From b97304959f6d241e897074b9d3321e6283124980 Mon Sep 17 00:00:00 2001 From: Abderrahmane Smimite Date: Fri, 19 Apr 2024 00:01:35 +0200 Subject: [PATCH 1/2] Add ECC Framework --- README.md | 2 +- backend/library/libraries/ecc-1.yaml | 1311 ++++++++++++++++++++++++++ tools/ecc/ecc-1.xlsx | Bin 0 -> 23479 bytes 3 files changed, 1312 insertions(+), 1 deletion(-) create mode 100644 backend/library/libraries/ecc-1.yaml create mode 100644 tools/ecc/ecc-1.xlsx diff --git a/README.md b/README.md index ce931c17f..4820a0ba5 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,7 @@ Check out the online documentation on https://intuitem.gitbook.io/ciso-assistant 24. NIST Privacy Framework πŸ‡ΊπŸ‡Έ 25. Tisax 🚘 26. ANSSI hygiene guide πŸ‡«πŸ‡· +27. Essential Cybersecurity Controls (ECC) πŸ‡ΈπŸ‡¦ Checkout the [library](/backend/library/libraries/) and [tools](/tools/) for the Domain Specific Language used and how you can define your own. @@ -112,7 +113,6 @@ Checkout the [library](/backend/library/libraries/) and [tools](/tools/) for the - SecNumCloud - SOX - MASVS -- ECC - FedRAMP - and much more: just ask on [Discord](https://discord.gg/qvkaMdQ8da). If it's an open standard, we'll do it for you, *free of charge* πŸ˜‰ diff --git a/backend/library/libraries/ecc-1.yaml b/backend/library/libraries/ecc-1.yaml new file mode 100644 index 000000000..93a1fd41a --- /dev/null +++ b/backend/library/libraries/ecc-1.yaml @@ -0,0 +1,1311 @@ +urn: urn:intuitem:risk:library:ecc-1 +locale: en +ref_id: essential-cybersecurity-controls +name: Essential Cybersecurity Controls +description: "The saudi National Cybersecurity Authority developed the essential cybersecurity\ + \ controls (ECC \u2013 1: 2018)\nafter conducting a comprehensive study of multiple\ + \ national\nand international cybersecurity frameworks and standards.\nReference:\ + \ https://nca.gov.sa/en/legislation?item=191&slug=controls-list" +copyright: "\xA9 NCA" +version: 1 +provider: NCA +packager: intuitem +objects: + framework: + urn: urn:intuitem:risk:framework:ecc-1 + ref_id: essential-cybersecurity-controls + name: Essential Cybersecurity Controls + description: Saudi National Cybersecurity Authority framework for essential cybersecurity + controls (ECC) + requirement_nodes: + - urn: urn:intuitem:risk:req_node:ecc-1:1 + assessable: false + depth: 1 + ref_id: '1' + name: Cybersecurity Governance + - urn: urn:intuitem:risk:req_node:ecc-1:1-1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-1 + name: Cybersecurity Strategy + description: To ensure that cybersecurity plans, goals, initiatives and projects + are contributing to compliance with related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-1-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-1 + ref_id: 1-1-1 + description: A cybersecurity strategy must be defined, documented and approved. + It must be supported by the head of the organization or his/her delegate (referred + to in this document as Authorizing Official). The strategy goals must be in-line + with related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-1-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-1 + ref_id: 1-1-2 + description: A roadmap must be executed to implement the cybersecurity strategy. + - urn: urn:intuitem:risk:req_node:ecc-1:1-1-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-1 + ref_id: 1-1-3 + description: The cybersecurity strategy must be reviewed periodically according + to planned intervals or upon changes to related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-2 + name: Cybersecurity Management + description: To ensure Authorizing Official's support in implementing and managing + cybersecurity programs within the organization as per related laws and regulations + - urn: urn:intuitem:risk:req_node:ecc-1:1-2-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-2 + ref_id: 1-2-1 + description: A dedicated cybersecurity function (e.g., division, department) + must be established within the organization. This function must be independent + from the Information Technology/Information Communication and Technology (IT/ICT) + functions (as per the Royal Decree number 37140 dated 14/8/1438H). It is highly + recommended that this cybersecurity function reports directly to the head + of the organization or his/her delegate while ensuring that this does not + result in a conflict of interest. + - urn: urn:intuitem:risk:req_node:ecc-1:1-2-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-2 + ref_id: 1-2-2 + description: The position of cybersecurity function head (e.g., CISO), and related + supervisory and critical positions within the function, must be filled with + full-time and experienced Saudi cybersecurity professionals. + - urn: urn:intuitem:risk:req_node:ecc-1:1-2-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-2 + ref_id: 1-2-3 + description: A cybersecurity steering committee must be established by the Authorizing + Official to ensure the support and implementation of the cybersecurity programs + and initiatives within the organization. Committee members, roles and responsibilities, + and governance framework must be defined, documented and approved. The committee + must include the head of the cybersecurity function as one of its members. + It is highly recommended that the committee reports directly to the head of + the organization or his/her delegate while ensuring that this does not result + in a conflict of interest. + - urn: urn:intuitem:risk:req_node:ecc-1:1-3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-3 + name: Cybersecurity Policies and Procedures + description: To ensure that cybersecurity requirements are documented, communicated + and complied with by the organization as per related laws and regulations, + and organizational requirements. + - urn: urn:intuitem:risk:req_node:ecc-1:1-3-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-3 + ref_id: 1-3-1 + description: Cybersecurity policies and procedures must be defined and documented + by the cybersecurity function, approved by the Authorizing Official, and disseminated + to relevant parties inside and outside the organization. + - urn: urn:intuitem:risk:req_node:ecc-1:1-3-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-3 + ref_id: 1-3-2 + description: The cybersecurity function must ensure that the cybersecurity policies + and procedures are implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:1-3-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-3 + ref_id: 1-3-3 + description: The cybersecurity policies and procedures must be supported by + technical security standards (e.g., operating systems, databases and firewall + technical security standards). + - urn: urn:intuitem:risk:req_node:ecc-1:1-3-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-3 + ref_id: 1-3-4 + description: The cybersecurity policies and procedures must be reviewed periodically + according to planned intervals or upon changes to related laws and regulations. + Changes and reviews must be approved and documented. + - urn: urn:intuitem:risk:req_node:ecc-1:1-4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-4 + name: Cybersecurity Roles and Responsibilities + description: To ensure that roles and responsibilities are defined for all parties + participating in implementing the cybersecurity controls within the organization. + - urn: urn:intuitem:risk:req_node:ecc-1:1-4-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-4 + ref_id: 1-4-1 + description: Cybersecurity organizational structure and related roles and responsibilities + must be defined, documented, approved, supported and assigned by the Authorizing + Official while ensuring that this does not result in a conflict of interest. + - urn: urn:intuitem:risk:req_node:ecc-1:1-4-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-4 + ref_id: 1-4-2 + description: The cybersecurity roles and responsibilities must be reviewed periodically + according to planned intervals or upon changes to related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-5 + name: Cybersecurity Risk Management + description: To ensure managing cybersecurity risks in a methodological approach + in order to protect the organization's information and technology assets as + per organizational policies and procedures, and related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-5-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-5 + ref_id: 1-5-1 + description: Cybersecurity risk management methodology and procedures must be + defined, documented and approved as per confidentiality, integrity and availability + considerations of information and technology assets. + - urn: urn:intuitem:risk:req_node:ecc-1:1-5-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-5 + ref_id: 1-5-2 + description: The cybersecurity risk management methodology and procedures must + be implemented by the cybersecurity function. + - urn: urn:intuitem:risk:req_node:ecc-1:1-5-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-5 + ref_id: 1-5-3 + description: 'The cybersecurity risk assessment procedures must be implemented + at least in the following cases: 1-5-3-1 Early stages of technology projects. + 1-5-3-2 Before making major changes to technology infrastructure. 1-5-3-3 + During the planning phase of obtaining third party services. 1-5-3-4 During + the planning phase and before going live for new technology services and products.' + - urn: urn:intuitem:risk:req_node:ecc-1:1-5-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-5 + ref_id: 1-5-4 + description: The cybersecurity risk management methodology and procedures must + be reviewed periodically according to planned intervals or upon changes to + related laws and regulations. Changes and reviews must be approved and documented. + - urn: urn:intuitem:risk:req_node:ecc-1:1-6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-6 + name: Cybersecurity in Information and Technology Project Management + description: To ensure that cybersecurity requirements are included in project + management methodology and procedures in order to protect the confidentiality, + integrity and availability of information and technology assets as per organization + policies and procedures, and related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-6-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-6 + ref_id: 1-6-1 + description: Cybersecurity requirements must be included in project and asset + (information/ technology) change management methodology and procedures to + identify and manage cybersecurity risks as part of project management lifecycle. + The cybersecurity requirements must be a key part of the overall requirements + of technology projects. + - urn: urn:intuitem:risk:req_node:ecc-1:1-6-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-6 + ref_id: 1-6-2 + description: 'The cybersecurity requirements in project and assets (information/technology) + change management must include at least the following: 1-6-2-1 Vulnerability + assessment and remediation. 1-6-2-2 Conducting a configurations'' review, + secure configuration and hardening and patching before changes or going live + for technology projects.' + - urn: urn:intuitem:risk:req_node:ecc-1:1-6-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-6 + ref_id: 1-6-3 + description: 'The cybersecurity requirements related to software and application + development projects must include at least the following: 1-6-3-1 Using secure + coding standards. 1-6-3-2 Using trusted and licensed sources for software + development tools and libraries. 