From ecb2246032f0dd9714ae32b415dc72acc34189d2 Mon Sep 17 00:00:00 2001 From: Abder Date: Sat, 14 Dec 2024 20:26:32 +0100 Subject: [PATCH] =?UTF-8?q?CNIL=20:=20guide=20s=C3=A9curit=C3=A9=20des=20d?= =?UTF-8?q?onn=C3=A9es=20(#1187)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../libraries/cnil-guide-securite.yaml | 622 ++++++++++++++++++ tools/cnil/cnil-guide-securite.xlsx | Bin 0 -> 16226 bytes 2 files changed, 622 insertions(+) create mode 100644 backend/library/libraries/cnil-guide-securite.yaml create mode 100644 tools/cnil/cnil-guide-securite.xlsx diff --git a/backend/library/libraries/cnil-guide-securite.yaml b/backend/library/libraries/cnil-guide-securite.yaml new file mode 100644 index 000000000..8cadf6459 --- /dev/null +++ b/backend/library/libraries/cnil-guide-securite.yaml @@ -0,0 +1,622 @@ +urn: urn:intuitem:risk:library:cnil-guide-securite +locale: fr +ref_id: cnil-guide-securite +name: "CNIL : guide de s\xE9curit\xE9 des donn\xE9es" +description: "CNIL : GUIDE PRATIQUE RGPD POUR LA S\xC9CURIT\xC9 DES DONN\xC9ES PERSONNELLES" +copyright: "CNIL (Commission nationale de l\u2019informatique et des libert\xE9s)\ + \ - CC BY ND" +version: 1 +provider: CNIL +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:cnil-guide-securite + ref_id: cnil-guide-securite + name: "CNIL : guide de s\xE9curit\xE9 des donn\xE9es" + description: "CNIL : GUIDE PRATIQUE RGPD POUR LA S\xC9CURIT\xC9 DES DONN\xC9ES\ + \ PERSONNELLES" + requirement_nodes: + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:1 + assessable: false + depth: 1 + ref_id: '1' + name: "Piloter la s\xE9curit\xE9 des donn\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:1.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:1 + ref_id: '1.1' + description: "Faire de la s\xE9curit\xE9 un enjeu partag\xE9 et port\xE9 par\ + \ l\u2019\xE9quipe dirigeante" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:1.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:1 + ref_id: '1.2' + description: "\xC9valuer r\xE9guli\xE8rement l\u2019efficacit\xE9 des mesures\ + \ de s\xE9curit\xE9 mises en \u0153uvre et adopter une d\xE9marche d\u2019\ + am\xE9lioration continue" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:2 + assessable: false + depth: 1 + ref_id: '2' + name: "D\xE9finir un cadre pour les utilisateurs" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:2.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:2 + ref_id: '2.1' + description: "R\xE9diger une charte informatique comprenant les modalit\xE9\ + s d\u2019utilisation des syst\xE8mes informatiques,\nles r\xE8gles de s\xE9\ + curit\xE9 et les moyens d\u2019administration en place" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:2.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:2 + ref_id: '2.2' + description: "Donner une force contraignante \xE0 la charte et y rappeler les\ + \ sanctions encourues en cas de non-respect" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:3 + assessable: false + depth: 1 + ref_id: '3' + name: Impliquer et former les utilisateurs + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:3.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:3 + ref_id: '3.1' + description: "Sensibiliser les personnes manipulant les donn\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:3.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:3 + ref_id: '3.2' + description: "Adapter le contenu des sensibilisations \xE0 la population cibl\xE9\ + e et \xE0 leurs t\xE2ches" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:4 + assessable: false + depth: 1 + ref_id: '4' + name: Authentifier les utilisateurs + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:4.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:4 + ref_id: '4.1' + description: "Octroyer un identifiant (\xAB login \xBB) unique \xE0 chaque utilisateur" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:4.