5tI1sEUIKr3Uoks0XUl45St3FlatVqef9prk4jRDzhW6WZg+3bk93y6pLjA==} + engines: {node: '>=6'} + + strip-final-newline@3.0.0: + resolution: {integrity: sha512-dOESqjYr96iWYylGObzd39EuNTa5VJxyvVAEm5Jnh7KGo75V43Hk1odPQkNDyXNmUR6k+gEiDVXnjB8HJ3crXw==} + engines: {node: '>=12'} + + strip-indent@3.0.0: + resolution: {integrity: sha512-laJTa3Jb+VQpaC6DseHhF7dXVqHTfJPCRDaEbid/drOhgitgYku/letMUqOXFoWV0zIIUbjpdH2t+tYj4bQMRQ==} + engines: {node: '>=8'} + + strip-json-comments@3.1.1: + resolution: {integrity: sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==} + engines: {node: '>=8'} + + strip-literal@2.1.0: + resolution: {integrity: sha512-Op+UycaUt/8FbN/Z2TWPBLge3jWrP3xj10f3fnYxf052bKuS3EKs1ZQcVGjnEMdsNVAM+plXRdmjrZ/KgG3Skw==} + + sucrase@3.35.0: + resolution: {integrity: sha512-8EbVDiu9iN/nESwxeSxDKe0dunta1GOlHufmSSXxMD2z2/tMZpDMpvXQGsc+ajGo8y2uYUmixaSRUc/QPoQ0GA==} + engines: {node: '>=16 || 14 >=14.17'} + hasBin: true + + superstruct@2.0.2: + resolution: {integrity: sha512-uV+TFRZdXsqXTL2pRvujROjdZQ4RAlBUS5BTh9IGm+jTqQntYThciG/qu57Gs69yjnVUSqdxF9YLmSnpupBW9A==} + engines: {node: '>=14.0.0'} + + supports-color@5.5.0: + resolution: {integrity: sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==} + engines: {node: '>=4'} + + supports-color@7.2.0: + resolution: {integrity: sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==} + engines: {node: '>=8'} + + supports-preserve-symlinks-flag@1.0.0: + resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==} + engines: {node: '>= 0.4'} + + svelte-check@3.8.4: + resolution: {integrity: sha512-61aHMkdinWyH8BkkTX9jPLYxYzaAAz/FK/VQqdr2FiCQQ/q04WCwDlpGbHff1GdrMYTmW8chlTFvRWL9k0A8vg==} + hasBin: true + peerDependencies: + svelte: ^3.55.0 || ^4.0.0-next.0 || ^4.0.0 || ^5.0.0-next.0 + + svelte-eslint-parser@0.40.0: + resolution: {integrity: sha512-M+v1HhC5T1WKYVxWexUCS4o6oIBS88XKzOZuhl2ew+eGxol7eC21e+VE8TC4rXJ3iT3iXT0qlZsZcpKjVo5/zQ==} + engines: {node: ^12.22.0 || ^14.17.0 || >=16.0.0} + peerDependencies: + svelte: ^3.37.0 || ^4.0.0 || ^5.0.0-next.181 + peerDependenciesMeta: + svelte: + optional: true + + svelte-hmr@0.16.0: + resolution: {integrity: sha512-Gyc7cOS3VJzLlfj7wKS0ZnzDVdv3Pn2IuVeJPk9m2skfhcu5bq3wtIZyQGggr7/Iim5rH5cncyQft/kRLupcnA==} + engines: {node: ^12.20 || ^14.13.1 || >= 16} + peerDependencies: + svelte: ^3.19.0 || ^4.0.0 + + svelte-multiselect@10.3.0: + resolution: {integrity: sha512-Pyvlcn4TK3dB2WWo6hDEeNH+x2O/DP82UuUf61PQFX8KMB3cm1Cam+zTKrcrOoRRVI2SwH/8dPF8hSTfJFaMmA==} + + svelte-persisted-store@0.11.0: + resolution: {integrity: sha512-9RgJ5DrawGyyfK22A80cfu8Jose3CV8YjEZKz9Tn94rQ0tWyEmYr+XI+wrVF6wjRbW99JMDSVcFRiM3XzVJj/w==} + engines: {node: '>=0.14'} + peerDependencies: + svelte: ^3.48.0 || ^4.0.0 || ^5.0.0-next.0 + + svelte-preprocess@5.1.4: + resolution: {integrity: sha512-IvnbQ6D6Ao3Gg6ftiM5tdbR6aAETwjhHV+UKGf5bHGYR69RQvF1ho0JKPcbUON4vy4R7zom13jPjgdOWCQ5hDA==} + engines: {node: '>= 16.0.0'} + peerDependencies: + '@babel/core': ^7.10.2 + coffeescript: ^2.5.1 + less: ^3.11.3 || ^4.0.0 + postcss: ^7 || ^8 + postcss-load-config: ^2.1.0 || ^3.0.0 || ^4.0.0 || ^5.0.0 + pug: ^3.0.0 + sass: ^1.26.8 + stylus: ^0.55.0 + sugarss: ^2.0.0 || ^3.0.0 || ^4.0.0 + svelte: ^3.23.0 || ^4.0.0-next.0 || ^4.0.0 || ^5.0.0-next.0 + typescript: '>=3.9.5 || ^4.0.0 || ^5.0.0' + peerDependenciesMeta: + '@babel/core': + optional: true + coffeescript: + optional: true + less: + optional: true + postcss: + optional: true + postcss-load-config: + optional: true + pug: + optional: true + sass: + optional: true + stylus: + optional: true + sugarss: + optional: true + typescript: + optional: true + + svelte-typewriter@3.2.3: + resolution: {integrity: sha512-762k01kIU+IyXfe5f2MEYQ1yIfJZfueAEmJNbO36cxJG56/vciHiWacPQLnSECK/4cvlH/Ll1Mv6B45InMJ1zg==} + peerDependencies: + svelte: '>=3.47.x' + + svelte@4.2.12: + resolution: {integrity: sha512-d8+wsh5TfPwqVzbm4/HCXC783/KPHV60NvwitJnyTA5lWn1elhXMNWhXGCJ7PwPa8qFUnyJNIyuIRt2mT0WMug==} + engines: {node: '>=16'} + + svelte@4.2.18: + resolution: {integrity: sha512-d0FdzYIiAePqRJEb90WlJDkjUEx42xhivxN8muUBmfZnP+tzUgz12DJ2hRJi8sIHCME7jeK1PTMgKPSfTd8JrA==} + engines: {node: '>=16'} + + sveltedoc-parser@4.2.1: + resolution: {integrity: sha512-sWJRa4qOfRdSORSVw9GhfDEwsbsYsegnDzBevUCF6k/Eis/QqCu9lJ6I0+d/E2wOWCjOhlcJ3+jl/Iur+5mmCw==} + engines: {node: '>=10.0.0'} + + sveltekit-flash-message@2.4.4: + resolution: {integrity: sha512-CFN03chH/FMEJcBZ/8zKm7RqGee/pwb57Spbbx8QCQPhe7N9ofZHd9iYV2vVy4E9glBo/oQ1IG7VQje6L092wg==} + peerDependencies: + '@sveltejs/kit': 1.x || 2.x + svelte: 3.x || 4.x || >=5.0.0-next.51 + + sveltekit-rate-limiter@0.5.2: + resolution: {integrity: sha512-7CELKmTffNjj0i/RUxT9SKYFA9IO/tQabjgT39clOlkKvlcGozNy8nqoIx+24amWfqEqC/WXYMEIek04PiFdyA==} + peerDependencies: + '@sveltejs/kit': 1.x || 2.x + + sveltekit-superforms@2.16.1: + resolution: {integrity: sha512-RNBdN43xge/ADmc3s7+pfdnRGuZ9gZiqpX6VKAQCnCI+ICc5rrPv5idYbx4iuY1Ia0lRMAq1hP0x2oHaPjB+Kg==} + peerDependencies: + '@sveltejs/kit': 1.x || 2.x + svelte: 3.x || 4.x || >=5.0.0-next.51 + + symbol-tree@3.2.4: + resolution: {integrity: sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==} + + tailwindcss@3.4.6: + resolution: {integrity: sha512-1uRHzPB+Vzu57ocybfZ4jh5Q3SdlH7XW23J5sQoM9LhE9eIOlzxer/3XPSsycvih3rboRsvt0QCmzSrqyOYUIA==} + engines: {node: '>=14.0.0'} + hasBin: true + + tar@6.2.1: + resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} + engines: {node: '>=10'} + + telejson@7.2.0: + resolution: {integrity: sha512-1QTEcJkJEhc8OnStBx/ILRu5J2p0GjvWsBx56bmZRqnrkdBMUe+nX92jxV+p3dB4CP6PZCdJMQJwCggkNBMzkQ==} + + temp-dir@3.0.0: + resolution: {integrity: sha512-nHc6S/bwIilKHNRgK/3jlhDoIHcp45YgyiwcAk46Tr0LfEqGBVpmiAyuiuxeVE44m3mXnEeVhaipLOEWmH+Njw==} + engines: {node: '>=14.16'} + + temp@0.8.4: + resolution: {integrity: sha512-s0ZZzd0BzYv5tLSptZooSjK8oj6C+c19p7Vqta9+6NPOf7r+fxq0cJe6/oN4LTC79sy5NY8ucOJNgwsKCSbfqg==} + engines: {node: '>=6.0.0'} + + tempy@3.1.0: + resolution: {integrity: sha512-7jDLIdD2Zp0bDe5r3D2qtkd1QOCacylBuL7oa4udvN6v2pqr4+LcCr67C8DR1zkpaZ8XosF5m1yQSabKAW6f2g==} + engines: {node: '>=14.16'} + + test-exclude@6.0.0: + resolution: {integrity: sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==} + engines: {node: '>=8'} + + text-table@0.2.0: + resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==} + + thenify-all@1.6.0: + resolution: {integrity: sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==} + engines: {node: '>=0.8'} + + thenify@3.3.1: + resolution: {integrity: sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==} + + throttle-debounce@5.0.2: + resolution: {integrity: sha512-B71/4oyj61iNH0KeCamLuE2rmKuTO5byTOSVwECM5FA7TiAiAW+UqTKZ9ERueC4qvgSttUhdmq1mXC3kJqGX7A==} + engines: {node: '>=12.22'} + + tiny-case@1.0.3: + resolution: {integrity: sha512-Eet/eeMhkO6TX8mnUteS9zgPbUMQa4I6Kkp5ORiBD5476/m+PIRiumP5tmh5ioJpH7k51Kehawy2UDfsnxxY8Q==} + + tiny-glob@0.2.9: + resolution: {integrity: sha512-g/55ssRPUjShh+xkfx9UPDXqhckHEsHr4Vd9zX55oSdGZc/MD0m3sferOkwWtp98bv+kcVfEHtRJgBVJzelrzg==} + + tiny-invariant@1.3.3: + resolution: {integrity: sha512-+FbBPE1o9QAYvviau/qC5SE3caw21q3xkvWKBtja5vgqOWIHHJ3ioaq1VPfn/Szqctz2bU/oYeKd9/z5BL+PVg==} + + tinybench@2.8.0: + resolution: {integrity: sha512-1/eK7zUnIklz4JUUlL+658n58XO2hHLQfSk1Zf2LKieUjxidN16eKFEoDEfjHc3ohofSSqK3X5yO6VGb6iW8Lw==} + + tinypool@0.8.4: + resolution: {integrity: sha512-i11VH5gS6IFeLY3gMBQ00/MmLncVP7JLXOw1vlgkytLmJK7QnEr7NXf0LBdxfmNPAeyetukOk0bOYrJrFGjYJQ==} + engines: {node: '>=14.0.0'} + + tinyspy@2.2.1: + resolution: {integrity: sha512-KYad6Vy5VDWV4GH3fjpseMQ/XU2BhIYP7Vzd0LG44qRWm/Yt2WCOTicFdvmgo6gWaqooMQCawTtILVQJupKu7A==} + engines: {node: '>=14.0.0'} + + to-fast-properties@2.0.0: + resolution: {integrity: sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==} + engines: {node: '>=4'} + + to-regex-range@5.0.1: + resolution: {integrity: sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==} + engines: {node: '>=8.0'} + + toidentifier@1.0.1: + resolution: {integrity: sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==} + engines: {node: '>=0.6'} + + toposort@2.0.2: + resolution: {integrity: sha512-0a5EOkAUp8D4moMi2W8ZF8jcga7BgZd91O/yabJCFY8az+XSzeGyTKs0Aoo897iV1Nj6guFq8orWDS96z91oGg==} + + totalist@3.0.1: + resolution: {integrity: sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==} + engines: {node: '>=6'} + + tough-cookie@4.1.4: + resolution: {integrity: sha512-Loo5UUvLD9ScZ6jh8beX1T6sO1w2/MpCRpEP7V280GKMVUQ0Jzar2U3UJPsrdbziLEMMhu3Ujnq//rhiFuIeag==} + engines: {node: '>=6'} + + tr46@5.0.0: + resolution: {integrity: sha512-tk2G5R2KRwBd+ZN0zaEXpmzdKyOYksXwywulIX95MBODjSzMIuQnQ3m8JxgbhnL1LeVo7lqQKsYa1O3Htl7K5g==} + engines: {node: '>=18'} + + ts-algebra@2.0.0: + resolution: {integrity: sha512-FPAhNPFMrkwz76P7cdjdmiShwMynZYN6SgOujD1urY4oNm80Ou9oMdmbR45LotcKOXoy7wSmHkRFE6Mxbrhefw==} + + ts-api-utils@1.3.0: + resolution: {integrity: sha512-UQMIo7pb8WRomKR1/+MFVLTroIvDVtMX3K6OUir8ynLyzB8Jeriont2bTAtmNPa1ekAgN7YPDyf6V+ygrdU+eQ==} + engines: {node: '>=16'} + peerDependencies: + typescript: '>=4.2.0' + + ts-dedent@2.2.0: + resolution: {integrity: sha512-q5W7tVM71e2xjHZTlgfTDoPF/SmqKG5hddq9SzR49CH2hayqRKJtQ4mtRlSxKaJlR/+9rEM+mnBHf7I2/BQcpQ==} + engines: {node: '>=6.10'} + + ts-deepmerge@7.0.1: + resolution: {integrity: sha512-JBFCmNenZdUCc+TRNCtXVM6N8y/nDQHAcpj5BlwXG/gnogjam1NunulB9ia68mnqYI446giMfpqeBFFkOleh+g==} + engines: {node: '>=14.13.1'} + + ts-interface-checker@0.1.13: + resolution: {integrity: sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==} + + tslib@1.14.1: + resolution: {integrity: sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==} + + tslib@2.3.0: + resolution: {integrity: sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==} + + tslib@2.4.0: + resolution: {integrity: sha512-d6xOpEDfsi2CZVlPQzGeux8XMwLT9hssAsaPYExaQMuYskwb+x1x7J371tWlbBdWHroy99KnVB6qIkUbs5X3UQ==} + + tslib@2.6.3: + resolution: {integrity: sha512-xNvxJEOUiWPGhUuUdQgAJPKOOJfGnIyKySOc09XkKsgdUV/3E2zvwZYdejjmRgPCgcym1juLH3226yA7sEFJKQ==} + + tsutils@3.21.0: + resolution: {integrity: sha512-mHKK3iUXL+3UF6xL5k0PEhKRUBKPBCv/+RkEOpjRWxxx27KKRBmmA60A9pgOUvMi8GKhRMPEmjBRPzs2W7O1OA==} + engines: {node: '>= 6'} + peerDependencies: + typescript: '>=2.8.0 || >= 3.2.0-dev || >= 3.3.0-dev || >= 3.4.0-dev || >= 3.5.0-dev || >= 3.6.0-dev || >= 3.6.0-beta || >= 3.7.0-dev || >= 3.7.0-beta' + + type-check@0.4.0: + resolution: {integrity: sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==} + engines: {node: '>= 0.8.0'} + + type-detect@4.0.8: + resolution: {integrity: sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==} + engines: {node: '>=4'} + + type-fest@0.20.2: + resolution: {integrity: sha512-Ne+eE4r0/iWnpAxD852z3A+N0Bt5RN//NjJwRd2VFHEmrywxf5vsZlh4R6lixl6B+wz/8d+maTSAkN1FIkI3LQ==} + engines: {node: '>=10'} + + type-fest@1.4.0: + resolution: {integrity: sha512-yGSza74xk0UG8k+pLh5oeoYirvIiWo5t0/o3zHHAO2tRDiZcxWP7fywNlXhqb6/r6sWvwi+RsyQMWhVLe4BVuA==} + engines: {node: '>=10'} + + type-fest@2.19.0: + resolution: {integrity: sha512-RAH822pAdBgcNMAfWnCBU3CFZcfZ/i1eZjwFU/dsLKumyuuP3niueg2UAukXYF0E2AAoc82ZSSf9J0WQBinzHA==} + engines: {node: '>=12.20'} + + type-is@1.6.18: + resolution: {integrity: sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==} + engines: {node: '>= 0.6'} + + typescript@5.5.3: + resolution: {integrity: sha512-/hreyEujaB0w76zKo6717l3L0o/qEUtRgdvUBvlkhoWeOVMjMuHNHk0BRBzikzuGDqNmPQbg5ifMEqsHLiIUcQ==} + engines: {node: '>=14.17'} + hasBin: true + + ufo@1.5.4: + resolution: {integrity: sha512-UsUk3byDzKd04EyoZ7U4DOlxQaD14JUKQl6/P7wiX4FNvUfm3XL246n9W5AmqwW5RSFJ27NAuM0iLscAOYUiGQ==} + + undici-types@5.26.5: + resolution: {integrity: sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA==} + + unicode-canonical-property-names-ecmascript@2.0.0: + resolution: {integrity: sha512-yY5PpDlfVIU5+y/BSCxAJRBIS1Zc2dDG3Ujq+sR0U+JjUevW2JhocOF+soROYDSaAezOzOKuyyixhD6mBknSmQ==} + engines: {node: '>=4'} + + unicode-match-property-ecmascript@2.0.0: + resolution: {integrity: sha512-5kaZCrbp5mmbz5ulBkDkbY0SsPOjKqVS35VpL9ulMPfSl0J0Xsm+9Evphv9CoIZFwre7aJoa94AY6seMKGVN5Q==} + engines: {node: '>=4'} + + unicode-match-property-value-ecmascript@2.1.0: + resolution: {integrity: sha512-qxkjQt6qjg/mYscYMC0XKRn3Rh0wFPlfxB0xkt9CfyTvpX1Ra0+rAmdX2QyAobptSEvuy4RtpPRui6XkV+8wjA==} + engines: {node: '>=4'} + + unicode-property-aliases-ecmascript@2.1.0: + resolution: {integrity: sha512-6t3foTQI9qne+OZoVQB/8x8rk2k1eVy1gRXhV3oFQ5T6R1dqQ1xtin3XqSlx3+ATBkliTaR/hHyJBm+LVPNM8w==} + engines: {node: '>=4'} + + unicorn-magic@0.1.0: + resolution: {integrity: sha512-lRfVq8fE8gz6QMBuDM6a+LO3IAzTi05H6gCVaUpir2E1Rwpo4ZUog45KpNXKC/Mn3Yb9UDuHumeFTo9iV/D9FQ==} + engines: {node: '>=18'} + + unique-string@3.0.0: + resolution: {integrity: sha512-VGXBUVwxKMBUznyffQweQABPRRW1vHZAbadFZud4pLFAqRGvv/96vafgjWFqzourzr8YonlQiPgH0YCJfawoGQ==} + engines: {node: '>=12'} + + unist-util-is@6.0.0: + resolution: {integrity: sha512-2qCTHimwdxLfz+YzdGfkqNlH0tLi9xjTnHddPmJwtIG9MGsdbutfTc4P+haPD7l7Cjxf/WZj+we5qfVPvvxfYw==} + + unist-util-visit-parents@6.0.1: + resolution: {integrity: sha512-L/PqWzfTP9lzzEa6CKs0k2nARxTdZduw3zyh8d2NVBnsyvHjSX4TWse388YrrQKbvI8w20fGjGlhgT96WwKykw==} + + unist-util-visit@5.0.0: + resolution: {integrity: sha512-MR04uvD+07cwl/yhVuVWAtw+3GOR/knlL55Nd/wAdblk27GCVt3lqpTivy/tkJcZoNPzTwS1Y+KMojlLDhoTzg==} + + universal-github-app-jwt@1.1.2: + resolution: {integrity: sha512-t1iB2FmLFE+yyJY9+3wMx0ejB+MQpEVkH0gQv7dR6FZyltyq+ZZO0uDpbopxhrZ3SLEO4dCEkIujOMldEQ2iOA==} + + universal-user-agent@6.0.1: + resolution: {integrity: sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ==} + + universalify@0.2.0: + resolution: {integrity: sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==} + engines: {node: '>= 4.0.0'} + + universalify@2.0.1: + resolution: {integrity: sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw==} + engines: {node: '>= 10.0.0'} + + unpipe@1.0.0: + resolution: {integrity: sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==} + engines: {node: '>= 0.8'} + + unplugin@1.11.0: + resolution: {integrity: sha512-3r7VWZ/webh0SGgJScpWl2/MRCZK5d3ZYFcNaeci/GQ7Teop7zf0Nl2pUuz7G21BwPd9pcUPOC5KmJ2L3WgC5g==} + engines: {node: '>=14.0.0'} + + unplugin@1.5.1: + resolution: {integrity: sha512-0QkvG13z6RD+1L1FoibQqnvTwVBXvS4XSPwAyinVgoOCl2jAgwzdUKmEj05o4Lt8xwQI85Hb6mSyYkcAGwZPew==} + + update-browserslist-db@1.1.0: + resolution: {integrity: sha512-EdRAaAyk2cUE1wOf2DkEhzxqOQvFOoRJFNS6NeyJ01Gp2beMRpBAINjM2iDXE3KCuKhwnvHIQCJm6ThL2Z+HzQ==} + hasBin: true + peerDependencies: + browserslist: '>= 4.21.0' + + uri-js@4.4.1: + resolution: {integrity: sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==} + + url-parse@1.5.10: + resolution: {integrity: sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==} + + util-deprecate@1.0.2: + resolution: {integrity: sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==} + + util@0.12.5: + resolution: {integrity: sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA==} + + utils-merge@1.0.1: + resolution: {integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==} + engines: {node: '>= 0.4.0'} + + uuid@9.0.1: + resolution: {integrity: sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==} + hasBin: true + + v8-compile-cache@2.4.0: + resolution: {integrity: sha512-ocyWc3bAHBB/guyqJQVI5o4BZkPhznPYUG2ea80Gond/BgNWpap8TOmLSeeQG7bnh2KMISxskdADG59j7zruhw==} + + valibot@0.31.1: + resolution: {integrity: sha512-2YYIhPrnVSz/gfT2/iXVTrSj92HwchCt9Cga/6hX4B26iCz9zkIsGTS0HjDYTZfTi1Un0X6aRvhBi1cfqs/i0Q==} + + valibot@0.35.0: + resolution: {integrity: sha512-+i2aCRkReTrd5KBN/dW2BrPOvFnU5LXTV2xjZnjnqUIO8YUx6P2+MgRrkwF2FhkexgyKq/NIZdPdknhHf5A/Ww==} + + validator@13.12.0: + resolution: {integrity: sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg==} + engines: {node: '>= 0.10'} + + vary@1.1.2: + resolution: {integrity: sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==} + engines: {node: '>= 0.8'} + + vite-node@1.6.0: + resolution: {integrity: sha512-de6HJgzC+TFzOu0NTC4RAIsyf/DY/ibWDYQUcuEA84EMHhcefTUGkjFHKKEJhQN4A+6I0u++kr3l36ZF2d7XRw==} + engines: {node: ^18.0.0 || >=20.0.0} + hasBin: true + + vite-plugin-tailwind-purgecss@0.3.3: + resolution: {integrity: sha512-fsTAzcSdFKrhLxX8zTq3zaTFjk+APmJWOAy+1ujsmxkh9y8hIvM81dWEgdXK1k7suQjns+b7JsoIUkHpxLf5UA==} + peerDependencies: + tailwindcss: ^3.3.0 + vite: ^4.1.1 || ^5.0.0 + + vite@5.3.4: + resolution: {integrity: sha512-Cw+7zL3ZG9/NZBB8C+8QbQZmR54GwqIz+WMI4b3JgdYJvX+ny9AjJXqkGQlDXSXRP9rP0B4tbciRMOVEKulVOA==} + engines: {node: ^18.0.0 || >=20.0.0} + hasBin: true + peerDependencies: + '@types/node': ^18.0.0 || >=20.0.0 + less: '*' + lightningcss: ^1.21.0 + sass: '*' + stylus: '*' + sugarss: '*' + terser: ^5.4.0 + peerDependenciesMeta: + '@types/node': + optional: true + less: + optional: true + lightningcss: + optional: true + sass: + optional: true + stylus: + optional: true + sugarss: + optional: true + terser: + optional: true + + vitefu@0.2.5: + resolution: {integrity: sha512-SgHtMLoqaeeGnd2evZ849ZbACbnwQCIwRH57t18FxcXoZop0uQu0uzlIhJBlF/eWVzuce0sHeqPcDo+evVcg8Q==} + peerDependencies: + vite: ^3.0.0 || ^4.0.0 || ^5.0.0 + peerDependenciesMeta: + vite: + optional: true + + vitest@1.6.0: + resolution: {integrity: sha512-H5r/dN06swuFnzNFhq/dnz37bPXnq8xB2xB5JOVk8K09rUtoeNN+LHWkoQ0A/i3hvbUKKcCei9KpbxqHMLhLLA==} + engines: {node: ^18.0.0 || >=20.0.0} + hasBin: true + peerDependencies: + '@edge-runtime/vm': '*' + '@types/node': ^18.0.0 || >=20.0.0 + '@vitest/browser': 1.6.0 + '@vitest/ui': 1.6.0 + happy-dom: '*' + jsdom: '*' + peerDependenciesMeta: + '@edge-runtime/vm': + optional: true + '@types/node': + optional: true + '@vitest/browser': + optional: true + '@vitest/ui': + optional: true + happy-dom: + optional: true + jsdom: + optional: true + + w3c-xmlserializer@5.0.0: + resolution: {integrity: sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==} + engines: {node: '>=18'} + + walk-up-path@3.0.1: + resolution: {integrity: sha512-9YlCL/ynK3CTlrSRrDxZvUauLzAswPCrsaCgilqFevUYpeEW0/3ScEjaa3kbW/T0ghhkEr7mv+fpjqn1Y1YuTA==} + + wcwidth@1.0.1: + resolution: {integrity: sha512-XHPEwS0q6TaxcvG85+8EYkbiCux2XtWG2mkc47Ng2A77BQu9+DqIOJldST4HgPkuea7dvKSj5VgX3P1d4rW8Tg==} + + webidl-conversions@7.0.0: + resolution: {integrity: sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==} + engines: {node: '>=12'} + + webpack-sources@3.2.3: + resolution: {integrity: sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==} + engines: {node: '>=10.13.0'} + + webpack-virtual-modules@0.6.2: + resolution: {integrity: sha512-66/V2i5hQanC51vBQKPH4aI8NMAcBW59FVBs+rC7eGHupMyfn34q7rZIE+ETlJ+XTevqfUhVVBgSUNSW2flEUQ==} + + whatwg-encoding@3.1.1: + resolution: {integrity: sha512-6qN4hJdMwfYBtE3YBTTHhoeuUrDBPZmbQaxWAqSALV/MeEnR5z1xd8UKud2RAkFoPkmB+hli1TZSnyi84xz1vQ==} + engines: {node: '>=18'} + + whatwg-mimetype@4.0.0: + resolution: {integrity: sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==} + engines: {node: '>=18'} + + whatwg-url@14.0.0: + resolution: {integrity: sha512-1lfMEm2IEr7RIV+f4lUNPOqfFL+pO+Xw3fJSqmjX9AbXcXcYOkCe1P6+9VBZB6n94af16NfZf+sSk0JCBZC9aw==} + engines: {node: '>=18'} + + which-typed-array@1.1.15: + resolution: {integrity: sha512-oV0jmFtUky6CXfkqehVvBP/LSWJ2sy4vWMioiENyJLePrBO/yKyV9OyJySfAKosh+RYkIl5zJCNZ8/4JncrpdA==} + engines: {node: '>= 0.4'} + + which@2.0.2: + resolution: {integrity: sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==} + engines: {node: '>= 8'} + hasBin: true + + why-is-node-running@2.3.0: + resolution: {integrity: sha512-hUrmaWBdVDcxvYqnyh09zunKzROWjbZTiNy8dBEjkS7ehEDQibXJ7XvlmtbwuTclUiIyN+CyXQD4Vmko8fNm8w==} + engines: {node: '>=8'} + hasBin: true + + word-wrap@1.2.5: + resolution: {integrity: sha512-BN22B5eaMMI9UMtjrGd5g5eCYPpCPDUy0FJXbYsaT5zYxjFOckS53SQDE3pWkVoWpHXVb3BrYcEN4Twa55B5cA==} + engines: {node: '>=0.10.0'} + + wrap-ansi@7.0.0: + resolution: {integrity: sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==} + engines: {node: '>=10'} + + wrap-ansi@8.1.0: + resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==} + engines: {node: '>=12'} + + wrappy@1.0.2: + resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} + + write-file-atomic@2.4.3: + resolution: {integrity: sha512-GaETH5wwsX+GcnzhPgKcKjJ6M2Cq3/iZp1WyY/X1CSqrW+jVNM9Y7D8EC2sM4ZG/V8wZlSniJnCKWPmBYAucRQ==} + + ws@8.18.0: + resolution: {integrity: sha512-8VbfWfHLbbwu3+N6OKsOMpBdT4kXPDDB9cJk2bJ6mh9ucxdlnNvH1e+roYkKmN9Nxw2yjz7VzeO9oOz2zJ04Pw==} + engines: {node: '>=10.0.0'} + peerDependencies: + bufferutil: ^4.0.1 + utf-8-validate: '>=5.0.2' + peerDependenciesMeta: + bufferutil: + optional: true + utf-8-validate: + optional: true + + xml-name-validator@5.0.0: + resolution: {integrity: sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==} + engines: {node: '>=18'} + + xmlchars@2.2.0: + resolution: {integrity: sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==} + + yallist@3.1.1: + resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==} + + yallist@4.0.0: + resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + + yaml@1.10.2: + resolution: {integrity: sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==} + engines: {node: '>= 6'} + + yaml@2.4.5: + resolution: {integrity: sha512-aBx2bnqDzVOyNKfsysjA2ms5ZlnjSAW2eG3/L5G/CSujfjLJTJsEw1bGw8kCf04KodQWk1pxlGnZ56CRxiawmg==} + engines: {node: '>= 14'} + hasBin: true + + yocto-queue@0.1.0: + resolution: {integrity: sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==} + engines: {node: '>=10'} + + yocto-queue@1.1.1: + resolution: {integrity: sha512-b4JR1PFR10y1mKjhHY9LaGo6tmrgjit7hxVIeAmyMw3jegXR4dhYqLaQF5zMXZxY7tLpMyJeLjr1C4rLmkVe8g==} + engines: {node: '>=12.20'} + + yup@1.4.0: + resolution: {integrity: sha512-wPbgkJRCqIf+OHyiTBQoJiP5PFuAXaWiJK6AmYkzQAh5/c2K9hzSApBZG5wV9KoKSePF7sAxmNSvh/13YHkFDg==} + + zod-to-json-schema@3.23.1: + resolution: {integrity: sha512-oT9INvydob1XV0v1d2IadrR74rLtDInLvDFfAa1CG0Pmg/vxATk7I2gSelfj271mbzeM4Da0uuDQE/Nkj3DWNw==} + peerDependencies: + zod: ^3.23.3 + + zod@3.23.8: + resolution: {integrity: sha512-XBx9AXhXktjUqnepgTiE5flcKIYWi/rme0Eaj+5Y0lftuGBq+jyRu/md4WnuxqgP1ubdpNCsYEYPxrzVHD8d6g==} + + zrender@5.6.0: + resolution: {integrity: sha512-uzgraf4njmmHAbEUxMJ8Oxg+P3fT04O+9p7gY+wJRVxo8Ge+KmYv0WJev945EH4wFuc4OY2NLXz46FZrWS9xJg==} + +snapshots: + + '@adobe/css-tools@4.4.0': {} + + '@alloc/quick-lru@5.2.0': {} + + '@ampproject/remapping@2.3.0': + dependencies: + '@jridgewell/gen-mapping': 0.3.5 + '@jridgewell/trace-mapping': 0.3.25 + + '@ark/schema@0.2.0': + dependencies: + '@ark/util': 0.1.0 + optional: true + + '@ark/util@0.1.0': + optional: true + + '@babel/code-frame@7.24.7': + dependencies: + '@babel/highlight': 7.24.7 + picocolors: 1.0.1 + + '@babel/compat-data@7.24.9': {} + + '@babel/core@7.24.9': + dependencies: + '@ampproject/remapping': 2.3.0 + '@babel/code-frame': 7.24.7 + '@babel/generator': 7.24.10 + '@babel/helper-compilation-targets': 7.24.8 + '@babel/helper-module-transforms': 7.24.9(@babel/core@7.24.9) + '@babel/helpers': 7.24.8 + '@babel/parser': 7.24.8 + '@babel/template': 7.24.7 + '@babel/traverse': 7.24.8 + '@babel/types': 7.24.9 + convert-source-map: 2.0.0 + debug: 4.3.5 + gensync: 1.0.0-beta.2 + json5: 2.2.3 + semver: 6.3.1 + transitivePeerDependencies: + - supports-color + + '@babel/generator@7.24.10': + dependencies: + '@babel/types': 7.24.9 + '@jridgewell/gen-mapping': 0.3.5 + '@jridgewell/trace-mapping': 0.3.25 + jsesc: 2.5.2 + + '@babel/helper-annotate-as-pure@7.24.7': + dependencies: + '@babel/types': 7.24.9 + + '@babel/helper-builder-binary-assignment-operator-visitor@7.24.7': + dependencies: + '@babel/traverse': 7.24.8 + '@babel/types': 7.24.9 + transitivePeerDependencies: + - supports-color + + '@babel/helper-compilation-targets@7.24.8': + dependencies: + '@babel/compat-data': 7.24.9 + '@babel/helper-validator-option': 7.24.8 + browserslist: 4.23.2 + lru-cache: 5.1.1 + semver: 6.3.1 + + '@babel/helper-create-class-features-plugin@7.24.8(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-annotate-as-pure': 7.24.7 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-function-name': 7.24.7 + '@babel/helper-member-expression-to-functions': 7.24.8 + '@babel/helper-optimise-call-expression': 7.24.7 + '@babel/helper-replace-supers': 7.24.7(@babel/core@7.24.9) + '@babel/helper-skip-transparent-expression-wrappers': 7.24.7 + '@babel/helper-split-export-declaration': 7.24.7 + semver: 6.3.1 + transitivePeerDependencies: + - supports-color + + '@babel/helper-create-regexp-features-plugin@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-annotate-as-pure': 7.24.7 + regexpu-core: 5.3.2 + semver: 6.3.1 + + '@babel/helper-define-polyfill-provider@0.6.2(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-compilation-targets': 7.24.8 + '@babel/helper-plugin-utils': 7.24.8 + debug: 4.3.5 + lodash.debounce: 4.0.8 + resolve: 1.22.8 + transitivePeerDependencies: + - supports-color + + '@babel/helper-environment-visitor@7.24.7': + dependencies: + '@babel/types': 7.24.9 + + '@babel/helper-function-name@7.24.7': + dependencies: + '@babel/template': 7.24.7 + '@babel/types': 7.24.9 + + '@babel/helper-hoist-variables@7.24.7': + dependencies: + '@babel/types': 7.24.9 + + '@babel/helper-member-expression-to-functions@7.24.8': + dependencies: + '@babel/traverse': 7.24.8 + '@babel/types': 7.24.9 + transitivePeerDependencies: + - supports-color + + '@babel/helper-module-imports@7.24.7': + dependencies: + '@babel/traverse': 7.24.8 + '@babel/types': 7.24.9 + transitivePeerDependencies: + - supports-color + + '@babel/helper-module-transforms@7.24.9(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-module-imports': 7.24.7 + '@babel/helper-simple-access': 7.24.7 + '@babel/helper-split-export-declaration': 7.24.7 + '@babel/helper-validator-identifier': 7.24.7 + transitivePeerDependencies: + - supports-color + + '@babel/helper-optimise-call-expression@7.24.7': + dependencies: + '@babel/types': 7.24.9 + + '@babel/helper-plugin-utils@7.24.8': {} + + '@babel/helper-remap-async-to-generator@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-annotate-as-pure': 7.24.7 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-wrap-function': 7.24.7 + transitivePeerDependencies: + - supports-color + + '@babel/helper-replace-supers@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-member-expression-to-functions': 7.24.8 + '@babel/helper-optimise-call-expression': 7.24.7 + transitivePeerDependencies: + - supports-color + + '@babel/helper-simple-access@7.24.7': + dependencies: + '@babel/traverse': 7.24.8 + '@babel/types': 7.24.9 + transitivePeerDependencies: + - supports-color + + '@babel/helper-skip-transparent-expression-wrappers@7.24.7': + dependencies: + '@babel/traverse': 7.24.8 + '@babel/types': 7.24.9 + transitivePeerDependencies: + - supports-color + + '@babel/helper-split-export-declaration@7.24.7': + dependencies: + '@babel/types': 7.24.9 + + '@babel/helper-string-parser@7.24.8': {} + + '@babel/helper-validator-identifier@7.24.7': {} + + '@babel/helper-validator-option@7.24.8': {} + + '@babel/helper-wrap-function@7.24.7': + dependencies: + '@babel/helper-function-name': 7.24.7 + '@babel/template': 7.24.7 + '@babel/traverse': 7.24.8 + '@babel/types': 7.24.9 + transitivePeerDependencies: + - supports-color + + '@babel/helpers@7.24.8': + dependencies: + '@babel/template': 7.24.7 + '@babel/types': 7.24.9 + + '@babel/highlight@7.24.7': + dependencies: + '@babel/helper-validator-identifier': 7.24.7 + chalk: 2.4.2 + js-tokens: 4.0.0 + picocolors: 1.0.1 + + '@babel/parser@7.24.8': + dependencies: + '@babel/types': 7.24.9 + + '@babel/plugin-bugfix-firefox-class-in-computed-class-key@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-skip-transparent-expression-wrappers': 7.24.7 + '@babel/plugin-transform-optional-chaining': 7.24.8(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-proposal-private-property-in-object@7.21.0-placeholder-for-preset-env.2(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + + '@babel/plugin-syntax-async-generators@7.8.4(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-class-properties@7.12.13(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-class-static-block@7.14.5(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-dynamic-import@7.8.3(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-export-namespace-from@7.8.3(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-flow@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-import-assertions@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-import-attributes@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-import-meta@7.10.4(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-json-strings@7.8.3(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-jsx@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-logical-assignment-operators@7.10.4(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-nullish-coalescing-operator@7.8.3(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-numeric-separator@7.10.4(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-object-rest-spread@7.8.3(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-optional-catch-binding@7.8.3(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-optional-chaining@7.8.3(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-private-property-in-object@7.14.5(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-top-level-await@7.14.5(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-typescript@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-syntax-unicode-sets-regex@7.18.6(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-regexp-features-plugin': 7.24.7(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-arrow-functions@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-async-generator-functions@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-remap-async-to-generator': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-syntax-async-generators': 7.8.4(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-async-to-generator@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-module-imports': 7.24.7 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-remap-async-to-generator': 7.24.7(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-block-scoped-functions@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-block-scoping@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-class-properties@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-class-features-plugin': 7.24.8(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-class-static-block@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-class-features-plugin': 7.24.8(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-class-static-block': 7.14.5(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-classes@7.24.8(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-annotate-as-pure': 7.24.7 + '@babel/helper-compilation-targets': 7.24.8 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-function-name': 7.24.7 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-replace-supers': 7.24.7(@babel/core@7.24.9) + '@babel/helper-split-export-declaration': 7.24.7 + globals: 11.12.0 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-computed-properties@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/template': 7.24.7 + + '@babel/plugin-transform-destructuring@7.24.8(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-dotall-regex@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-regexp-features-plugin': 7.24.7(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-duplicate-keys@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-dynamic-import@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-dynamic-import': 7.8.3(@babel/core@7.24.9) + + '@babel/plugin-transform-exponentiation-operator@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-builder-binary-assignment-operator-visitor': 7.24.7 + '@babel/helper-plugin-utils': 7.24.8 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-export-namespace-from@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-export-namespace-from': 7.8.3(@babel/core@7.24.9) + + '@babel/plugin-transform-flow-strip-types@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-flow': 7.24.7(@babel/core@7.24.9) + + '@babel/plugin-transform-for-of@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-skip-transparent-expression-wrappers': 7.24.7 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-function-name@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-compilation-targets': 7.24.8 + '@babel/helper-function-name': 7.24.7 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-json-strings@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-json-strings': 7.8.3(@babel/core@7.24.9) + + '@babel/plugin-transform-literals@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-logical-assignment-operators@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-logical-assignment-operators': 7.10.4(@babel/core@7.24.9) + + '@babel/plugin-transform-member-expression-literals@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-modules-amd@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-module-transforms': 7.24.9(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-modules-commonjs@7.24.8(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-module-transforms': 7.24.9(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-simple-access': 7.24.7 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-modules-systemjs@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-hoist-variables': 7.24.7 + '@babel/helper-module-transforms': 7.24.9(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-validator-identifier': 7.24.7 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-modules-umd@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-module-transforms': 7.24.9(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-named-capturing-groups-regex@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-regexp-features-plugin': 7.24.7(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-new-target@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-nullish-coalescing-operator@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-nullish-coalescing-operator': 7.8.3(@babel/core@7.24.9) + + '@babel/plugin-transform-numeric-separator@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-numeric-separator': 7.10.4(@babel/core@7.24.9) + + '@babel/plugin-transform-object-rest-spread@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-compilation-targets': 7.24.8 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-object-rest-spread': 7.8.3(@babel/core@7.24.9) + '@babel/plugin-transform-parameters': 7.24.7(@babel/core@7.24.9) + + '@babel/plugin-transform-object-super@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-replace-supers': 7.24.7(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-optional-catch-binding@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-optional-catch-binding': 