1-6-3-3 Conducting compliance test for software + against the defined organizational cybersecurity requirements. 1-6-3-4 Secure + integration between software components. 1-6-3-5 Conducting a configurations'' + review, secure configuration and hardening and patching before going live + for software products.' + - urn: urn:intuitem:risk:req_node:ecc-1:1-6-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-6 + ref_id: 1-6-4 + description: The cybersecurity requirements in project management must be reviewed + periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:1-7 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-7 + name: Compliance with Cybersecurity Standards, Laws and Regulations + description: To ensure that the organization's cybersecurity program is in compliance + with related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-7-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-7 + ref_id: 1-7-1 + description: The organization must comply with related national cybersecurity + laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-7-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-7 + ref_id: 1-7-2 + description: The organization must comply with any nationally-approved international + agreements and commiments related to cybersecurity. + - urn: urn:intuitem:risk:req_node:ecc-1:1-8 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-8 + name: Periodical Cybersecurity Review and Audit + description: To ensure that cybersecurity controls are implemented and in compliance + with organizational policies and procedures, as well as related national and + international laws, regulations and agreements. + - urn: urn:intuitem:risk:req_node:ecc-1:1-8-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-8 + ref_id: 1-8-1 + description: Cybersecurity reviews must be conducted periodically by the cybersecurity + function in the organization to assess the compliance with the cybersecurity + controls in the organization. + - urn: urn:intuitem:risk:req_node:ecc-1:1-8-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-8 + ref_id: 1-8-2 + description: Cybersecurity audits and reviews must be conducted by independent + parties outside the cybersecurity function (e.g., Internal Audit function) + to assess the compliance with the cybersecurity controls in the organization. + Audits and reviews must be conducted independently, while ensuring that this + does not result in a conflict of interest, as per the Generally Accepted Auditing + Standards (GAAS), and related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-8-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-8 + ref_id: 1-8-3 + description: Results from the cybersecurity audits and reviews must be documented + and presented to the cybersecurity steering committee and Authorizing Official. + Results must include the audit/review scope, observations, recommendations + and remediation plans. + - urn: urn:intuitem:risk:req_node:ecc-1:1-9 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-9 + name: Cybersecurity in Human Resources + description: To ensure that cybersecurity risks and requirements related to + personnel (employees and contractors) are managed efficiently prior to employment, + during employment and after termination/separation as per organizational policies + and procedures, and related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:1-9-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-9 + ref_id: 1-9-1 + description: Personnel cybersecurity requirements (prior to employment, during + employment and after termination/separation) must be defined, documented and + approved. + - urn: urn:intuitem:risk:req_node:ecc-1:1-9-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-9 + ref_id: 1-9-2 + description: The personnel cybersecurity requirements must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:1-9-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-9 + ref_id: 1-9-3 + description: 'The personnel cybersecurity requirements prior to employment must + include at least the following: 1-9-3-1 Inclusion of personnel cybersecurity + responsibilities and non-disclosure clauses (covering the cybersecurity requirements + during employment and after termination/ separation) in employment contracts. + 1-9-3-2 Screening or vetting candidates of cybersecurity and critical/privileged + positions.' + - urn: urn:intuitem:risk:req_node:ecc-1:1-9-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-9 + ref_id: 1-9-4 + description: 'The personnel cybersecurity requirements during employment must + include at least the following: 1-9-4-1 Cybersecurity awareness (during on-boarding + and during employment). 1-9-4-2 Implementation of and compliance with the + cybersecurity requirements as per the organizational cybersecurity policies + and procedures.' + - urn: urn:intuitem:risk:req_node:ecc-1:1-9-5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-9 + ref_id: 1-9-5 + description: Personnel access to information and technology assets must be reviewed + and removed immediately upon termination/separation. + - urn: urn:intuitem:risk:req_node:ecc-1:1-9-6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-9 + ref_id: 1-9-6 + description: Personnel cybersecurity requirements must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:1-10 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1 + ref_id: 1-10 + name: Cybersecurity Awareness and Training Program + description: To ensure that personnel are aware of their cybersecurity responsibilities + and have the essential cybersecurity awareness. It is also to ensure that + personnel are provided with the required cybersecurity training, skills and + credentials needed to accomplish their cybersecurity responsibilities and + to protect the organization's information and technology assets. + - urn: urn:intuitem:risk:req_node:ecc-1:1-10-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-10 + ref_id: 1-10-1 + description: A cybersecurity awareness program must be developed and approved. + The program must be conducted periodically through multiple channels to strengthen + the awareness about cybersecurity, cyber threats and risks, and to build a + positive cybersecurity awareness culture. + - urn: urn:intuitem:risk:req_node:ecc-1:1-10-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-10 + ref_id: 1-10-2 + description: The cybersecurity awareness program must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:1-10-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-10 + ref_id: 1-10-3 + description: 'The cybersecurity awareness program must cover the latest cyber + threats and how to protect against them, and must include at least the following + subjects: + + 1-10-3-1 Secure handling of email services, especially phishing emails. + + 1-10-3-2 Secure handling of mobile devices and storage media. + + 1-10-3-3 Secure Internet browsing. 1-10-3-4 Secure use of social media.' + - urn: urn:intuitem:risk:req_node:ecc-1:1-10-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-10 + ref_id: 1-10-4 + description: 'Essential and customized (i.e., tailored to job functions as it + relates to cybersecurity) training and access to professional skillsets must + be made available to personnel working directly on tasks related to cybersecurity + including: 1-10-4-1 Cybersecurity function''s personnel. + + 1-10-4-2 Personnel working on software/application development. and information + and technology assets operations. 1-10-4-3 Executive and supervisory positions.' + - urn: urn:intuitem:risk:req_node:ecc-1:1-10-5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:1-10 + ref_id: 1-10-5 + description: The implementation of the cybersecurity awareness program must + be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2 + assessable: false + depth: 1 + ref_id: '2' + name: Cybersecurity Defense + - urn: urn:intuitem:risk:req_node:ecc-1:2-1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-1 + name: Asset Management + description: To ensure that the organization has an accurate and detailed inventory + of information and technology assets in order to support the organization's + cybersecurity and operational requirements to maintain the confidentiality, + integrity and availability of information and technology assets. + - urn: urn:intuitem:risk:req_node:ecc-1:2-1-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-1 + ref_id: 2-1-1 + description: Cybersecurity requirements for managing information and technology + assets must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-1-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-1 + ref_id: 2-1-2 + description: The cybersecurity requirements for managing information and technology + assets must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-1-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-1 + ref_id: 2-1-3 + description: Acceptable use policy of information and technology assets must + be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-1-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-1 + ref_id: 2-1-4 + description: Acceptable use policy of information and technology assets must + be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-1-5 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-1 + ref_id: 2-1-5 + description: Information and technology assets must be classified, labeled and + handled as per related law and regulatory requirements. + - urn: urn:intuitem:risk:req_node:ecc-1:2-1-6 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-1 + ref_id: 2-1-6 + description: The cybersecurity requirements for managing information and technology + assets must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-2 + name: Identity and Access Management + description: To ensure the secure and restricted logical access to information + and technology assets in order to prevent unauthorized access and allow only + authorized access for users which are necessary to accomplish assigned tasks. + - urn: urn:intuitem:risk:req_node:ecc-1:2-2-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-2 + ref_id: 2-2-1 + description: Cybersecurity requirements for identity and access management must + be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-2-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-2 + ref_id: 2-2-2 + description: The cybersecurity requirements for identity and access management + must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-2-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-2 + ref_id: 2-2-3 + description: 'The cybersecurity requirements for identity and access management + must include at least the following 2-2-3-1 User authentication based on username + and password. 2-2-3-2 Multi-factor authentication for remote access. 2-2-3-3 + User authorization based on identity and access control principles: Need-to-Know + and Need-to-Use, Least Privilege and Segregation of Duties. 2-2-3-4 Privileged + access management. 2-2-3-5 Periodic review of users'' identities and access + rights.