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:4 + ref_id: '4.2' + description: Adopter une politique de mot de passe conforme aux recommandations + de la CNIL + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:4.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:4 + ref_id: '4.3' + description: "Obliger l\u2019utilisateur \xE0 changer le mot de passe attribu\xE9\ + \ automatiquement ou par un administrateur" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:5 + assessable: false + depth: 1 + ref_id: '5' + name: "G\xE9rer les habilitations" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:5.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:5 + ref_id: '5.1' + description: "D\xE9finir des profils d\u2019habilitation" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:5.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:5 + ref_id: '5.2' + description: "Supprimer les permissions d\u2019acc\xE8s obsol\xE8tes" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:5.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:5 + ref_id: '5.3' + description: "R\xE9aliser une revue annuelle des habilitations" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:6 + assessable: false + depth: 1 + ref_id: '6' + name: "S\xE9curiser les postes de travail" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:6.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:6 + ref_id: '6.1' + description: "Pr\xE9voir une proc\xE9dure de verrouillage automatique de session" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:6.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:6 + ref_id: '6.2' + description: "Installer et configurer un pare-feu (\xAB firewall \xBB en anglais)\ + \ logiciel" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:6.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:6 + ref_id: '6.3' + description: "Utiliser des antivirus r\xE9guli\xE8rement mis \xE0 jour" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:6.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:6 + ref_id: '6.4' + description: "Recueillir l\u2019accord de l\u2019utilisateur avant toute intervention\ + \ sur son poste" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:7 + assessable: false + depth: 1 + ref_id: '7' + name: "S\xE9curiser l\u2019informatique mobile" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:7.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:7 + ref_id: '7.1' + description: "Sensibiliser les utilisateurs aux risques sp\xE9cifiques du nomadisme" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:7.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:7 + ref_id: '7.2' + description: "Pr\xE9voir des moyens de chiffrement des \xE9quipements mobiles" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:7.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:7 + ref_id: '7.3' + description: "Exiger un secret pour le d\xE9verrouillage des smartphones" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:8 + assessable: false + depth: 1 + ref_id: '8' + name: "Prot\xE9ger le r\xE9seau informatique" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:8.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:8 + ref_id: '8.1' + description: "Limiter les flux r\xE9seau au strict n\xE9cessaire" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:8.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:8 + ref_id: '8.2' + description: "S\xE9curiser les r\xE9seaux Wi-Fi, notamment en mettant en \u0153\ + uvre le protocole WPA3" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:8.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:8 + ref_id: '8.3' + description: "S\xE9curiser les acc\xE8s distants des appareils informatiques\ + \ nomades par VPN" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:8.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:8 + ref_id: '8.4' + description: "Cloisonner le r\xE9seau, entre autres en mettant en place une\ + \ DMZ (zone d\xE9militaris\xE9e)" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:9 + assessable: false + depth: 1 + ref_id: '9' + name: "S\xE9curiser les serveurs" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:9.