7.8.3(@babel/core@7.24.9) + + '@babel/plugin-transform-optional-chaining@7.24.8(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-skip-transparent-expression-wrappers': 7.24.7 + '@babel/plugin-syntax-optional-chaining': 7.8.3(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-parameters@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-private-methods@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-class-features-plugin': 7.24.8(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-private-property-in-object@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-annotate-as-pure': 7.24.7 + '@babel/helper-create-class-features-plugin': 7.24.8(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-private-property-in-object': 7.14.5(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-property-literals@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-regenerator@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + regenerator-transform: 0.15.2 + + '@babel/plugin-transform-reserved-words@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-shorthand-properties@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-spread@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-skip-transparent-expression-wrappers': 7.24.7 + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-sticky-regex@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-template-literals@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-typeof-symbol@7.24.8(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-typescript@7.24.8(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-annotate-as-pure': 7.24.7 + '@babel/helper-create-class-features-plugin': 7.24.8(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + '@babel/plugin-syntax-typescript': 7.24.7(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/plugin-transform-unicode-escapes@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-unicode-property-regex@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-regexp-features-plugin': 7.24.7(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-unicode-regex@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-regexp-features-plugin': 7.24.7(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/plugin-transform-unicode-sets-regex@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-create-regexp-features-plugin': 7.24.7(@babel/core@7.24.9) + '@babel/helper-plugin-utils': 7.24.8 + + '@babel/preset-env@7.24.8(@babel/core@7.24.9)': + dependencies: + '@babel/compat-data': 7.24.9 + '@babel/core': 7.24.9 + '@babel/helper-compilation-targets': 7.24.8 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-validator-option': 7.24.8 + '@babel/plugin-bugfix-firefox-class-in-computed-class-key': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-bugfix-safari-id-destructuring-collision-in-function-expression': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-bugfix-v8-spread-parameters-in-optional-chaining': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-bugfix-v8-static-class-fields-redefine-readonly': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-proposal-private-property-in-object': 7.21.0-placeholder-for-preset-env.2(@babel/core@7.24.9) + '@babel/plugin-syntax-async-generators': 7.8.4(@babel/core@7.24.9) + '@babel/plugin-syntax-class-properties': 7.12.13(@babel/core@7.24.9) + '@babel/plugin-syntax-class-static-block': 7.14.5(@babel/core@7.24.9) + '@babel/plugin-syntax-dynamic-import': 7.8.3(@babel/core@7.24.9) + '@babel/plugin-syntax-export-namespace-from': 7.8.3(@babel/core@7.24.9) + '@babel/plugin-syntax-import-assertions': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-syntax-import-attributes': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-syntax-import-meta': 7.10.4(@babel/core@7.24.9) + '@babel/plugin-syntax-json-strings': 7.8.3(@babel/core@7.24.9) + '@babel/plugin-syntax-logical-assignment-operators': 7.10.4(@babel/core@7.24.9) + '@babel/plugin-syntax-nullish-coalescing-operator': 7.8.3(@babel/core@7.24.9) + '@babel/plugin-syntax-numeric-separator': 7.10.4(@babel/core@7.24.9) + '@babel/plugin-syntax-object-rest-spread': 7.8.3(@babel/core@7.24.9) + '@babel/plugin-syntax-optional-catch-binding': 7.8.3(@babel/core@7.24.9) + '@babel/plugin-syntax-optional-chaining': 7.8.3(@babel/core@7.24.9) + '@babel/plugin-syntax-private-property-in-object': 7.14.5(@babel/core@7.24.9) + '@babel/plugin-syntax-top-level-await': 7.14.5(@babel/core@7.24.9) + '@babel/plugin-syntax-unicode-sets-regex': 7.18.6(@babel/core@7.24.9) + '@babel/plugin-transform-arrow-functions': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-async-generator-functions': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-async-to-generator': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-block-scoped-functions': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-block-scoping': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-class-properties': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-class-static-block': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-classes': 7.24.8(@babel/core@7.24.9) + '@babel/plugin-transform-computed-properties': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-destructuring': 7.24.8(@babel/core@7.24.9) + '@babel/plugin-transform-dotall-regex': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-duplicate-keys': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-dynamic-import': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-exponentiation-operator': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-export-namespace-from': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-for-of': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-function-name': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-json-strings': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-literals': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-logical-assignment-operators': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-member-expression-literals': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-modules-amd': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-modules-commonjs': 7.24.8(@babel/core@7.24.9) + '@babel/plugin-transform-modules-systemjs': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-modules-umd': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-named-capturing-groups-regex': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-new-target': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-nullish-coalescing-operator': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-numeric-separator': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-object-rest-spread': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-object-super': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-optional-catch-binding': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-optional-chaining': 7.24.8(@babel/core@7.24.9) + '@babel/plugin-transform-parameters': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-private-methods': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-private-property-in-object': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-property-literals': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-regenerator': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-reserved-words': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-shorthand-properties': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-spread': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-sticky-regex': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-template-literals': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-typeof-symbol': 7.24.8(@babel/core@7.24.9) + '@babel/plugin-transform-unicode-escapes': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-unicode-property-regex': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-unicode-regex': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-unicode-sets-regex': 7.24.7(@babel/core@7.24.9) + '@babel/preset-modules': 0.1.6-no-external-plugins(@babel/core@7.24.9) + babel-plugin-polyfill-corejs2: 0.4.11(@babel/core@7.24.9) + babel-plugin-polyfill-corejs3: 0.10.4(@babel/core@7.24.9) + babel-plugin-polyfill-regenerator: 0.6.2(@babel/core@7.24.9) + core-js-compat: 3.37.1 + semver: 6.3.1 + transitivePeerDependencies: + - supports-color + + '@babel/preset-flow@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-validator-option': 7.24.8 + '@babel/plugin-transform-flow-strip-types': 7.24.7(@babel/core@7.24.9) + + '@babel/preset-modules@0.1.6-no-external-plugins(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/types': 7.24.9 + esutils: 2.0.3 + + '@babel/preset-typescript@7.24.7(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-plugin-utils': 7.24.8 + '@babel/helper-validator-option': 7.24.8 + '@babel/plugin-syntax-jsx': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-modules-commonjs': 7.24.8(@babel/core@7.24.9) + '@babel/plugin-transform-typescript': 7.24.8(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + '@babel/register@7.24.6(@babel/core@7.24.9)': + dependencies: + '@babel/core': 7.24.9 + clone-deep: 4.0.1 + find-cache-dir: 2.1.0 + make-dir: 2.1.0 + pirates: 4.0.6 + source-map-support: 0.5.21 + + '@babel/regjsgen@0.8.0': {} + + '@babel/runtime@7.24.8': + dependencies: + regenerator-runtime: 0.14.1 + + '@babel/template@7.24.7': + dependencies: + '@babel/code-frame': 7.24.7 + '@babel/parser': 7.24.8 + '@babel/types': 7.24.9 + + '@babel/traverse@7.24.8': + dependencies: + '@babel/code-frame': 7.24.7 + '@babel/generator': 7.24.10 + '@babel/helper-environment-visitor': 7.24.7 + '@babel/helper-function-name': 7.24.7 + '@babel/helper-hoist-variables': 7.24.7 + '@babel/helper-split-export-declaration': 7.24.7 + '@babel/parser': 7.24.8 + '@babel/types': 7.24.9 + debug: 4.3.5 + globals: 11.12.0 + transitivePeerDependencies: + - supports-color + + '@babel/types@7.24.9': + dependencies: + '@babel/helper-string-parser': 7.24.8 + '@babel/helper-validator-identifier': 7.24.7 + to-fast-properties: 2.0.0 + + '@bcoe/v8-coverage@0.2.3': {} + + '@esbuild/aix-ppc64@0.21.5': + optional: true + + '@esbuild/aix-ppc64@0.23.0': + optional: true + + '@esbuild/android-arm64@0.21.5': + optional: true + + '@esbuild/android-arm64@0.23.0': + optional: true + + '@esbuild/android-arm@0.21.5': + optional: true + + '@esbuild/android-arm@0.23.0': + optional: true + + '@esbuild/android-x64@0.21.5': + optional: true + + '@esbuild/android-x64@0.23.0': + optional: true + + '@esbuild/darwin-arm64@0.21.5': + optional: true + + '@esbuild/darwin-arm64@0.23.0': + optional: true + + '@esbuild/darwin-x64@0.21.5': + optional: true + + '@esbuild/darwin-x64@0.23.0': + optional: true + + '@esbuild/freebsd-arm64@0.21.5': + optional: true + + '@esbuild/freebsd-arm64@0.23.0': + optional: true + + '@esbuild/freebsd-x64@0.21.5': + optional: true + + '@esbuild/freebsd-x64@0.23.0': + optional: true + + '@esbuild/linux-arm64@0.21.5': + optional: true + + '@esbuild/linux-arm64@0.23.0': + optional: true + + '@esbuild/linux-arm@0.21.5': + optional: true + + '@esbuild/linux-arm@0.23.0': + optional: true + + '@esbuild/linux-ia32@0.21.5': + optional: true + + '@esbuild/linux-ia32@0.23.0': + optional: true + + '@esbuild/linux-loong64@0.21.5': + optional: true + + '@esbuild/linux-loong64@0.23.0': + optional: true + + '@esbuild/linux-mips64el@0.21.5': + optional: true + + '@esbuild/linux-mips64el@0.23.0': + optional: true + + '@esbuild/linux-ppc64@0.21.5': + optional: true + + '@esbuild/linux-ppc64@0.23.0': + optional: true + + '@esbuild/linux-riscv64@0.21.5': + optional: true + + '@esbuild/linux-riscv64@0.23.0': + optional: true + + '@esbuild/linux-s390x@0.21.5': + optional: true + + '@esbuild/linux-s390x@0.23.0': + optional: true + + '@esbuild/linux-x64@0.21.5': + optional: true + + '@esbuild/linux-x64@0.23.0': + optional: true + + '@esbuild/netbsd-x64@0.21.5': + optional: true + + '@esbuild/netbsd-x64@0.23.0': + optional: true + + '@esbuild/openbsd-arm64@0.23.0': + optional: true + + '@esbuild/openbsd-x64@0.21.5': + optional: true + + '@esbuild/openbsd-x64@0.23.0': + optional: true + + '@esbuild/sunos-x64@0.21.5': + optional: true + + '@esbuild/sunos-x64@0.23.0': + optional: true + + '@esbuild/win32-arm64@0.21.5': + optional: true + + '@esbuild/win32-arm64@0.23.0': + optional: true + + '@esbuild/win32-ia32@0.21.5': + optional: true + + '@esbuild/win32-ia32@0.23.0': + optional: true + + '@esbuild/win32-x64@0.21.5': + optional: true + + '@esbuild/win32-x64@0.23.0': + optional: true + + '@eslint-community/eslint-utils@4.4.0(eslint@8.57.0)': + dependencies: + eslint: 8.57.0 + eslint-visitor-keys: 3.4.3 + + '@eslint-community/regexpp@4.11.0': {} + + '@eslint/eslintrc@1.4.1': + dependencies: + ajv: 6.12.6 + debug: 4.3.5 + espree: 9.6.1 + globals: 13.24.0 + ignore: 5.3.1 + import-fresh: 3.3.0 + js-yaml: 4.1.0 + minimatch: 3.1.2 + strip-json-comments: 3.1.1 + transitivePeerDependencies: + - supports-color + + '@eslint/eslintrc@2.1.4': + dependencies: + ajv: 6.12.6 + debug: 4.3.5 + espree: 9.6.1 + globals: 13.24.0 + ignore: 5.3.1 + import-fresh: 3.3.0 + js-yaml: 4.1.0 + minimatch: 3.1.2 + strip-json-comments: 3.1.1 + transitivePeerDependencies: + - supports-color + + '@eslint/js@8.57.0': {} + + '@exodus/schemasafe@1.3.0': + optional: true + + '@floating-ui/core@1.6.4': + dependencies: + '@floating-ui/utils': 0.2.4 + + '@floating-ui/dom@1.6.7': + dependencies: + '@floating-ui/core': 1.6.4 + '@floating-ui/utils': 0.2.4 + + '@floating-ui/utils@0.2.4': {} + + '@formatjs/ecma402-abstract@2.0.0': + dependencies: + '@formatjs/intl-localematcher': 0.5.4 + tslib: 2.6.3 + + '@formatjs/intl-localematcher@0.5.4': + dependencies: + tslib: 2.6.3 + + '@formatjs/intl-segmenter@11.5.7': + dependencies: + '@formatjs/ecma402-abstract': 2.0.0 + '@formatjs/intl-localematcher': 0.5.4 + tslib: 2.6.3 + + '@fortawesome/fontawesome-free@6.6.0': {} + + '@gcornut/valibot-json-schema@0.31.0': + dependencies: + valibot: 0.31.1 + optionalDependencies: + '@types/json-schema': 7.0.15 + esbuild: 0.23.0 + esbuild-runner: 2.2.2(esbuild@0.23.0) + optional: true + + '@hapi/hoek@9.3.0': + optional: true + + '@hapi/topo@5.1.0': + dependencies: + '@hapi/hoek': 9.3.0 + optional: true + + '@humanwhocodes/config-array@0.11.14': + dependencies: + '@humanwhocodes/object-schema': 2.0.3 + debug: 4.3.5 + minimatch: 3.1.2 + transitivePeerDependencies: + - supports-color + + '@humanwhocodes/config-array@0.9.5': + dependencies: + '@humanwhocodes/object-schema': 1.2.1 + debug: 4.3.5 + minimatch: 3.1.2 + transitivePeerDependencies: + - supports-color + + '@humanwhocodes/module-importer@1.0.1': {} + + '@humanwhocodes/object-schema@1.2.1': {} + + '@humanwhocodes/object-schema@2.0.3': {} + + '@inlang/detect-json-formatting@1.0.0': + dependencies: + guess-json-indent: 2.0.0 + + '@inlang/json-types@1.1.0(@sinclair/typebox@0.31.28)': + dependencies: + '@sinclair/typebox': 0.31.28 + + '@inlang/language-tag@1.5.1': + dependencies: + '@sinclair/typebox': 0.31.28 + + '@inlang/message-lint-rule@1.4.5(@sinclair/typebox@0.31.28)': + dependencies: + '@inlang/json-types': 1.1.0(@sinclair/typebox@0.31.28) + '@inlang/language-tag': 1.5.1 + '@inlang/message': 2.1.0(@sinclair/typebox@0.31.28) + '@inlang/project-settings': 2.4.0(@sinclair/typebox@0.31.28) + '@inlang/translatable': 1.3.1 + '@sinclair/typebox': 0.31.28 + + '@inlang/message@2.1.0(@sinclair/typebox@0.31.28)': + dependencies: + '@inlang/language-tag': 1.5.1 + '@sinclair/typebox': 0.31.28 + + '@inlang/module@1.2.9(@sinclair/typebox@0.31.28)': + dependencies: + '@inlang/message-lint-rule': 1.4.5(@sinclair/typebox@0.31.28) + '@inlang/plugin': 2.4.9(@sinclair/typebox@0.31.28) + '@sinclair/typebox': 0.31.28 + + '@inlang/paraglide-js-adapter-unplugin@1.4.29': + dependencies: + '@inlang/paraglide-js': 1.7.0 + '@inlang/sdk': 0.33.0 + '@lix-js/client': 1.2.1 + unplugin: 1.5.1 + transitivePeerDependencies: + - babel-plugin-macros + - debug + - supports-color + + '@inlang/paraglide-js-adapter-vite@1.2.40': + dependencies: + '@inlang/paraglide-js-adapter-unplugin': 1.4.29 + transitivePeerDependencies: + - babel-plugin-macros + - debug + - supports-color + + '@inlang/paraglide-js@1.11.1': + dependencies: + '@inlang/detect-json-formatting': 1.0.0 + commander: 11.1.0 + consola: 3.2.3 + dedent: 1.5.1 + json5: 2.2.3 + posthog-node: 3.1.3 + transitivePeerDependencies: + - babel-plugin-macros + - debug + + '@inlang/paraglide-js@1.7.0': + dependencies: + '@inlang/detect-json-formatting': 1.0.0 + commander: 11.1.0 + consola: 3.2.3 + dedent: 1.5.1 + json5: 2.2.3 + posthog-node: 3.1.3 + transitivePeerDependencies: + - babel-plugin-macros + - debug + + '@inlang/plugin@2.4.9(@sinclair/typebox@0.31.28)': + dependencies: + '@inlang/json-types': 1.1.0(@sinclair/typebox@0.31.28) + '@inlang/language-tag': 1.5.1 + '@inlang/message': 2.1.0(@sinclair/typebox@0.31.28) + '@inlang/project-settings': 2.4.0(@sinclair/typebox@0.31.28) + '@inlang/translatable': 1.3.1 + '@lix-js/fs': 1.0.0 + '@sinclair/typebox': 0.31.28 + + '@inlang/project-settings@2.4.0(@sinclair/typebox@0.31.28)': + dependencies: + '@inlang/json-types': 1.1.0(@sinclair/typebox@0.31.28) + '@inlang/language-tag': 1.5.1 + '@sinclair/typebox': 0.31.28 + + '@inlang/result@1.1.0': {} + + '@inlang/sdk@0.33.0': + dependencies: + '@inlang/json-types': 1.1.0(@sinclair/typebox@0.31.28) + '@inlang/language-tag': 1.5.1 + '@inlang/message': 2.1.0(@sinclair/typebox@0.31.28) + '@inlang/message-lint-rule': 1.4.5(@sinclair/typebox@0.31.28) + '@inlang/module': 1.2.9(@sinclair/typebox@0.31.28) + '@inlang/plugin': 2.4.9(@sinclair/typebox@0.31.28) + '@inlang/project-settings': 2.4.0(@sinclair/typebox@0.31.28) + '@inlang/result': 1.1.0 + '@inlang/translatable': 1.3.1 + '@lix-js/client': 1.2.1 + '@lix-js/fs': 1.0.0 + '@sinclair/typebox': 0.31.28 + debug: 4.3.5 + dedent: 1.5.1 + deepmerge-ts: 5.1.0 + murmurhash3js: 3.0.1 + solid-js: 1.6.12 + throttle-debounce: 5.0.2 + transitivePeerDependencies: + - babel-plugin-macros + - supports-color + + '@inlang/translatable@1.3.1': + dependencies: + '@inlang/language-tag': 1.5.1 + + '@isaacs/cliui@8.0.2': + dependencies: + string-width: 5.1.2 + string-width-cjs: string-width@4.2.3 + strip-ansi: 7.1.0 + strip-ansi-cjs: strip-ansi@6.0.1 + wrap-ansi: 8.1.0 + wrap-ansi-cjs: wrap-ansi@7.0.0 + + '@isaacs/ttlcache@1.4.1': {} + + '@istanbuljs/schema@0.1.3': {} + + '@jest/schemas@29.6.3': + dependencies: + '@sinclair/typebox': 0.27.8 + + '@jridgewell/gen-mapping@0.3.5': + dependencies: + '@jridgewell/set-array': 1.2.1 + '@jridgewell/sourcemap-codec': 1.5.0 + '@jridgewell/trace-mapping': 0.3.25 + + '@jridgewell/resolve-uri@3.1.2': {} + + '@jridgewell/set-array@1.2.1': {} + + '@jridgewell/sourcemap-codec@1.5.0': {} + + '@jridgewell/trace-mapping@0.3.25': + dependencies: + '@jridgewell/resolve-uri': 3.1.2 + '@jridgewell/sourcemap-codec': 1.5.0 + + '@lix-js/client@1.2.1': + dependencies: + '@lix-js/fs': 1.0.0 + '@octokit/types': 12.4.0 + async-lock: 1.4.1 + clean-git-ref: 2.0.1 + crc-32: 1.2.2 + diff3: 0.0.4 + ignore: 5.3.1 + octokit: 3.1.2 + pako: 1.0.11 + pify: 5.0.0 + sha.js: 2.4.11 + solid-js: 1.7.11 + + '@lix-js/fs@1.0.0': {} + + '@mdx-js/react@3.0.1(@types/react@18.3.3)(react@18.3.1)': + dependencies: + '@types/mdx': 2.0.13 + '@types/react': 18.3.3 + react: 18.3.1 + + '@nodelib/fs.scandir@2.1.5': + dependencies: + '@nodelib/fs.stat': 2.0.5 + run-parallel: 1.2.0 + + '@nodelib/fs.stat@2.0.5': {} + + '@nodelib/fs.walk@1.2.8': + dependencies: + '@nodelib/fs.scandir': 2.1.5 + fastq: 1.17.1 + + '@octokit/app@14.1.0': + dependencies: + '@octokit/auth-app': 6.1.1 + '@octokit/auth-unauthenticated': 5.0.1 + '@octokit/core': 5.2.0 + '@octokit/oauth-app': 6.1.0 + '@octokit/plugin-paginate-rest': 9.2.1(@octokit/core@5.2.0) + '@octokit/types': 12.4.0 + '@octokit/webhooks': 12.2.0 + + '@octokit/auth-app@6.1.1': + dependencies: + '@octokit/auth-oauth-app': 7.1.0 + '@octokit/auth-oauth-user': 4.1.0 + '@octokit/request': 8.4.0 + '@octokit/request-error': 5.1.0 + '@octokit/types': 13.5.0 + deprecation: 2.3.1 + lru-cache: 10.4.3 + universal-github-app-jwt: 1.1.2 + universal-user-agent: 6.0.1 + + '@octokit/auth-oauth-app@7.1.0': + dependencies: + '@octokit/auth-oauth-device': 6.1.0 + '@octokit/auth-oauth-user': 4.1.0 + '@octokit/request': 8.4.0 + '@octokit/types': 13.5.0 + '@types/btoa-lite': 1.0.2 + btoa-lite: 1.0.0 + universal-user-agent: 6.0.1 + + '@octokit/auth-oauth-device@6.1.0': + dependencies: + '@octokit/oauth-methods': 4.1.0 + '@octokit/request': 8.4.0 + '@octokit/types': 13.5.0 + universal-user-agent: 6.0.1 + + '@octokit/auth-oauth-user@4.1.0': + dependencies: + '@octokit/auth-oauth-device': 6.1.0 + '@octokit/oauth-methods': 4.1.0 + '@octokit/request': 8.4.0 + '@octokit/types': 13.5.0 + btoa-lite: 1.0.0 + universal-user-agent: 6.0.1 + + '@octokit/auth-token@4.0.0': {} + + '@octokit/auth-unauthenticated@5.0.1': + dependencies: + '@octokit/request-error': 5.1.0 + '@octokit/types': 12.4.0 + + '@octokit/core@5.2.0': + dependencies: + '@octokit/auth-token': 4.0.0 + '@octokit/graphql': 7.1.0 + '@octokit/request': 8.4.0 + '@octokit/request-error': 5.1.0 + '@octokit/types': 13.5.0 + before-after-hook: 2.2.3 + universal-user-agent: 6.0.1 + + '@octokit/endpoint@9.0.5': + dependencies: + '@octokit/types': 13.5.0 + universal-user-agent: 6.0.1 + + '@octokit/graphql@7.1.0': + dependencies: + '@octokit/request': 8.4.0 + '@octokit/types': 13.5.0 + universal-user-agent: 6.0.1 + + '@octokit/oauth-app@6.1.0': + dependencies: + '@octokit/auth-oauth-app': 7.1.0 + '@octokit/auth-oauth-user': 4.1.0 + '@octokit/auth-unauthenticated': 5.0.1 + '@octokit/core': 5.2.0 + '@octokit/oauth-authorization-url': 6.0.2 + '@octokit/oauth-methods': 4.1.0 + '@types/aws-lambda': 8.10.141 + universal-user-agent: 6.0.1 + + '@octokit/oauth-authorization-url@6.0.2': {} + + '@octokit/oauth-methods@4.1.0': + dependencies: + '@octokit/oauth-authorization-url': 6.0.2 + '@octokit/request': 8.4.0 + '@octokit/request-error': 5.1.0 + '@octokit/types': 13.5.0 + btoa-lite: 1.0.0 + + '@octokit/openapi-types@19.1.0': {} + + '@octokit/openapi-types@20.0.0': {} + + '@octokit/openapi-types@22.2.0': {} + + '@octokit/plugin-paginate-graphql@4.0.1(@octokit/core@5.2.0)': + dependencies: + '@octokit/core': 5.2.0 + + '@octokit/plugin-paginate-rest@9.2.1(@octokit/core@5.2.0)': + dependencies: + '@octokit/core': 5.2.0 + '@octokit/types': 12.6.0 + + '@octokit/plugin-rest-endpoint-methods@10.4.1(@octokit/core@5.2.0)': + dependencies: + '@octokit/core': 5.2.0 + '@octokit/types': 12.6.0 + + '@octokit/plugin-retry@6.0.1(@octokit/core@5.2.0)': + dependencies: + '@octokit/core': 5.2.0 + '@octokit/request-error': 5.1.0 + '@octokit/types': 12.4.0 + bottleneck: 2.19.5 + + '@octokit/plugin-throttling@8.2.0(@octokit/core@5.2.0)': + dependencies: + '@octokit/core': 5.2.0 + '@octokit/types': 12.4.0 + bottleneck: 2.19.5 + + '@octokit/request-error@5.1.0': + dependencies: + '@octokit/types': 13.5.0 + deprecation: 2.3.1 + once: 1.4.0 + + '@octokit/request@8.4.0': + dependencies: + '@octokit/endpoint': 9.0.5 + '@octokit/request-error': 5.1.0 + '@octokit/types': 13.5.0 + universal-user-agent: 6.0.1 + + '@octokit/types@12.4.0': + dependencies: + '@octokit/openapi-types': 19.1.0 + + '@octokit/types@12.6.0': + dependencies: + '@octokit/openapi-types': 20.0.0 + + '@octokit/types@13.5.0': + dependencies: + '@octokit/openapi-types': 22.2.0 + + '@octokit/webhooks-methods@4.1.0': {} + + '@octokit/webhooks-types@7.4.0': {} + + '@octokit/webhooks@12.2.0': + dependencies: + '@octokit/request-error': 5.1.0 + '@octokit/webhooks-methods': 4.1.0 + '@octokit/webhooks-types': 7.4.0 + aggregate-error: 3.1.0 + + '@pkgjs/parseargs@0.11.0': + optional: true + + '@playwright/test@1.45.2': + dependencies: + playwright: 1.45.2 + + '@polka/url@1.0.0-next.25': {} + + '@poppinss/macroable@1.0.2': + optional: true + + '@rollup/plugin-commonjs@26.0.1(rollup@4.18.1)': + dependencies: + '@rollup/pluginutils': 5.1.0(rollup@4.18.1) + commondir: 1.0.1 + estree-walker: 2.0.2 + glob: 10.4.5 + is-reference: 1.2.1 + magic-string: 0.30.10 + optionalDependencies: + rollup: 4.18.1 + + '@rollup/plugin-json@6.1.0(rollup@4.18.1)': + dependencies: + '@rollup/pluginutils': 5.1.0(rollup@4.18.1) + optionalDependencies: + rollup: 4.18.1 + + '@rollup/plugin-node-resolve@15.2.3(rollup@4.18.1)': + dependencies: + '@rollup/pluginutils': 5.1.0(rollup@4.18.1) + '@types/resolve': 1.20.2 + deepmerge: 4.3.1 + is-builtin-module: 3.2.1 + is-module: 1.0.0 + resolve: 1.22.8 + optionalDependencies: + rollup: 4.18.1 + + '@rollup/pluginutils@5.1.0(rollup@4.18.1)': + dependencies: + '@types/estree': 1.0.5 + estree-walker: 2.0.2 + picomatch: 2.3.1 + optionalDependencies: + rollup: 4.18.1 + + '@rollup/rollup-android-arm-eabi@4.18.1': + optional: true + + '@rollup/rollup-android-arm64@4.18.1': + optional: true + + '@rollup/rollup-darwin-arm64@4.18.1': + optional: true + + '@rollup/rollup-darwin-x64@4.18.1': + optional: true + + '@rollup/rollup-linux-arm-gnueabihf@4.18.1': + optional: true + + '@rollup/rollup-linux-arm-musleabihf@4.18.1': + optional: true + + '@rollup/rollup-linux-arm64-gnu@4.18.1': + optional: true + + '@rollup/rollup-linux-arm64-musl@4.18.1': + optional: true + + '@rollup/rollup-linux-powerpc64le-gnu@4.18.1': + optional: true + + '@rollup/rollup-linux-riscv64-gnu@4.18.1': + optional: true + + '@rollup/rollup-linux-s390x-gnu@4.18.1': + optional: true + + '@rollup/rollup-linux-x64-gnu@4.18.1': + optional: true + + '@rollup/rollup-linux-x64-musl@4.18.1': + optional: true + + '@rollup/rollup-win32-arm64-msvc@4.18.1': + optional: true + + '@rollup/rollup-win32-ia32-msvc@4.18.1': + optional: true + + '@rollup/rollup-win32-x64-msvc@4.18.1': + optional: true + + '@sideway/address@4.1.5': + dependencies: + '@hapi/hoek': 9.3.0 + optional: true + + '@sideway/formula@3.0.1': + optional: true + + '@sideway/pinpoint@2.0.0': + optional: true + + '@sinclair/typebox@0.27.8': {} + + '@sinclair/typebox@0.31.28': {} + + '@sinclair/typebox@0.32.34': + optional: true + + '@sindresorhus/merge-streams@2.3.0': {} + + '@skeletonlabs/skeleton@2.10.2(svelte@4.2.18)': + dependencies: + esm-env: 1.0.0 + svelte: 4.2.18 + + '@skeletonlabs/tw-plugin@0.4.0(tailwindcss@3.4.6)': + dependencies: + tailwindcss: 3.4.6 + + '@sodaru/yup-to-json-schema@2.0.1': + optional: true + + '@storybook/addon-actions@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/global': 5.0.0 + '@types/uuid': 9.0.8 + dequal: 2.0.3 + polished: 4.3.1 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + uuid: 9.0.1 + + '@storybook/addon-backgrounds@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/global': 5.0.0 + memoizerific: 1.11.3 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + ts-dedent: 2.2.0 + + '@storybook/addon-controls@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + dequal: 2.0.3 + lodash: 4.17.21 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + ts-dedent: 2.2.0 + + '@storybook/addon-docs@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@babel/core': 7.24.9 + '@mdx-js/react': 3.0.1(@types/react@18.3.3)(react@18.3.1) + '@storybook/blocks': 8.2.4(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/csf-plugin': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/global': 5.0.0 + '@storybook/react-dom-shim': 8.2.4(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@types/react': 18.3.3 + fs-extra: 11.2.0 + react: 18.3.1 + react-dom: 18.3.1(react@18.3.1) + rehype-external-links: 3.0.0 + rehype-slug: 6.0.0 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + ts-dedent: 2.2.0 + transitivePeerDependencies: + - supports-color + + '@storybook/addon-essentials@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/addon-actions': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-backgrounds': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-controls': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-docs': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-highlight': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-measure': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-outline': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-toolbars': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/addon-viewport': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + ts-dedent: 2.2.0 + transitivePeerDependencies: + - supports-color + + '@storybook/addon-highlight@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/global': 5.0.0 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + + '@storybook/addon-interactions@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0))': + dependencies: + '@storybook/global': 5.0.0 + '@storybook/instrumenter': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/test': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0)) + polished: 4.3.1 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + ts-dedent: 2.2.0 + transitivePeerDependencies: + - '@jest/globals' + - '@types/bun' + - '@types/jest' + - jest + - vitest + + '@storybook/addon-links@8.2.4(react@18.3.1)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/csf': 0.1.11 + '@storybook/global': 5.0.0 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + ts-dedent: 2.2.0 + optionalDependencies: + react: 18.3.1 + + '@storybook/addon-measure@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/global': 5.0.0 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + tiny-invariant: 1.3.3 + + '@storybook/addon-outline@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/global': 5.0.0 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + ts-dedent: 2.2.0 + + '@storybook/addon-toolbars@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + + '@storybook/addon-viewport@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + memoizerific: 1.11.3 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + + '@storybook/blocks@8.2.4(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/csf': 0.1.11 + '@storybook/global': 5.0.0 + '@storybook/icons': 1.2.9(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + '@types/lodash': 4.17.7 + color-convert: 2.0.1 + dequal: 2.0.3 + lodash: 4.17.21 + markdown-to-jsx: 7.4.7(react@18.3.1) + memoizerific: 1.11.3 + polished: 4.3.1 + react-colorful: 5.6.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1) + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + telejson: 7.2.0 + ts-dedent: 2.2.0 + util-deprecate: 1.0.2 + optionalDependencies: + react: 18.3.1 + react-dom: 18.3.1(react@18.3.1) + + '@storybook/builder-vite@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(typescript@5.5.3)(vite@5.3.4(@types/node@20.14.11))': + dependencies: + '@storybook/csf-plugin': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@types/find-cache-dir': 3.2.1 + browser-assert: 1.2.1 + es-module-lexer: 1.5.4 + express: 4.19.2 + find-cache-dir: 3.3.2 + fs-extra: 11.2.0 + magic-string: 0.30.10 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + ts-dedent: 2.2.0 + vite: 5.3.4(@types/node@20.14.11) + optionalDependencies: + typescript: 5.5.3 + transitivePeerDependencies: + - supports-color + + '@storybook/codemod@8.2.4': + dependencies: + '@babel/core': 7.24.9 + '@babel/preset-env': 7.24.8(@babel/core@7.24.9) + '@babel/types': 7.24.9 + '@storybook/core': 8.2.4 + '@storybook/csf': 0.1.11 + '@types/cross-spawn': 6.0.6 + cross-spawn: 7.0.3 + globby: 14.0.2 + jscodeshift: 0.15.2(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + lodash: 4.17.21 + prettier: 3.3.3 + recast: 0.23.9 + tiny-invariant: 1.3.3 + transitivePeerDependencies: + - bufferutil + - supports-color + - utf-8-validate + + '@storybook/components@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + + '@storybook/core@8.2.4': + dependencies: + '@storybook/csf': 0.1.11 + '@types/express': 4.17.21 + '@types/node': 18.19.40 + browser-assert: 1.2.1 + esbuild: 0.21.5 + esbuild-register: 3.5.0(esbuild@0.21.5) + express: 4.19.2 + process: 0.11.10 + recast: 0.23.9 + util: 0.12.5 + ws: 8.18.0 + transitivePeerDependencies: + - bufferutil + - supports-color + - utf-8-validate + + '@storybook/csf-plugin@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + unplugin: 1.11.0 + + '@storybook/csf@0.0.1': + dependencies: + lodash: 4.17.21 + + '@storybook/csf@0.1.11': + dependencies: + type-fest: 2.19.0 + + '@storybook/global@5.0.0': {} + + '@storybook/icons@1.2.9(react-dom@18.3.1(react@18.3.1))(react@18.3.1)': + dependencies: + react: 18.3.1 + react-dom: 18.3.1(react@18.3.1) + + '@storybook/instrumenter@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + '@storybook/global': 5.0.0 + '@vitest/utils': 1.6.0 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + util: 0.12.5 + + '@storybook/manager-api@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + + '@storybook/preview-api@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + + '@storybook/react-dom-shim@8.2.4(react-dom@18.3.1(react@18.3.1))(react@18.3.1)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + react: 18.3.1 + react-dom: 18.3.1(react@18.3.1) + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + + '@storybook/svelte-vite@8.2.4(@babel/core@7.24.9)(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(svelte@4.2.18)(typescript@5.5.3)(vite@5.3.4(@types/node@20.14.11))': + dependencies: + '@storybook/builder-vite': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(typescript@5.5.3)(vite@5.3.4(@types/node@20.14.11)) + '@storybook/svelte': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(svelte@4.2.18) + '@sveltejs/vite-plugin-svelte': 3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + magic-string: 0.30.10 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + svelte: 4.2.18 + svelte-preprocess: 5.1.4(@babel/core@7.24.9)(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(svelte@4.2.18)(typescript@5.5.3) + sveltedoc-parser: 4.2.1 + ts-dedent: 2.2.0 + vite: 5.3.4(@types/node@20.14.11) + transitivePeerDependencies: + - '@babel/core' + - '@preact/preset-vite' + - coffeescript + - less + - postcss + - postcss-load-config + - pug + - sass + - stylus + - sugarss + - supports-color + - typescript + - vite-plugin-glimmerx + + '@storybook/svelte@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(svelte@4.2.18)': + dependencies: + '@storybook/components': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/global': 5.0.0 + '@storybook/manager-api': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/preview-api': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/theming': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + svelte: 4.2.18 + sveltedoc-parser: 4.2.1 + ts-dedent: 2.2.0 + type-fest: 2.19.0 + transitivePeerDependencies: + - supports-color + + '@storybook/sveltekit@8.2.4(@babel/core@7.24.9)(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(svelte@4.2.18)(typescript@5.5.3)(vite@5.3.4(@types/node@20.14.11))': + dependencies: + '@storybook/addon-actions': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@storybook/builder-vite': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(typescript@5.5.3)(vite@5.3.4(@types/node@20.14.11)) + '@storybook/svelte': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(svelte@4.2.18) + '@storybook/svelte-vite': 8.2.4(@babel/core@7.24.9)(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(svelte@4.2.18)(typescript@5.5.3)(vite@5.3.4(@types/node@20.14.11)) + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + svelte: 4.2.18 + vite: 5.3.4(@types/node@20.14.11) + transitivePeerDependencies: + - '@babel/core' + - '@preact/preset-vite' + - '@sveltejs/vite-plugin-svelte' + - coffeescript + - less + - postcss + - postcss-load-config + - pug + - sass + - stylus + - sugarss + - supports-color + - typescript + - vite-plugin-glimmerx + + '@storybook/test@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0))': + dependencies: + '@storybook/csf': 0.1.11 + '@storybook/instrumenter': 8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9))) + '@testing-library/dom': 10.1.0 + '@testing-library/jest-dom': 6.4.5(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0)) + '@testing-library/user-event': 14.5.2(@testing-library/dom@10.1.0) + '@vitest/expect': 1.6.0 + '@vitest/spy': 1.6.0 + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + util: 0.12.5 + transitivePeerDependencies: + - '@jest/globals' + - '@types/bun' + - '@types/jest' + - jest + - vitest + + '@storybook/theming@8.2.4(storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)))': + dependencies: + storybook: 8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + + '@sveltejs/adapter-auto@3.2.2(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))': + dependencies: + '@sveltejs/kit': 2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + import-meta-resolve: 4.1.0 + + '@sveltejs/adapter-node@5.2.0(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))': + dependencies: + '@rollup/plugin-commonjs': 26.0.1(rollup@4.18.1) + '@rollup/plugin-json': 6.1.0(rollup@4.18.1) + '@rollup/plugin-node-resolve': 15.2.3(rollup@4.18.1) + '@sveltejs/kit': 2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + rollup: 4.18.1 + + '@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))': + dependencies: + '@sveltejs/vite-plugin-svelte': 3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + '@types/cookie': 0.6.0 + cookie: 0.6.0 + devalue: 5.0.0 + esm-env: 1.0.0 + import-meta-resolve: 4.1.0 + kleur: 4.1.5 + magic-string: 0.30.10 + mrmime: 2.0.0 + sade: 1.8.1 + set-cookie-parser: 2.6.0 + sirv: 2.0.4 + svelte: 4.2.18 + tiny-glob: 0.2.9 + vite: 5.3.4(@types/node@20.14.11) + + '@sveltejs/vite-plugin-svelte-inspector@2.1.0(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))': + dependencies: + '@sveltejs/vite-plugin-svelte': 3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + debug: 4.3.5 + svelte: 4.2.18 + vite: 5.3.4(@types/node@20.14.11) + transitivePeerDependencies: + - supports-color + + '@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))': + dependencies: + '@sveltejs/vite-plugin-svelte-inspector': 2.1.0(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + debug: 4.3.5 + deepmerge: 4.3.1 + kleur: 4.1.5 + magic-string: 0.30.10 + svelte: 4.2.18 + svelte-hmr: 0.16.0(svelte@4.2.18) + vite: 5.3.4(@types/node@20.14.11) + vitefu: 0.2.5(vite@5.3.4(@types/node@20.14.11)) + transitivePeerDependencies: + - supports-color + + '@tailwindcss/forms@0.5.7(tailwindcss@3.4.6)': + dependencies: + mini-svg-data-uri: 1.4.4 + tailwindcss: 3.4.6 + + '@tailwindcss/typography@0.5.13(tailwindcss@3.4.6)': + dependencies: + lodash.castarray: 4.4.0 + lodash.isplainobject: 4.0.6 + lodash.merge: 4.6.2 + postcss-selector-parser: 6.0.10 + tailwindcss: 3.4.6 + + '@testing-library/dom@10.1.0': + dependencies: + '@babel/code-frame': 7.24.7 + '@babel/runtime': 7.24.8 + '@types/aria-query': 5.0.4 + aria-query: 5.3.0 + chalk: 4.1.2 + dom-accessibility-api: 0.5.16 + lz-string: 1.5.0 + pretty-format: 27.5.1 + + '@testing-library/dom@10.3.2': + dependencies: + '@babel/code-frame': 7.24.7 + '@babel/runtime': 7.24.8 + '@types/aria-query': 5.0.4 + aria-query: 5.3.0 + chalk: 4.1.2 + dom-accessibility-api: 0.5.16 + lz-string: 1.5.0 + pretty-format: 27.5.1 + + '@testing-library/jest-dom@6.4.5(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0))': + dependencies: + '@adobe/css-tools': 4.4.0 + '@babel/runtime': 7.24.8 + aria-query: 5.3.0 + chalk: 3.0.0 + css.escape: 1.5.1 + dom-accessibility-api: 0.6.3 + lodash: 4.17.21 + redent: 3.0.0 + optionalDependencies: + vitest: 1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0) + + '@testing-library/jest-dom@6.4.6(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0))': + dependencies: + '@adobe/css-tools': 4.4.0 + '@babel/runtime': 7.24.8 + aria-query: 5.3.0 + chalk: 3.0.0 + css.escape: 1.5.1 + dom-accessibility-api: 0.6.3 + lodash: 4.17.21 + redent: 3.0.0 + optionalDependencies: + vitest: 1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0) + + '@testing-library/svelte@5.2.0(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0))': + dependencies: + '@testing-library/dom': 10.3.2 + svelte: 4.2.18 + optionalDependencies: + vite: 5.3.4(@types/node@20.14.11) + vitest: 1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0) + + '@testing-library/user-event@14.5.2(@testing-library/dom@10.1.0)': + dependencies: + '@testing-library/dom': 10.1.0 + + '@types/aria-query@5.0.4': {} + + '@types/aws-lambda@8.10.141': {} + + '@types/body-parser@1.19.5': + dependencies: + '@types/connect': 3.4.38 + '@types/node': 20.14.11 + + '@types/btoa-lite@1.0.2': {} + + '@types/connect@3.4.38': + dependencies: + '@types/node': 20.14.11 + + '@types/cookie@0.6.0': {} + + '@types/cross-spawn@6.0.6': + dependencies: + '@types/node': 20.14.11 + + '@types/emscripten@1.39.13': {} + + '@types/estree@1.0.5': {} + + '@types/express-serve-static-core@4.19.5': + dependencies: + '@types/node': 20.14.11 + '@types/qs': 6.9.15 + '@types/range-parser': 1.2.7 + '@types/send': 0.17.4 + + '@types/express@4.17.21': + dependencies: + '@types/body-parser': 1.19.5 + '@types/express-serve-static-core': 4.19.5 + '@types/qs': 6.9.15 + '@types/serve-static': 1.15.7 + + '@types/find-cache-dir@3.2.1': {} + + '@types/hast@3.0.4': + dependencies: + '@types/unist': 3.0.2 + + '@types/http-errors@2.0.4': {} + + '@types/json-schema@7.0.15': {} + + '@types/jsonwebtoken@9.0.6': + dependencies: + '@types/node': 20.14.11 + + '@types/lodash@4.17.7': {} + + '@types/mdx@2.0.13': {} + + '@types/mime@1.3.5': {} + + '@types/node@18.19.40': + dependencies: + undici-types: 5.26.5 + + '@types/node@20.14.11': + dependencies: + undici-types: 5.26.5 + + '@types/prop-types@15.7.12': {} + + '@types/pug@2.0.10': {} + + '@types/qs@6.9.15': {} + + '@types/range-parser@1.2.7': {} + + '@types/react@18.3.3': + dependencies: + '@types/prop-types': 15.7.12 + csstype: 3.1.3 + + '@types/resolve@1.20.2': {} + + '@types/semver@7.5.8': {} + + '@types/send@0.17.4': + dependencies: + '@types/mime': 1.3.5 + '@types/node': 20.14.11 + + '@types/serve-static@1.15.7': + dependencies: + '@types/http-errors': 2.0.4 + '@types/node': 20.14.11 + '@types/send': 0.17.4 + + '@types/unist@3.0.2': {} + + '@types/uuid@9.0.8': {} + + '@types/validator@13.12.0': + optional: true + + '@typescript-eslint/eslint-plugin@7.16.1(@typescript-eslint/parser@7.16.1(eslint@8.57.0)(typescript@5.5.3))(eslint@8.57.0)(typescript@5.5.3)': + dependencies: + '@eslint-community/regexpp': 4.11.0 + '@typescript-eslint/parser': 7.16.1(eslint@8.57.0)(typescript@5.5.3) + '@typescript-eslint/scope-manager': 7.16.1 + '@typescript-eslint/type-utils': 7.16.1(eslint@8.57.0)(typescript@5.5.3) + '@typescript-eslint/utils': 7.16.1(eslint@8.57.0)(typescript@5.5.3) + '@typescript-eslint/visitor-keys': 7.16.1 + eslint: 8.57.0 + graphemer: 1.4.0 + ignore: 5.3.1 + natural-compare: 1.4.0 + ts-api-utils: 1.3.0(typescript@5.5.3) + optionalDependencies: + typescript: 5.5.3 + transitivePeerDependencies: + - supports-color + + '@typescript-eslint/parser@7.16.1(eslint@8.57.0)(typescript@5.5.3)': + dependencies: + '@typescript-eslint/scope-manager': 7.16.1 + '@typescript-eslint/types': 7.16.1 + '@typescript-eslint/typescript-estree': 7.16.1(typescript@5.5.3) + '@typescript-eslint/visitor-keys': 7.16.1 + debug: 4.3.5 + eslint: 8.57.0 + optionalDependencies: + typescript: 5.5.3 + transitivePeerDependencies: + - supports-color + + '@typescript-eslint/scope-manager@5.62.0': + dependencies: + '@typescript-eslint/types': 5.62.0 + '@typescript-eslint/visitor-keys': 5.62.0 + + '@typescript-eslint/scope-manager@7.16.1': + dependencies: + '@typescript-eslint/types': 7.16.1 + '@typescript-eslint/visitor-keys': 7.16.1 + + '@typescript-eslint/type-utils@7.16.1(eslint@8.57.0)(typescript@5.5.3)': + dependencies: + '@typescript-eslint/typescript-estree': 7.16.1(typescript@5.5.3) + '@typescript-eslint/utils': 7.16.1(eslint@8.57.0)(typescript@5.5.3) + debug: 4.3.5 + eslint: 8.57.0 + ts-api-utils: 1.3.0(typescript@5.5.3) + optionalDependencies: + typescript: 5.5.3 + transitivePeerDependencies: + - supports-color + + '@typescript-eslint/types@5.62.0': {} + + '@typescript-eslint/types@7.16.1': {} + + '@typescript-eslint/typescript-estree@5.62.0(typescript@5.5.3)': + dependencies: + '@typescript-eslint/types': 5.62.0 + '@typescript-eslint/visitor-keys': 5.62.0 + debug: 4.3.5 + globby: 11.1.0 + is-glob: 4.0.3 + semver: 7.6.3 + tsutils: 3.21.0(typescript@5.5.3) + optionalDependencies: + typescript: 5.5.3 + transitivePeerDependencies: + - supports-color + + '@typescript-eslint/typescript-estree@7.16.1(typescript@5.5.3)': + dependencies: + '@typescript-eslint/types': 7.16.1 + '@typescript-eslint/visitor-keys': 7.16.1 + debug: 4.3.5 + globby: 11.1.0 + is-glob: 4.0.3 + minimatch: 9.0.5 + semver: 7.6.3 + ts-api-utils: 1.3.0(typescript@5.5.3) + optionalDependencies: + typescript: 5.5.3 + transitivePeerDependencies: + - supports-color + + '@typescript-eslint/utils@5.62.0(eslint@8.57.0)(typescript@5.5.3)': + dependencies: + '@eslint-community/eslint-utils': 4.4.0(eslint@8.57.0) + '@types/json-schema': 7.0.15 + '@types/semver': 7.5.8 + '@typescript-eslint/scope-manager': 5.62.0 + '@typescript-eslint/types': 5.62.0 + '@typescript-eslint/typescript-estree': 5.62.0(typescript@5.5.3) + eslint: 8.57.0 + eslint-scope: 5.1.1 + semver: 7.6.3 + transitivePeerDependencies: + - supports-color + - typescript + + '@typescript-eslint/utils@7.16.1(eslint@8.57.0)(typescript@5.5.3)': + dependencies: + '@eslint-community/eslint-utils': 4.4.0(eslint@8.57.0) + '@typescript-eslint/scope-manager': 7.16.1 + '@typescript-eslint/types': 7.16.1 + '@typescript-eslint/typescript-estree': 7.16.1(typescript@5.5.3) + eslint: 8.57.0 + transitivePeerDependencies: + - supports-color + - typescript + + '@typescript-eslint/visitor-keys@5.62.0': + dependencies: + '@typescript-eslint/types': 5.62.0 + eslint-visitor-keys: 3.4.3 + + '@typescript-eslint/visitor-keys@7.16.1': + dependencies: + '@typescript-eslint/types': 7.16.1 + eslint-visitor-keys: 3.4.3 + + '@ungap/structured-clone@1.2.0': {} + + '@vincjo/datatables@1.14.10(svelte@4.2.18)': + dependencies: + svelte: 4.2.18 + + '@vinejs/compiler@2.5.0': + optional: true + + '@vinejs/vine@1.8.0': + dependencies: + '@poppinss/macroable': 1.0.2 + '@types/validator': 13.12.0 + '@vinejs/compiler': 2.5.0 + camelcase: 8.0.0 + dayjs: 1.11.12 + dlv: 1.1.3 + normalize-url: 8.0.1 + validator: 13.12.0 + optional: true + + '@vitest/coverage-v8@1.6.0(vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0))': + dependencies: + '@ampproject/remapping': 2.3.0 + '@bcoe/v8-coverage': 0.2.3 + debug: 4.3.5 + istanbul-lib-coverage: 3.2.2 + istanbul-lib-report: 3.0.1 + istanbul-lib-source-maps: 5.0.6 + istanbul-reports: 3.1.7 + magic-string: 0.30.10 + magicast: 0.3.4 + picocolors: 1.0.1 + std-env: 3.7.0 + strip-literal: 2.1.0 + test-exclude: 6.0.0 + vitest: 1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0) + transitivePeerDependencies: + - supports-color + + '@vitest/expect@1.6.0': + dependencies: + '@vitest/spy': 1.6.0 + '@vitest/utils': 1.6.0 + chai: 4.4.1 + + '@vitest/runner@1.6.0': + dependencies: + '@vitest/utils': 1.6.0 + p-limit: 5.0.0 + pathe: 1.1.2 + + '@vitest/snapshot@1.6.0': + dependencies: + magic-string: 0.30.10 + pathe: 1.1.2 + pretty-format: 29.7.0 + + '@vitest/spy@1.6.0': + dependencies: + tinyspy: 2.2.1 + + '@vitest/ui@1.6.0(vitest@1.6.0)': + dependencies: + '@vitest/utils': 1.6.0 + fast-glob: 3.3.2 + fflate: 0.8.2 + flatted: 3.3.1 + pathe: 1.1.2 + picocolors: 1.0.1 + sirv: 2.0.4 + vitest: 1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0) + + '@vitest/utils@1.6.0': + dependencies: + diff-sequences: 29.6.3 + estree-walker: 3.0.3 + loupe: 2.3.7 + pretty-format: 29.7.0 + + '@yarnpkg/fslib@2.10.3': + dependencies: + '@yarnpkg/libzip': 2.3.0 + tslib: 1.14.1 + + '@yarnpkg/libzip@2.3.0': + dependencies: + '@types/emscripten': 1.39.13 + tslib: 1.14.1 + + accepts@1.3.8: + dependencies: + mime-types: 2.1.35 + negotiator: 0.6.3 + + acorn-jsx@5.3.2(acorn@8.12.1): + dependencies: + acorn: 8.12.1 + + acorn-walk@8.3.3: + dependencies: + acorn: 8.12.1 + + acorn@8.12.1: {} + + agent-base@7.1.1: + dependencies: + debug: 4.3.5 + transitivePeerDependencies: + - supports-color + + aggregate-error@3.1.0: + dependencies: + clean-stack: 2.2.0 + indent-string: 4.0.0 + + ajv@6.12.6: + dependencies: + fast-deep-equal: 3.1.3 + fast-json-stable-stringify: 2.1.0 + json-schema-traverse: 0.4.1 + uri-js: 4.4.1 + + ansi-colors@4.1.3: {} + + ansi-regex@5.0.1: {} + + ansi-regex@6.0.1: {} + + ansi-styles@3.2.1: + dependencies: + color-convert: 1.9.3 + + ansi-styles@4.3.0: + dependencies: + color-convert: 2.0.1 + + ansi-styles@5.2.0: {} + + ansi-styles@6.2.1: {} + + any-promise@1.3.0: {} + + anymatch@3.1.3: + dependencies: + normalize-path: 3.0.0 + picomatch: 2.3.1 + + arg@5.0.2: {} + + argparse@2.0.1: {} + + aria-query@5.3.0: + dependencies: + dequal: 2.0.3 + + arktype@2.0.0-beta.0: + dependencies: + '@ark/schema': 0.2.0 + '@ark/util': 0.1.0 + optional: true + + array-flatten@1.1.1: {} + + array-union@2.1.0: {} + + assertion-error@1.1.0: {} + + ast-types@0.16.1: + dependencies: + tslib: 2.6.3 + + async-lock@1.4.1: {} + + asynckit@0.4.0: {} + + autoprefixer@10.4.19(postcss@8.4.39): + dependencies: + browserslist: 4.23.2 + caniuse-lite: 1.0.30001642 + fraction.js: 4.3.7 + normalize-range: 0.1.2 + picocolors: 1.0.1 + postcss: 8.4.39 + postcss-value-parser: 4.2.0 + + available-typed-arrays@1.0.7: + dependencies: + possible-typed-array-names: 1.0.0 + + axios@1.7.2: + dependencies: + follow-redirects: 1.15.6 + form-data: 4.0.0 + proxy-from-env: 1.1.0 + transitivePeerDependencies: + - debug + + axobject-query@4.1.0: {} + + babel-core@7.0.0-bridge.0(@babel/core@7.24.9): + dependencies: + '@babel/core': 7.24.9 + + babel-plugin-polyfill-corejs2@0.4.11(@babel/core@7.24.9): + dependencies: + '@babel/compat-data': 7.24.9 + '@babel/core': 7.24.9 + '@babel/helper-define-polyfill-provider': 0.6.2(@babel/core@7.24.9) + semver: 6.3.1 + transitivePeerDependencies: + - supports-color + + babel-plugin-polyfill-corejs3@0.10.4(@babel/core@7.24.9): + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-define-polyfill-provider': 0.6.2(@babel/core@7.24.9) + core-js-compat: 3.37.1 + transitivePeerDependencies: + - supports-color + + babel-plugin-polyfill-regenerator@0.6.2(@babel/core@7.24.9): + dependencies: + '@babel/core': 7.24.9 + '@babel/helper-define-polyfill-provider': 0.6.2(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + balanced-match@1.0.2: {} + + base64-js@1.5.1: {} + + before-after-hook@2.2.3: {} + + binary-extensions@2.3.0: {} + + bl@4.1.0: + dependencies: + buffer: 5.7.1 + inherits: 2.0.4 + readable-stream: 3.6.2 + + body-parser@1.20.2: + dependencies: + bytes: 3.1.2 + content-type: 1.0.5 + debug: 2.6.9 + depd: 2.0.0 + destroy: 1.2.0 + http-errors: 2.0.0 + iconv-lite: 0.4.24 + on-finished: 2.4.1 + qs: 6.11.0 + raw-body: 2.5.2 + type-is: 1.6.18 + unpipe: 1.0.0 + transitivePeerDependencies: + - supports-color + + bottleneck@2.19.5: {} + + brace-expansion@1.1.11: + dependencies: + balanced-match: 1.0.2 + concat-map: 0.0.1 + + brace-expansion@2.0.1: + dependencies: + balanced-match: 1.0.2 + + braces@3.0.3: + dependencies: + fill-range: 7.1.1 + + browser-assert@1.2.1: {} + + browserslist@4.23.2: + dependencies: + caniuse-lite: 1.0.30001642 + electron-to-chromium: 1.4.829 + node-releases: 2.0.17 + update-browserslist-db: 1.1.0(browserslist@4.23.2) + + btoa-lite@1.0.0: {} + + buffer-crc32@1.0.0: {} + + buffer-equal-constant-time@1.0.1: {} + + buffer-from@1.1.2: {} + + buffer@5.7.1: + dependencies: + base64-js: 1.5.1 + ieee754: 1.2.1 + + builtin-modules@3.3.0: {} + + bytes@3.1.2: {} + + cac@6.7.14: {} + + call-bind@1.0.7: + dependencies: + es-define-property: 1.0.0 + es-errors: 1.3.0 + function-bind: 1.1.2 + get-intrinsic: 1.2.4 + set-function-length: 1.2.2 + + callsites@3.1.0: {} + + camelcase-css@2.0.1: {} + + camelcase@8.0.0: + optional: true + + caniuse-lite@1.0.30001642: {} + + chai@4.4.1: + dependencies: + assertion-error: 1.1.0 + check-error: 1.0.3 + deep-eql: 4.1.4 + get-func-name: 2.0.2 + loupe: 2.3.7 + pathval: 1.1.1 + type-detect: 4.0.8 + + chalk@2.4.2: + dependencies: + ansi-styles: 3.2.1 + escape-string-regexp: 1.0.5 + supports-color: 5.5.0 + + chalk@3.0.0: + dependencies: + ansi-styles: 4.3.0 + supports-color: 7.2.0 + + chalk@4.1.2: + dependencies: + ansi-styles: 4.3.0 + supports-color: 7.2.0 + + chalk@5.3.0: {} + + check-error@1.0.3: + dependencies: + get-func-name: 2.0.2 + + chokidar@3.6.0: + dependencies: + anymatch: 3.1.3 + braces: 3.0.3 + glob-parent: 5.1.2 + is-binary-path: 2.1.0 + is-glob: 4.0.3 + normalize-path: 3.0.0 + readdirp: 3.6.0 + optionalDependencies: + fsevents: 2.3.3 + + chownr@2.0.0: {} + + citty@0.1.6: + dependencies: + consola: 3.2.3 + + clean-git-ref@2.0.1: {} + + clean-stack@2.2.0: {} + + cli-cursor@3.1.0: + dependencies: + restore-cursor: 3.1.0 + + cli-spinners@2.9.2: {} + + clone-deep@4.0.1: + dependencies: + is-plain-object: 2.0.4 + kind-of: 6.0.3 + shallow-clone: 3.0.1 + + clone@1.0.4: {} + + code-red@1.0.4: + dependencies: + '@jridgewell/sourcemap-codec': 1.5.0 + '@types/estree': 1.0.5 + acorn: 8.12.1 + estree-walker: 3.0.3 + periscopic: 3.1.0 + + color-convert@1.9.3: + dependencies: + color-name: 1.1.3 + + color-convert@2.0.1: + dependencies: + color-name: 1.1.4 + + color-name@1.1.3: {} + + color-name@1.1.4: {} + + combined-stream@1.0.8: + dependencies: + delayed-stream: 1.0.0 + + commander@11.1.0: {} + + commander@12.1.0: {} + + commander@4.1.1: {} + + commander@6.2.1: {} + + commondir@1.0.1: {} + + concat-map@0.0.1: {} + + confbox@0.1.7: {} + + consola@3.2.3: {} + + content-disposition@0.5.4: + dependencies: + safe-buffer: 5.2.1 + + content-type@1.0.5: {} + + convert-source-map@2.0.0: {} + + cookie-signature@1.0.6: {} + + cookie@0.6.0: {} + + core-js-compat@3.37.1: + dependencies: + browserslist: 4.23.2 + + crc-32@1.2.2: {} + + cross-spawn@7.0.3: + dependencies: + path-key: 3.1.1 + shebang-command: 2.0.0 + which: 2.0.2 + + crypto-random-string@4.0.0: + dependencies: + type-fest: 1.4.0 + + css-tree@2.3.1: + dependencies: + mdn-data: 2.0.30 + source-map-js: 1.2.0 + + css.escape@1.5.1: {} + + cssesc@3.0.0: {} + + cssstyle@4.0.1: + dependencies: + rrweb-cssom: 0.6.0 + + csstype@3.1.3: {} + + data-urls@5.0.0: + dependencies: + whatwg-mimetype: 4.0.0 + whatwg-url: 14.0.0 + + dayjs@1.11.12: + optional: true + + debug@2.6.9: + dependencies: + ms: 2.0.0 + + debug@4.3.5: + dependencies: + ms: 2.1.2 + + decimal.js@10.4.3: {} + + dedent@1.5.1: {} + + deep-eql@4.1.4: + dependencies: + type-detect: 4.0.8 + + deep-is@0.1.4: {} + + deepmerge-ts@5.1.0: {} + + deepmerge@4.3.1: {} + + defaults@1.0.4: + dependencies: + clone: 1.0.4 + + define-data-property@1.1.4: + dependencies: + es-define-property: 1.0.0 + es-errors: 1.3.0 + gopd: 1.0.1 + + defu@6.1.4: {} + + delayed-stream@1.0.0: {} + + depd@2.0.0: {} + + deprecation@2.3.1: {} + + dequal@2.0.3: {} + + destroy@1.2.0: {} + + detect-indent@6.1.0: {} + + devalue@5.0.0: {} + + didyoumean@1.2.2: {} + + diff-sequences@29.6.3: {} + + diff3@0.0.4: {} + + dir-glob@3.0.1: + dependencies: + path-type: 4.0.0 + + dlv@1.1.3: {} + + doctrine@3.0.0: + dependencies: + esutils: 2.0.3 + + dom-accessibility-api@0.5.16: {} + + dom-accessibility-api@0.6.3: {} + + dom-serializer@1.4.1: + dependencies: + domelementtype: 2.3.0 + domhandler: 4.3.1 + entities: 2.2.0 + + domelementtype@2.3.0: {} + + domhandler@3.3.0: + dependencies: + domelementtype: 2.3.0 + + domhandler@4.3.1: + dependencies: + domelementtype: 2.3.0 + + domhandler@5.0.3: + dependencies: + domelementtype: 2.3.0 + + domutils@2.8.0: + dependencies: + dom-serializer: 1.4.1 + domelementtype: 2.3.0 + domhandler: 4.3.1 + + dotenv@16.4.5: {} + + eastasianwidth@0.2.0: {} + + ecdsa-sig-formatter@1.0.11: + dependencies: + safe-buffer: 5.2.1 + + echarts@5.5.1: + dependencies: + tslib: 2.3.0 + zrender: 5.6.0 + + ee-first@1.1.1: {} + + electron-to-chromium@1.4.829: {} + + emoji-regex@8.0.0: {} + + emoji-regex@9.2.2: {} + + encodeurl@1.0.2: {} + + enquirer@2.4.1: + dependencies: + ansi-colors: 4.1.3 + strip-ansi: 6.0.1 + + entities@2.2.0: {} + + entities@4.5.0: {} + + envinfo@7.13.0: {} + + es-define-property@1.0.0: + dependencies: + get-intrinsic: 1.2.4 + + es-errors@1.3.0: {} + + es-module-lexer@1.5.4: {} + + es6-promise@3.3.1: {} + + esbuild-register@3.5.0(esbuild@0.21.5): + dependencies: + debug: 4.3.5 + esbuild: 0.21.5 + transitivePeerDependencies: + - supports-color + + esbuild-runner@2.2.2(esbuild@0.23.0): + dependencies: + esbuild: 0.23.0 + source-map-support: 0.5.21 + tslib: 2.4.0 + optional: true + + esbuild@0.21.5: + optionalDependencies: + '@esbuild/aix-ppc64': 0.21.5 + '@esbuild/android-arm': 0.21.5 + '@esbuild/android-arm64': 0.21.5 + '@esbuild/android-x64': 0.21.5 + '@esbuild/darwin-arm64': 0.21.5 + '@esbuild/darwin-x64': 0.21.5 + '@esbuild/freebsd-arm64': 0.21.5 + '@esbuild/freebsd-x64': 0.21.5 + '@esbuild/linux-arm': 0.21.5 + '@esbuild/linux-arm64': 0.21.5 + '@esbuild/linux-ia32': 0.21.5 + '@esbuild/linux-loong64': 0.21.5 + '@esbuild/linux-mips64el': 0.21.5 + '@esbuild/linux-ppc64': 0.21.5 + '@esbuild/linux-riscv64': 0.21.5 + '@esbuild/linux-s390x': 0.21.5 + '@esbuild/linux-x64': 0.21.5 + '@esbuild/netbsd-x64': 0.21.5 + '@esbuild/openbsd-x64': 0.21.5 + '@esbuild/sunos-x64': 0.21.5 + '@esbuild/win32-arm64': 0.21.5 + '@esbuild/win32-ia32': 0.21.5 + '@esbuild/win32-x64': 0.21.5 + + esbuild@0.23.0: + optionalDependencies: + '@esbuild/aix-ppc64': 0.23.0 + '@esbuild/android-arm': 0.23.0 + '@esbuild/android-arm64': 0.23.0 + '@esbuild/android-x64': 0.23.0 + '@esbuild/darwin-arm64': 0.23.0 + '@esbuild/darwin-x64': 0.23.0 + '@esbuild/freebsd-arm64': 0.23.0 + '@esbuild/freebsd-x64': 0.23.0 + '@esbuild/linux-arm': 0.23.0 + '@esbuild/linux-arm64': 0.23.0 + '@esbuild/linux-ia32': 0.23.0 + '@esbuild/linux-loong64': 0.23.0 + '@esbuild/linux-mips64el': 0.23.0 + '@esbuild/linux-ppc64': 0.23.0 + '@esbuild/linux-riscv64': 0.23.0 + '@esbuild/linux-s390x': 0.23.0 + '@esbuild/linux-x64': 0.23.0 + '@esbuild/netbsd-x64': 0.23.0 + '@esbuild/openbsd-arm64': 0.23.0 + '@esbuild/openbsd-x64': 0.23.0 + '@esbuild/sunos-x64': 0.23.0 + '@esbuild/win32-arm64': 0.23.0 + '@esbuild/win32-ia32': 0.23.0 + '@esbuild/win32-x64': 0.23.0 + optional: true + + escalade@3.1.2: {} + + escape-html@1.0.3: {} + + escape-string-regexp@1.0.5: {} + + escape-string-regexp@4.0.0: {} + + eslint-compat-utils@0.5.1(eslint@8.57.0): + dependencies: + eslint: 8.57.0 + semver: 7.6.3 + + eslint-config-prettier@9.1.0(eslint@8.57.0): + dependencies: + eslint: 8.57.0 + + eslint-plugin-storybook@0.8.0(eslint@8.57.0)(typescript@5.5.3): + dependencies: + '@storybook/csf': 0.0.1 + '@typescript-eslint/utils': 5.62.0(eslint@8.57.0)(typescript@5.5.3) + eslint: 8.57.0 + requireindex: 1.2.0 + ts-dedent: 2.2.0 + transitivePeerDependencies: + - supports-color + - typescript + + eslint-plugin-svelte@2.42.0(eslint@8.57.0)(svelte@4.2.18): + dependencies: + '@eslint-community/eslint-utils': 4.4.0(eslint@8.57.0) + '@jridgewell/sourcemap-codec': 1.5.0 + eslint: 8.57.0 + eslint-compat-utils: 0.5.1(eslint@8.57.0) + esutils: 2.0.3 + known-css-properties: 0.34.0 + postcss: 8.4.39 + postcss-load-config: 3.1.4(postcss@8.4.39) + postcss-safe-parser: 6.0.0(postcss@8.4.39) + postcss-selector-parser: 6.1.1 + semver: 7.6.3 + svelte-eslint-parser: 0.40.0(svelte@4.2.18) + optionalDependencies: + svelte: 4.2.18 + transitivePeerDependencies: + - ts-node + + eslint-scope@5.1.1: + dependencies: + esrecurse: 4.3.0 + estraverse: 4.3.0 + + eslint-scope@7.2.2: + dependencies: + esrecurse: 4.3.0 + estraverse: 5.3.0 + + eslint-utils@3.0.0(eslint@8.4.1): + dependencies: + eslint: 8.4.1 + eslint-visitor-keys: 2.1.0 + + eslint-visitor-keys@2.1.0: {} + + eslint-visitor-keys@3.4.3: {} + + eslint@8.4.1: + dependencies: + '@eslint/eslintrc': 1.4.1 + '@humanwhocodes/config-array': 0.9.5 + ajv: 6.12.6 + chalk: 4.1.2 + cross-spawn: 7.0.3 + debug: 4.3.5 + doctrine: 3.0.0 + enquirer: 2.4.1 + escape-string-regexp: 4.0.0 + eslint-scope: 7.2.2 + eslint-utils: 3.0.0(eslint@8.4.1) + eslint-visitor-keys: 3.4.3 + espree: 9.2.0 + esquery: 1.6.0 + esutils: 2.0.3 + fast-deep-equal: 3.1.3 + file-entry-cache: 6.0.1 + functional-red-black-tree: 1.0.1 + glob-parent: 6.0.2 + globals: 13.24.0 + ignore: 4.0.6 + import-fresh: 3.3.0 + imurmurhash: 0.1.4 + is-glob: 4.0.3 + js-yaml: 4.1.0 + json-stable-stringify-without-jsonify: 1.0.1 + levn: 0.4.1 + lodash.merge: 4.6.2 + minimatch: 3.1.2 + natural-compare: 1.4.0 + optionator: 0.9.4 + progress: 2.0.3 + regexpp: 3.2.0 + semver: 7.6.3 + strip-ansi: 6.0.1 + strip-json-comments: 3.1.1 + text-table: 0.2.0 + v8-compile-cache: 2.4.0 + transitivePeerDependencies: + - supports-color + + eslint@8.57.0: + dependencies: + '@eslint-community/eslint-utils': 4.4.0(eslint@8.57.0) + '@eslint-community/regexpp': 4.11.0 + '@eslint/eslintrc': 2.1.4 + '@eslint/js': 8.57.0 + '@humanwhocodes/config-array': 0.11.14 + '@humanwhocodes/module-importer': 1.0.1 + '@nodelib/fs.walk': 1.2.8 + '@ungap/structured-clone': 1.2.0 + ajv: 6.12.6 + chalk: 4.1.2 + cross-spawn: 7.0.3 + debug: 4.3.5 + doctrine: 3.0.0 + escape-string-regexp: 4.0.0 + eslint-scope: 7.2.2 + eslint-visitor-keys: 3.4.3 + espree: 9.6.1 + esquery: 1.6.0 + esutils: 2.0.3 + fast-deep-equal: 3.1.3 + file-entry-cache: 6.0.1 + find-up: 5.0.0 + glob-parent: 6.0.2 + globals: 13.24.0 + graphemer: 1.4.0 + ignore: 5.3.1 + imurmurhash: 0.1.4 + is-glob: 4.0.3 + is-path-inside: 3.0.3 + js-yaml: 4.1.0 + json-stable-stringify-without-jsonify: 1.0.1 + levn: 0.4.1 + lodash.merge: 4.6.2 + minimatch: 3.1.2 + natural-compare: 1.4.0 + optionator: 0.9.4 + strip-ansi: 6.0.1 + text-table: 0.2.0 + transitivePeerDependencies: + - supports-color + + esm-env@1.0.0: {} + + espree@9.2.0: + dependencies: + acorn: 8.12.1 + acorn-jsx: 5.3.2(acorn@8.12.1) + eslint-visitor-keys: 3.4.3 + + espree@9.6.1: + dependencies: + acorn: 8.12.1 + acorn-jsx: 5.3.2(acorn@8.12.1) + eslint-visitor-keys: 3.4.3 + + esprima@4.0.1: {} + + esquery@1.6.0: + dependencies: + estraverse: 5.3.0 + + esrecurse@4.3.0: + dependencies: + estraverse: 5.3.0 + + estraverse@4.3.0: {} + + estraverse@5.3.0: {} + + estree-walker@2.0.2: {} + + estree-walker@3.0.3: + dependencies: + '@types/estree': 1.0.5 + + esutils@2.0.3: {} + + etag@1.8.1: {} + + execa@5.1.1: + dependencies: + cross-spawn: 7.0.3 + get-stream: 6.0.1 + human-signals: 2.1.0 + is-stream: 2.0.1 + merge-stream: 2.0.0 + npm-run-path: 4.0.1 + onetime: 5.1.2 + signal-exit: 3.0.7 + strip-final-newline: 2.0.0 + + execa@8.0.1: + dependencies: + cross-spawn: 7.0.3 + get-stream: 8.0.1 + human-signals: 5.0.0 + is-stream: 3.0.0 + merge-stream: 2.0.0 + npm-run-path: 5.3.0 + onetime: 6.0.0 + signal-exit: 4.1.0 + strip-final-newline: 3.0.0 + + express@4.19.2: + dependencies: + accepts: 1.3.8 + array-flatten: 1.1.1 + body-parser: 1.20.2 + content-disposition: 0.5.4 + content-type: 1.0.5 + cookie: 0.6.0 + cookie-signature: 1.0.6 + debug: 2.6.9 + depd: 2.0.0 + encodeurl: 1.0.2 + escape-html: 1.0.3 + etag: 1.8.1 + finalhandler: 1.2.0 + fresh: 0.5.2 + http-errors: 2.0.0 + merge-descriptors: 1.0.1 + methods: 1.1.2 + on-finished: 2.4.1 + parseurl: 1.3.3 + path-to-regexp: 0.1.7 + proxy-addr: 2.0.7 + qs: 6.11.0 + range-parser: 1.2.1 + safe-buffer: 5.2.1 + send: 0.18.0 + serve-static: 1.15.0 + setprototypeof: 1.2.0 + statuses: 2.0.1 + type-is: 1.6.18 + utils-merge: 1.0.1 + vary: 1.1.2 + transitivePeerDependencies: + - supports-color + + fast-deep-equal@3.1.3: {} + + fast-glob@3.3.2: + dependencies: + '@nodelib/fs.stat': 2.0.5 + '@nodelib/fs.walk': 1.2.8 + glob-parent: 5.1.2 + merge2: 1.4.1 + micromatch: 4.0.7 + + fast-json-stable-stringify@2.1.0: {} + + fast-levenshtein@2.0.6: {} + + fastq@1.17.1: + dependencies: + reusify: 1.0.4 + + fd-package-json@1.2.0: + dependencies: + walk-up-path: 3.0.1 + + fflate@0.8.2: {} + + file-entry-cache@6.0.1: + dependencies: + flat-cache: 3.2.0 + + fill-range@7.1.1: + dependencies: + to-regex-range: 5.0.1 + + finalhandler@1.2.0: + dependencies: + debug: 2.6.9 + encodeurl: 1.0.2 + escape-html: 1.0.3 + on-finished: 2.4.1 + parseurl: 1.3.3 + statuses: 2.0.1 + unpipe: 1.0.0 + transitivePeerDependencies: + - supports-color + + find-cache-dir@2.1.0: + dependencies: + commondir: 1.0.1 + make-dir: 2.1.0 + pkg-dir: 3.0.0 + + find-cache-dir@3.3.2: + dependencies: + commondir: 1.0.1 + make-dir: 3.1.0 + pkg-dir: 4.2.0 + + find-up@3.0.0: + dependencies: + locate-path: 3.0.0 + + find-up@4.1.0: + dependencies: + locate-path: 5.0.0 + path-exists: 4.0.0 + + find-up@5.0.0: + dependencies: + locate-path: 6.0.0 + path-exists: 4.0.0 + + flat-cache@3.2.0: + dependencies: + flatted: 3.3.1 + keyv: 4.5.4 + rimraf: 3.0.2 + + flatted@3.3.1: {} + + flow-parser@0.241.0: {} + + follow-redirects@1.15.6: {} + + for-each@0.3.3: + dependencies: + is-callable: 1.2.7 + + foreground-child@3.2.1: + dependencies: + cross-spawn: 7.0.3 + signal-exit: 4.1.0 + + form-data@4.0.0: + dependencies: + asynckit: 0.4.0 + combined-stream: 1.0.8 + mime-types: 2.1.35 + + forwarded@0.2.0: {} + + fraction.js@4.3.7: {} + + fresh@0.5.2: {} + + fs-extra@11.2.0: + dependencies: + graceful-fs: 4.2.11 + jsonfile: 6.1.0 + universalify: 2.0.1 + + fs-minipass@2.1.0: + dependencies: + minipass: 3.3.6 + + fs.realpath@1.0.0: {} + + fsevents@2.3.2: + optional: true + + fsevents@2.3.3: + optional: true + + function-bind@1.1.2: {} + + functional-red-black-tree@1.0.1: {} + + gensync@1.0.0-beta.2: {} + + get-func-name@2.0.2: {} + + get-intrinsic@1.2.4: + dependencies: + es-errors: 1.3.0 + function-bind: 1.1.2 + has-proto: 1.0.3 + has-symbols: 1.0.3 + hasown: 2.0.2 + + get-stream@6.0.1: {} + + get-stream@8.0.1: {} + + giget@1.2.3: + dependencies: + citty: 0.1.6 + consola: 3.2.3 + defu: 6.1.4 + node-fetch-native: 1.6.4 + nypm: 0.3.9 + ohash: 1.1.3 + pathe: 1.1.2 + tar: 6.2.1 + + github-slugger@2.0.0: {} + + glob-parent@5.1.2: + dependencies: + is-glob: 4.0.3 + + glob-parent@6.0.2: + dependencies: + is-glob: 4.0.3 + + glob@10.4.5: + dependencies: + foreground-child: 3.2.1 + jackspeak: 3.4.3 + minimatch: 9.0.5 + minipass: 7.1.2 + package-json-from-dist: 1.0.0 + path-scurry: 1.11.1 + + glob@7.2.3: + dependencies: + fs.realpath: 1.0.0 + inflight: 1.0.6 + inherits: 2.0.4 + minimatch: 3.1.2 + once: 1.4.0 + path-is-absolute: 1.0.1 + + globals@11.12.0: {} + + globals@13.24.0: + dependencies: + type-fest: 0.20.2 + + globalyzer@0.1.0: {} + + globby@11.1.0: + dependencies: + array-union: 2.1.0 + dir-glob: 3.0.1 + fast-glob: 3.3.2 + ignore: 5.3.1 + merge2: 1.4.1 + slash: 3.0.0 + + globby@14.0.2: + dependencies: + '@sindresorhus/merge-streams': 2.3.0 + fast-glob: 3.3.2 + ignore: 5.3.1 + path-type: 5.0.0 + slash: 5.1.0 + unicorn-magic: 0.1.0 + + globrex@0.1.2: {} + + gopd@1.0.1: + dependencies: + get-intrinsic: 1.2.4 + + graceful-fs@4.2.11: {} + + graphemer@1.4.0: {} + + guess-json-indent@2.0.0: {} + + has-flag@3.0.0: {} + + has-flag@4.0.0: {} + + has-property-descriptors@1.0.2: + dependencies: + es-define-property: 1.0.0 + + has-proto@1.0.3: {} + + has-symbols@1.0.3: {} + + has-tostringtag@1.0.2: + dependencies: + has-symbols: 1.0.3 + + hasown@2.0.2: + dependencies: + function-bind: 1.1.2 + + hast-util-heading-rank@3.0.0: + dependencies: + '@types/hast': 3.0.4 + + hast-util-is-element@3.0.0: + dependencies: + '@types/hast': 3.0.4 + + hast-util-to-string@3.0.0: + dependencies: + '@types/hast': 3.0.4 + + html-encoding-sniffer@4.0.0: + dependencies: + whatwg-encoding: 3.1.1 + + html-escaper@2.0.2: {} + + htmlparser2-svelte@4.1.0: + dependencies: + domelementtype: 2.3.0 + domhandler: 3.3.0 + domutils: 2.8.0 + entities: 2.2.0 + + http-errors@2.0.0: + dependencies: + depd: 2.0.0 + inherits: 2.0.4 + setprototypeof: 1.2.0 + statuses: 2.0.1 + toidentifier: 1.0.1 + + http-proxy-agent@7.0.2: + dependencies: + agent-base: 7.1.1 + debug: 4.3.5 + transitivePeerDependencies: + - supports-color + + https-proxy-agent@7.0.5: + dependencies: + agent-base: 7.1.1 + debug: 4.3.5 + transitivePeerDependencies: + - supports-color + + human-signals@2.1.0: {} + + human-signals@5.0.0: {} + + iconv-lite@0.4.24: + dependencies: + safer-buffer: 2.1.2 + + iconv-lite@0.6.3: + dependencies: + safer-buffer: 2.1.2 + + ieee754@1.2.1: {} + + ignore@4.0.6: {} + + ignore@5.3.1: {} + + import-fresh@3.3.0: + dependencies: + parent-module: 1.0.1 + resolve-from: 4.0.0 + + import-meta-resolve@4.1.0: {} + + imurmurhash@0.1.4: {} + + indent-string@4.0.0: {} + + inflight@1.0.6: + dependencies: + once: 1.4.0 + wrappy: 1.0.2 + + inherits@2.0.4: {} + + ipaddr.js@1.9.1: {} + + is-absolute-url@4.0.1: {} + + is-arguments@1.1.1: + dependencies: + call-bind: 1.0.7 + has-tostringtag: 1.0.2 + + is-binary-path@2.1.0: + dependencies: + binary-extensions: 2.3.0 + + is-builtin-module@3.2.1: + dependencies: + builtin-modules: 3.3.0 + + is-callable@1.2.7: {} + + is-core-module@2.15.0: + dependencies: + hasown: 2.0.2 + + is-extglob@2.1.1: {} + + is-fullwidth-code-point@3.0.0: {} + + is-generator-function@1.0.10: + dependencies: + has-tostringtag: 1.0.2 + + is-glob@4.0.3: + dependencies: + is-extglob: 2.1.1 + + is-interactive@1.0.0: {} + + is-module@1.0.0: {} + + is-number@7.0.0: {} + + is-path-inside@3.0.3: {} + + is-plain-object@2.0.4: + dependencies: + isobject: 3.0.1 + + is-potential-custom-element-name@1.0.1: {} + + is-reference@1.2.1: + dependencies: + '@types/estree': 1.0.5 + + is-reference@3.0.2: + dependencies: + '@types/estree': 1.0.5 + + is-stream@2.0.1: {} + + is-stream@3.0.0: {} + + is-typed-array@1.1.13: + dependencies: + which-typed-array: 1.1.15 + + is-unicode-supported@0.1.0: {} + + isexe@2.0.0: {} + + isobject@3.0.1: {} + + istanbul-lib-coverage@3.2.2: {} + + istanbul-lib-report@3.0.1: + dependencies: + istanbul-lib-coverage: 3.2.2 + make-dir: 4.0.0 + supports-color: 7.2.0 + + istanbul-lib-source-maps@5.0.6: + dependencies: + '@jridgewell/trace-mapping': 0.3.25 + debug: 4.3.5 + istanbul-lib-coverage: 3.2.2 + transitivePeerDependencies: + - supports-color + + istanbul-reports@3.1.7: + dependencies: + html-escaper: 2.0.2 + istanbul-lib-report: 3.0.1 + + jackspeak@3.4.3: + dependencies: + '@isaacs/cliui': 8.0.2 + optionalDependencies: + '@pkgjs/parseargs': 0.11.0 + + jiti@1.21.6: {} + + joi@17.13.3: + dependencies: + '@hapi/hoek': 9.3.0 + '@hapi/topo': 5.1.0 + '@sideway/address': 4.1.5 + '@sideway/formula': 3.0.1 + '@sideway/pinpoint': 2.0.0 + optional: true + + js-tokens@4.0.0: {} + + js-tokens@9.0.0: {} + + js-yaml@4.1.0: + dependencies: + argparse: 2.0.1 + + jscodeshift@0.15.2(@babel/preset-env@7.24.8(@babel/core@7.24.9)): + dependencies: + '@babel/core': 7.24.9 + '@babel/parser': 7.24.8 + '@babel/plugin-transform-class-properties': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-modules-commonjs': 7.24.8(@babel/core@7.24.9) + '@babel/plugin-transform-nullish-coalescing-operator': 7.24.7(@babel/core@7.24.9) + '@babel/plugin-transform-optional-chaining': 7.24.8(@babel/core@7.24.9) + '@babel/plugin-transform-private-methods': 7.24.7(@babel/core@7.24.9) + '@babel/preset-flow': 7.24.7(@babel/core@7.24.9) + '@babel/preset-typescript': 7.24.7(@babel/core@7.24.9) + '@babel/register': 7.24.6(@babel/core@7.24.9) + babel-core: 7.0.0-bridge.0(@babel/core@7.24.9) + chalk: 4.1.2 + flow-parser: 0.241.0 + graceful-fs: 4.2.11 + micromatch: 4.0.7 + neo-async: 2.6.2 + node-dir: 0.1.17 + recast: 0.23.9 + temp: 0.8.4 + write-file-atomic: 2.4.3 + optionalDependencies: + '@babel/preset-env': 7.24.8(@babel/core@7.24.9) + transitivePeerDependencies: + - supports-color + + jsdom@24.1.0: + dependencies: + cssstyle: 4.0.1 + data-urls: 5.0.0 + decimal.js: 10.4.3 + form-data: 4.0.0 + html-encoding-sniffer: 4.0.0 + http-proxy-agent: 7.0.2 + https-proxy-agent: 7.0.5 + is-potential-custom-element-name: 1.0.1 + nwsapi: 2.2.12 + parse5: 7.1.2 + rrweb-cssom: 0.7.1 + saxes: 6.0.0 + symbol-tree: 3.2.4 + tough-cookie: 4.1.4 + w3c-xmlserializer: 5.0.0 + webidl-conversions: 7.0.0 + whatwg-encoding: 3.1.1 + whatwg-mimetype: 4.0.0 + whatwg-url: 14.0.0 + ws: 8.18.0 + xml-name-validator: 5.0.0 + transitivePeerDependencies: + - bufferutil + - supports-color + - utf-8-validate + + jsesc@0.5.0: {} + + jsesc@2.5.2: {} + + json-buffer@3.0.1: {} + + json-schema-to-ts@3.1.0: + dependencies: + '@babel/runtime': 7.24.8 + ts-algebra: 2.0.0 + optional: true + + json-schema-traverse@0.4.1: {} + + json-stable-stringify-without-jsonify@1.0.1: {} + + json5@2.2.3: {} + + jsonfile@6.1.0: + dependencies: + universalify: 2.0.1 + optionalDependencies: + graceful-fs: 4.2.11 + + jsonwebtoken@9.0.2: + dependencies: + jws: 3.2.2 + lodash.includes: 4.3.0 + lodash.isboolean: 3.0.3 + lodash.isinteger: 4.0.4 + lodash.isnumber: 3.0.3 + lodash.isplainobject: 4.0.6 + lodash.isstring: 4.0.1 + lodash.once: 4.1.1 + ms: 2.1.3 + semver: 7.6.3 + + just-clone@6.2.0: {} + + jwa@1.4.1: + dependencies: + buffer-equal-constant-time: 1.0.1 + ecdsa-sig-formatter: 1.0.11 + safe-buffer: 5.2.1 + + jws@3.2.2: + dependencies: + jwa: 1.4.1 + safe-buffer: 5.2.1 + + keyv@4.5.4: + dependencies: + json-buffer: 3.0.1 + + kind-of@6.0.3: {} + + kleur@3.0.3: {} + + kleur@4.1.5: {} + + known-css-properties@0.34.0: {} + + leven@3.1.0: {} + + levn@0.4.1: + dependencies: + prelude-ls: 1.2.1 + type-check: 0.4.0 + + lilconfig@2.1.0: {} + + lilconfig@3.1.2: {} + + lines-and-columns@1.2.4: {} + + local-pkg@0.5.0: + dependencies: + mlly: 1.7.1 + pkg-types: 1.1.3 + + locate-character@3.0.0: {} + + locate-path@3.0.0: + dependencies: + p-locate: 3.0.0 + path-exists: 3.0.0 + + locate-path@5.0.0: + dependencies: + p-locate: 4.1.0 + + locate-path@6.0.0: + dependencies: + p-locate: 5.0.0 + + lodash.castarray@4.4.0: {} + + lodash.debounce@4.0.8: {} + + lodash.includes@4.3.0: {} + + lodash.isboolean@3.0.3: {} + + lodash.isinteger@4.0.4: {} + + lodash.isnumber@3.0.3: {} + + lodash.isplainobject@4.0.6: {} + + lodash.isstring@4.0.1: {} + + lodash.merge@4.6.2: {} + + lodash.once@4.1.1: {} + + lodash@4.17.21: {} + + log-symbols@4.1.0: + dependencies: + chalk: 4.1.2 + is-unicode-supported: 0.1.0 + + loose-envify@1.4.0: + dependencies: + js-tokens: 4.0.0 + + loupe@2.3.7: + dependencies: + get-func-name: 2.0.2 + + lru-cache@10.4.3: {} + + lru-cache@5.1.1: + dependencies: + yallist: 3.1.1 + + lz-string@1.5.0: {} + + magic-string@0.30.10: + dependencies: + '@jridgewell/sourcemap-codec': 1.5.0 + + magicast@0.3.4: + dependencies: + '@babel/parser': 7.24.8 + '@babel/types': 7.24.9 + source-map-js: 1.2.0 + + make-dir@2.1.0: + dependencies: + pify: 4.0.1 + semver: 5.7.2 + + make-dir@3.1.0: + dependencies: + semver: 6.3.1 + + make-dir@4.0.0: + dependencies: + semver: 7.6.3 + + map-or-similar@1.5.0: {} + + markdown-to-jsx@7.4.7(react@18.3.1): + dependencies: + react: 18.3.1 + + mdn-data@2.0.30: {} + + media-typer@0.3.0: {} + + memoize-weak@1.0.2: {} + + memoizerific@1.11.3: + dependencies: + map-or-similar: 1.5.0 + + merge-descriptors@1.0.1: {} + + merge-stream@2.0.0: {} + + merge2@1.4.1: {} + + methods@1.1.2: {} + + micromatch@4.0.7: + dependencies: + braces: 3.0.3 + picomatch: 2.3.1 + + mime-db@1.52.0: {} + + mime-types@2.1.35: + dependencies: + mime-db: 1.52.0 + + mime@1.6.0: {} + + mimic-fn@2.1.0: {} + + mimic-fn@4.0.0: {} + + min-indent@1.0.1: {} + + mini-svg-data-uri@1.4.4: {} + + minimatch@3.1.2: + dependencies: + brace-expansion: 1.1.11 + + minimatch@9.0.5: + dependencies: + brace-expansion: 2.0.1 + + minimist@1.2.8: {} + + minipass@3.3.6: + dependencies: + yallist: 4.0.0 + + minipass@5.0.0: {} + + minipass@7.1.2: {} + + minizlib@2.1.2: + dependencies: + minipass: 3.3.6 + yallist: 4.0.0 + + mkdirp@0.5.6: + dependencies: + minimist: 1.2.8 + + mkdirp@1.0.4: {} + + mlly@1.7.1: + dependencies: + acorn: 8.12.1 + pathe: 1.1.2 + pkg-types: 1.1.3 + ufo: 1.5.4 + + mri@1.2.0: {} + + mrmime@2.0.0: {} + + ms@2.0.0: {} + + ms@2.1.2: {} + + ms@2.1.3: {} + + murmurhash3js@3.0.1: {} + + mz@2.7.0: + dependencies: + any-promise: 1.3.0 + object-assign: 4.1.1 + thenify-all: 1.6.0 + + nanoid@3.3.7: {} + + natural-compare@1.4.0: {} + + negotiator@0.6.3: {} + + neo-async@2.6.2: {} + + node-dir@0.1.17: + dependencies: + minimatch: 3.1.2 + + node-fetch-native@1.6.4: {} + + node-releases@2.0.17: {} + + normalize-path@3.0.0: {} + + normalize-range@0.1.2: {} + + normalize-url@8.0.1: + optional: true + + npm-run-path@4.0.1: + dependencies: + path-key: 3.1.1 + + npm-run-path@5.3.0: + dependencies: + path-key: 4.0.0 + + nwsapi@2.2.12: {} + + nypm@0.3.9: + dependencies: + citty: 0.1.6 + consola: 3.2.3 + execa: 8.0.1 + pathe: 1.1.2 + pkg-types: 1.1.3 + ufo: 1.5.4 + + object-assign@4.1.1: {} + + object-hash@3.0.0: {} + + object-inspect@1.13.2: {} + + octokit@3.1.2: + dependencies: + '@octokit/app': 14.1.0 + '@octokit/core': 5.2.0 + '@octokit/oauth-app': 6.1.0 + '@octokit/plugin-paginate-graphql': 4.0.1(@octokit/core@5.2.0) + '@octokit/plugin-paginate-rest': 9.2.1(@octokit/core@5.2.0) + '@octokit/plugin-rest-endpoint-methods': 10.4.1(@octokit/core@5.2.0) + '@octokit/plugin-retry': 6.0.1(@octokit/core@5.2.0) + '@octokit/plugin-throttling': 8.2.0(@octokit/core@5.2.0) + '@octokit/request-error': 5.1.0 + '@octokit/types': 12.4.0 + + ohash@1.1.3: {} + + on-finished@2.4.1: + dependencies: + ee-first: 1.1.1 + + once@1.4.0: + dependencies: + wrappy: 1.0.2 + + onetime@5.1.2: + dependencies: + mimic-fn: 2.1.0 + + onetime@6.0.0: + dependencies: + mimic-fn: 4.0.0 + + optionator@0.9.4: + dependencies: + deep-is: 0.1.4 + fast-levenshtein: 2.0.6 + levn: 0.4.1 + prelude-ls: 1.2.1 + type-check: 0.4.0 + word-wrap: 1.2.5 + + ora@5.4.1: + dependencies: + bl: 4.1.0 + chalk: 4.1.2 + cli-cursor: 3.1.0 + cli-spinners: 2.9.2 + is-interactive: 1.0.0 + is-unicode-supported: 0.1.0 + log-symbols: 4.1.0 + strip-ansi: 6.0.1 + wcwidth: 1.0.1 + + p-limit@2.3.0: + dependencies: + p-try: 2.2.0 + + p-limit@3.1.0: + dependencies: + yocto-queue: 0.1.0 + + p-limit@5.0.0: + dependencies: + yocto-queue: 1.1.1 + + p-locate@3.0.0: + dependencies: + p-limit: 2.3.0 + + p-locate@4.1.0: + dependencies: + p-limit: 2.3.0 + + p-locate@5.0.0: + dependencies: + p-limit: 3.1.0 + + p-try@2.2.0: {} + + package-json-from-dist@1.0.0: {} + + pako@1.0.11: {} + + parent-module@1.0.1: + dependencies: + callsites: 3.1.0 + + parse5-htmlparser2-tree-adapter@7.0.0: + dependencies: + domhandler: 5.0.3 + parse5: 7.1.2 + + parse5@7.1.2: + dependencies: + entities: 4.5.0 + + parseurl@1.3.3: {} + + path-exists@3.0.0: {} + + path-exists@4.0.0: {} + + path-is-absolute@1.0.1: {} + + path-key@3.1.1: {} + + path-key@4.0.0: {} + + path-parse@1.0.7: {} + + path-scurry@1.11.1: + dependencies: + lru-cache: 10.4.3 + minipass: 7.1.2 + + path-to-regexp@0.1.7: {} + + path-type@4.0.0: {} + + path-type@5.0.0: {} + + pathe@1.1.2: {} + + pathval@1.1.1: {} + + periscopic@3.1.0: + dependencies: + '@types/estree': 1.0.5 + estree-walker: 3.0.3 + is-reference: 3.0.2 + + picocolors@1.0.1: {} + + picomatch@2.3.1: {} + + pify@2.3.0: {} + + pify@4.0.1: {} + + pify@5.0.0: {} + + pirates@4.0.6: {} + + pkg-dir@3.0.0: + dependencies: + find-up: 3.0.0 + + pkg-dir@4.2.0: + dependencies: + find-up: 4.1.0 + + pkg-types@1.1.3: + dependencies: + confbox: 0.1.7 + mlly: 1.7.1 + pathe: 1.1.2 + + playwright-core@1.45.2: {} + + playwright@1.45.2: + dependencies: + playwright-core: 1.45.2 + optionalDependencies: + fsevents: 2.3.2 + + polished@4.3.1: + dependencies: + '@babel/runtime': 7.24.8 + + possible-typed-array-names@1.0.0: {} + + postcss-import@15.1.0(postcss@8.4.39): + dependencies: + postcss: 8.4.39 + postcss-value-parser: 4.2.0 + read-cache: 1.0.0 + resolve: 1.22.8 + + postcss-js@4.0.1(postcss@8.4.39): + dependencies: + camelcase-css: 2.0.1 + postcss: 8.4.39 + + postcss-load-config@3.1.4(postcss@8.4.39): + dependencies: + lilconfig: 2.1.0 + yaml: 1.10.2 + optionalDependencies: + postcss: 8.4.39 + + postcss-load-config@4.0.2(postcss@8.4.39): + dependencies: + lilconfig: 3.1.2 + yaml: 2.4.5 + optionalDependencies: + postcss: 8.4.39 + + postcss-nested@6.0.1(postcss@8.4.39): + dependencies: + postcss: 8.4.39 + postcss-selector-parser: 6.1.1 + + postcss-safe-parser@6.0.0(postcss@8.4.39): + dependencies: + postcss: 8.4.39 + + postcss-scss@4.0.9(postcss@8.4.39): + dependencies: + postcss: 8.4.39 + + postcss-selector-parser@6.0.10: + dependencies: + cssesc: 3.0.0 + util-deprecate: 1.0.2 + + postcss-selector-parser@6.1.1: + dependencies: + cssesc: 3.0.0 + util-deprecate: 1.0.2 + + postcss-value-parser@4.2.0: {} + + postcss@8.4.39: + dependencies: + nanoid: 3.3.7 + picocolors: 1.0.1 + source-map-js: 1.2.0 + + posthog-node@3.1.3: + dependencies: + axios: 1.7.2 + rusha: 0.8.14 + transitivePeerDependencies: + - debug + + prelude-ls@1.2.1: {} + + prettier-plugin-svelte@3.2.6(prettier@3.3.3)(svelte@4.2.18): + dependencies: + prettier: 3.3.3 + svelte: 4.2.18 + + prettier@3.3.3: {} + + pretty-format@27.5.1: + dependencies: + ansi-regex: 5.0.1 + ansi-styles: 5.2.0 + react-is: 17.0.2 + + pretty-format@29.7.0: + dependencies: + '@jest/schemas': 29.6.3 + ansi-styles: 5.2.0 + react-is: 18.3.1 + + process@0.11.10: {} + + progress@2.0.3: {} + + prompts@2.4.2: + dependencies: + kleur: 3.0.3 + sisteransi: 1.0.5 + + property-expr@2.0.6: + optional: true + + proxy-addr@2.0.7: + dependencies: + forwarded: 0.2.0 + ipaddr.js: 1.9.1 + + proxy-from-env@1.1.0: {} + + psl@1.9.0: {} + + punycode@2.3.1: {} + + purgecss-from-html@6.0.0: + dependencies: + parse5: 7.1.2 + parse5-htmlparser2-tree-adapter: 7.0.0 + + purgecss@6.0.0: + dependencies: + commander: 12.1.0 + glob: 10.4.5 + postcss: 8.4.39 + postcss-selector-parser: 6.1.1 + + qs@6.11.0: + dependencies: + side-channel: 1.0.6 + + querystringify@2.2.0: {} + + queue-microtask@1.2.3: {} + + range-parser@1.2.1: {} + + raw-body@2.5.2: + dependencies: + bytes: 3.1.2 + http-errors: 2.0.0 + iconv-lite: 0.4.24 + unpipe: 1.0.0 + + react-colorful@5.6.1(react-dom@18.3.1(react@18.3.1))(react@18.3.1): + dependencies: + react: 18.3.1 + react-dom: 18.3.1(react@18.3.1) + + react-dom@18.3.1(react@18.3.1): + dependencies: + loose-envify: 1.4.0 + react: 18.3.1 + scheduler: 0.23.2 + + react-is@17.0.2: {} + + react-is@18.3.1: {} + + react@18.3.1: + dependencies: + loose-envify: 1.4.0 + + read-cache@1.0.0: + dependencies: + pify: 2.3.0 + + readable-stream@3.6.2: + dependencies: + inherits: 2.0.4 + string_decoder: 1.3.0 + util-deprecate: 1.0.2 + + readdirp@3.6.0: + dependencies: + picomatch: 2.3.1 + + recast@0.23.9: + dependencies: + ast-types: 0.16.1 + esprima: 4.0.1 + source-map: 0.6.1 + tiny-invariant: 1.3.3 + tslib: 2.6.3 + + redent@3.0.0: + dependencies: + indent-string: 4.0.0 + strip-indent: 3.0.0 + + regenerate-unicode-properties@10.1.1: + dependencies: + regenerate: 1.4.2 + + regenerate@1.4.2: {} + + regenerator-runtime@0.14.1: {} + + regenerator-transform@0.15.2: + dependencies: + '@babel/runtime': 7.24.8 + + regexpp@3.2.0: {} + + regexpu-core@5.3.2: + dependencies: + '@babel/regjsgen': 0.8.0 + regenerate: 1.4.2 + regenerate-unicode-properties: 10.1.1 + regjsparser: 0.9.1 + unicode-match-property-ecmascript: 2.0.0 + unicode-match-property-value-ecmascript: 2.1.0 + + regjsparser@0.9.1: + dependencies: + jsesc: 0.5.0 + + rehype-external-links@3.0.0: + dependencies: + '@types/hast': 3.0.4 + '@ungap/structured-clone': 1.2.0 + hast-util-is-element: 3.0.0 + is-absolute-url: 4.0.1 + space-separated-tokens: 2.0.2 + unist-util-visit: 5.0.0 + + rehype-slug@6.0.0: + dependencies: + '@types/hast': 3.0.4 + github-slugger: 2.0.0 + hast-util-heading-rank: 3.0.0 + hast-util-to-string: 3.0.0 + unist-util-visit: 5.0.0 + + requireindex@1.2.0: {} + + requires-port@1.0.0: {} + + resolve-from@4.0.0: {} + + resolve@1.22.8: + dependencies: + is-core-module: 2.15.0 + path-parse: 1.0.7 + supports-preserve-symlinks-flag: 1.0.0 + + restore-cursor@3.1.0: + dependencies: + onetime: 5.1.2 + signal-exit: 3.0.7 + + reusify@1.0.4: {} + + rimraf@2.6.3: + dependencies: + glob: 7.2.3 + + rimraf@2.7.1: + dependencies: + glob: 7.2.3 + + rimraf@3.0.2: + dependencies: + glob: 7.2.3 + + rollup@4.18.1: + dependencies: + '@types/estree': 1.0.5 + optionalDependencies: + '@rollup/rollup-android-arm-eabi': 4.18.1 + '@rollup/rollup-android-arm64': 4.18.1 + '@rollup/rollup-darwin-arm64': 4.18.1 + '@rollup/rollup-darwin-x64': 4.18.1 + '@rollup/rollup-linux-arm-gnueabihf': 4.18.1 + '@rollup/rollup-linux-arm-musleabihf': 4.18.1 + '@rollup/rollup-linux-arm64-gnu': 4.18.1 + '@rollup/rollup-linux-arm64-musl': 4.18.1 + '@rollup/rollup-linux-powerpc64le-gnu': 4.18.1 + '@rollup/rollup-linux-riscv64-gnu': 4.18.1 + '@rollup/rollup-linux-s390x-gnu': 4.18.1 + '@rollup/rollup-linux-x64-gnu': 4.18.1 + '@rollup/rollup-linux-x64-musl': 4.18.1 + '@rollup/rollup-win32-arm64-msvc': 4.18.1 + '@rollup/rollup-win32-ia32-msvc': 4.18.1 + '@rollup/rollup-win32-x64-msvc': 4.18.1 + fsevents: 2.3.3 + + rrweb-cssom@0.6.0: {} + + rrweb-cssom@0.7.1: {} + + run-parallel@1.2.0: + dependencies: + queue-microtask: 1.2.3 + + rusha@0.8.14: {} + + sade@1.8.1: + dependencies: + mri: 1.2.0 + + safe-buffer@5.2.1: {} + + safer-buffer@2.1.2: {} + + sander@0.5.1: + dependencies: + es6-promise: 3.3.1 + graceful-fs: 4.2.11 + mkdirp: 0.5.6 + rimraf: 2.7.1 + + saxes@6.0.0: + dependencies: + xmlchars: 2.2.0 + + scheduler@0.23.2: + dependencies: + loose-envify: 1.4.0 + + semver@5.7.2: {} + + semver@6.3.1: {} + + semver@7.6.3: {} + + send@0.18.0: + dependencies: + debug: 2.6.9 + depd: 2.0.0 + destroy: 1.2.0 + encodeurl: 1.0.2 + escape-html: 1.0.3 + etag: 1.8.1 + fresh: 0.5.2 + http-errors: 2.0.0 + mime: 1.6.0 + ms: 2.1.3 + on-finished: 2.4.1 + range-parser: 1.2.1 + statuses: 2.0.1 + transitivePeerDependencies: + - supports-color + + seroval@0.5.1: {} + + serve-static@1.15.0: + dependencies: + encodeurl: 1.0.2 + escape-html: 1.0.3 + parseurl: 1.3.3 + send: 0.18.0 + transitivePeerDependencies: + - supports-color + + set-cookie-parser@2.6.0: {} + + set-function-length@1.2.2: + dependencies: + define-data-property: 1.1.4 + es-errors: 1.3.0 + function-bind: 1.1.2 + get-intrinsic: 1.2.4 + gopd: 1.0.1 + has-property-descriptors: 1.0.2 + + setprototypeof@1.2.0: {} + + sha.js@2.4.11: + dependencies: + inherits: 2.0.4 + safe-buffer: 5.2.1 + + shallow-clone@3.0.1: + dependencies: + kind-of: 6.0.3 + + shebang-command@2.0.0: + dependencies: + shebang-regex: 3.0.0 + + shebang-regex@3.0.0: {} + + side-channel@1.0.6: + dependencies: + call-bind: 1.0.7 + es-errors: 1.3.0 + get-intrinsic: 1.2.4 + object-inspect: 1.13.2 + + siginfo@2.0.0: {} + + signal-exit@3.0.7: {} + + signal-exit@4.1.0: {} + + sirv@2.0.4: + dependencies: + '@polka/url': 1.0.0-next.25 + mrmime: 2.0.0 + totalist: 3.0.1 + + sisteransi@1.0.5: {} + + slash@3.0.0: {} + + slash@5.1.0: {} + + solid-js@1.6.12: + dependencies: + csstype: 3.1.3 + + solid-js@1.7.11: + dependencies: + csstype: 3.1.3 + seroval: 0.5.1 + + sorcery@0.11.1: + dependencies: + '@jridgewell/sourcemap-codec': 1.5.0 + buffer-crc32: 1.0.0 + minimist: 1.2.8 + sander: 0.5.1 + + source-map-js@1.2.0: {} + + source-map-support@0.5.21: + dependencies: + buffer-from: 1.1.2 + source-map: 0.6.1 + + source-map@0.6.1: {} + + space-separated-tokens@2.0.2: {} + + stackback@0.0.2: {} + + statuses@2.0.1: {} + + std-env@3.7.0: {} + + storybook@8.2.4(@babel/preset-env@7.24.8(@babel/core@7.24.9)): + dependencies: + '@babel/core': 7.24.9 + '@babel/types': 7.24.9 + '@storybook/codemod': 8.2.4 + '@storybook/core': 8.2.4 + '@types/semver': 7.5.8 + '@yarnpkg/fslib': 2.10.3 + '@yarnpkg/libzip': 2.3.0 + chalk: 4.1.2 + commander: 6.2.1 + cross-spawn: 7.0.3 + detect-indent: 6.1.0 + envinfo: 7.13.0 + execa: 5.1.1 + fd-package-json: 1.2.0 + find-up: 5.0.0 + fs-extra: 11.2.0 + giget: 