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-2-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-2 + ref_id: 2-2-4 + description: The Implementation of the cybersecurity requirements for identity + and access management must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-3 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-3 + name: Information System and Information Processing Facilities Protection + description: To ensure the protection of information systems and information + processing facilities (including workstations and infrastructures) against + cyber risks. + - urn: urn:intuitem:risk:req_node:ecc-1:2-3-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-3 + ref_id: 2-3-1 + description: Cybersecurity requirements for protecting information systems and + information processing facilities must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-3-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-3 + ref_id: 2-3-2 + description: The cybersecurity requirements for protecting information systems + and information processing facilities must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-3-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-3 + ref_id: 2-3-3 + description: 'The cybersecurity requirements for protecting information systems + and information processing facilities must include at least the following: + 2-3-3-1 Advanced, up-to-date and secure management of malware and virus protection + on servers and workstations. + + 2-3-3-2 Restricted use and secure handling of external storage media. 2-3-3-3 + Patch management for information systems, software and devices. 2-3-3-4 Centralized + clock synchronization with an accurate and trusted source (e.g., Saudi Standards, + Metrology and Quality Organization (SASO)).' + - urn: urn:intuitem:risk:req_node:ecc-1:2-3-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-3 + ref_id: 2-3-4 + description: The cybersecurity requirements for protecting information systems + and information processing facilities must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-4 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-4 + name: Email Protection + description: To ensure the protection of organization's email service from cyber + risks. + - urn: urn:intuitem:risk:req_node:ecc-1:2-4-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-4 + ref_id: 2-4-1 + description: Cybersecurity requirements for protecting email service must be + defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-4-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-4 + ref_id: 2-4-2 + description: The cybersecurity requirements for email service must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-4-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-4 + ref_id: 2-4-3 + description: 'The cybersecurity requirements for protecting the email service + must include at the least the following: 2-4-3-1 Analyzing and filtering email + messages (specifically phishing emails and spam) using advanced and up-to-date + email protection techniques. + + 2-4-3-2 Multi-factor authentication for remote and webmail access to email + service. 2-4-3-3 Email archiving and backup. 2-4-3-4 Secure management and + protection against Advanced Persistent Threats (APT), which normally utilize + zero-day viruses and malware. 2-4-3-5 Validation of the organization''s email + service domains (e.g., using Sender Policy Framework (SPF)).' + - urn: urn:intuitem:risk:req_node:ecc-1:2-4-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-4 + ref_id: 2-4-4 + description: The cybersecurity requirements for email service must be reviewed + periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-5 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-5 + name: Networks Security Management + description: To ensure the protection of organization's network from cyber risks. + - urn: urn:intuitem:risk:req_node:ecc-1:2-5-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-5 + ref_id: 2-5-1 + description: Cybersecurity requirements for network security management must + be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-5-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-5 + ref_id: 2-5-2 + description: The cybersecurity requirements for network security management + must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-5-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-5 + ref_id: 2-5-3 + description: 'The cybersecurity requirements for network security management + must include at least the following: 2-5-3-1 Logical or physical segregation + and segmentation of network segments using firewalls and defense-in-depth + principles. + + 2-5-3-2 Network segregation between production, test and development environments. + 2-5-3-3 Secure browsing and Internet connectivity including restrictions on + the use of file storage/sharing and remote access websites, and protection + against suspicious websites. + + 2-5-3-4 Wireless network protection using strong authentication and encryption + techniques. A comprehensive risk assessment and management exercise must be + conducted to assess and manage the cyber risks prior to connecting any wireless + networks to the organization''s internal network. 2-5-3-5 Management and restrictions + on network services, protocols and ports. 2-5-3-6 Intrusion Prevention Systems + (IPS). 2-5-3-7 Security of Domain Name Service (DNS). 2-5-3-8 Secure management + and protection of Internet browsing channel against Advanced Persistent Threats + (APT), which normally utilize zero-day viruses and malware.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-5-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-5 + ref_id: 2-5-4 + description: The cybersecurity requirements for network security management + must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-6 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-6 + name: Mobile Devices Security + description: To ensure the protection of mobile devices (including laptops, + smartphones, tablets) from cyber risks and to ensure the secure handling of + the organization's information (including sensitive information) while utilizing + Bring Your Own Device (BYOD) policy. + - urn: urn:intuitem:risk:req_node:ecc-1:2-6-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-6 + ref_id: 2-6-1 + description: Cybersecurity requirements for mobile devices security and BYOD + must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-6-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-6 + ref_id: 2-6-2 + description: The cybersecurity requirements for mobile devices security and + BYOD must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-6-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-6 + ref_id: 2-6-3 + description: 'The cybersecurity requirements for mobile devices security and + BYOD must include at least the following: 2-6-3-1 Separation and encryption + of organization''s data and information stored on mobile devices and BYODs. + + 2-6-3-2 Controlled and restricted use based on job requirements. 2-6-3-3 Secure + wiping of organization''s data and information stored on mobile devices and + BYOD in cases of device loss, theft or after termination/separation from the + organization. 2-6-3-4 Security awareness for mobile devices users.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-6-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-6 + ref_id: 2-6-4 + description: The cybersecurity requirements for mobile devices security and + BYOD must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-7 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-7 + name: Data and Information Protection + description: To ensure the confidentiality, integrity and availability of organization's + data and information as per organizational policies and procedures, and related + laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:2-7-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-7 + ref_id: 2-7-1 + description: Cybersecurity requirements for protecting and handling data and + information must be defined, documented and approved as per the related laws + and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:2-7-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-7 + ref_id: 2-7-2 + description: The cybersecurity requirements for protecting and handling data + and information must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-7-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-7 + ref_id: 2-7-3 + description: 'The cybersecurity requirements for protecting and handling data + and information must include at least the following: 2-7-3-1 Data and information + ownership. 2-7-3-2 Data and information classification and labeling mechanisms. + 2-7-3-3 Data and information privacy.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-7-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-7 + ref_id: 2-7-4 + description: The cybersecurity requirements for protecting and handling data + and information must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-8 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-8 + name: Cryptography + description: To ensure the proper and efficient use of cryptography to protect + information assets as per organizational policies and procedures, and related + laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:2-8-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-8 + ref_id: 2-8-1 + description: Cybersecurity requirements for cryptography must be defined, documented + and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-8-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-8 + ref_id: 2-8-2 + description: The cybersecurity requirements for cryptography must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-8-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-8 + ref_id: 2-8-3 + description: 'The cybersecurity requirements for cryptography must include at + least the following: 2-8-3-1 Approved cryptographic solutions standards and + its technical and regulatory limitations. 2-8-3-2 Secure management of cryptographic + keys during their lifecycles. + + 2-8-3-3 Encryption of data in-transit and at-rest as per classification and + related laws and regulations.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-8-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-8 + ref_id: 2-8-4 + description: The cybersecurity requirements for cryptography must be reviewed + periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-9 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-9 + name: Backup and Recovery Management + description: To ensure the protection of organization's data and information + including information systems and software configurations from cyber risks + as per organizational policies and procedures, and related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:2-9-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-9 + ref_id: 2-9-1 + description: Cybersecurity requirements for backup and recovery management must + be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-9-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-9 + ref_id: 2-9-2 + description: The cybersecurity requirements for backup and recovery management + must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-9-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-9 + ref_id: 2-9-3 + description: 'The cybersecurity requirements for backup and recovery management + must include at least the following: + + 2-9-3-1 Scope and coverage of backups to cover critical technology and information + assets. + + 2-9-3-2 Ability to perform quick recovery of data and systems after cybersecurity + incidents. 2-9-3-3 Periodic tests of backup''s recovery effectiveness.