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:9 + ref_id: '9.1' + description: "D\xE9sinstaller ou d\xE9sactiver les services et interfaces inutiles" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:9.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:9 + ref_id: '9.2' + description: "Limiter l\u2019acc\xE8s aux outils et interfaces d\u2019administration\ + \ aux seules personnes habilit\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:9.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:9 + ref_id: '9.3' + description: "Installer sans d\xE9lai les mises \xE0 jour critiques apr\xE8\ + s les avoir test\xE9es le cas \xE9ch\xE9ant" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:10 + assessable: false + depth: 1 + ref_id: '10' + name: "S\xE9curiser les sites web" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:10.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:10 + ref_id: '10.1' + description: "S\xE9curiser les flux d\u2019\xE9change des donn\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:10.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:10 + ref_id: '10.2' + description: "V\xE9rifier qu'aucun secret ou donn\xE9e personnelle ne passe\ + \ par les URL" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:10.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:10 + ref_id: '10.3' + description: "Contr\xF4ler que les entr\xE9es des utilisateurs correspondent\ + \ \xE0 ce qui est attendu" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:11 + assessable: false + depth: 1 + ref_id: '11' + name: "Encadrer les d\xE9veloppements informatiques" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:11.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:11 + ref_id: '11.1' + description: "Prendre en compte la protection des donn\xE9es personnelles d\xE8\ + s la conception" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:11.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:11 + ref_id: '11.2' + description: "Proposer des param\xE8tres respectueux de la vie priv\xE9e par\ + \ d\xE9faut" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:11.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:11 + ref_id: '11.3' + description: "R\xE9aliser des tests complets avant la mise \xE0 disposition\ + \ ou la mise \xE0 jour d\u2019un produit" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:11.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:11 + ref_id: '11.4' + description: "Utiliser des donn\xE9es fictives ou anonymis\xE9es pour le d\xE9\ + veloppement et les tests" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:12 + assessable: false + depth: 1 + ref_id: '12' + name: "Prot\xE9ger les locaux" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:12.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:12 + ref_id: '12.1' + description: "Restreindre les acc\xE8s aux locaux au moyen de portes verrouill\xE9\ + es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:12.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:12 + ref_id: '12.2' + description: "Installer des alarmes anti-intrusion et les v\xE9rifier p\xE9\ + riodiquement" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:13 + assessable: false + depth: 1 + ref_id: '13' + name: "S\xE9curiser les \xE9changes avec l\u2019ext\xE9rieur" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:13.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:13 + ref_id: '13.1' + description: "Chiffrer les donn\xE9es avant leur envoi" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:13.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:13 + ref_id: '13.2' + description: S'assurer qu'il s'agit du bon destinataire + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:13.