1.2.3 + globby: 14.0.2 + jscodeshift: 0.15.2(@babel/preset-env@7.24.8(@babel/core@7.24.9)) + leven: 3.1.0 + ora: 5.4.1 + prettier: 3.3.3 + prompts: 2.4.2 + semver: 7.6.3 + strip-json-comments: 3.1.1 + tempy: 3.1.0 + tiny-invariant: 1.3.3 + ts-dedent: 2.2.0 + transitivePeerDependencies: + - '@babel/preset-env' + - bufferutil + - supports-color + - utf-8-validate + + string-width@4.2.3: + dependencies: + emoji-regex: 8.0.0 + is-fullwidth-code-point: 3.0.0 + strip-ansi: 6.0.1 + + string-width@5.1.2: + dependencies: + eastasianwidth: 0.2.0 + emoji-regex: 9.2.2 + strip-ansi: 7.1.0 + + string_decoder@1.3.0: + dependencies: + safe-buffer: 5.2.1 + + strip-ansi@6.0.1: + dependencies: + ansi-regex: 5.0.1 + + strip-ansi@7.1.0: + dependencies: + ansi-regex: 6.0.1 + + strip-final-newline@2.0.0: {} + + strip-final-newline@3.0.0: {} + + strip-indent@3.0.0: + dependencies: + min-indent: 1.0.1 + + strip-json-comments@3.1.1: {} + + strip-literal@2.1.0: + dependencies: + js-tokens: 9.0.0 + + sucrase@3.35.0: + dependencies: + '@jridgewell/gen-mapping': 0.3.5 + commander: 4.1.1 + glob: 10.4.5 + lines-and-columns: 1.2.4 + mz: 2.7.0 + pirates: 4.0.6 + ts-interface-checker: 0.1.13 + + superstruct@2.0.2: + optional: true + + supports-color@5.5.0: + dependencies: + has-flag: 3.0.0 + + supports-color@7.2.0: + dependencies: + has-flag: 4.0.0 + + supports-preserve-symlinks-flag@1.0.0: {} + + svelte-check@3.8.4(@babel/core@7.24.9)(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(svelte@4.2.18): + dependencies: + '@jridgewell/trace-mapping': 0.3.25 + chokidar: 3.6.0 + picocolors: 1.0.1 + sade: 1.8.1 + svelte: 4.2.18 + svelte-preprocess: 5.1.4(@babel/core@7.24.9)(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(svelte@4.2.18)(typescript@5.5.3) + typescript: 5.5.3 + transitivePeerDependencies: + - '@babel/core' + - coffeescript + - less + - postcss + - postcss-load-config + - pug + - sass + - stylus + - sugarss + + svelte-eslint-parser@0.40.0(svelte@4.2.18): + dependencies: + eslint-scope: 7.2.2 + eslint-visitor-keys: 3.4.3 + espree: 9.6.1 + postcss: 8.4.39 + postcss-scss: 4.0.9(postcss@8.4.39) + optionalDependencies: + svelte: 4.2.18 + + svelte-hmr@0.16.0(svelte@4.2.18): + dependencies: + svelte: 4.2.18 + + svelte-multiselect@10.3.0: + dependencies: + svelte: 4.2.12 + + svelte-persisted-store@0.11.0(svelte@4.2.18): + dependencies: + svelte: 4.2.18 + + svelte-preprocess@5.1.4(@babel/core@7.24.9)(postcss-load-config@4.0.2(postcss@8.4.39))(postcss@8.4.39)(svelte@4.2.18)(typescript@5.5.3): + dependencies: + '@types/pug': 2.0.10 + detect-indent: 6.1.0 + magic-string: 0.30.10 + sorcery: 0.11.1 + strip-indent: 3.0.0 + svelte: 4.2.18 + optionalDependencies: + '@babel/core': 7.24.9 + postcss: 8.4.39 + postcss-load-config: 4.0.2(postcss@8.4.39) + typescript: 5.5.3 + + svelte-typewriter@3.2.3(svelte@4.2.18): + dependencies: + '@formatjs/intl-segmenter': 11.5.7 + svelte: 4.2.18 + + svelte@4.2.12: + dependencies: + '@ampproject/remapping': 2.3.0 + '@jridgewell/sourcemap-codec': 1.5.0 + '@jridgewell/trace-mapping': 0.3.25 + '@types/estree': 1.0.5 + acorn: 8.12.1 + aria-query: 5.3.0 + axobject-query: 4.1.0 + code-red: 1.0.4 + css-tree: 2.3.1 + estree-walker: 3.0.3 + is-reference: 3.0.2 + locate-character: 3.0.0 + magic-string: 0.30.10 + periscopic: 3.1.0 + + svelte@4.2.18: + dependencies: + '@ampproject/remapping': 2.3.0 + '@jridgewell/sourcemap-codec': 1.5.0 + '@jridgewell/trace-mapping': 0.3.25 + '@types/estree': 1.0.5 + acorn: 8.12.1 + aria-query: 5.3.0 + axobject-query: 4.1.0 + code-red: 1.0.4 + css-tree: 2.3.1 + estree-walker: 3.0.3 + is-reference: 3.0.2 + locate-character: 3.0.0 + magic-string: 0.30.10 + periscopic: 3.1.0 + + sveltedoc-parser@4.2.1: + dependencies: + eslint: 8.4.1 + espree: 9.2.0 + htmlparser2-svelte: 4.1.0 + transitivePeerDependencies: + - supports-color + + sveltekit-flash-message@2.4.4(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18): + dependencies: + '@sveltejs/kit': 2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + svelte: 4.2.18 + + sveltekit-rate-limiter@0.5.2(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11))): + dependencies: + '@isaacs/ttlcache': 1.4.1 + '@sveltejs/kit': 2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + + sveltekit-superforms@2.16.1(@sveltejs/kit@2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18): + dependencies: + '@sveltejs/kit': 2.5.18(@sveltejs/vite-plugin-svelte@3.1.1(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)))(svelte@4.2.18)(vite@5.3.4(@types/node@20.14.11)) + devalue: 5.0.0 + just-clone: 6.2.0 + memoize-weak: 1.0.2 + svelte: 4.2.18 + ts-deepmerge: 7.0.1 + optionalDependencies: + '@exodus/schemasafe': 1.3.0 + '@gcornut/valibot-json-schema': 0.31.0 + '@sinclair/typebox': 0.32.34 + '@sodaru/yup-to-json-schema': 2.0.1 + '@vinejs/vine': 1.8.0 + arktype: 2.0.0-beta.0 + joi: 17.13.3 + json-schema-to-ts: 3.1.0 + superstruct: 2.0.2 + valibot: 0.35.0 + yup: 1.4.0 + zod: 3.23.8 + zod-to-json-schema: 3.23.1(zod@3.23.8) + + symbol-tree@3.2.4: {} + + tailwindcss@3.4.6: + dependencies: + '@alloc/quick-lru': 5.2.0 + arg: 5.0.2 + chokidar: 3.6.0 + didyoumean: 1.2.2 + dlv: 1.1.3 + fast-glob: 3.3.2 + glob-parent: 6.0.2 + is-glob: 4.0.3 + jiti: 1.21.6 + lilconfig: 2.1.0 + micromatch: 4.0.7 + normalize-path: 3.0.0 + object-hash: 3.0.0 + picocolors: 1.0.1 + postcss: 8.4.39 + postcss-import: 15.1.0(postcss@8.4.39) + postcss-js: 4.0.1(postcss@8.4.39) + postcss-load-config: 4.0.2(postcss@8.4.39) + postcss-nested: 6.0.1(postcss@8.4.39) + postcss-selector-parser: 6.1.1 + resolve: 1.22.8 + sucrase: 3.35.0 + transitivePeerDependencies: + - ts-node + + tar@6.2.1: + dependencies: + chownr: 2.0.0 + fs-minipass: 2.1.0 + minipass: 5.0.0 + minizlib: 2.1.2 + mkdirp: 1.0.4 + yallist: 4.0.0 + + telejson@7.2.0: + dependencies: + memoizerific: 1.11.3 + + temp-dir@3.0.0: {} + + temp@0.8.4: + dependencies: + rimraf: 2.6.3 + + tempy@3.1.0: + dependencies: + is-stream: 3.0.0 + temp-dir: 3.0.0 + type-fest: 2.19.0 + unique-string: 3.0.0 + + test-exclude@6.0.0: + dependencies: + '@istanbuljs/schema': 0.1.3 + glob: 7.2.3 + minimatch: 3.1.2 + + text-table@0.2.0: {} + + thenify-all@1.6.0: + dependencies: + thenify: 3.3.1 + + thenify@3.3.1: + dependencies: + any-promise: 1.3.0 + + throttle-debounce@5.0.2: {} + + tiny-case@1.0.3: + optional: true + + tiny-glob@0.2.9: + dependencies: + globalyzer: 0.1.0 + globrex: 0.1.2 + + tiny-invariant@1.3.3: {} + + tinybench@2.8.0: {} + + tinypool@0.8.4: {} + + tinyspy@2.2.1: {} + + to-fast-properties@2.0.0: {} + + to-regex-range@5.0.1: + dependencies: + is-number: 7.0.0 + + toidentifier@1.0.1: {} + + toposort@2.0.2: + optional: true + + totalist@3.0.1: {} + + tough-cookie@4.1.4: + dependencies: + psl: 1.9.0 + punycode: 2.3.1 + universalify: 0.2.0 + url-parse: 1.5.10 + + tr46@5.0.0: + dependencies: + punycode: 2.3.1 + + ts-algebra@2.0.0: + optional: true + + ts-api-utils@1.3.0(typescript@5.5.3): + dependencies: + typescript: 5.5.3 + + ts-dedent@2.2.0: {} + + ts-deepmerge@7.0.1: {} + + ts-interface-checker@0.1.13: {} + + tslib@1.14.1: {} + + tslib@2.3.0: {} + + tslib@2.4.0: + optional: true + + tslib@2.6.3: {} + + tsutils@3.21.0(typescript@5.5.3): + dependencies: + tslib: 1.14.1 + typescript: 5.5.3 + + type-check@0.4.0: + dependencies: + prelude-ls: 1.2.1 + + type-detect@4.0.8: {} + + type-fest@0.20.2: {} + + type-fest@1.4.0: {} + + type-fest@2.19.0: {} + + type-is@1.6.18: + dependencies: + media-typer: 0.3.0 + mime-types: 2.1.35 + + typescript@5.5.3: {} + + ufo@1.5.4: {} + + undici-types@5.26.5: {} + + unicode-canonical-property-names-ecmascript@2.0.0: {} + + unicode-match-property-ecmascript@2.0.0: + dependencies: + unicode-canonical-property-names-ecmascript: 2.0.0 + unicode-property-aliases-ecmascript: 2.1.0 + + unicode-match-property-value-ecmascript@2.1.0: {} + + unicode-property-aliases-ecmascript@2.1.0: {} + + unicorn-magic@0.1.0: {} + + unique-string@3.0.0: + dependencies: + crypto-random-string: 4.0.0 + + unist-util-is@6.0.0: + dependencies: + '@types/unist': 3.0.2 + + unist-util-visit-parents@6.0.1: + dependencies: + '@types/unist': 3.0.2 + unist-util-is: 6.0.0 + + unist-util-visit@5.0.0: + dependencies: + '@types/unist': 3.0.2 + unist-util-is: 6.0.0 + unist-util-visit-parents: 6.0.1 + + universal-github-app-jwt@1.1.2: + dependencies: + '@types/jsonwebtoken': 9.0.6 + jsonwebtoken: 9.0.2 + + universal-user-agent@6.0.1: {} + + universalify@0.2.0: {} + + universalify@2.0.1: {} + + unpipe@1.0.0: {} + + unplugin@1.11.0: + dependencies: + acorn: 8.12.1 + chokidar: 3.6.0 + webpack-sources: 3.2.3 + webpack-virtual-modules: 0.6.2 + + unplugin@1.5.1: + dependencies: + acorn: 8.12.1 + chokidar: 3.6.0 + webpack-sources: 3.2.3 + webpack-virtual-modules: 0.6.2 + + update-browserslist-db@1.1.0(browserslist@4.23.2): + dependencies: + browserslist: 4.23.2 + escalade: 3.1.2 + picocolors: 1.0.1 + + uri-js@4.4.1: + dependencies: + punycode: 2.3.1 + + url-parse@1.5.10: + dependencies: + querystringify: 2.2.0 + requires-port: 1.0.0 + + util-deprecate@1.0.2: {} + + util@0.12.5: + dependencies: + inherits: 2.0.4 + is-arguments: 1.1.1 + is-generator-function: 1.0.10 + is-typed-array: 1.1.13 + which-typed-array: 1.1.15 + + utils-merge@1.0.1: {} + + uuid@9.0.1: {} + + v8-compile-cache@2.4.0: {} + + valibot@0.31.1: + optional: true + + valibot@0.35.0: + optional: true + + validator@13.12.0: + optional: true + + vary@1.1.2: {} + + vite-node@1.6.0(@types/node@20.14.11): + dependencies: + cac: 6.7.14 + debug: 4.3.5 + pathe: 1.1.2 + picocolors: 1.0.1 + vite: 5.3.4(@types/node@20.14.11) + transitivePeerDependencies: + - '@types/node' + - less + - lightningcss + - sass + - stylus + - sugarss + - supports-color + - terser + + vite-plugin-tailwind-purgecss@0.3.3(tailwindcss@3.4.6)(vite@5.3.4(@types/node@20.14.11)): + dependencies: + chalk: 5.3.0 + css-tree: 2.3.1 + fast-glob: 3.3.2 + purgecss: 6.0.0 + purgecss-from-html: 6.0.0 + tailwindcss: 3.4.6 + vite: 5.3.4(@types/node@20.14.11) + + vite@5.3.4(@types/node@20.14.11): + dependencies: + esbuild: 0.21.5 + postcss: 8.4.39 + rollup: 4.18.1 + optionalDependencies: + '@types/node': 20.14.11 + fsevents: 2.3.3 + + vitefu@0.2.5(vite@5.3.4(@types/node@20.14.11)): + optionalDependencies: + vite: 5.3.4(@types/node@20.14.11) + + vitest@1.6.0(@types/node@20.14.11)(@vitest/ui@1.6.0)(jsdom@24.1.0): + dependencies: + '@vitest/expect': 1.6.0 + '@vitest/runner': 1.6.0 + '@vitest/snapshot': 1.6.0 + '@vitest/spy': 1.6.0 + '@vitest/utils': 1.6.0 + acorn-walk: 8.3.3 + chai: 4.4.1 + debug: 4.3.5 + execa: 8.0.1 + local-pkg: 0.5.0 + magic-string: 0.30.10 + pathe: 1.1.2 + picocolors: 1.0.1 + std-env: 3.7.0 + strip-literal: 2.1.0 + tinybench: 2.8.0 + tinypool: 0.8.4 + vite: 5.3.4(@types/node@20.14.11) + vite-node: 1.6.0(@types/node@20.14.11) + why-is-node-running: 2.3.0 + optionalDependencies: + '@types/node': 20.14.11 + '@vitest/ui': 1.6.0(vitest@1.6.0) + jsdom: 24.1.0 + transitivePeerDependencies: + - less + - lightningcss + - sass + - stylus + - sugarss + - supports-color + - terser + + w3c-xmlserializer@5.0.0: + dependencies: + xml-name-validator: 5.0.0 + + walk-up-path@3.0.1: {} + + wcwidth@1.0.1: + dependencies: + defaults: 1.0.4 + + webidl-conversions@7.0.0: {} + + webpack-sources@3.2.3: {} + + webpack-virtual-modules@0.6.2: {} + + whatwg-encoding@3.1.1: + dependencies: + iconv-lite: 0.6.3 + + whatwg-mimetype@4.0.0: {} + + whatwg-url@14.0.0: + dependencies: + tr46: 5.0.0 + webidl-conversions: 7.0.0 + + which-typed-array@1.1.15: + dependencies: + available-typed-arrays: 1.0.7 + call-bind: 1.0.7 + for-each: 0.3.3 + gopd: 1.0.1 + has-tostringtag: 1.0.2 + + which@2.0.2: + dependencies: + isexe: 2.0.0 + + why-is-node-running@2.3.0: + dependencies: + siginfo: 2.0.0 + stackback: 0.0.2 + + word-wrap@1.2.5: {} + + wrap-ansi@7.0.0: + dependencies: + ansi-styles: 4.3.0 + string-width: 4.2.3 + strip-ansi: 6.0.1 + + wrap-ansi@8.1.0: + dependencies: + ansi-styles: 6.2.1 + string-width: 5.1.2 + strip-ansi: 7.1.0 + + wrappy@1.0.2: {} + + write-file-atomic@2.4.3: + dependencies: + graceful-fs: 4.2.11 + imurmurhash: 0.1.4 + signal-exit: 3.0.7 + + ws@8.18.0: {} + + xml-name-validator@5.0.0: {} + + xmlchars@2.2.0: {} + + yallist@3.1.1: {} + + yallist@4.0.0: {} + + yaml@1.10.2: {} + + yaml@2.4.5: {} + + yocto-queue@0.1.0: {} + + yocto-queue@1.1.1: {} + + yup@1.4.0: + dependencies: + property-expr: 2.0.6 + tiny-case: 1.0.3 + toposort: 2.0.2 + type-fest: 2.19.0 + optional: true + + zod-to-json-schema@3.23.1(zod@3.23.8): + dependencies: + zod: 3.23.8 + optional: true + + zod@3.23.8: {} + + zrender@5.6.0: + dependencies: + tslib: 2.3.0 diff --git a/frontend/project.inlang/.gitignore b/frontend/project.inlang/.gitignore new file mode 100644 index 000000000..06cf65390 --- /dev/null +++ b/frontend/project.inlang/.gitignore @@ -0,0 +1 @@ +cache diff --git a/frontend/src/app.html b/frontend/src/app.html index a48082f24..93a9c1429 100644 --- a/frontend/src/app.html +++ b/frontend/src/app.html @@ -1,4 +1,4 @@ - + diff --git a/frontend/src/app.postcss b/frontend/src/app.postcss index a8bf3e1cc..e12ea162b 100644 --- a/frontend/src/app.postcss +++ b/frontend/src/app.postcss @@ -11,3 +11,9 @@ body { .capitalize-first:first-letter { @apply capitalize; } + +@layer base { + [data-popup] { + transition: none; + } +} diff --git a/frontend/src/lib/components/Breadcrumbs/Breadcrumbs.svelte b/frontend/src/lib/components/Breadcrumbs/Breadcrumbs.svelte index fa898ce64..4f19b7572 100644 --- a/frontend/src/lib/components/Breadcrumbs/Breadcrumbs.svelte +++ b/frontend/src/lib/components/Breadcrumbs/Breadcrumbs.svelte @@ -1,28 +1,15 @@ + +
    + {title} + + +
    diff --git a/frontend/src/lib/components/Filters/SelectFilter.svelte b/frontend/src/lib/components/Filters/SelectFilter.svelte new file mode 100644 index 000000000..0e1ef69ea --- /dev/null +++ b/frontend/src/lib/components/Filters/SelectFilter.svelte @@ -0,0 +1,130 @@ + + + { + searchText = ''; + inputFocused = false; + }} +/> + +{#if options.length > Number(alwaysDefined)} + {#if !hasOptionLabels} + + + +
    + {#if !filterApplied} + { + inputFocused = true; + }} + on:blur={(event) => { + // Add FocusEvent typing + if (event?.relatedTarget?.tagName !== 'BUTTON') { + inputFocused = false; + } + }} + /> + {#if inputFocused} +
    + {#if matchingOptionsIndices.length == 0} + {m.noResultFound()} + {/if} + {#each matchingOptionsIndices as [optionIndex, matchIndex]} + {@const option = options[optionIndex]} + {@const splittedOption = [ + option.substring(0, matchIndex), + option.substring(matchIndex, matchIndex + searchText.length), + option.substring(matchIndex + searchText.length) + ]} + + {/each} +
    + {/if} + {:else} + { + value = ''; + }} + /> + {/if} +
    + {:else} + + {#if options.length > 0} + + {/if} + {/if} +{/if} diff --git a/frontend/src/lib/components/Forms/AutocompleteSelect.svelte b/frontend/src/lib/components/Forms/AutocompleteSelect.svelte index d9a243895..86b9b1324 100644 --- a/frontend/src/lib/components/Forms/AutocompleteSelect.svelte +++ b/frontend/src/lib/components/Forms/AutocompleteSelect.svelte @@ -1,6 +1,14 @@ @@ -74,7 +105,7 @@ {/each}
    {/if} -
    +
    {#if options.length > 0} ; + $: if (cachedValue !== undefined) { + value.set(cachedValue); + } else { + cachedValue = $value; + } $: classesHidden = (hidden: boolean) => (hidden ? 'hidden' : ''); $: classesDisabled = (disabled: boolean) => (disabled ? 'opacity-50' : ''); @@ -39,7 +44,7 @@ type="checkbox" class="checkbox" data-testid="form-input-{field.replaceAll('_', '-')}" - bind:checked={$boolValue} + bind:checked={cachedValue} {...$constraints} {...$$restProps} disabled={$$props.disabled} diff --git a/frontend/src/lib/components/Forms/Form.svelte b/frontend/src/lib/components/Forms/Form.svelte index 0d7682566..f81c956b0 100644 --- a/frontend/src/lib/components/Forms/Form.svelte +++ b/frontend/src/lib/components/Forms/Form.svelte @@ -20,14 +20,16 @@ export let resetForm = false; export let onSubmit = (submit_data: any) => {}; export let taintedMessage: string | null = m.taintedFormMessage(); + export let onUpdated = (_: any) => {}; export let useFocusTrap = true; export let debug = false; // set to true to enable SuperDebug component function handleFormUpdated({ form, closeModal }: { form: any; closeModal: boolean }) { - if (closeModal && form.valid) { - $modalStore[0] ? modalStore.close() : null; + if (form.valid) { + onUpdated(form); + if (closeModal) $modalStore[0] ? modalStore.close() : null; } } diff --git a/frontend/src/lib/components/Forms/ModelForm.svelte b/frontend/src/lib/components/Forms/ModelForm.svelte index 318dc6166..f9da82f46 100644 --- a/frontend/src/lib/components/Forms/ModelForm.svelte +++ b/frontend/src/lib/components/Forms/ModelForm.svelte @@ -1,5 +1,5 @@ @@ -65,6 +95,7 @@ let:data let:initialData validators={zod(schema)} + onUpdated={() => createModalCache.deleteCache(model.urlModel)} {...$$restProps} > @@ -80,6 +111,8 @@ label: 'auto' // convention for automatic label calculation })} field="reference_control" + cacheLock={cacheLocks['reference_control']} + bind:cachedValue={formDataCache['reference_control']} label={m.referenceControl()} nullable={true} on:change={async (e) => { @@ -89,7 +122,7 @@ .then((r) => { form.form.update((currentData) => { if ( - origin === 'edit' && + context === 'edit' && currentData['reference_control'] === initialData['reference_control'] && !updated_fields.has('reference_control') ) { @@ -104,27 +137,51 @@ /> {/if} {#if shape.name} - + {/if} {#if shape.description} -