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-9-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-9 + ref_id: 2-9-4 + description: The cybersecurity requirements for backup and recovery management + must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-10 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-10 + name: Vulnerabilities Management + description: To ensure timely detection and effective remediation of technical + vulnerabilities to prevent or minimize the probability of exploiting these + vulnerabilities to launch cyber attacks against the organization. + - urn: urn:intuitem:risk:req_node:ecc-1:2-10-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-10 + ref_id: 2-10-1 + description: Cybersecurity requirements for technical vulnerabilities management + must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-10-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-10 + ref_id: 2-10-2 + description: The cybersecurity requirements for technical vulnerabilities management + must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-10-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-10 + ref_id: 2-10-3 + description: 'The cybersecurity requirements for technical vulnerabilities management + must include at least the following: 2-10-3-1 Periodic vulnerabilities assessments. + + 2-10-3-2 Vulnerabilities classification based on criticality level. 2-10-3-3 + Vulnerabilities remediation based on classification and associated risk levels. + 2-10-3-4 Security patch management. 2-10-3-5 Subscription with authorized + and trusted cybersecurity resources for up-to-date information and notifications + on technical vulnerabilities.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-10-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-10 + ref_id: 2-10-4 + description: The cybersecurity requirements for technical vulnerabilities management + must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-11 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-11 + name: Penetration Testing + description: To assess and evaluate the efficiency of the organization's cybersecurity + defense capabilities through simulated cyber-attacks to discover unknown weaknesses + within the technical infrastructure that may lead to a cyber breach. + - urn: urn:intuitem:risk:req_node:ecc-1:2-11-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-11 + ref_id: 2-11-1 + description: Cybersecurity requirements for penetration testing exercises must + be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-11-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-11 + ref_id: 2-11-2 + description: The cybersecurity requirements for penetration testing processes + must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-11-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-11 + ref_id: 2-11-3 + description: 'The cybersecurity requirements for penetration testing processes + must include at least the following: + + 2-11-3-1 Scope of penetration tests which must cover Internet-facing services + and its technical components including infrastructure, websites, web applications, + mobile apps, email and remote access. + + 2-11-3-2 Conducting penetration tests periodically.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-11-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-11 + ref_id: 2-11-4 + description: Cybersecurity requirements for penetration testing processes must + be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-12 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-12 + name: Cybersecurity Event Logs and Monitoring Management + description: To ensure timely collection, analysis and monitoring of cybersecurity + events for early detection of potential cyber-attacks in order to prevent + or minimize the negative impacts on the organization's operations. + - urn: urn:intuitem:risk:req_node:ecc-1:2-12-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-12 + ref_id: 2-12-1 + description: Cybersecurity requirements for event logs and monitoring management + must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-12-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-12 + ref_id: 2-12-2 + description: The cybersecurity requirements for event logs and monitoring management + must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-12-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-12 + ref_id: 2-12-3 + description: 'The cybersecurity requirements for event logs and monitoring management + must include at least the following: + + 2-12-3-1 Activation of cybersecurity event logs on critical information assets. + + 2-12-3-2 Activation of cybersecurity event logs on remote access and privileged + user accounts. 2-12-3-3 Identification of required technologies (e.g., SIEM) + for cybersecurity event logs collection. 2-12-3-4 Continuous monitoring of + cybersecurity events. 2-12-3-5 Retention period for cybersecurity event logs + (must be 12 months minimum).' + - urn: urn:intuitem:risk:req_node:ecc-1:2-12-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-12 + ref_id: 2-12-4 + description: The cybersecurity requirements for event logs and monitoring management + must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-13 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-13 + name: Cybersecurity Incident and Threat Management + description: To ensure timely identification, detection, effective management + and handling of cybersecurity incidents and threats to prevent or minimize + negative impacts on organization's operation taking into consideration the + Royal Decree number 37140, dated 14/8/1438H. + - urn: urn:intuitem:risk:req_node:ecc-1:2-13-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-13 + ref_id: 2-13-1 + description: Requirements for cybersecurity incidents and threat management + must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-13-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-13 + ref_id: 2-13-2 + description: The requirements for cybersecurity incidents and threat management + must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-13-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-13 + ref_id: 2-13-3 + description: 'The requirements for cybersecurity incidents and threat management + must include at least the following: + + 2-13-3-1 Cybersecurity incident response plans and escalation procedures. + 2-13-3-2 Cybersecurity incidents classification. 2-13-3-3 Cybersecurity incidents + reporting to NCA. + + 2-13-3-4 Sharing incidents notifications, threat intelligence, breach indicators + and reports with NCA. 2-13-3-5 Collecting and handling threat intelligence + feeds.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-13-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-13 + ref_id: 2-13-4 + description: The requirements for cybersecurity incidents and threat management + must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-14 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-14 + name: Physical Security + description: To ensure the protection of information and technology assets from + unauthorized physical access, loss, theft and damage. + - urn: urn:intuitem:risk:req_node:ecc-1:2-14-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-14 + ref_id: 2-14-1 + description: Cybersecurity requirements for physical protection of information + and technology assets must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-14-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-14 + ref_id: 2-14-2 + description: The cybersecurity requirements for physical protection of information + and technology assets must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-14-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-14 + ref_id: 2-14-3 + description: 'The cybersecurity requirements for physical protection of information + and technology assets must include at least the following: + + 2-14-3-1 Authorized access to sensitive areas within the organization (e.g., + data center, disaster recovery center, sensitive information processing facilities, + security surveillance center, network cabinets). + + 2-14-3-2 Facility entry/exit records and CCTV monitoring. 2-14-3-3 Protection + of facility entry/exit and surveillance records. 2-14-3-4 Secure destruction + and re-use of physical assets that hold classified information (including + documents and storage media). + + 2-14-3-5 Security of devices and equipment inside and outside the organization''s + facilities.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-14-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-14 + ref_id: 2-14-4 + description: The cybersecurity requirements for physical protection of information + and technology assets must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:2-15 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2 + ref_id: 2-15 + name: Web Application Security + description: To ensure the protection of external web applications against cyber + risks. + - urn: urn:intuitem:risk:req_node:ecc-1:2-15-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-15 + ref_id: 2-15-1 + description: Cybersecurity requirements for external web applications must be + defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:2-15-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-15 + ref_id: 2-15-2 + description: The cybersecurity requirements for external web applications must + be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:2-15-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-15 + ref_id: 2-15-3 + description: 'The cybersecurity requirements for external web applications must + include at least the following: 2-15-3-1 Use of web application firewall. + 2-15-3-2 Adoption of the multi-tier architecture principle. 2-15-3-3 Use of + secure protocols (e.g., HTTPS). 2-15-3-4 Clarification of the secure usage + policy for users. 2-15-3-5 Multi-factor authentication for users'' access.' + - urn: urn:intuitem:risk:req_node:ecc-1:2-15-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:2-15 + ref_id: 2-15-4 + description: The cybersecurity requirements for external web applications must + be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:3 + assessable: false + depth: 1 + ref_id: '3' + name: Cybersecurity Resilience + - urn: urn:intuitem:risk:req_node:ecc-1:3-1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:3 + ref_id: 3-1 + name: Cybersecurity Resilience Aspects of Business Continuity Management (BCM) + description: To ensure the inclusion of the cybersecurity resiliency requirements + within the organization's business continuity management and to remediate + and minimize the impacts on systems, information processing facilities and + critical e-services from disasters caused by cybersecurity incidents. + - urn: urn:intuitem:risk:req_node:ecc-1:3-1-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:3-1 + ref_id: 3-1-1 + description: Cybersecurity requirements for business continuity management must + be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:3-1-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:3-1 + ref_id: 3-1-2 + description: The cybersecurity requirements for business continuity management + must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:3-1-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:3-1 + ref_id: 3-1-3 + description: 'The cybersecurity requirements for business continuity management + must include at least the following: + + 3-1-3-1 Ensuring the continuity of cybersecurity systems and procedures. 3-1-3-2 + Developing response plans for cybersecurity incidents that may affect the + business continuity. 