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:13 + ref_id: '13.3' + description: "Transmettre le secret lors d'un envoi distinct et via un canal\ + \ diff\xE9rent" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:14 + assessable: false + depth: 1 + ref_id: '14' + name: "G\xE9rer la sous-traitance" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:14.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:14 + ref_id: '14.1' + description: "Pr\xE9voir des clauses sp\xE9cifiques dans les contrats des sous-traitants" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:14.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:14 + ref_id: '14.2' + description: "Pr\xE9voir les conditions de restitution et de destruction des\ + \ donn\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:14.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:14 + ref_id: '14.3' + description: "S'assurer de l'effectivit\xE9 des garanties pr\xE9vues (ex. :\ + \ audits de s\xE9curit\xE9, visites)" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:15 + assessable: false + depth: 1 + ref_id: '15' + name: "Encadrer la maintenance et la fin de vie des mat\xE9riels et des logiciels" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:15.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:15 + ref_id: '15.1' + description: Enregistrer les interventions de maintenance dans une main courante + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:15.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:15 + ref_id: '15.2' + description: Encadrer les interventions de tiers par un responsable de l'organisme + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:15.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:15 + ref_id: '15.3' + description: "Effacer les donn\xE9es de tout mat\xE9riel avant sa mise au rebut" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:16 + assessable: false + depth: 1 + ref_id: '16' + name: "Tracer les op\xE9rations" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:16.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:16 + ref_id: '16.1' + description: "Pr\xE9voir un syst\xE8me de journalisation" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:16.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:16 + ref_id: '16.2' + description: "Informer les utilisateurs de la mise en place du syst\xE8me de\ + \ journalisation" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:16.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:16 + ref_id: '16.3' + description: "Prot\xE9ger les \xE9quipements de journalisation et les informations\ + \ journalis\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:16.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:16 + ref_id: '16.4' + description: "Analyser r\xE9guli\xE8rement les traces pour d\xE9tecter la survenue\ + \ d\u2019un incident" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:17 + assessable: false + depth: 1 + ref_id: '17' + name: Sauvegarder + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:17.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:17 + ref_id: '17.1' + description: "Effectuer des sauvegardes r\xE9guli\xE8res" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:17.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:17 + ref_id: '17.2' + description: "Prot\xE9ger les sauvegardes, autant pendant leur stockage que\ + \ leur convoyage" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:17.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:17 + ref_id: '17.3' + description: "Tester r\xE9guli\xE8rement la restauration des sauvegardes et\ + \ leur int\xE9grit\xE9" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:18 + assessable: false + depth: 1 + ref_id: '18' + name: "Pr\xE9voir la continuit\xE9 et la reprise d\u2019activit\xE9" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:18.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:18 + ref_id: '18.1' + description: "Pr\xE9voir un plan de continuit\xE9 et de reprise d\u2019activit\xE9" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:18.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:18 + ref_id: '18.2' + description: "Effectuer des exercices r\xE9guli\xE8rement" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:19 + assessable: false + depth: 1 + ref_id: '19' + name: "G\xE9rer les incidents et les violations" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:19.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:19 + ref_id: '19.1' + description: "Traiter les alertes remont\xE9es par le syst\xE8me de journalisation" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:19.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:19 + ref_id: '19.2' + description: "Pr\xE9voir les proc\xE9dures et les responsabilit\xE9s internes\ + \ pour la gestion des incidents, dont la proc\xE9dure\nde notification aux\ + \ r\xE9gulateurs des violations de donn\xE9es personnelles" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:20 + assessable: false + depth: 1 + ref_id: '20' + name: Analyse de risques + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:20.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:20 + ref_id: '20.1' + description: "Mener une analyse de risques, m\xEAme minimale, sur les traitements\ + \ de donn\xE9es envisag\xE9s" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:20.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:20 + ref_id: '20.2' + description: "Suivre au cours du temps l\u2019avancement du plan d\u2019action\ + \ d\xE9cid\xE9 \xE0 l\u2019issue de l\u2019analyse de risques" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:20.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:20 + ref_id: '20.3' + description: "Revoir r\xE9guli\xE8rement l\u2019analyse de risques" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:21 + assessable: false + depth: 1 + ref_id: '21' + name: Chiffrement, hachage, signature + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:21.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:21 + ref_id: '21.1' + description: "Utiliser des algorithmes, des logiciels et des biblioth\xE8ques\ + \ reconnues et s\xE9curis\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:21.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:21 + ref_id: '21.2' + description: "Conserver les secrets et les cl\xE9s cryptographiques de mani\xE8\ + re s\xE9curis\xE9e" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:22 + assessable: false + depth: 1 + ref_id: '22' + name: 'Cloud : Informatique en nuage' + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:22.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:22 + ref_id: '22.1' + description: "Inclure les services cloud dans l\u2019analyse de risques" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:22.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:22 + ref_id: '22.2' + description: "\xC9valuer la s\xE9curit\xE9 mise en place par le fournisseur" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:22.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:22 + ref_id: '22.3' + description: "Veiller \xE0 la r\xE9partition des responsabilit\xE9s de s\xE9\ + curit\xE9 dans le contrat" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:22.4 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:22 + ref_id: '22.4' + description: "Assurer le m\xEAme niveau de s\xE9curit\xE9 dans le cloud que\ + \ sur site" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:23 + assessable: false + depth: 1 + ref_id: '23' + name: "Applications mobiles : Conception et d\xE9veloppement" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:23.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:23 + ref_id: '23.1' + description: "Prendre en compte les sp\xE9cificit\xE9s de l\u2019environnement\ + \ mobile pour r\xE9duire les donn\xE9es personnelles\ncollect\xE9es et limiter\ + \ les permissions demand\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:23.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:23 + ref_id: '23.2' + description: Encapsuler les communications dans un canal TLS + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:23.