3-1-3-3 Developing disaster recovery plans.' + - urn: urn:intuitem:risk:req_node:ecc-1:3-1-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:3-1 + ref_id: 3-1-4 + description: The cybersecurity requirements for business continuity management + must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:4 + assessable: false + depth: 1 + ref_id: '4' + name: Third-Party and Cloud Computing Cubersecurity + - urn: urn:intuitem:risk:req_node:ecc-1:4-1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4 + ref_id: 4-1 + name: Third-Party Cybersecurity + description: To ensure the protection of assets against the cybersecurity risks + related to third-parties including outsourcing and managed services as per + organizational policies and procedures, and related laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:4-1-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4-1 + ref_id: 4-1-1 + description: Cybersecurity requirements for contracts and agreements with third-parties + must be identified, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:4-1-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4-1 + ref_id: 4-1-2 + description: 'The cybersecurity requirements for contracts and agreements with + third-parties (e.g., Service Level Agreement (SLA) -which may affect, if impacted, + the organization''s data or services- must include at least the following: + 4-1-2-1 Non-disclosure clauses and secure removal of organization''s data + by third parties upon end of service. + + 4-1-2-2 Communication procedures in case of cybersecurity incidents. 4-1-2-3 + Requirements for third-parties to comply with related organizational policies + and procedures, laws and regulations.' + - urn: urn:intuitem:risk:req_node:ecc-1:4-1-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4-1 + ref_id: 4-1-3 + description: 'The cybersecurity requirements for contracts and agreements with + IT outsourcing and managed services third-parties must include at least the + following: 4-1-3-1 Conducting a cybersecurity risk assessment to ensure the + availability of risk mitigation controls before signing contracts and agreements + or upon changes in related regulatory requirements. + + 4-1-3-2 Cybersecurity managed services centers for monitoring and operations + must be completely present inside the Kingdom of Saudi Arabia.' + - urn: urn:intuitem:risk:req_node:ecc-1:4-1-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4-1 + ref_id: 4-1-4 + description: The cybersecurity requirements for contracts and agreements with + third-parties must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:4-2 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4 + ref_id: 4-2 + name: Cloud Computing and Hosting Cybersecurity + description: To ensure the proper and efficient remediation of cyber risks and + the implementation of cybersecurity requirements related to hosting and cloud + computing as per organizational policies and procedures, and related laws + and regulations. It is also to ensure the protection of the organization's + information and technology assets hosted on the cloud or processed/managed + by third-parties. + - urn: urn:intuitem:risk:req_node:ecc-1:4-2-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4-2 + ref_id: 4-2-1 + description: Cybersecurity requirements related to the use of hosting and cloud + computing services must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:4-2-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4-2 + ref_id: 4-2-2 + description: 'The cybersecurity requirements related to the use of hosting and + cloud computing services must be implemented. + + In line with related and applicable laws and regulations, and in addition + to the applicable ECC controls from main domains (1), (2), (3) and subdomain + (4-1), the cybersecurity requirements related to the use of hosting and cloud + computing services must include at least the following:' + - urn: urn:intuitem:risk:req_node:ecc-1:4-2-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4-2 + ref_id: 4-2-3 + description: '4-2-3-1 Classification of data prior to hosting on cloud or hosting + services and returning data (in a usable format) upon service completion. + + 4-2-3-2 Separation of organization''s environments (specifically virtual servers) + from other environments hosted at the cloud service provider. 4-2-3-3 Organization''s + information hosting and storage must be inside the Kingdom of Saudi Arabia.' + - urn: urn:intuitem:risk:req_node:ecc-1:4-2-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:4-2 + ref_id: 4-2-4 + description: The cybersecurity requirements related to the use of hosting and + cloud computing services must be reviewed periodically. + - urn: urn:intuitem:risk:req_node:ecc-1:5 + assessable: false + depth: 1 + ref_id: '5' + name: ICS Cybersecurity + - urn: urn:intuitem:risk:req_node:ecc-1:5-1 + assessable: false + depth: 2 + parent_urn: urn:intuitem:risk:req_node:ecc-1:5 + ref_id: 5-1 + name: Industrial Control Systems (ICS) Protection + description: To ensure the appropriate and effective cybersecurity management + of Industrial Controls Systems and Operational Technology (ICS/OT) to protect + the confidentiality, integrity and availability of the organization's assets + against cyber attacks (e.g., unauthorized access, destruction, spying and + fraud) in line with the organization's cybersecurity strategy and related + and applicable local and international laws and regulations. + - urn: urn:intuitem:risk:req_node:ecc-1:5-1-1 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:5-1 + ref_id: 5-1-1 + description: Cybersecurity requirements related to Industrial Controls Systems + and Operational Technology (ICS/OT) must be defined, documented and approved. + - urn: urn:intuitem:risk:req_node:ecc-1:5-1-2 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:5-1 + ref_id: 5-1-2 + description: The cybersecurity requirements related to Industrial Controls Systems + and Operational Technology (ICS/OT) must be implemented. + - urn: urn:intuitem:risk:req_node:ecc-1:5-1-3 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:5-1 + ref_id: 5-1-3 + description: 'In addition to the applicable ECC controls from the main domains + (1), (2), (3) and (4), the cybersecurity requirements related to Industrial + Controls Systems and Operational Technology (ICS/OT) must include at least + the following: 5-1-3-1 Strict physical and virtual segmentation when connecting + industrial production networks to other networks within the organization (e.g., + corporate network). + + 5-1-3-2 Strict physical and virtual segmentation when connecting systems and + industrial networks with external networks (e.g., Internet, wireless, remote + access). 5-1-3-3 Continuous monitoring and activation of cybersecurity event + logs on the industrial networks and its connections. + + 5-1-3-4 Isolation of Safety Instrumental Systems (SIS). 5-1-3-5 Strict limitation + on the use of external storage media. 5-1-3-6 Strict limitation on connecting + mobile devices to industrial production networks. 5-1-3-7 Periodic review + and secure configuration and hardening of industrial, automated, support systems, + and devices. 5-1-3-8 Vulnerability management for industrial control systems + and operational technology (ICS/OT). 5-1-3-9 Patch management for industrial + control systems and operational technology (ICS/OT). 5-1-3-10 Cybersecurity + applications management related to the protection of the industrial systems + from viruses and malware.' + - urn: urn:intuitem:risk:req_node:ecc-1:5-1-4 + assessable: true + depth: 3 + parent_urn: urn:intuitem:risk:req_node:ecc-1:5-1 + ref_id: 5-1-4 + description: The cybersecurity requirements related to Industrial Controls Systems + and Operational Technology (ICS/OT) must be reviewed periodically. diff --git a/tools/ecc/ecc-1.xlsx b/tools/ecc/ecc-1.xlsx new file mode 100644 index 0000000000000000000000000000000000000000..cbc1395860b701febfb398ded98990868b29836a GIT binary patch literal 23479 zcmeEt^M5BzwB|RqZQHhO+nm_8ZF}NOY}=D$V%xSgNjC4hpWVH?d-pH6TR&8HSJ$ai zb^1Jg(AA1EAfTuKZ~!C#03ZVV$|&Ek0|Ee2!2kdh03@)Eh`pVQnVpM)s;7gQvmU*N ztqoxzC@^I{0QkHA|1bZAB`}mSVK=~tDE6HChLG5*W^AaWh88GBFo9nF0HW(ni0(IL zLiyL10=%L^S_rb(&X_E({n=wLbJxRGu0AMYtuyPf5}&3|s2cdH&a*+Clf zI^P^ekR4yo0In<>psCn0n8ijF>OG~zZV0B%A5fH=8Lv+273+*2q8q_=BUI}?QQ{7z zORZAbFFq)d5m_QNJfFpHFGY-LIy}f;_gIk$*>6FGoOqY2(yKe3Doy zey6Qfu$lKB;14gJm;MbZ{xNGZ6&sPi zrCbc(&Dp1LDT3?bPcaKoEFb6Kh4xgvW}Y4xLP!p`J-Oz3+KXoioulVwaU28eTG6U& zeD`GYUM(BWH7(-$@D0STFA#v@{{~YO{T?&mZqY&mBrUp)CHqH$6|J45C1gtb~Lnp;UA#LF*-9Rru_ltx&z7gtWiTZ~Qc3{GHeY1fN3t^{le8 zI9X^GNbb?=1t(ZjSFxBgivLEYxX&?T7c)YcrX9mr;WJY`pUITQGzaq3R>Rx36#j3> zNSBuy{c}eG1OUJWKmvK#F#LDaxZ68f8{6Ak|6|+!2ZDgU4cs@p{%e=6q)DqGM%a++ z(4OGgZpWlg#c^(Ls?hG1bqL0KP9xiP(L`B|1xxk`xcN7zGtuw$?Gw%e?FvGF~AI5W3c zFk_K0$@y_~4MCQF_0hF}!94Q{bdz@nM?thi`5kdJNXul}K~?^;{4r*3wH`=VM4E&d zRpsX{VbNhAb8e)DjrTo!tEXX|6nJt{|2l*D&orlkcwPq%SoQQq`r=K8qJZ$8G*s2}SWGB?kl@-~x&w11kIfiJAKeEYZt-ju4iHgULn#Ns~ zj7_}%diG@6=ji&bsg^vB6z>(rA+|dt44=s!bm@zoobxs_B$lvNJ8MT}iCIjbzPWrH z6KGfy8DI!^X#*51ARc3 zp>89uunA@q8&6h(ElO)wh}xdVkjRS{!!d+q;G0%F8$+Ad*69XjAbDwtc|&Q|W`uSy zsC$Z^h8^CM9FgG063KhnVUmzsU{e5j6D!QAFrT8HW;HEINH6tH>?!dNWR3NlZX^A3 zbW9D*3RkejXqK7~xzxQw-%_#;O%D+`zMg!zX|_<+Pc=Oga*bXKp=B!b(Ccrg>o8A+`Du1@N|x{e<)1WJq;qV zKX0S_uzsu|U}<8X?wT6zFloZu8U?!1afg}aT^0)w&->zk#@Md}?sCQ3W=bX2+gA&T z>yq-aSN5=($Mp7OVjxXjPp{IT-#9;_W>3T?k_kIv^vp&Pxp2UN zJnT!s&FIjZ3ol~UHZS$cKX2e5isNBIw<)?#x$;tEfRL{D$Kol9wDzWwvW=I;<%t8C zeoA&Zh?jC=xmQV6xSv3_gWbCe#uy>Ha$~8``9-NByUEFF+mXGgK>r@8*A{m`z)v1F zZueXZ+bejPdLg_2a4I{PJ^g(D&SHCQexH8)pu2zSnzA5ZNhfG{Twj}008d4!_V2p)5gsCpBHwqnyq~{BjP8&nsz!C&OVIM(M_ zL~`{;N$eOM=FmN=Ym!z%Y}RuNVY3a6>BWQv*YT0Xy1V#B(4H)5C7o)pTWue)b2lX>YvAxj-W1o z0c0Yi(onT6f@u{Ya$$1Bl*YW`t*Kwe9ez~(IxybO?)1i6hY%Pmc%F)G8tkdD_`sza4Xq{x|A17G3k+p%OYUp>49rc3s5!O0snslM7q6Wh zSB&z2@X4cl?hp*_C1BL)1Y6s-y-xQd zkfe`xo#niza<#*DesYisI>DeJ$}UtdkH7SV*58b5d;E0loM+o|U8wkl_E|qM8VGHR z?WS-?RA*4-@45M>Sx4KLi2dF)g+8lsJxA;@3`1PaakLo!qsZ6Wv*EF?;l3*kwgp_F z7KtH4mPma#^7V8JDnbg+b4!PuFyW=q)x5)n!EoU9A&J0EAyckL@-5}l9VaBlzJ(vk z@h#!=OK$coh0x5kX1Wh=qb_s*VqztUhzLyr=$S#3Ly3!Q!u^-Q6YPIxi5L+gtS`X< zfGxa#qVs<(k&A_ytr^3=HPb(UxX_ZZ$KgQi!8q|Je9F^oARA>ThDf6&v)vo2OGV{U z?p&ZZxpERxZgHhaG6@70n=ecU?tWBkf=d8&7x#|XMzMq4VQ`abRF;Unrh@v4L3k5v z!yZp!T`gLNQ;EEbN{%2!h>ZN=x^YXZGMYARdOc6YD~R@&Wj$wA5)<(lHcgm;;SF zK-*lyhO?6Xs?`ENM>*01Z_P}46Z$<=V=jja9US{~hD|iuFbKLfT7}lfjU;fAEP_TD zRuY6!op0{fKk&8))}@Zf#1`Hnyv))YR6`i?gg%)?jGq#{IRZpXy7Pl|i%DbrwxHzP}mao>bZhL|LD#6OsSif|0ZcZ3xW+U`o&FHUP zNW;O2hTjUH?coZxZ{pz2HG{AhMDOJdzSh&yvupDJk;a^SGM`y1=+^J=4uR$B+zqV- z_>`#kl~G27F?T#5i{zDi)~D@3=sp1Q17T^hh}fpa5W^9N@p9lnhrNKh#2pS}eNo3V zCA{cJMTDFeq51zXnGU6FR~~QodVQjHdwm|9>^2sK3*hm2xjfuROiU1U1va)xzuc`) zfBtGd|>Qy&K?zUr=T z7ILIrGDy>)%FHC@NNNu3&@1H|R4F`|d_Zfss|FeT%@ZaIL5-a5{w9hduTS535ky>7 zXCx-onbxa$5_ccnlvXxOEs)(=Gd22Ee8Wm_8>X5g59amz($&r%M_cz4k;NR)5|ej% zVO*wGtSQtuDRI=f>lb_?{L3qqvlZ9qupk+J)f0X(TiI^%)A>LYNtHqzRL|?vhn0 zvuveb>(}E?rUdH&a(~i!IpWaHJ=^?^BDaQ$Y_bK_|JW&AQ$KV<*ZXPCi_bBJKPqX>+ zfR&x;)-aP~?yxkRR@1d*>`Jq!+t^;Q7;8~V$z7339gOfpEjYY{t)Nk81|cvt-RNSu zVX!M0E3#?xl9t~wTK|o%{nyMIb<$3RCI(kLO-&`vww$m9vL60&?sV3oAeSB_3VO2R z2NNr`(x7Vk2f;v@n^?LS9xh z`C2JIZj5aNHWiPNzd}G@l4st)<(He9 zCuv$+&|Ry&O3fUexXe9+qOHmmevo7R*d^bV#`=?+x)cG?;c3P(o@;=XduuP9YK8eV ztvb67ltV}>wgy6kdj%ci($fM=uR2fweFz2T4LsE?dl_I6h@$NQHxf=_es7TA`>}nL zb7(Y&4KCCyVnRx3LqUxcVk4r(JnIhK=vDuynO0?JN?bu)^QU?Rq(MQ`V7bpsFBl|6 z@K?5#atcr|55E7EZ=z7J<}>Bj!pJcBy{Ef-cl$d0*xb+hR14K8KQkK5$5s{!4onrK zsRp2lQ>PZ=NsF$PoX-0b_3E|h0|)q!2ZEKaUyzv}`UM;d{M&(RQ9Jj+X!t^^26Jj~ z#F7}2-fRIqqx?<%#agRqQAZDSZbFA02_+bos?(Mi4Utai&Q7-nJx4wx^t2Z%9oQ21 zD#1VE%YNC#lRHN^#=Op`eV`9RAoR^Y8Q!AW&*RZ5PbMj(0yi4wj_2BUSKk7bqc`nE>>aWh$)}3*HA(sY<^{Q zQjr9l*R(=yu?c0IzYG7duI=_Dtg?rnvuECT30$BS9wE#=hv!X6CT%)>u8yP6n(<78 z?I;8fUW<9XD^?o6O-V%+)6(GtLfV*oy#An)#!O#Ry#DukK$OJXkm3Wpr(iE$D{4eT z{VzCor_xrnS53J*E@oQ-}@woluy2l}IW_r4nRt#}4Eb>9hpmf{_B^p00L z8I2+eUTrc}pY^tDuP?BJ4mZqPLrWifv%_1cs=iWjnqYnL6Y$IzQt7wBNWL+I4{v|* z(qL1}@Igv^73Ba|n$yITh-z1Dy^!uh8ZhTmsvh7U-wBUE@yn(b;xekN+tm;PPQvCHIt;U3#Y3K|<%tGV@sC=&4kaUMk(W z-RbR?