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:23 + ref_id: '23.3' + description: "Utiliser les suites cryptographiques du syst\xE8me d\u2019exploitation\ + \ et les protections mat\xE9rielles des secrets" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:24 + assessable: false + depth: 1 + ref_id: '24' + name: 'Intelligence artificielle : Conception et apprentissage' + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:24.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:24 + ref_id: '24.1' + description: "Adopter les bonnes pratiques de s\xE9curit\xE9 applicables au\ + \ d\xE9veloppement informatique" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:24.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:24 + ref_id: '24.2' + description: "Veiller \xE0 la qualit\xE9 et l'int\xE9grit\xE9 des donn\xE9es\ + \ utilis\xE9es pour l'apprentissage et l'inf\xE9rence" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:24.3 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:24 + ref_id: '24.3' + description: "Documenter le fonctionnement et les limitations du syst\xE8me" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:25 + assessable: false + depth: 1 + ref_id: '25' + name: 'API : Interfaces de programmation applicative' + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:25.1 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:25 + ref_id: '25.1' + description: "Organiser et documenter la s\xE9curit\xE9 des acc\xE8s aux API\ + \ et aux donn\xE9es" + - urn: urn:intuitem:risk:req_node:cnil-guide-securite:25.2 + assessable: true + depth: 2 + parent_urn: urn:intuitem:risk:req_node:cnil-guide-securite:25 + ref_id: '25.2' + description: "Limiter le partage des donn\xE9es uniquement aux personnes et\ + \ aux finalit\xE9s pr\xE9vues" diff --git a/tools/cnil/cnil-guide-securite.xlsx b/tools/cnil/cnil-guide-securite.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..4b05aa296bd0857b12c90f0db61d39176a3194b9 GIT binary patch literal 16226 zcmeIZWpG?ek~Z98W+sc7!9t6fnPo9ki+Cn$Un_OU zXJ7Ng5mOf@-XKcVf}rot+|1jx!T8~r@z9CNqMsKIl!b^HY=d!bq&_TB?JRO83#!6> zgyK57u{GHz@XycCLSV+_>yx3UH<7n`?H~`+S2RXi?O7;CrvbO35tX4)mwR&oy1*JVh(na(Pfvwys7^vq z&*?!Hw5R|nsTI|V5W{Ic;qF5nKOPrIYD2eG z=qqcKd z&dp@Sb^6jQ<7o5i9e!_bU;u@G181Wu6X~yajgxuD9^5-P^&CvB9T^#ZzyBX7{}&_i zU#4CWFDu{A1RruC@%&}vZhk!$SxDMdP@hE?KvYg$6}WWI@_Izb?9Ety^Ih`Q(S1H9AWYOXd#hm^?z3#HstB?Bf(ulAeroT3mU|@qG9zpeT$=xL| ze`b};nu}tj9+iV1qG+P40N=U-QRC;EI7a93N9#9FS&K*yw2_EdaO$IQ3I*_c7=4KkFMP z()KY9rXii{7qrWGil|eC$;jN6kQeGSw~c!^j-CbQv9;!UC946Q8eAYtc}%*9tig(; zxMH*8mOBbkaoq)Nt>Q?llA>us7CFuO+3B|(y|`Ex-E4(R^8HI#df&o%rfqqtwO|6} z!A4l?Twymq1EnhBd_g-yjDJ*STvLv=Gp*`kU@T4x#C8h&)kvcq_az+%HkaBKBEHoz zh1@a199a}^rshi_jPJ1b>b&xjZy(#Yc<7HR4gdm&Bb+uRnZUFT4 z@kzSH4+gQh7h1aU2pzeZGRlmeq~+^+K9@~!3eD-L^AH3QuDc4&%Lccct!wi5KcA{B z`!(}+eU@H)L-cx{!gb9vcy-JQqq&oe_i;%Jx&46&`MV2 zTuS7h?s?wv`ri>PRa#{5`2LIdJF0O3&>-)K{)gxLS6u(o3xd3FP2cUp|L&_Je!_Bq z2|nl|xGQj`(?0%HVT{|8I=HiG6^f}A^^2^vQ7OOsQ(D3~drd*|bUqo|HS@UX6W6aD z0#fGXxwmU?ONQs(C21fR&B`Z03<8}d(QcflP)c(K( z6>WSr6TTejjEsEbul$TA>6Zab-r%*4})on@Y&<5lNC$1f-66>jvKNxTlK}x zqfEdJtMG9bvT8GuJJ!>{$9Nw<*3z;~@ZUP9y&c2-C(W6EP?$mk2LOQZ?g@U2iX2?Qb*+(T6ayg2|+oG_uhP%H2kgFa@0#{=(Wg8?T9fY-8?$P=U)n${v|d z1xJoXz=a0ujU+tZxK*R%#h6=f78;VI8M(=p$3ZIl)6*{g$9mUYYdkLrdmhFun?M+) z`&GkPf@wOYH=)H?i|hCMfqRPl@yj?@ZSVEIY|JcAM!qk9j=F9qKj*_QTVu zJ}Ij-^%7k&s4CQZTXmQ9n<1|b?QBAQf>W0fb=LCV))>T=VH&ZUCqe7ZLO*9WM5)`I z{xCVh2^&uqjfzV;xb)TWOF6s#sTL>a)%}JB`7pB1CDw-(T(_myT}3Idv_eIf!T#kp zCZ?}oV5@N`n?&bG)CBaVlF=_HI1mq&vdLezgLMDwFW%MW?JXfu(KhgXTU8z4;3r5$ zo(o#w+zD+c;eA{LIdgU!VI)!mLhoKao$OV+`&>EUjXk8z;bQah>_I*yCJ~o%ac*#0 z{Y{dLzwYSq+u?-`)5|3`UR>vXUZtnNroS`osjE@9oK5MmljTW6b{s89s|2Pc%B3EEGfiQVkQC$Pq0a_n=?*GJ~$3 z)OF8?@dgMyeiy~*fwUw|ulw;P`|ZMV`Zgz7P?>;*8nnF%h|mi8oT;Zyb(Bu1q_CGu z!ylnbc$e2_lyNFmqys%HwS?s8q(ViNYt=2`$Y9?Fx?-rrjOo>&3{yo@2*$ssGx;On z35N5fu;L^dtr97Jl3xq??)__wETS%l*fm1q<&%La#Zj(glC8m)rJ;-ii(PhGkrC~$ z%z}sdD}aeWQ_~SZ4e`U$>hLfG-{|+Zi(>fHpLA`o~yhd6xcn zCkl=9*dkcoPGy6&mpi@=HKRPMhJiVFQiKn7-8{tD#X8Lqucs*66z4z75~%q`*tv<| zNpy36tW>UkWrW2|tT;>r%|aPSp@^Aefly&?9*K^P&@05>6>UXF*)X2G<4-oeM)90X z9cgF$Bk#YTyvztpL%+Y97<}pf(U7qG!;maTuP~wiF(f3LW_lE1(D@*c&gW%Si$nII zqWHy4%UU<I@3p7nSe>K@aP`xu z4f$b&B#KG-@U0C4wHmkNX-hms0}3V^P-U0!BYTs|UaUYNZx%6jz4zMYAvL`<2N7IVT`WGa;z;)R-YP`Hm}W5L!VszmB!54JV1Vvp!Z$X zo}VO>4ZdR<$?zKYgRJuvwd06C^9>iWJXh&1Wn8k3i62;Fzq`HMd$aMfcO=#^$HA?K`7~ zKS%q2Se1-z+f`2FAics7Fde$(_zDsjWOesgBCMQlk1s_>>zyx}-|WY693{`XN$@Mh zPcZlysPDFSpPrto_iq+Y=K80)Umt#6Usbg~{k*z6iHW)H?m~3cdp$#}2I{>%1Kr=; zJm0QPu59nbeeZrbQTkj78Ht~BL4YXztc2>T=uiA}S3s$(d zUkj|?Sdx|r2YlkE@0gQcvdcYA9PP9kb)EN&;xEXf_D$B$GMuuqbJixc8YY~o7TIP~ z$@ZOehpK*@x;Q{FN`5`8U;UhoRCai6b4<|iq5beCZHRzO@&S>-=z(D5^g5o+32Hxp zQ<@!Xpv=1?Jz`E2S2|>HJbtL{GrOKs`w6MULk1YyO_|Levt+zUCf2M5UzjV8cU^o) z1<&ZG>>ROF02;&d63vAX6vbddU83dT?2e zj5+1)n*uEi78z@sELA5}BYsb0BzKG9W_Kv#&SC2N76^f*X(kRDOe6DaTscQU&Nq>^ zei;x>C%JyDa?D?#_clE-gB_jk@Bqz1KhY>S>a{`aGf5CpMqX~*_dTE$&ReBh%BIM; zV1a9T8Yv)ca~PC-!D~ELO${&`w!LnuEM!wins}aOLiOa3k~^z;pEz%>S^_MWC0&L$qb)# z%W(ybxvdPe@6C4>Ak~le z$8J&lvc>mFMXWb9na)VP*zCXg2;~@c_YCVkgvuK{O@><#Zs&(--&$pog4*3C#vsSN zY^09gf$(L?obtwC%lM%j&|@bY&PZDn5bNAsrtvg2h9HAb6?)o06YnH&uP^fTiK8{s zpzW&hc0#18~%BG(hDvjir*P6A+h0~r)<5ihppftUVfWs&6bkppnDOC?6!}v zGISK{Fh*M6%LKECL2-jCpfv_CJ5U*4a+XK}NDcx;C6Vl|KjIXDw%A#~k&23i?s>&v zMz)vak?s;U?*BfZD`|vWZ08{ssyJF2cqSa=NnyL+FvJVKm0@WFfpYkrHcUd#ZD|@y zNZE&kS>hIH4Ey&G4|qh7Eq2sytwKcrP1TY9p=X|hXo7ph+tqE7kWpV>zQGtamD(u` z5rJa8^`=fCfrz~?2VY$BtKB-q+~+xn-q3=6|hzo~(!jQ62U zGL3M}AAplgme$9AAgRp#Es#p$cX|`}-;$F=LJ@gaknRu(aH6L`7D$q&3mFIDf{$#q z>ND5_b;3xN%wrh5ZsaH+n>D!{K|`fSeFob(djjB-rL5veD3_@%s;G?{$RI6bPIrj! z#1$f6B!K4cgVX|s0<86({;bIn9!Y0z*m`);h60k6eW^-A@*MPC2tp?@o17??N55d} z7w8OSB<8pcyQLa;*eIj!8h37UU@-Li_`;%5gwk3RXQmU*jACiEU|>*IT`^^i{y9MW zN~k96#PC}g(H0I{PL`mdQH$*nJC$={(1$5pCauw^xP|F=kxQKA8+F?mb6Ns}-!&7F zco>>kcCAj&3IWBB#-qc1xb~7;cEQj7mNW>TqakFPbD6OrBp($Oh4X1L&mz((gu;bT z;u!vB05iFc(rkuV4EJ3+GjKG$oqsM z6paTB6Qw)@ArvhoA)^1A8!Yl~TbIWSJ#Z99FIGr~Z!I4;IXw^+?^l$e4DTRmZU+6X zTbgXLzvpezy?{dkSk6v}MXvQ`e2Sa28~ah*{oF$&B_xl)JVws!4jdM5;jlS^&$XAz zo5qnF;}zM;;EpJgY-#>+2jikx&SptK0%~Wm*0GgMQo*R=`zlkK-Z>i$up3+LPG1=T zNy*e(rEP;_NL;al<`jiC-%(St0v7?umDxrKiM-aI;l6H*gZs^eV4~m_H^9;F6aYlP zn=W`$Q2=sy0O)s70eU1sLf<8|Jj5dgFgHZ?iC4mpIUgxpQ(w` z0*H4qxWDZgf%{R|E?0vfgN(c?fDJ?JkxF=%2XoZYnk2t;LG5;J__`H6dxx zZ>#hh+PCi_sr3eOM|P-rjIZ*4cGgFB{53HJ2M3&R60ar;@=Q;18b){y97-*Rd*-2e zLl#VOl5;p5`A`~$*9aoJ%n#Yh?i7PgQiWh4otg;a1) zbA-3FFhVY@9Ja$YSs0(R%6Bx5`Tlzbw-P9R4%{ans6{fAp%NXz6MwHjE-J`US03tb z*hm~g)BILRVe)_Qd{_PF2@sWc+fbRs6dJx@#2G0i$|K#z1uB5n?4Sik1ZpRT;fHK5 z$NLnAX}>W|BD6a`6O5_&wi}Q2u4rxd?cJ|$)bA;e_tVy&&C&l)PXf344T3FD000Wf z?*!?ekb;xBiH!;4pZ7n}gj21F7`$eTZm5wrf$`4^<42wbT+_uIx91+)iJ$i*Bojh( zC+!53+G){2U=P1b`-57{Nc(SiP=!O9`$4wu#W3rW%D#nuau7?~4iE2q6^J)9Wacz6rx!9J&<#cIHezgjWlLVk^2N$@!&q%b|^*=&4!wpa9%JTMrsJ&-I`I% zvY!&Ru)p(Z(H%wRgsJ^lU!@{sZjnv+4#r9`*A>Ty0<3>8+enzOyQq!>x(oX+O9&%s)ZDuJsGUe0tHfEAJ18% zdGZbV`|uP(fTvrYK1&zh={i76?hg>V_>LR<;(|GHLTC28u-2^`S10g0gXuVVocees ziZ*c%E-1JGx~pBEmGvA&VcR?EA>! zpA3)%j^B$HOc*Vo~9$63S+T0*tMfH=kvd(9ArU-H9M#Kcg(Ya$Xp+8LTr!n7mIMOz=;nok5EPaa5;-0M7>b6N{kAPU%f)*N&>-{ca9TqZ)?nb*Ik(@U6A*WVakm z6X2{?0VMhqDS4#oZ4fBmUV=k6)T5ThsGDoBY_=h(A}c&7i$+hvv(f0lyPw@Hvys$p zS}?k$JL?&%@pa1`Znu4c8z+#fnOT200znTD(P9XcuQsbW}!WmJ=g!Y?XvC)gP~!;nT7bEM#n-{4BteAKmpq;hNEx zMu>XnfhFOSBpE`!R7{`83&&L%$)#F@n&NQSUsN1qn=SY%cZ~R^Rx*pa_sl2~G%$93 zz;NZ4IUCAULTsCU3Qhop*K0nfshx!QC3V7t%^I_Zr3H#uvEJjNwmIJVXgJ~1t!TXr zsqz#7EVZk9JUIfIZ>knc%p!A0p*}w9JW)H|47IOtUChrtMUIZ404fJR%e%5IcE%KE zGr%=+TsDaIagxK)rUzXmQePT_1N+^blAg}_G3+>QoQv&BMdi~C>v3UmD{sGCHp-DK zI)F)!r3R26p)R;VM@$N{X1H`h{EFIUkt231@VV==hWWzCN?wQY#$HN}p@dKy$r6!X z@%4eSC>(mgeC_7fHL%~GoFdG4kGsanw{%aabIZqKujiyGdDKwQwCwb5Hnhpf1&*3e z8go)F>V7q_kxb9OeJbyPJgqL#Es}Tuw^G2!nh- ziiFT8NsMz-X>9pZU^;?{^zfREjY8YEY#jJDtG*vf7d00hXI(zk3rV!M!*aD2S{9!1kMMOKQ`aXUhQ|_1{G6A=)t} z$Cj*a%IG^1m+YuveHP>FbWYe%f&N3;lQ|; zN}H&@Vi&9y;L^GI7^Ult%npgsy^gJV+}NgP!Qs&;RXtMzkuSD|^t62_ATMe^J<{cc z-EV=ceYnY=a+L`r+L`cQ%*2T)U-Q~k__)EbDFD9x3MA@@6QIS1xT(QHqzN>buK3<> zP(N!s?