^;dNNQY0Dq8fcOvzZfo`OmH=_;IA};A?xBEloU>%I>3Y?hw9jQ4m70+NcG7rya7dUGg@$!HfVeg@UDt*0k$Em zUK`e|R9$Q}W+Wo34}*{pOGS$CQ-5(CaR% zr?sd7Um0vK5Q?34SHs6ULYVqhj`Ocv|E+jqgrElmVZ~~Zod7fu5i_Ub)s=aM3ohiE z*$Ji4eBCNW8z0a7UFs%<)=fk6uq1H!4!t}?m}R=H(VrJcyX04Q6)9BwzuCD7VTtt% zPS>i}lNq3~Q>%_sf%A}tGRWhnn88$;T7SnSL>rXg?u)gfB5j#YJqx6p-XnQWW&ZAD z_;(urXUe>P-1?q~6ac`=0sv6IdwgecoGpx;%uH2WoGk5r{2NU!=&d{LizoTIhkOCe zBJe1Ss#xj0b=WEVw(_pRT;E(j%Z&8Q3Xqf>Vuf@7C^r0U`l>Ui@2&sYV9;=Es*VON zm3#jEji&988>gnbYgLGY&*O_s^3nb?_xI>BS-|(r=Abe5yn=h6(ev?Xtg9y79v-3clvitLQK(+l$;VkQCAw|o z=i#JLGi|bm`ebskzG?XAbY3^7?vUjtX%>2Am*4xr!|(*fEVaT{z4X*$a`N%0LeEF3 zbni#$=aYrg!=%y2B}e#Q6#?$v-hrIt(+b)1_mc+teeU-5>(4Wlz+u%&=EyToU5WW6 zkqO$V%CcEGq#rK^S!J%+%cr)=Vw$#1w9&m3^Vt47r6Upidt*;V zomwRx;Ktp@q-UJkGV?^xTRrbvHS402`8&DBmr%^&b`qd1-`VF#D?*Mc{qWfffl$1 zr%zsIZ6EBLD3*1!Ep<%Wl(==#PU#ZKL4bmj2(PY6zC&La`A%;|^JY!${{;sPC$Nks+%y>Mjx!dTu!8PG_jR&S+|Wj~FGe;>1Db3YiJuy1 zUdM;CywXcHTA;%$(>Ba|@`PHW@tU$swPm6Bokip|W zG->09d8y~a-NpIUbRAY%$k+IztD7MDoiloiY@S)F(5D%29xbnrpUWR@-hd`i7G4V< zFR!5g5upRg9^g4WpUrhrC)-z1=Vp`LAlN=(-BKg_o7G`ag;#ywGU0IP&%Rxrd8Csb zk^i0EprGK1r;>^MBK06?J&bA9vKDvsSoVPzsTy8e)@U+*ck(K2G_)+vdSuyhl@#XB zg2?;miRX6(v+GM+kotY;QZ=Q$sXf_JM2fC~t3|r3mZ6&kq&e3tv#>A+H!b$^c`;&p zX+JWN0LtOz^joX6r|Uni%88==h(R(}jzv8&l8m7CBvYK#)`;OH$~HwL4kW!oYwV9OGA zczT|}=c@mRE$Ii3k-Ce$dcu@Ta-Uu(WGOT*#&8SiFxC(e>55wL3m3HE!sI^R@ZE=h z^m;dXi7us)5I}FpAnO&z8 zY}$rKD#v}H)-(yk_l5FcDKn>k>I}#F?fX-UQORpF^$G{**(0ZY65FBDB|Y#tP|w;bxOKaR_C57ZqD` zM5C6DhPzb6VZ7tVMGtRvH@c=AIB1{s(@zHFyu>!SASN^rR{SkRNt>`V|MX} zJL?YC##qGJY9Y{_KCKhyYRdDE3c||8kxLmWA_-c=njcK0?6slfsoU9dTHiP*GI=E6 zsqzabs7gmN&cj-#3_?b~&AA9o_)?fJ$+OcaxKydh@C19fcfG4rXeblWEgB3l^sg#q zqf_3rY{ucJvJd`PW{fXWchMRFw>VXEer zFtMp*3sa6f9xE$&rAJ*N)X`zu*QfeS; z=qw;mpDd-x%GveA9$ij*tD&!ScfB3rP2GX$kG0K}|u{1PyV{=8~p2#@zX$r-(!s~rxcH$u_KFkL? zuEAxlY4|_!@kQ6j7n~Q#FD%W^dUi>@AT$U*sG8nS6n6J{aD`mq9-pN_F93S?WQjn%?aq#Wb#Qe=ehH` z;82huMghxEw>BQcyeL)eoji^g7{R#ft&7;{=_?b}u_)v+LMWG>g(owel^yama?~N8}<{ zESfx@Ozk-4l{k_s17V)RUzYm;H8$ShON0 zxW);|vUg{&c;4|j+Y7s9Y^G(tNLF-B(#CZ&!Lg8~8=ziweq{ldK z#~}@@lhNNzfl6poG7RQ;+|M}r5v&?DzDM5sN%{;-QuGKhj=Zp9aps%od_AnlSZjck zeO7oY66hi_owdo6{-JdLfb9?QqCu#-w|3EWI6Ju}xUtAa%1Z(@Mh0G`?^q>(f+E~G z<=@Th-`rL#XVzOlY2rf@vCPiL^r z--KyThIR28?p>BoR0$JO_81;QjUaOWW8SiXH1u~CRS_Ob?9-=%o7*ZBQk*GU?OTsE zCl}I5$ln&Dy(c3Z&OP`Mkey6vBm#2cbw4E5a68-t7nCScTv0b=I=wI+(s?dbPc$_Z zkKvyKRi(|9ekl5SD6;HvDRCW?=AOTi{rD`vKHGv$4i;4RSLwS*`Pp)#F)Z%d82`Sj z0fCBx#|z{W4f`77z7JsRTk54O_HZVt1xy!;3ev4O%}gNI!QYOYHXhvG$d|JezDjzo zvelr-<|`MnCg_Bt^+S*!d<}m%*1m5b-wo0F2IDn7OUl^XpamP2@Jsk~lMe})15GJ5 z_x&__1LLgI7w@q7pr9$e}WP2U?>r!{x(M5_jYQ?1uw^fR+Wf!%Tk&IOA zZy=uCaRCi{eQs+&{RVBKko2U3tM+wo^6`KkE@$uAuVhPmW^c4 zZn)nSVd}#ZggxNHMx_n`tvA2)UZQVv`(Whe`YbJ)itbZL9TpV1UJU ztyNC4yEYWHF;pR7D>xT-*I!}tldT-uUdXS2IW>a(VUCglB#ezKxePe%Y!PA{LJ4!G z!xEb(^+xz_K=}aSFFrP~i$K2iN$0yF1{o# z(0wv$*&@OxUBg+QgkDev{+hE@P9t>wB$#hl7A%4#GXL5V)q-@G z*FwNcNTxZRfHkpT__@Z9gL*}RV}(r^4}9s6+sqsk_*2qIk%D_imgUtQ!PCx%I_YP> zOdAsV@1j#nB2!r$)GItHQ`*Keq>Io9laS8g6OC?L+;iYPjqaz4Iw5|bs8~3c{1m#B zKDQXuSrh<@hNlg)m0dxR&4X;m&z>rEZSpXke3a*<^ zG95WJ@2ty_sZaC3j-MQ7F_Sx(ZNYxv-wO}O2^55WEk+C=CcWX*Tfwy*GA}ea7qw>3 zeg@E$1;VE;cMdq#gya=pG6Y4`9gwrjr#ela1uc7XPas+@tyxUjG=fdCLxHoZ(XIF` z(cbW>yi3Uoyc@~}ms@HO)A^er^EX^kF8jjiCkur9cE^>ytJBc%ZCTzjUr#9Y4wT!F zZ~_@HzR4F1L+alysP_FE$MqF?CC08o?v%vK%W(yvMho`OpcfN*&?EaND*J%;PFZsn zN5ID#2kB@5pL^yXP36-}Dgg{Z4>Cy{G}tPV4BL?ogUnp^N+rURM^zJKSiFh`RC zO;&wfk1klqWu3nLU@@tS{4>Ut+~B(XAdkOqD_3Ms8Qhr@TeqhQ0+?Du&>Kn24Z0bw z0*uR#PLo=Q{oQdtb04ET7r}?P$lEa_=LJ9Ft%%I241zYI5MP-kaTKmWVDAn^7Ef-& z+0(Ed5?qcC`AAXscqU#)8W@c+8aTm@4;%>goXymLuIc>5)hDPvrpH>pJ-xNH$gQkT z5Y}seu5AbkE9cvh4yK@z<7VgY?41*nv2qBlH~Kt3eY#LdeqeC0lVK9eEuoS16RqDZBXLKl>B26 z82>;7^b>!`F~KL4YOvFR{lOqpZ2;EpG5;WfME5|OQRE5&wXzy=g&P+>S(LF{(fk1H z1_F!?1w*YW04~S(oUAcamxU;{Y}J7gx`a*)I?XUl_H4DYq?;yO1Od~=ldN?8s)<&> z(7ixxFsFsc%TfKFLd%$a$Ew0r!Mm=a{uzZRa{DE7m543#4C8qWEv4J`s%GMsdK-sUIN7bA+FXo|%1o|HE|z6W@V)f@86 zdJ)eEhl}Hut^HNHbz@^t}4AGvk|YY*hJJ<=xfUWZ+?Tp}Z3 zNOf!6Ig{c;1G{JX(C;#N*`dn}J!tAm)fkQzx}BsdYCc=Mx7A4Fine%L`;*pm>v*_V zTEfkE5ROOtYNLSQDn_uI4E{ICVm` zW!YLavjt~}n(-UD1S5J-r>Hw5!V6DmP=;CzF`&7AvuZ$B~t|!)gXM*ir<(NR%;6#Fj_53vs zik-9Wo5j1~!5a}l;p!E7G;ZDmfC@}Fk>sxv$RND;ulh^y1u>OgXSYPUbP0myzjvJ6 z*=RB_T?LM0Hy#VpCF{+iY>?xYOK}b>G|yE#ZJbd;)OYgeGZuP}Jp|twL5E0F9F`?Z zm%IW*U@PU;v$U)-4K&QG;cw@@!29KuaOqE9U5ZH<=f0iej*&2?y8?uxsARpUO^TXj zQKJ>r<79p7HW79F1Vt!{6hN$vH`jk!E^>mKlIuf;(D5(Ogbrf^x$?(_pJCLA3`4E22@2$G|gR#%!+1H@hHs?rEmXFc9YZGGoRD4rcgB0tl`S$njbQ_G{z?ON4-KoY-FpONO-V z0&Q7YbYiESrQBp0#tfe3QkA%|2HC~*=njG`KmNqGP=&K=wNptxh3b8*6kd`jUgQv( z_w1-;7h=tE6m+Xf2x>z}Gk%n@0_Zn?e17W|i?UJ!1{M@;;5z%eU{# zz@syo|U#@`QzYgjC?WCEW22n^Y3s=xZYrbXl& z?K^~eNq(8IWtb+Zve@8*#stBjgcxi>&sbcrRrFw2w&8jhjlQ4wnDx*u2L^pyFu!Mm zFL|20aY4n^@%I35H2-eWT)A$3XevJOwHp87WEFlr3tyN_)JY~zCHRVGxd5M?S;!bz zh4(hsL|WFg@GI?E9kM|E*oyoSIO~%>co$`vG|XopDf~AC8&Kv$8rnnX&7j+6iPE8_ zAXKM*M>ziKRCI(-2!Nf@e2Ch1}i)rSi1?!StNUHA;Recx@O3;F1LW>p-4&Z|V`6 zvuEfYg7+_xzPi?m1qml=S{qEQ;h`)UJp7JgV3`0J48eY`Obpl7Pj3wZp%es%kD#_7 zEWrr~C~RP+S8TKhGOM@ez47xVkPLDwgHttR58>#dV5s#dgntH+Pywu8)=h(mm@JrhET*RUYPbVLL7F4UTo2vYWG!59F+Vtx zHtiy8$x}0x1>HPitc*m%^X}ogwibJMPlC0Bx6Bx{e;m6b`!evgL&76*-)LV}F}yJk z_&$1^at`LvhalF?{$P1n73}=}jA}UGBAC`T%XSK90rMf2)1Fk=N(JrR0ZLq|Z#b=_ z94!xO7xhyxY|uCiSt!?GennSzuE)mUtAVRl={>3+ZKO3vlt9yRG5$aj`=gUo@Yu@;F$etWKV|d~XnwR(xqs6&xYEZ2gdt&n z%B=I?LuCo{PT;o^dj;;C7v>qyy$bZ1@Qbio0Y{{= zi`3*0j)PX_n7sf?m%kRaKx?$C0YBI%E1!*od#xbSEcu1@V0bq^@rL%*+)!Iizp?r} zdN8eG=AwZ@8uoZ^nL^$vM>kPMOBEl};Pjve?OFIq9x5O**wmj8`ZU zC#B(#1z20C4G)#{h*7Bae44S2=Ps$ADeP*gF%WmP`XX|74fKumyG|=Y*{s0~2qe`m zt!FXLUbm1XBnmCzJdf1X26Edv6bVJBmj?F~ zDJW7jv7|pl=wpPnFioc<98q=FmGsIg-I1x%*;7p;vr=G?JPJxB3y&cJsu0Sujq=EK zo|;JPTI_E5ZxOgX2k+w3eBX7Ll|QJs8&wE1r%)^d0yssRpx%j(Ejdey2cy5s^=4lPV8R6s)(It|T?o!@c^rOkJd8fTEtwa>n?A0uQaAx0*M&8brcF?_!RaaZOeY% zGy1$pw&zD#ug`eaN|x0jFiV=aOrN(P#>jUv9$b_V>QZBaXX zGCUawI4Y`{go*myt`9HG<%80c9F}_*lhFZ+1rC==RWJ~^=Oygr)Ey)nOUQs@RY}{7 zgd+f6FW`WxdfKFZLKb~JE<7YBxQ_+1NVFh`23sGk@@7bIo6d$tyRc2+Bzx|bmsx{g z6@M3w6m=wA;vR|VrXW^d*CS2z>RK;R@GqywdaV zCb!U^V;vXlR0(#EI9NvsF3rTPks27tEnD8tJXG#fpGmLnSS}N&VjDf2u+Z zX{E18*LVaHt-Gi?8ZZVci+Xss_x@7}0_bgEt%R-5r#(wKPkcbNuX6?#Yvj1|IB(F5 zG{MIv9slX5;JGUM?j&Py!8v9`wrY|1!psxaaSihC@rH-6o60f=cNVj7INS&|5hyPcUP}bG+h2~j!0Vi_Jckze;VZWKXMQ`E zvux1mm!x_G;FNgILnFycmG2O-#pP##h5il`wU&ccwHd$sPEtXG;eez;rmR@u-sS4l zBa&oVThc9!#ZDuQ&s(9Q@MZQL->I#~7?8cynE@d5t0qaDj3D+ zc=*=t?-l%?u9|YH-q!ispv_euWXtQ9ycYtmCL`WZ^)K}IaGmt?mk<|*IHj?>TFI+q zPS-pGi3jA6Ce@jkYPX_7cTc3XKh5nC@-=5mCt;B?phYz(tD>L9gd*))F7HkoY1|vsq|{)}A>u^rTp5M&=-^d>Ts` zA+^dI`a&ea2W!JmGJf#%Pi6Alf-M6J!d1m`($fINq8w4kQ*t-Pi+ZOEr=%JhMdJ>vl{R_G-=(qV#PhXwy7+mP&ssZnGQRR6__`nZRXFM*}q0l9ir zi2A5JjbCFjOcCu411mIIB;KNFVg26X(LfK*-@H^jm!2b7<;^E2Nn!gt#}u*P%B#$J zX$4%qs1McTFFa1YBgW5Sf)DWvV*nJVX%AFKywQxh^MISwN1RNvUf{Us53OY-%rtfr zv4QsTZAL~edr`pd5H9~k{;01>btj_OnxnWHL;Pz^fT-)36 zd-rxM*$sj-vctQLaQ$k^nzYmdvSl%^AU5@7brv{~>?!-WM?hdX*yJj};}jD@n8zCh zo?95#>N?|#OK4Gk4_#g3&8!JRdJrQB^uomkk^^^-A$A52VFQQonSV!ZlCqdb66k__ zTgW5z{%IX*Ca!@|{9S9pj}E2S5Yl%7hVbvKE&vJz)TCSl3P`5O-o=%qWLIS161}uc zJmXmO$~*SMLyC|wrWP(P8`=rXts#VeF(eTbYRqbGtxh@JltxSVtf5}a6A`IQ zvS<>4#Jytdm0}+iJNc|_P!H(RPRzGB5eRyNXEW*yA54mE$OQ~|#4s>qKP!RMUe-BG zpYty6lD;be(6#_PpVz3btQi4%lK7U1H$h_yWRtpVqCsr$Y zXd&cfL`LIB^-oBAd=y=id)8^kU>~yF!Y0cS@zwh0(9>AAgoLy%U)RQ_Jg?4=oBhs7 zu2}k=4foIVi5Kob)Gk4a6(_QOQv@n+&wk3RDNODjJFES}R;<5aht<2QZL@~shBYpSU?S?U?-S(RdwJRGFkh5oq*Ol#%>K< zesPS4ig|_AXa~xz5vBN9ii>qqbiZWy>3DmjJ~!LisT{X>cAj?0?Avan%&Nv`GQ0hOIZDCGz3$1*fgCPELaYsCYWH zRbNcX%cl`n{~POP5Zig5FAm5xR|6z$bV@V3pQxHH_6irRMzED1>>*~&+qQs_wV!=T zehjHc%W|7h+s)fWoG3wBX3yS$u0*Gd2W?9rogT@E1ei;Wdoz#O$>#zyj%_l6@iY2>K6rKQP zn|r8)kkg6{{NFCHp}35c_ycAf5BSdDbNJ2YU!Tuk5pi3hqtkKvm;N8A;$v{)VuW0H zZ8B=L=EiRA`dTe2jQDAcrQ5u1wv?Uwjh~df0p>m_b_D&1Gv?M=U6J4UjjAnN{G<7o zozgbGUweb30;22vP0Ibx-pZTnMavRj$P8&;+Gds6t!`2%P0Z(PS|eO;&#ISY{U0tU z=&gS{^zEuYF3dJQm;L8%H*y7ciuj2-b_a_oUuutr!`0OM-v$2DEk&`bziYsd0Dxh) z|L2B7=709&=OnMkegC8qc1`n$N4pIH!etRGtbS=%bfu?eyKX%S+aDEMZtJAD=zg66 znnaz7O$Qv`|A&L+Ng#SOSltw2NlN9IHPTo*AH6i;k-ThMU!w>@I_KE6Kee2wOv2&8 z@%3}l*#2Tk4Uk7z;Ko(mWzRg4^GnbfBNN<8mnwE~W505faanUm?6??BX5V9kHJyzQ ziP;-rFr@_b#zwTV;E5svY?$xpntHV@uXLD?bMmsqR(#+D9Lc)8SintDy6Lw*dvm={ zb={Q+^KK9>?G_dPKELeq2YFK30QL`Q0;0@Zrye^0siTh0L;2sqdGd*2inhCq%~65TeFj8zxl($1do9NYU6@Gr{SdUDY8c? zbQrloJu)kum0VCkx;Tw+FbtTK;$a|Q#FD`dtUMmTB~EWh*3JSv)bdEb!S^1!%4)fx z{Oe68@p!QwMbLW&^!wGR@(-%-3?@HWe#;%+p2Nz(X^%zivv39y533f^$1p-?aw5}- zG!~4!5S6uYz2jr?#msx;6wlANjuLi}l5)PtPVrkz^EaLwjA7>(j3q#j6}oPn@UQnW zp3H}edyf>)pY|GmLHzDW`utZh{;hIy*W)%g;lm8bP9RoL5AX9S1fSLUBop8mH5#K& z4dLy3TXfSX@5)Gz=p()gDRmyoKqmb@UM}CC37%^Odi*>;_Iv$(-}aX=yj~w}dux0B zFTUQ)zRx*g4SGNBe)?Z+3-tJYeT>#JwEBmpGt_RwpRO0g_O5(=nS5;v^oH1afBZd8 zU!LC1%W|*ABBy5i5_d~ec9zI$Uf@kIm(QB^Mo{4p@#ok^xSX9V3Z8o$Z+>^ZRO#RY zIb2t1W8vK3YD(u3+88_6w!0(0DpHT2=W8NvRp#X54jV6^3m-=mXHun~bo>c1%XH&? zd(%w3&akm1;ra|I&_vhD0OzFh<%eu%9m-_RfbKr8(u@%Ag+|B^orS5+jd&{jUH9$8pV^=}r&xt$EzhhelhJLqLR+04vH(dvcsDj&eWCXjV zyrW5yJkunMtPn!t&xkwTFD(ng(8?yMeXrx2L+v+*o)#Z4bn-FkVkS*A-s0H3(r30g zV3=f6v^mWGIJi_zWx|N21{i{6(MncfNi>%QMSG1f_As^F+N$B=4v{TttDP@0(Kl)1 z+6Ipb7RMSpuLR2( z1{QcTCy1CNval92nOppa;i7dlh+^w&uzBM0jccPW9E*TUUvNaw{>Zzp&KOH$eU)OJNdUjO%{K zyz5z_f1?Oz)TVq3t_iCu?%w($b~4JSu<(Ud(QPma6v1aS4`rP+s8-R|D4E5426`fn ziiL`|awGAYV!|h7uP|cLyW{tW7~{zB0pXc9s?PPWOCp|n!z`u(&9x#a1*oFwA4qZp zm7+GZG$~LNzP|EHIe92S7MI2bRbJIxuPM`H$hTU$8M(s>!bB#T3|^UU#oqc_Lq^xk z&-N)0Ok`rn;I;Uc@fTYYFpNv`yeFwK7rj|pGRF61 z3UdE#?f-0wR8XP2r_wXMR!G88R3tqHQ#7>^lEcpzcXa-{{NLKS5`U=LHay6hYz+}j zWeH#f>duN3dN5BqJkd@GNc^5d5u8LVQ;{Jm54X8$ zZ`*^F!(Q7JX7AeQ7c;xgc&=bCi|2Z+RNI!_=cRMl^xdJ`aly0+rkboGr}Nhz+wH-y zgfDt^9aHBzWCKJDG*f~anZ78gZJ0&v2208`P zbxQRzKN3vs3v8Mw^%xv$p$LZTfFh3xk~6rTh2feguW_DZI4|=Tigc03{(>rP8nGac zmcTx{dX-{e7B(2gLKvNBdngtqNSqpOp`iA%A8c4mOP8yL-jCpq$Cb(Y!uZ-=tixkk zNYq7lj)|OZ-{Xh*wJtx3#V^LS9{u zZgmT1bwp0LwM>gtdEJ*J!XRiq_4vCe5n@B=(vsK9iOF}sUspn=>HTJ9pTX!}uxYP~ zHckV3<|r5rwLPl18BY`|5Z}ejzChBn$6lik-};hQ5h1$&lHBmA&gp`}yC{@Jt(OPM@W{aVb+i+y)ix!HAb4-q4$Zn|nb(|k< z+DWmko2#w>8DY9dO!=O76)S){Vd4A&vF89kYP|Ox_~^KhgC`Ih`C6j8l^h7UGOr z;Zb?4uTu@-x8s~=BC?y9^&4wXI~Fn9qA(igSaEtD4lp$5;vG77I3v6;&sCN`%^7kg z^JesmFE?4{Ppqadnh50_#WO1cHMp~eZvr^ZUJ&3_GhS(e;*FYL(99_bm7yx{8GFHQ z09!w)Nzf*H2vTp`U8xsd_VCDWziA^-sHKup%E@OL6be5LMY>uX<|83Y6 z)A#&;pxJXBc!QIvpSN>dsy9C%g|+Ooa1P-l7zL^0m|P2qmX!^gCjPX<1g3_Y)=}cd z^9;o$pmkj5JU$U;RC73JvTlmK7}vH!Xm#Bb4Oz#%(1MQfC>>;g60jL^&p_ugBcmq^ z%WPH`*mxrQeGan2d zY2@hbiALK;>3ZoBitsE*1VxytgTPS^*S02NkJJ@o^pWzVCCv{&R}se9aP8okn^D3P zGv5Lq(+J;{bW><4*7{Zt@(c1YSG(e1)wn2UbMr@DlAbXUI%@SCf;&lPjKB`>Qo`*P z=&-igZ~~Egm;tKuVGVC{wY(S^kKX{|o5Gs~90ZtfnHgU)MIzE6hme9>5n@UQu0Xko zB#l4OWuMQJ?X+j^G^ZW&)^b}2OFMhHsT>OR6r~37s^upyJOH(3#Go`*lHU5L3=YMH z`FzYxGb11Vvl6%B^2L{&R?b<4 z`h3D(NGZ$rco)LC#D5quXPSZkaQEy-4ClLtrA!v4VShXfnuI#AR)V=4$oz=GdDdIH z7RTOAvYDY57cv9q7*`&0oq?kz?5{hOEH<7VFfNNuU{YqZ5-8lRcMPSi!;z{35r_uD z=J1$t!}|)ShRUFrtb{L;yl6+07A>yj`43l*DW5d+XFE)E!2bq3B*lMP4T`|nl7F0d3uX<&?#V>=pW4j*#hm=ztVeA3o~ z8{DEd8f6miSuSBta$3qtD%vwa=cROvSbS=9du3b!co*kZPMthRfxM=B4}Go+rfGdd zJ$~8yNMa(BC$+S9;_=QLfNA>R2W-AWWMAP^g=Zj|JrTx65)@q7O1gv!V~x>FG?@=s z8YU}F7Qz?m>%Y`)^a9;ChM=pOoD$N{T#xVmDI~B}k z1l6&CtPfZOIg4I&U_3Y{_i1e_W(_U#~t^FVoFy2VKG30!|Ec7j3K9zVygXFmOJ%pMVd`A$k}w4yiI_ z1HC1e3oXa|hpNn!(Y2Cx{(qvrbWp%wVv0u76pIy3cq1Xnso67W7$qvlWJ zOyY8kueLgvPfZ17%MK|JfAs~XcK?Jf8#xjsM1J;3jw@p-dMPRQb^qDxBUUEnxf-~p zpm5d*vw&BJC)o(LPOTZuhcqb?eH&c4gyF|Z5?}%U9TEpG(**9MmbAGSY58I{Bsc%mZSFxF5P9&353z!8L9;Tnr z9y%N#};9z}3_1nq|$E)IM zRO46s>|dMGaGnoVUtg_uv6ad>X0;|!BXWfsnO(oG&O_E+$WB?5^l&Y?>!UrwvX$NQV?c(1MzeT5y~-A;l&uy4Yg zswJ7*o#iSn#0d1&StSfzD1S53QAcxZTxFBUtE`~Xz2g;R>UYm>*`;bP_iDa@GpQ^$ zLQG48n|udl=2#>mDrUMocWS^7`bl=9zP{@Asz6>&1Ec+U&NctYZd|qYQHnjrl|VK7 zF!YHIAF&f-ucT>rKrG%9nc~B!F(4t^uN3Z2>56m`$XbvQ_(H-3+Jd*TXrcHXvYkjO)7-&IngpTFB$1`7(mfrF-1p)md#*HH&h>u00AjnZdXTBYQ!vJGW#N+*Zp+gO zE_q*TGlx;(!L%ijb`N}cy{Yr%@Vfultoq$QRfN(v1C&aRYWmM(X-ai>D!RU$H>$;* zaE=|UvmC_R1`kJr99~<>9I}6OgK1^x8iR6f-n?Sm1<)qXy0*_Vmyc;er9{E>i=Bd6 zb~?#@n!2lV?rH%v#gz0+VZ1Vsvfr7OD4_c`6=0bRP!rGgGt;bHUH>K8e`y8+-A`=N zo&I)vewiit<3M(FZ?W55Hu0(QNG%C-WT@;7adQP?f&LS{9zk{?3l^~jC&ks-%pTd; zhH;nrchcx1>Y`G%VPI~@67%7t6>tB*U3KhLHt3R!l_+cKOr`u*eu`*SYKJwKBfFa@ z@59^KMpcKLPxjRC)fkW~Xs1vkg(gGYQx+9ZBuWZa^OB$dJ=o1x${Jyw%tqyS8SggHDr2+Ix1sYyz9<#QC6` zrX{MS&u-i`^FOslb3vs+s3s|9(f(z2Uh2i$fnGuGqLwF7tcYhU38AXY!_V7W*tX;h zPp{XwkFVYl1CRACa>s|EFbo9~S5clf-i8K+8d|$ZQ)4J#kA=u|r9tg0Yf>x0)_*}T zPknX%WNCC_ehN zYyU&37_R**z^|&QKLZp1r^rtls{0Lp)sFnxa0F0e`u|Fj`*HRw3I0F=GybM4xZilc z4%!dnL_jR+YdQNrs%ZO7_v=ReFwFp_XMpK`6{-CI`=vF006gXT$MN5UHuj_JFTwwT zGII2L1p5o}_ap3o;`ReU0+`kVfqWHa{MnCh&)@c={5tvkfdK;9!$F`Q1M)vp(ft6w wj^RH8TsQm~;O`NAzxl5n^Uvm8#y^?=-A%)_X#tXfK+M2G5AZb2 Date: Fri, 19 Apr 2024 00:14:20 +0200 Subject: [PATCH 2/2] typo --- backend/library/libraries/ecc-1.yaml | 2 +- tools/ecc/ecc-1.xlsx | Bin 23479 -> 23458 bytes 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/library/libraries/ecc-1.yaml b/backend/library/libraries/ecc-1.yaml index 93a1fd41a..b6c01ceeb 100644 --- a/backend/library/libraries/ecc-1.yaml +++ b/backend/library/libraries/ecc-1.yaml @@ -2,7 +2,7 @@ urn: urn:intuitem:risk:library:ecc-1 locale: en ref_id: essential-cybersecurity-controls name: Essential Cybersecurity Controls -description: "The saudi National Cybersecurity Authority developed the essential cybersecurity\ +description: "The Saudi National Cybersecurity Authority developed the essential cybersecurity\ \ controls (ECC \u2013 1: 2018)\nafter conducting a comprehensive study of multiple\ \ national\nand international cybersecurity frameworks and standards.\nReference:\ \ https://nca.gov.sa/en/legislation?item=191&slug=controls-list" diff --git a/tools/ecc/ecc-1.xlsx b/tools/ecc/ecc-1.xlsx index cbc1395860b701febfb398ded98990868b29836a..c5eac26596f7fcf6e9142039839b6fff8ddea558 100644 GIT binary patch delta 14967 zcmY+rV{~Or)HNF0wr!(h+qP||qZ6xxPSUY$+qP}nwr-yHe)qlOJ3sa~V^ytMYtCA= z_o+I2Ha7$3H3Qd>Km$C>BAFCHfqa)geu~1a?ijJcDqr%@pM%+5$WSw_3!rtNgw%o#_|H zg~u=3OZgLMxBN}1)#Tu17g?8R2d#2trsVXDw(m)FRc3Pth}DY? zM-G*lvZR)lI+*#w_t4o5yBG$g5iQwyz^jVR3iVoLmuUSp!=+Q25zx5V|5Rt=mY(E+ zG;@-)D)7pV2tjcSGjqXH_e6HXr1xj4 z(Y)oT%_7ixL6UAU<|F5*4<}*;J_|KCTBOHTF(l{hA@aH5w`u$4HcqOBWJFrC(gyE} z1x^{!EPogZHI_G^qf16`l7Q`&<7Zy~1HCxrTk1f2a{`RJl!IlYsD_q@;_xR%1H;(s zy{Wait;{Qfv}SsLdC;PTrGZ!nq|Yd0%!hR47rAPykwXFIcQ}uvYa*LqVZ@4W6wz_M zi6@TT15#(^3bkQ%dWPyc>~Y5(NzK69vHQKriiXke1uSJ#;gLe29`zsgv-82HN<4GU zGL;abssZ)5lFJ%zFr%Q6XzOcTO{>^^?6QLgr`~Bt`W*5i%h}?o=f%APnJ=an=0Z4y zrWl1=t>2&-N=g%Cc5&w8&=~x!AKE3p;Qa0z7`G}2Em&TfoS_@?Zv_Z0bv0p2x;R0G7{Ef(wUG#uW29g z>9$cpxuFzCtP|kRw$wHWs-m$2(Q#GQxoyk4ydj-e5}i>i2YOc~o~J$irU_%Toz@zj$H7;sVpn^Bp~y^R|*KxQC%?u zmPe-aEVVa+<~Qs;^oXLakd&m!KhJ>*MgLsYygvJ|sZuPfcY_gy;kw~fq6`QHn?uk zhiOIu8uHm*mY2~$FyO|Y1eqKVHOm7z2;OR!wc7Hc39K)CM5PK}9o!i&lGl$L^?!mN`}CUKv_^+o2d zmq)Ac$$8*$EQ;!HXSN+V75KU3et-YZi_HH7v@Qt+q`TsuLA0Aj!A*-(|+^0c?R-9Poz?=uDh{>$jGuExu^&*5pS zn@>keZD-E8`9`S1v!Kc$_82gK#ssAkVtu` zL4c07zfjpCv=DAD2S}(qixGGB427T&u2Az&Gm74bU8R|GxyES6 zNjxigMYLVf2uR>@Up;W^>sabI1B`+aVrj2~+QJV=gxB>u&Y&?8kZxr&^hLpnB$!3MGhtuKF za!Mt&;a9q;NZ!|{QD0@g*G~@vz@wbnB68MbxkL8Ex!3E_O-YskGj3b3StJ<-1hwO|l&sQ?-!&3qE(N;g_yN{Pq zk8ObJsmJ!hHoja;7k5SX`_W&(nZ)t4Mv4oIUZRyRq27|2E+yylrhzX_O^US|g%V%v zx#gOdW$NJXN47TVJ-Ba~`v&>_U!8JgQ037{X1C9#+WUySeDrs1veoMB?&M{#ADx=! zRv8KjCk&OxN~xw;01UI+OnyBIPFkN}zDfW>TSA}p+d22SY!wS_BnIupy&B47{5hL~ zxkA1cvmSkXM!!?mEedO=oH^vI*rlItWzu-wfkM?)?E_hw$#edm_E+?M`27QCs-Eh< zS>8&7W2p$_x&w&u@TakZU(__hiB>lkY9eXoa5GZ#sMxEEg?2j>d6B7tN z4aIhkH+#&S(2)`%J-94#EbW`36Tx&TmH;a>)|DCbz zzjKpMFICb^ehGUklQGO$2YFsCdV&T3Xo!Wnd*0ZSwj!ad2UZ^vW~QrRaGG_L9C(Hp zqR`Fev&_IXS?uGyHy?1h%9ukpr$BCI^*z#L-?fQ(kM>Ri+e>++#~1DzjIuD;#P|D& z(C=7kXu2O-avyNhIyR*wCSkUVDS{y{A}VxXfeBPs!bvFuNuS9cXo6 z-y4(jbV^mU2MS#_SWr-WjMfu?Qf;#oGWUR}$6qqV?7tIqV++baHSRs<@;zA6&6EPH zOn7b|(%7N*S=pTYoL>FDOD{S*?TFlUM;mCQH?%TF(e{EhRyy0n=993pehIh9*H6qK zO)-p9xV1?h$c#)WN1zk&ZLav5r!aHSB7ylGk!~?kQYpwxptkBpqDH`t z{HfJX)zWs+P<)1;w*=b~TSwMxm{Jd_s018{(WNLeKc()in$nagEn$b)$%6ktO-fLq zC7a~l6LeX8)qHz6sK<@~)|?MS0@fq)|0cXBV&s@xsw}E|si%IJfX4_URII7y_wpv@ zD>Yd@V5?PLWU@50S28J$-DdYCJ{=>sI8us8AI)vUQt6p9wlz@c98z1ELmTb&iAH~! zvp3GLFCI?Jl}Te*G0+*XhaPZ*V&(blV;8pY5ZUOb8LN$VOYMCDIKY&$`MI zz+VsstbNcmLa(ZYIz1H6^St`kpMuW0@t3H=mhKglnDSlnBjP<>MQeVUcyXZ|Cc~RS zVr=Nxr>Fb4R(zQN!WI#k{ynk?Pq3QciYfMyWF>SW-F;iNEzDoiH2998vsU~2b;CMB3Y+3D>sdj@C*&0g&Y`*(ypKxd*}z zzZg^1ra9lS`HL2hEu-ujhZJdUd0*Msw#7hjy~KHhRuVPPlZTHHIYjUr2T3d_(?ly!0{J0_*dIV-Jbjeob&+a?CilS z*qHKzh;E;FFjpaDP#3wy%dg|rfY)262j4*aFkckFQ98!$c5fNqb=Wf@c{N;{@bBKp5`bw-ljgZE9v=ri$Hb{56YNNo{-O?#i2cn?!gLq4uJXF$HOk4Tml7{le$rk-2kIFM&xEH%Sk+ z*qOJz6Bp-eeQF9+T?AD!9kzzh!AG|~%zUyC0n}KM&7nU2TaTvQzrE3gW%i#qF+ncW zF}?{-Cgz440DUv=C5wW5N^Dhfy`Djuym;FLfC65>T|&ZS1g@r!`|0FZ`204u3os2; zJ~Ik!tGfYgLdLM7WiYo3kmbG#SC~CrbE7g4NN&HU2ncz@x`}B{_xjQ+WPEw#`CCkA zsqH(85dMBnCV8`zI$dSYg5qD@aOQT|+m~W#S?P9a6gbDGV*5+zCUpRW6Xd)K>8}(} z0G#cI5_&nxoJ{cF^b&#Eww&6&Qj1eH?EX!vyesg5`v`!!eoI-XMa^g53q(9BVZ3Gq z@uCvW@-}gM%>0QmW|?)$8(ek#8-vuHc>*_L%iIoR-8A2KUcq86WpmgL&UwMpA0=h) z$xXE^ayFCS7K+-CY^}+BQmfF+P4uTSfQXU4h+DR|)ge3q4(4HCm$q~CKt5#G3zok? zOAkGk$KzcyxhhSE^9h&nPFL&9!k+B|Vq2*@lCXznDX0zvzoxE9d2HPUoVE}n6k1*f zIH88HvME3zU2V^^3B0W?t#=j-+z`)#U`fRBmm`9)5390?QxqKz1Kj+gV_@a+0iU0s z1a_=_D)EA{!bIz0obRN>z+k+al)S7h@3=H-Mdwe<4FdgdF!|NdDJ^}btCShL}XE&FNg##(+{b8VeI$JaQVRZhP8 zOeE1jXe4h~Q(}bAr#_w?hv(~I0F3=gvLL>1$7?h;Q@4PdhOfVhhenoPw!h?(3Xrr| z%^FOKX155ZrWkmL`{F8&)V4j~DJelR|88^0ZtzFJOKkLd0`aO)@AZqCt}_N6%|wI7 z+Y8492aU*=6^=WGnf?l+sm`;8seVyOS!{4$bm%L$2^<}Yn^VFZq(ju|15`s+_GGIg zWoD#V^R9;^4-^-<+=9pvV1@#^Y5aRec5Wfr3R)DROblL(c`N_atzk;k!Q5#5gDL^n zLGaQ7St8!z@=f9;`1$oI&PGVh*goVI2(2pp55oDphUBFu_@lc;;L0sqM>s2`(4i*i ziNGoXzRMV?V&OQvdO7%I7(my9U54?38pY6wAd!r7wo)S&fIoLLQp4_VWCX9vbTnbv ztyyVieki5@PI>?c+hfx$<5H3*Df641QNZfRf!4!u(W)-vx1z?G(Vc|a;cpE3M z>g>!SDw?0|GF}Vk#w(f4`pt-NSmv*16Q|U<>p#GqcB3~u8$vDvSxD4;X1(Z}nRnT1 zZMrIcZX4ZBm8094^^k`T-wxy-J&q2v^LM$-;vB12P?LnD>r6qiM;iPd!#uY4^>HIC ze`U3)XnD4N^6qp3AJD}`C9`iC>K&ic46L;{Q|5_1u$;p+frfB{LC^>bVD3Wo%$367 zf{%80&2lcVLZY?(ngYivB#+5z~Jo6VqFaG7jlMU>u43B`hJ)j44 zEPdn9tBZ0YDQnAq3_DzT8Gu}c6nwwRRM*rxz5q zL8s2?(!o-$lA|~X2{S2Tj}nL@cON z=q~6H+0i5sZFhCwjlU0O8WfZL7B0N`)UEcZ4+u0BT zSQ>!Z8RW-P`e&5TWrmh|+0Q?j^p1on6>%vkkx&;Tcz}+^n^+5b%DtH9^k``0yS~bEn76>9F2!ff)H^{Z;<$xoWY@pV*g7U^E z3jm-N)Lm8lHUZArAM3YxH{oU10$EWJ8Z{c`Ts6+?LzT0TAJU+OyIKww!Ew=;!T3cm zG943E!+VRA0q%l~G_R(MjaUG$pQkY^s-c#S`628t2X8#>?J+M1${n$(aR(#@%%8Jm zkN9U$BJ+^;j(qybSPeWTK2UN2+&6> zv{qthh~H~VN{0CcV;BRKPfj!`-9@LrG>EcQVhv2S<&2<-_+>apTys2PVm30rPfeoD zGa72`6`m{3j4>jAy|dA|y9;Y}M%kgC^{~zL181di_}DZ}dQ9-mYf_1^w| z{9N}nQHCtIb*GYIeqMV&fXbu+20-FwSFaRTT+RmTOj@#5f=Xkg%`zxAh{&8jThjGD z6R9}FHKNa9M=v#}-ZT%~xxY}N4tbsJCr|ZoWr5|WfgV*BkN@S`yo6;itf+Vjz|dJ_ z-hm+~k%%!EG?xanCPZ|6x+8!`wURfa;4{CU`8q+O$*?OVH=w_^@84Wk05m4bIf$m1 zM>_@6AkF})u*@>ACY0IAiNduTT_eP0g#!f1Q`jW?h#nF#HY0_HhAdjN9e~OF9qrButM3UK#dR9>k6-mVH%oV&Aci}bJs?X79P#`KxEg}wnbNXakC5N|2o^{4&lin&KwTvIQK*!Fy z)N7Iy4ev=igY#fCic|;pwMncGyQ%FF)otp$lR8~)_O?%D0<^JlO-~_lT-fb!y^m z;arl7E}TQ*=qpnP0)b)BMtC(+9}rZ~KT(=RATc|XeTKaF68(FrJ$JXy_O;BdEV!&i zmjt~jV>jx{602E{g18c40`qL3fOwHq!SO}+Dq9HS24JzuAWBovlkl{Q*Gnz=_Wbia z(DBFP5_c68YXuTeQ+?Q-PB_=L-=WjbX_5#ZaSw-F>s>P{VT8R}r#C!#GFvW1_-n@0 z;@P0%dfV%QFIU|ud0-GqiZtoo zta)&w3xJTMMvBDSO~%D?UlED6Z>lfDr#;NtBLx|nix~|+`_Lxj=N!WOirkd@#1V4!;Ub(_!x}&9=v)DZSrpy^kv~M zkhx!qfu{z`mpR^G89K2=uST(JFT3)$1ps_?mZXO_`1um^bm zCNL7)zf$VKY7ykdDr)ShD6$XgtB*4t&lS+mFt~~xnwLf=Dk}VE-YW$_aT8cUI;DHU7-9o{9fC@)IRV9DSF5*3${aF8Btug)ow^+$=m0sovZJnl`L( zv9BEj6CzqYwinaNN0-sNaT`HPGXkdB1_U!T+ELQ}DA4i-mFMGsjyZrn0i?|@IfE2F zx?Cbir!?PY?Mdl9Ng*Z$t=vOGKptSpn#jFgq^g~?GURQKyKon=Wi6ff z2U6E>q6$m;>mkEo=dtSPP>65==Yhd{_7_ig!U^Q*sF-8;Ou(|Wg)d+>8TqPwSY{ae z$(1~`4PlBCSKc>#8Kq~ zj0F#a^&iw(aQe{EUi_2U`&;tl@8~rRxGJWuL$bFX>2g0ZiMf}KzS}A0Ihr8rnXiY) zTfUnTVwli1E9Z2@P)ooYb~Fo68#OXNM?|9Wgc~fuN?MWj!nphTjJ~A)=a>Ny2UEy- zE%A3#yw}yNcen4#)*<#U&PN_wTM4?rdrLEZH|~-f6RERa!x!DPty{^N z59lqT0ErPB%n2oP<_A8b><1wTu9B=H7X1rQQyS}kxeTv;q)Y&_F?}RqBVx-qNrnm) zoNRmkO9Z& zOXK`0ejnjhKDmdfRmOPSqE}q02OZ_Rs!a*!KeCe?F6|ehSrPz<-W}nzhAIE6)v2B| z^a|hIjbSgaYB&LYUsr4LvTGa>+@f-OclLFcXS((LpM@S0RZ z%#-<)jJYto`JLkT4Vrt4BlEC{p)UOtx|3+;W#YpuQ9$`m6J)nG!STgaK#8(WWcNOZ+UY~5HRMOTf!DSKwhKg!J>nTZiFXs&4~nwhJ>-Z@ZdE#?U?%# zH*o-GA@t>@+H535I^UKcp6HSpn2kPVC@d-Ac@D9e-Jn_EaA;J7LqG=~gC7pOz*BLA^f?yPwX8`w z{NRiMJ5(ieR+Td{7~6><;pzTEtQch?B>?~$EMv^#hhF|YMjINk7ZdM;tU7(W5m4!U=4114pKf)OJ&U9{ zbK)@@gAA#9mfhqpY;PIRm_U&D_o{$D=#>>1aG59ZO`9tP$i?&C&MT6}j78CYRjMn} zEpN@3&!6?p8?RgXt?pI-& zx%=?qcuox2NR_Z!zfPH2p{8*Xv=^)wO?+0!?ArQssq{qwjMiC@@EfQlWp`=Wht%ha zMUfUdYP8KKAu(FZN@IW%uv4hU4hIpta}YotLKz_#lgAdI?VSSYSAzK|YxF1v}sxC749CsyLBe zw~#aWaP)e?wjN56UZoa@%e8w6gYDpA zf@XR373WlNGU>G>yBiDFZ0JJ3;!9mM73|~d?N1Clp21|cG9m>c+7dxl-ix$c6$c~; zwM!G;JM!p4X>q62p#@tMFK4fzt1fxwef+!=7kEHrCa9*Z8h`;B01_lIur=3J)F#os zoz^8OP`gjV=(2&{!OhEoR6A&f=q8`;UptRub`%v}uyyO{nIY+q3(J5Wl=n#&fsE|) zUS%!d+M)5cgjk!MF&w$>Jw5kXP`3 zy$Ns1%+coX3xM1c0M|qvW53@o!7L@Tu<}1E%(|1Hm6?LO4#APWEE)WRp#y6da)bTJ z*ErkS;^uCMcimxsj^`&_NS-@~{CG=H$;5I>#7~wXhULIpL3p%;v#t9i1A|T3t?V>Q zW$F^?h}~9K@_56;RSIU0!s2)q4?Yr{V4|hmHg>E0-JA3H0dpfj;8&UUVs5d41vtiS zAiyRyf_+YMlJT5H+#-y4zlYs1^+%weV#G{2Zbfj_P_K&!+LRh0qk&3#Yf_*_m=qKV z7q$9MJI?9W(E~Q4bP|M>g55=RM01oeRQ5m!-+3O0cq8NxJDtU zYX+5*Pde@B`Riz=Y|$bR=EHg|o)%w-aiKZvmkghv0-o$xV7sNlj)$9}4BMNQ&wF@d zZ}0LgHr+M+D2kf1VtO2ohuye3xJ>F^e9+f^Pvb2hIXOB^ngw`P9c({jI(W66BlJ&}q9!-2ASXGoa{ zDdWkpf#$GEjYG9*e()2>bQe&5{LZwi+aOqG10aQHICpVLNvyQ*YLrRKaY$cQdaEfryZ(Yq$OT0M>yIS7 zuNM$V1pyT4l)iG-)&EQ5nX4!~3Se`Y^V#xFX~TYNfAzDBwI{$Q+x0qJ`)qrn-pmTP zyQJR0#=F8>8_y)#XstS=80_q_2|1Y)p>?JWna?*V!CP}KfiprAIh@0L{*8nW+Kq{5 zKwJ0Ocj>F@5ql%D?)*MS)ckl&x!a_UMe6R};tR0Uu{XduX!`1e8V*xGFr>SB+QV86 zTf$jgZse^SOh2kZCxiF~mApG)+|bAOc%NyydMXt1(D}|1)fMn3laSnfIdc4%X~OGf z8*%#dMq&O0ipK*E*>`pEBp9S$PJntvpi_+L7-@!_I}oJm^l-e-WKa|{mBzA;j04)_ z!v>7Z_Ke)Q63j3Si=1`@g*t%M6zLyIfjM+GA&~_O()RWsaqqlh3{D30BhyNO(Shau zCW;m!y;Ee1Oy64Of}sP8AS+ z$SNsF94$oU{P&SQGQBzLUIX5Ha!N=UrV(Il7|H7&y;t9er2>i6K5p zQ^2f=&Rg)`a6aH=9m@sy?|2tTe9 z)-KnMr2tzq4o&v|-{1UyFtB^Nd*-j;aGe?xaMkzB;9DJ(NZ^<(AQH@oJKZlW3;uZj z7ue3+JE=irddd-{*QlDF&RGv!TMJGdo?z~$*Z-tP_dn@b-_Tj*ui!lyqG}qRWWgQG zXdb}9TSZ~7{a^+BAFzES%Rd8FltUm|=C_>w2fvR*3!JTdkY;-5cBbAXLzKy~F+{Bv z#&&UsH{=dVsomkXrtK*l@U|z&e+C`pcuVXU42WFHf}Q|A)IY z3{6e51(Imw#{AW@y%6~LQxh+yjzOVa@30yN?SPzMQDAi*&HqzJBjHVu`)JrH$@wQ-J ze=0FOpA0eUlzD*KL6q-*;CP$V8>f^|@x%YytRd+I-L5?z;E33vRn=KJhyq|Y^wpV+ z$-+$2cpSWsvJe)wP#NE6G1NIBM>#QbhrbaFE_pNSnT93WvJK6T@t}=D1EXQH29EYG zP}zr=q4bI(I$C=tsDRACZC22sBdQf=v96K@e%ZjfsAFgV5u zg#neK=>#kVqV^BV0Qkxt0LbQnD?x;2j7;j`fwarnm`fSOFDqD48o#)aNQ3F5+l7Ri zf1-{bHvgYVVQ*e_+(#O7^*!ML0u62S_fI-HiV2VseB(l3+KCW z)5I{qRDBLKGV1j6VpSl<*ybyNq3#9#E{ZTxb&h<;f$4?a`vrG!^4(yc@h2SUQGh5N zcoCie!PgX@%sN@%zJX4T&>bwB2px3MgTYO+jUM~6BUgl>0FW`{Xl-$bvyqvjr~4tk z2RVTTfHfA_7_wD5mOrsS5rQ^`4=>9GPaabX50NHDDDpOE4=bXA>&fwD1z<_(x6B1c zH$!xsD`|RoK0$yW;dIZZy3bT2NMi&U8FkwYg+S=!Q?Xz6PI@a*=|_ef`2$4tY)VCS zsJ3>s$n)fhV&?^T`!$LsMu>G_&S&hJ>!-!bGedL+(6cXfhxG$+w)lbY#&h$#nqZiZSKs=4 z&ovIdN$T!}nr44RQ-gtkK*EVN=D(PdW~4%K=)(jAjO;(*K9e zo&*bW4MdJ6CSYVtN}HEAX7A{w^cG8#DDfYd7(}c_&;HSGu@9wkLaE>^&>zTrr~kzW z4_fTsr?P)D*k`U0tk2L8i975L8>SVQNnC9>CHb?jHN=cI$`wjN8l!<2o8R*L+vfa- z6m#rh$pPimF+?;z0I$CH4{CVLeD7pvk{bk=kBoJ#@#4i8)5gq;VGOg>pCO2`#N>{I?@#_D zV!!o`6BYojjIF6?nlW$tUwO=buW|qILIVjK8ReS`U-2jXUFTL}(r>{Nj_&W+kXPgw z7l31mmh(SqP65%wJs@^01|X3Y&ws;)b?o#q80xsT4vwu93-+)o{#2qBP5#IAPng)B zr(8lLfuiYP?N3L<*aRqNK^-X0QIi>2Ln*O5pP^}6)%nV>5v`E6KwGe+CD+9{E*+Yn zRn3gqNs&X9O&ocx5T4v#JXH`hfHn0-RCrN339Rl;~)9}PQ^;a5LfMfi^5DorL z+InvpuLLJzi-H?ZkIjiVN8ngu9}Q~{-@_IvZM$(^Q+2d0SRzx1nz|I47I69bACNQJ z5Vh(M@EET2UoN%-%nF z8qUe-hGMknJBo!Mcx69-&sA3Qs~ZGV6a-dlYm&$${tBd_?eR6Mdpk2FN529iYN_%J zwl=Hvp=HkSi`?-wtB;5A5T6DKlrGOJj%MkZq}(InqOmP3A3|qua`gx0sBfq)zra`4 z0((ZAT^oN=gGMMb08f2u)VKn*C2;j8{ejOA_>4X;O~ael?73?eHIu>YRiUrw=M!