~y3Dgdf7Y)R4ZrarmK)X)A{xKYBQ-W)>e%b$*ANsN2n6!nT_4!-*(%lZ&+F z_0$^BjGgJ|sNGYz?R+8rA47g^`0e3k@7t04_uK)(KODWIle@Kv`az}n})%bqRpNsymlFd zpS!5JR+Lm(sZl9gt_eg$DI6)(!mjU>kE8KbtVkUC3Uk8h^Bb>y9-n~rm980lRn+s) zI-%V53tH-EQ|0v^=_S1>X=%13iB%=pWah`pX+`i6dfInRhUky@ymcHLV1 zD%#8P$h%g{aVz2S3p@*Wjjlh1ByR}(9+gERKSR&@i)*eWR%nsxD_$-d6qv%-fKfBz zY*EV(ApPrA7COFy+I$-;Z`v$>OfF&a-fY0os15 zryfdfw@`&kV!Vq<7NJRcE@e(gxR$C(D_xJC_Fh-2avN7}HzO_)Jt*B_McWAsnle9w z9~bAbm@}-5I(8|+qLhCx3@pGD)}B8|pv~Z4{$}l6>zO40LoTxuvVpPK9fz_KhJaw1>_0> z+J4oByh8cRh%p1YQ#$dcuq=+EpO;6XAko3@m)C-GOt0O!Z-w8st*T{T{3+&L=81*` z*-E(@>dN4nz~0<+q%$@Of`QjiHBU>!+tb~{{uf1H{C4@oIIa2HfOcxcz6Yi>db@DX zrK_lkiVFzARZP4~w>(WrE;P@oTlgDwf3g%^=)P6fZGyKtneP8s95Q&mSV@2g0F+Vz z0Oh8ttCGT|}Z!9nWATIn`l9hRU{OG27^B-?J_^ZOzAgTv20rb=B>rZ&{u3SiQQjG7=Xr(Q+TNSyFk~!#-kDcs^S;U+VL` zM>vLZd0ojpyfn?rrrv8)%ggiTgASK;_@CsQ;=At{u#zKB^6xw zUbxh$Dy;t}gzVHJhcew~u#JdYx8(1t_M``jF4jL+hFocJQ72&|n?0wdsd$~O#6!uae~(?5Zl#)9FruGe&l!spl;2zo zeC*r&TzFY`=Oz9nN0TAOgXc$E)v0P=?2PPZBK=bNkgsJzpb?5i!>JRM!Yc5YM{f2! zy}MEsdTN6MMRt6Kz@i_US`E=_n+YZ+^@$g(Cn*81vYBKN@^TpJRT5a)$4iWd5!z?M zUtB82@!7w-Z=|plGG`v26S&`0Xsu1cnbXOYgd5xQ*m{M4z?9|HT9g&D`B_Y-R=v`* z-E9-&0~LM6R_zkqQ76Q@ULWl?zsZMI}J3G=>}6k&U59CrR8lBTd<(7z70J_eevEYC*I+k{5*^1{R#rk34w+RdT!Q`#g9GNLQUXYz zCWI`;Sn%ku>}HG^h8hYs-HT`l=x~vLZp4^;ze7x+ZKZ{OY6H%MKVtp}n)1)#+EdU= zG&|&(GS&p}5WOQhT(IhgG|pxjY#uXbGo5~7v;j-KoiYyvMvtDbmC|0q4{*6CpGW3M z(`)$gLmi2Pc;rJ{m3~0qs50AHcVGmOJ`Hg0IO#28n_I+P683}wGSPk6fYT+x#ZN|Z zbv*OtXkOk+VgWfq3i2Y{u7SifJq*@RfGWDS6@|5Y>pQ@SW0kWC6GR&}C*}-p?i58D zMyWGlnru2vb7?W=XPNw}jw!436Ax(2P4y8h!!J;+e$y8Ia@HNx-tT8!Gj#^w@z}(NpjF{U^Sn@)NX6VTXZh+fFt^h@)nJW$Z@I%Ol#FNGmqu8x@ zQ287Z`3Yu%Er{6!MbLT@D(66j#(3HQ0gbl{nhdb(RVtj}+j_+6N6g(!PJItvm6Fg~2sQ4-Q%(v&hg%x$;3L?0}L4>5o^e%B+1Of@x0?Vi# zYg%bDZ6NoEs7l`&3)N=oM37Bn>a0PYKwfF=9@t6`d7>b>AVe&?L28P(VyLD@JekZ~b)XjuCGHRGnyobe6e;^n zTz{Tq+pVV);-ZVAhMp2}@DR0a^gXQ{^@f{}uLpsi4kI%M-CZ^TXX8O8nJr3EI3XJH z50M?Kt&ct{Pp(UIRKl;Rzhwd`iNb0=SL{_O7S7UCYhCo$E5Bx(-F-%zvphxmb^Pdu z!O36CFjz4(NQ9M;(!5vZeNvuvk^+!CQ!Ok{&yMwa$z~*ksC%p$#;2Vf+4+`C%la@H zec^G(7o{&0SsRG9qU5HOz>$+`rl`c|>qnN7-yhl*dfS?GPUI2IX?$$r-ARcJIZ-Wo z^DVYh4e1L~rw5HM50qV7p~msDbJ$!TdBRrdDxzWWJI6XJ@)l1_L>Ry z8oy_syX(@TF@|^>=0m&5zb%P= z7**IpLySs-O5CnpQ4<$GM)Fkx#yq)1+RS_GNmtxJKoUfUdv@?b@-v^DaIN4BNX@s@KHYl518dqm|v{{ONLLC??kAR(Z zYwLpuy9i;u)M*@*0WM$hgTZpI3;J)1 zSCD$ccwPiRyV^;ovGqWwIBes?6)`Mw`Q50jAw1qF4v)6$f{VWMjSMC31osy6qwXuZ zjTg<1r+T-$^P@FgnzhAJ-WXSp4;Q~aZTxt6IZS{=cZ8#8d)@8|YksEK_?bTSsE|T^ zQyw<9Zw>_T-|f)*n5W7pM72q(Epm6TU4FGn)==xvO)OX8pW<|O|L{54@S3V^v4p;r z#&Y%OLx@NXzY46_m7-X_n|g(4ZVP+kd(3${qnWe?e-Huvd=Us(&*amo(m61le}rP{ zUsFO_3v}V4o)Q-?#sxIa0LpISUEFB}`PRw$kW#GpZwBrX@t>&t0k3 z-1e{$wg?t>cp;I27-;$gJjT>E<@VLI@TeCbGzwR@tM<{f0*LF*03y+lOsG~ft-U#n zqq6~fUD*kF1duiMY=CHu2$vo$^so6K4cdo2Z8|!|gkgqA@rJ8NdB#M)UI-ME3;M^f z;+*n9wg$8syo+n-Q>T-Ajx) zhAgCtV)U-QAFbufnE=Xfp=w~8dva0`6DWsxZ+fJ=I&k!@@4h@{gOv1Kki67lLagQ< zvOTMR+D;;D^D~9x2xd{ZWbY1cKgs|bspI#f(}+;vhT!)HQWo9g!zWN;GYBx63yrgT z6D+jENCbmyEfWGhREW~V7Ux_sBi(xfYxGlcdkJ?uiE>rJF8bqL%8p zh5WkwD1-Nil1+)lCnN@QlRux}s=uAoJb@ouo&w*;YZv=)34$1lWjL18{gwl&*D%s7 z`ua6kwa#7!r-LK9sOTOv%|`bATx5vQf_Rku>t>ZiF^uOf*f%6f0G-YbWR|nt<`<+( zdNJ5ZJxc~Sfx~O$Sb_4XluK&;=-2J&+y{ZthRx!SP{kdey)5sK|B;jWds$fNV4#BB z`$5zFy&(tXy)xMtXr$l(v~y%M0y>!djuXAN<@{ek^7}bEGG0%*p9y_%6QWyq)HA(^ zURh{$oA7o|KtuG3p2AhTR#F)C?DkByy;7}c%gAB!Wj{mu=Yt%3FD15ibD02HxFR6D zIZrJelvg$45*K2DnOtLzhHCl)U0QN77T01zGvo)^^4=C)>n+JKr7E}vXF26a`pp1i z_MeFRgU(iDj<4qI8mzCA?0#Q4vkYLOVGgj*{c}Hr9fhKMi5w%%!2^1k*@y(WA|ypF zn-~4#ZWsLpQ#nn}ZdY8nhcfFR_(StO%}!>PoIigr6o${v-b&u@w=BV3DBHwi);nX3Riyp znX$314yQt4A0JExBdHZo1G7WaLk^i~rN<}r6gzsFJX3P=6$QMVexM6Ki3Rxp$S3Ig^sG9iXeI*q@&i$oiE3Hi?2L;M>b7uYs5g}tO- zwyeXkrN=%*I{TBTEw7ITs5>wykGFz(%0zQ#(sIeqPvRos@d+glky1VAD%|NmUfD!R zm#9jYW6}*K4cvS68+M*nn~M}A%Z+LF=83$5|n!6DpIciKqngaYT);^x_oG7 z^x%T#`_}^Pq{vrhc5@7!j{|}8Tf9Lb}#)ZE) zO}?ii{--vEzjOI})$(6luu%RZmp?Vkf9LY|iif|r5EK02^7s0OzccuICgm>%u;hOj z{FPVvJL%u!wSSRrzDIE1*TM1c(c8as_;(lm7d-&LzySdKH;4Uq@_#q3|4LrZ^)KZA aWoi|qA>MW5cXKWrVCa2M5c28wr~e1uW|CL{ literal 0 HcmV?d00001