^Oq^2!tQ}ABuNYf2f0_RfI0=_D1Z?rgg zp0H1V5rDQMEdc>2{&>YV3?w*K_6k|iF%i?1xt^u~foZtqJXM1|+#6$S=b>h)*qoL1 zC#tPPmNQcziyhGfmBvy=Ztkg-Eg$pGnk^q_jExTIn0eMULF` zJGaJMA}e0kJJ)wny!F`*LM-Ph!G43pCOUTnq6c%dX}*X3R2(hPKe|J9PMd>$I%XZH?_Y z>Sqq-*6QGw)M%@tO~I?G5XGkq8n*=+Nv%vtOYoXy)Iuv>zmWf3UPS44=FJ?ITj94E zf_IDrt9d0I)A0P9>+6EIm6Qu>sP86I5w(l~)CQ4VZ9-fl%e(?qjN%-tKItI2pCmVcO!D}XSlz3wp&C)(`7jXRCf zSgWc&%rO!GStLrN+TB!*S`E9!4FiYp&y1B!;y>O8bTr{*7UWE}sgNZbNNJ&KBw#@9oaA{IddO);?% z3330aC+pwVhZJ7}Kn6M={p)*N+h!Z$vv6@op?sc=99?nKo0}Ad%NFQoOn)@tV#lyP zi3BbS^~15=9MWh-?QwWJ+k(QVJl&1IiaK4}eJc$k9;A)L?eM8Z@OfSB4U)QnFViLu^WU)D`7#;H`>wCFD-hL;4 z_^}Js(5A~x?*>8B&+58!JVLpDkdKRyTS;f*3J)T`n1wWh*0p-|ek(~_L8aaq=|(%N z1|Cc}e;f7)!3b*`#fQSiOaI}7>oD-c0eeRmeOi#qU#%?cg18O=m6g-5HR)kxm!1~ zPBJTyAa1r5k&tUbRPoE}BP^EjVWx5(o~aA|xxrGM-n7DuaCnyx_DKFHt>4gjQ+UJh zv*>jND`wBB!^a!ZkDHcJdiAcr{NX)%T>vQIpXLhm|4KF!+_dE3c+`kWj0Q0YV}0 zqeeqd*wSVMHcCLyp}_s$<@8e;$p1Uae_wPG6m-aN|F>*@Mq56XhEVUZ%{Xa+%#eYS{k zjIadVbU)f8^|T&EW2%wvCvsv689F zcu`_b8ljnYsEr3h1R?;4fl3g}g;u1M)fNIv#FX@aY}W+?2lDx{l8ezCRV-XdQlqH- z_h_R0>nyLt>q3Qfu25uhw`3^EYE&4>p)bR1-!^%1jXyK{j_3KE7&P07%uiTWO6ka_ z=N%X|2}xMs#c~T~Cp%%bb%ks1`V2`v`mr9t*@ZmmCvmg3`)vXz>v$nFr6tylrP&+N z24T?NX+gTq#P`bNV(Y&tpUVzX#g#*vgK3(%5Kkn8)r|FOm?*=08MYHnC~Pov*K)hf zO#a~D>Ecy-!Ysyd)`lym@0JF%%=#?;mf13h)-cPkdK4SDYc_d{ing;J2qPB}j(U4N z(u2UpN0A7enF|FT*7i|S|3>tPpNf(Ft8H{qc9voFq>;S25hj7TuswbB+D#qGd(3nA zJYum#B50=sx%B|$at}2&M)nih$+JN-A|x>x4uem>qb$cPg3oO7)|RduTV zeh`i4VGGm7;cqP|XEV=q*RSCYi)P}@QHU!;Z^UV#CFyWLChuM30e7zovdfcri#?sf zcuzY#u}j|1MZ?E&p2#;0b^XLy-?i#bO-EIHDl1j`T4uE_%le-~2A&iWa>d9)Hs2gf z$un0%_=CPQqO1<%xu{|e1M5=1fsY^pT9(X~|Gj)+{6{<)}?Bh~qC9zsJX zzR>XBhs|EKlXy)vvj4I8=gwmZet0pg!P5lab+rG zUh^`8?FNE*!4Asnnt|87gyt?u?yhyyIb@-BRI~)o9I-zgwSwjJA00vyuB-=g0yl9K z*gCw+9qH1fEjoJo_|^`0D5@s#(b}D61_w*+_qCVH0VzsrQ`%S9p2FQE{n!y*K<5RP zFbIw3$3VajrPg#Sm3QhBDx+aDETPCrw`3;SThlzILDR1?U@GI9R3G%7xs~R$_CXOw z^MZ*Ji!|mUbgL%2EwNszv-3`Nw=SO$*l;MU7&^C(=TGT|V)OeRi6OlPRk;1H)+3ZZ zfAP8&{v845xhY3yx6=A3v*fP#1HRmEPVaXthYj9+wK$tetX?{SlK|)UZ5*7Af6R)y z#k4{O)LH>+?U#PzdlkaJPpPOkE6c&12Uyy zmUvNvbR?P@!JdpKDQVF)o(9I@-3N>?Ury+IAZ;etx(EmTRNo=~!w(SfpL1IJrE{nl z+R*2SbttSv!7J5ZsXuXO3cIvx@U!>l8^a^r#0>{MF-W%-8$TKd5(7m^RvVluZ;!b7 zmqxNJAMI740#^mV0ft*%Yf1T%q8_hy)ynr7Ii;t19hA(0oHKt*+tg3 zvR|b3&LzPZmk?8w1;BUY0&209n8FtYR#UFUT?Bc;J{^z+Z7y4W{*0`cJfYYU$ci@n z$=4Pgg4zkR0ZRLZc6wM?5=k=NV)TwlvlzTjqR2aak)_2OSg46ReUg<= zK%1dWN2lDzr}lw?ksqYRza454-J71f9-wh?C_w!#!Tu?u?ELOp|7m(Zz; zY*DZIZa;1&sbqqPnw&sSg9CSKuK#f}og9(4D``oe0<<+SFh+H=`|h%*W-j!4D;euA z>Y`MIxrjy(WZcvW3yqMazgG}~z`_ItF#Qt_x8&em0&aL`)iHbjYP>ZtDWNFPrkaS7 zCmfR+VDNM9)`S(QO_-XP0>rES)%MNb5N@GsX4N&JzIJ zCw3`IR(>s&4UFo>+n2)}ihBXsQr>pLNfT6qk4|2a*r~!A+q!QX$ zqE1rmr5l%A+1#?;@w1|$_(MBSK2?SIWNKbLnPy#@C3*c_J0|X_Yc+!(X2tEXzjXd~ z(amqQ6JFNU&D#;!Jj2Zbv`G7h%xkAKX@_8>`7O7$#7;vWoOEd+!y!dpu^UF)5X8eY zH$H?mxr{Xt55eB;irl+nIL1$+m#{40HLf3neUsmn+?-0?GB#wdJq*&iBy&*_kY%H4 zs=+rn3nL%1bevH3ue}#o=qOSrd5LajyU)@2dqO=a!g>I;MA;+I$-vP(80Jkl9+A9^ z6Ttj_y#BqhoqkW6dXy0wY#Kw79%5ZDOt`e%OFdd>$f4LiEOdO2Rjd0iZHakR5yctB zRdH@DjS2Z(A;V1{Omt6Z4b8b(!meT6~Djez9%W=H_6%-C9C_>s0W{5ygzZq z7os}uk%z1A_5}crfdCUG98=dUL11XgF$nM6I6$C_@4fjlvZ_e9$)>BDH13%%Zj*YR zL%t}W1@tFQ#f0RWNSt*ewrp8c9ZHgls>y4#Av{m8@AP~Q|8c!iUuC_QV@{*kk4cBt zTBR{A*F{YsojtqcgWo^*ob#+>+>ObB8{|Z52RU7*d+5zD--S7s4{_PxAmBE`b z#zPxG-hM&mV*CX^y#G;vTlUyBg8NxYdese^t~xLV;J_~oK_-?od?;bViM()x;kKT@ zm#VJ(#HMR1oSdZdp#6=h&znqVud1EH13*6Q4l}@AB;0HzHJU!Dm*H>D17bt*zY!{@ z4HZ*{F5=G*rqJ~|(h1gYZ@RCo?-yJAB^3m!gMtgIGttfS@Ym=tPP&mxlFRp(3c zoOKJ&HEXkcVeW1{Z>m%q%Os782g6N)>QZiIjSagNLf&eZu-7HFq%s{3!(z19VPxe* z<;M3oTl+FI<(esS8KwtdyxOm4W%`P}Mnu-av5GrVBj#wltneQT#_|m3D#AeCej+eD z&)*w<01uNNX`vr{P>%m+9=*DGp@~mUejt13G&sbBI<49Mi|4Tma+{sQFy#i`bd+uW zq;`(_)V1|grBfYlk;4X&mp&H}*_r#JV*%6VJOBlk%ojGq=uTLs&lI~aoPhL6lEe2! zQ8{761o6ToxJ{T;dS$I{88ha-BNDK3aaEy&F3p9EDXJWz$5{3RQ0kW&sUqjc>8_Tf zGqAnQt<@-cViIYlY1J}{F845aD2C{T@$Q)U2bcJ#QGO;R6<=bU@tuJmIk%dl-%)hV zeMP%$#8;>zc^&6^cBuT|bV*<7o1c%>c1S1rONScbst7KmUPYL9;zJa|e*m+sIW*~k z<0p}s$w;*xsk|_s)B3ULFsM~8URqW%4On-OUW6?Bg!ALk-UQb_-po^9+|(Hs)?ufd zfC_pR;ay+iZX3jd^Yj^;H7T>UVgcpXd4aqxWK0aWQP2{?wWAM(5N7p{PC>Ub+%TfG zwnc)>%;m|N1WX!5am;hyBH(zYlkWL2C~4i|$tfcLbCn|+!YVhjR***HPSEWpA#1m& zOoj>V{Igv~xnxJNZ}@Lq*?h47g97{4ZTA9-m7+p!rrJ8p9z1ILm#;opCp9Hg~tmRP9Rxy(9e zCPfz=ncTNuS%_-l_z5X`<1NnyS^Gkf5|lr`LWvRP5Ab_f{HRHXM1ve!k6^Z+$P_T$ORCgMPd1?lUzd7~S%gWzRuNXLo4~t}LHA@O%Ts;fydBWy z779DZ9pO#ReM}xQN3KYmYkxyo@ywOU>`>DlT(I#;U+|Vs<<0r&+m{Y2njCoX50|^pYNJ%jfviRfmh(8>T}1Nx`r=fr9bwGx-UX=msbG&kBGPj!JyltSZmpV?zu- zO4ht_9okt;fkkErbbTqDjNs?{2$XM)%=vkanekt?643|Ns9A1)LCYG@u@2_?+|IZK zk*=6EJ;&Sz$ps8d(e{Y5jXZMU^A%VazTYh?I_N@`y;b_Fks6_~pSG(|{iO4LMd}at zV??dKb?`89Jv|04Nv~{k(DPEE%`qTXSUOfn5fI3>PegXU_HS&dRd5)$B^AEn|JKC| zbTZP`qj&M*CF-1ob3p!vqb=Qb4G4!QtscGQ*Ssa^GGaF6-(mPj*z=R%Et_Ako6tbn`P6tJ&_onIqpW$_Ui< zR|RxZ8j7_bbgn38qGS)uSSlhZFAZknNI|N3el1^YZB3uy{DJDymZ~636Jtyzp2W1o z4mxY!F^nKU*cRrkJ@j~gL2GY?rHe|0`&%5Y?M*w|%d<8Fv2IGX+U z;a9i1=XH#mA*R4E;^qfAMaL`bFw+td*??}EAyI1p;+I-WU%siwi6>vjg4$>#^QW`q zNZH652qZ*@?ND|bndf19kWbgFkg*Ew#F5wi==d}jE~z!(txZwoEgN$pCZFi{hAHG6i8%Y z(ifnE`Jt^_b@2zw2~~%3lE=WtVO<*H;Pmfz+;iJy7?7h;EeI6Vr6X)O3J*JgfqtzG zNI>c^WVNyRBmJs75+NG?)ymzSnCFzCYIAV~42$a%$a1cOp}UdCDkF7^Nv1=X9;B8Q^NcAyx7% z?yUVoDgfKNwm;HbK=SE^0*HsH!LsJ&Rs5g%oSjhPT_ebHrz2BZri@2KuAqfMQI7$D zBhn&-gI$dm&^aA$ zj_8p*c>Xt9L1}T&XUC02hN*2f4kRqCxt+F)bIqSHi9fEq68eIwx9X>C6N_yELlF0G zn?y7-RsDZPuZh4$v<3z3<+76JR`|36qtJfTS2KUhq~H~I?lEALcq{yHZ4e~1pb<;| zF*|dhM-`hx23_?--oX;{?Q6j+zCOoVJ6U`Y@aA}8SOEoNHE9xh%*pf*KaHSLu zKhy^CGAzsTE^|u|!~Q-Hu(F1Re3LU%qZQaz;{4~0>gyc9kec7G*p7}fR(xVdZmC3w zbwNyT$<%a;eijjJ5#Bj`tlRBG^apZRxBI@bUR(qsHUZhAAdNY#&nq5l788W2>+8rN z?ZfcIfzXVm4pL*rr1lftz7N?26d!Sp=t1lYIXB^}w(;{t7M1GUKKG$tDlMW%KwAh` z_pSLg-fi6Qc3$&8`L~z0RtKcWhmap+l4^#{rR^AfY?U5tJGk5egqqxa= zAeqQZ-1*Om#+;?Kwv`~RWkkRt{zR`z#`f;aLD?6Aa!kQEP&8J@lOkR~XkRvd>Q@CC zGAmgmr%Jcf`7JOMC%oEI&N1$B8@MCug&nRt)%_gKho6EK68z89N&jCzwV2$`B94qV z!SC_xbY%|w3F}E4fws1jZ>PSN#UPqy1z~aLp-ZJ`qnRG}lslDlxqEn1H9lLkusL2i zxOi3PTR91$$q_%u>7#!@Cge~$@?TLLkU*_aK&$AGCYU-{7(0!~D*(()!yq*4acCLP zGO!(_%=ew$8^)<{FXZLS2YwP0wO^kN7lPe*IQ?2|b(`7`TiHXq#kZdodU=8DzRQ~z znJXE*97v6-hP4fKdVXK87qFo3V(kmT#IHY#r<6guL46>4T0IJECT&XfM*Ye=mpdcA zqHFZHW`MGszZ$ZBB9h{FDVn~wMJ@Q@w!C|B5)rkfBvcmYi=fkic^w`_st6-I^@wZA zFy?{f(!YMxP?=X^?kVm~N3pb&SQufp;PL={Hfj86WbasW5A>r`$(qv*^t#GRHCia_ z{q?7w#>rQDQCu;=hgyyh8>yNy%PD+c;xoigbhBpY@A~7J!;>9)1BBYlpkc#b5P$kf zl?0&giF~V(eEo!^r5tEi)Ra-#7wASHS5Am?J9&iy3YA{NmnOkM&os73-x%lj?=Gpt zZgi!viyypyti;-0cJ}rFZ7xcu!Cadt)bxiY{`o|On$+7L^ZzaOb6SgVwrdr>Q>mxe zxCG~_bgY-H-784~^&^SpDRE<~gh27^6A$KFhTbO1yXAnMYT(NpKHex8)NJ3^_16O* zqpUNqA0|G1QDnxvN&wcVAL{Seb=9)c39C0pO54`2!eI8caGWMe>(AY+7s2KghbO76 z6o5C;+qb_!tnVW15I@ZiT)BC%*Ccy#Yx>Wj>#=D6IOGUbFQJfb4kQK1#MIq3I>&Ohk1fV4;PjtZ@`6m5BjiK?NLZNTVM@DA@sYJ-{Xg;kQC2uV z4rU%9hW{WACMH6-%D?@LO|xG zViES0AdjP4KCXEB^CC7a;PcWQ2baq5Gv^rLk31Uy+Y_*Wdb>;cP_h4O@+3-k0vGCvcy5v1VO`!#Mf@ z^sn zVe)EJAV)r+&zH>1caMdzKG7IM9NYB#$xgTnBJR+$8`5B)fcq~~iqK``CFeN?I<9=T z?#&k}l24G{UjtZn*!`Sw6o>BgjO1%gM~l3U)7A7IY@gd}6^Nu-{T%?R+HON1??(k?oV(~#m25Ge5K67gII-ZF2u$JMs?@Z_vhsrIzXuYW6 z7@}Sqzs{RbnVZv_gItkVECpI|1!umvf z{JXTJ&5|w8cn4}0Mp6J`GSp}^N;w_wc3Et!$cwML@g#EYFyg{JJo*aCwV0ruAktr} z{=iNcq>Y|4fklW$Bv{-euQ(PFpW5P+7TlN@MR)9PzWBGD$xb&_k4Y@bc{pU6pzRxWVji1H=@5Iu}U3gwGC)F6s~dBZvEg0yDu7q1lNOj**Fmm5BT z9Bf6zu0l8JE1w00lC>5oZukki--)ivj1Se@?R>G~3^yt`Gq%Qmdq_XN9J5_0~w z^T;bigS6LZJI%;0)5XTi9{yPL7y3W`Bm4ccuRhHpl5fx1ZQD!&&s!A^aFdd2kaA4Z zwkvM3r~fOb_8{}S&7Uj)^+!C^g1;sXFF2b7SU&Ez09-jW&BNeD6sA< z4SteS^R(P~Ca-#4zA%jWbE=JTdt+ixGlE4YouD!Dw&kw9aLir!-^2kesZy1%VYG{X zf77uD&-INvUeauI!3o|n0>7+qQRn-<#*Yu|&j?cnlV0r85Vwi$)vAbc|X+d^=DEmeH4%W4|=)#2;Lh1|GUV#f|S^%@es+1zmP zcFBasH`;fA@CbgKbOKnXDXVSQg+Jjz;nKkkHsfS1E;yKxhA{DsVZV+q^AT%w8$7yweE#^AUizTRbE-$h&v zdTo@bALxl8beeQTk*xg6O#ZT|!+2Z!+hWQeJUmW+zfUh308;d+_D!-tC$lJjFpu-% zhUXG~G8Fg|G|~0_!iGSKYQd8a#$4IGQ3k?S9gkk>uW)xvQ0oH`z3k@egZV1r6a=mU z;aG2_j;=<>)fBMwSw59}%1g6i8g8>y?DPtvNWg!fRD}r$W8u@NRS(i6ZpSTzl_Tw6 zgYdn1(uvlaJ;m`6yM2raG;&ZYOg`4uUuSQNir~x=6mgS=`3h3R73=5!itE|-=C4aC zo`&lB8rmL;FE$B>Kmf`9j{rNG+WzTbcj8YoR2Gf>=Mz91!$%^nI1FJe7ImP|NP!AT zZmDm0LDqD|$^RXf-H_cD-@cwR?|apg1hgoAxkK|H8XhMeF{hKbt>(9W^>Vv&R9kr?9NT<4dKjOKbAKfgEf*Qr0p_G6E<Dm!CNpeX~Q#plBhaDh-NCIFFWgC8_yY#sY^O#3cXi zB~zC_b6ivc9w}dOO^^g3TeP2$>I&ZXJd}TeDYA$53@kDRf?J$78i@-GR+3KOSfKvw z16>LztsqL!F+nq9j7NAX>@``)JC3LSY^pe)-+dNxWx>SN1!ShrYP9dLz}CQ?-j`9@ zqp9DYnEZXiAxhY)lJROAj2#zNqEzYH%3?P8pQYUgxd6(TAVr1EmS;KVl!_H==geqCgj@&lhOB5ikEVYnY0z@Q1?-o+NZ%xZ z6^OUwa?7 z71KX!Qv+p_rkX!-gBg`GXN|N9NJqO%v?}hoMk$K=S|oU%PxgDTA0+No5Q1aEECGP* z(@B`KX?=MD6_Pq3AD!utElhiaqaeM)h*^Zee1^H9?+#UvCDKZ%IfOus<#4?WZe; zXTvtsvf0lwQ1J9SOupXL(Jd5UrBm08a7?tx(rm$?tDhD{S;MAM6=T?(AY678Y|8sju zHEkDdTL{A0r^At_cEwB@|10%Uy1%t0x41Yp*=mTm5IjUKl{Y8$-L0;p)^jrUsV&@I zW@Lt{Me)L_yYNnB`L}EVk8;3|f>?*O8Q(g&vU*ewISa2TyVcSdRoD!bFb!?q#Hw;I z#H>>+#g)MqkPTC-_QAdB@j&olaqSdh?AQ+z6b1eO%w}-px10E^4rqK>7iS1hfQW}Rc|xXTHNA!V^We8ffa1u*~{sUc4D$&~au zlN+09VT;yX>5o_5*IHEjq?;)8*h7gD?-)EURq2NM9tHA$o((Fw?4MD>2DMmmoy6>e zPrsX`b}R{w(nI~~oO$#S`Ug)2wSgo%)zumNCPTmo5o@^Hz9<$pcB#_w&BEk9+-HZA zU@??yJBzm4`%(StAxt1JF`RY`Yvv)54L9yjoj(2W)m6%_dFLzOe04N?a60j?zj?Fg zb5smY&x!0T^7A7zy^v-Jq1t%dsyG|g_8$RSuT~%2Pk0dUq;5-~H=GLE%!I5%l*YB+ z`52Vyubw)JR_qj?zUeU1WjMIlHraXZ*fltP%)TULV6SV{W43CbkvItdX>WlH)8)tK zvuGj7-?R3!bDt52Bx-s8u?UKgAPZUVwNNeKw*=TUHX}?CCK=B;X&wgsE^*}%%cVCP z>8*Fdk49O=qAI;gC$L~V(WHR4H_>BmI)sWdTGSd19!FBbI=I<=&R2(ncp6wO;qD9g zk*$#@GoaPiIfI06I&#!`ls9Nal^o!hNpgQ!_)wj5bDTA}@Fjjksd|y(%*q$Z;|y<3 z4KQRJn0hWQchw}*eeSJ5NAwOtLKRSkhPadSHebQ^{2sBjaIky<;W2gMXN(MMB*>@8 zV1WMW-UP*O2Z2bdLMPCaB;}te`VH(YKn}c6ugmo#)~d0J>6CL}{oO?^ki|FXfM2;N z!uqQ*O;T$yOdIEoh$KE*EYqrI>+sy_)5roV((?QJTxPCVwZE{k9Iew>t|eOGg^gL0Y3UWA1ft(b{Av5|9h7>-e1?JGsVHS&-L1TX0=( z$JoyGIM@r0FQ&u4oowymmjhL)4?NJim{*vP{LyWpkNcJGItvyBeT~H3< zjAl#RC;j$*4Php+kxk}Ve=>*}^Sdd0;3Oj1%d8Oy0TbGyLJ|Q&vDwALlM*P|ksLV3 zDJ_%9I+D8ZPk8lFqm_#lQ%{(wLr%>3T{-@bb`OgHeA+%}3~}x(9r!&3;?ug|M(imGj6C;{2MpwhX-N29b~2TV z(w9gRzMI5zmab&XGvc^0$6X+br;=tEzFD^J=rX;K%}xMeBO6Szm*ZP z6Tginq6q#xI;-imCLf-J1k=dkmTTHAEP(o3QL|l%%u2&U#7Tlza&ksjpl4Hao?qwd z)n4Zme*(+)y7yb=yR4uM46+NBgQ<5+9<`66P3>xVj!zS2269uM^Z( z&(^I=BqD=*S2?e`66Z>{Iij94OMA9vi4z1ynND&+@AGo1TMF?d**lP(?l`Y~QBrad zCJx#9m2{3)*eyl50{iTVz*khiuo`@^{pQKL0u{CS$76@5QaT+(Lgfdx$do%&+ODgp%w3z zvmRgNidWg`vv}v$j@s68Nmn8B^~l+Jj-|l);4GK~feY>Ty)oNYL~U=eB@D+o4oceJ z&L^0H!5oga2+83mmFpy99!L>HY;+_8R=js4Uts4*TK>GhJ-kOJZc2?#Cz_lCujw-5 z$THGo{KV~w+CZJPxz`U9{Z>sjk_@)eEunTNy3W0(H#(tU>wq+8(tflVYlrNvn2+su z^(GO?;r!!vX}fUw?jV(@)LMVDM*oAq#>QIllI%MMYsR~QRaH)#mpo=O#~*I}5q_@+ zt@E<}R}V~_wwDeQ=bG0utM#`fVD5VTo7i@-2zkfOAo6#*$GXGeC~a-vSrh~=gu;SO zSQ)Er;uHM}3D7Wbzsq=KXnc{)ZdnjYwpPiW_D9v^l>~UVP|s(lio@pqPP9CGo@;gp zLmjMXwsZ2W^EYP-im#9VF>t=2xhU3&W)W_tXw%>m7KofEWR99ZlVR6lnR3gAn`OW9 zzrJdrSYut^l=Xao7j0&4V?}m1d=J8Kc8Fj%w~1Pd0$LC5OT?Z3Y{j_-*h-^}>^ie1 zrUcs7qy!pIQW|#IT^NX)Ux@}&CA|%tFS@m%I{k6}OyJS>_fmf7FO-~nI98$y$|$PS zi|>_Dj(AQ3m92s+}iw_1ghaTmrrs0|_YwD$hlIorsU9AyukR z0xcVE4v&ihRl2zSBru`4Pa;`Pf&fZkKg14;x4Ui!OAkI(NzS4^hDa$e$vjTw#2jUe z>>o5&7&O)#UN{Au{#H@D?;n0(v3}`{h^j=55r8cngIcC@_WLZ!)JUct!G%*rlom*v zsK#%min~G~ZhD-^WxoKGL0Bx}BStt}W0)^>?3Bb5J>vtKvaM(E!6{c?zssA~L-98? zORJV32-EJDT>UUNty?hRue_?>_^FwLp!yTZoQ&K2Gl5-5#D~PLnz}cv`7%UO3)Ttf z$O`jHd&ZWdd|*r-Stf%gnUQh3{k^Z#uYhAv!DtSat7Y5a?csaYMB#z&f_D8J*!7zjJ>Wb;&Hn|g4n{yxr z`G;!L>bjs2gCX!0SqJ%lz0?2j4oL?&k9d==6;`Dq3+@*an};j`|7pqy-rq2|X7%;1 zzuYq)+8@ArIV*Y8=QB;5xl*pn4v2A<*tS;edfYy8gu_$*pDCH^>*aLF6Z$Lro4zNQ ze_0MwHVrBC=SY^cNa5uA&Teh{Uvt3!XD`l3mpq}NmO!ZBzoC5~e3+Z5#;Fn_9F?5@ z<%ZE;u!y5G%uvvfSS0kFm>a6!Y=JtoOnr5LK_A9IA6X~iKQTD$Q=#9PTq4zR*o!k( zp|=#aDNB$Gn!EGFkZD+BZOB zldU>MBF%rhZQb=C+rM5+IOom^dsWM)w zQPD!HS^k8lLDej7$Ig(4#uVVq6_ z&V<9l&rt*02!G`M-JwFQ50bq(kDg!6QpwhOI+iEa@QoJz=i@x1fjI(i8Sq|!Z~lXI z_}S+EiZ?drZOJPs1SVBq9+i%x^r6Y-oiDcLpK8b0F7Fs;5S@m6W^ix+_R`so3l{Gs zkkI=9hm-|}(SViZ{^Ii}_`u`@hED{XLSV;PXOJ4GvgUyPty<5;^}!vg&{t42G1X`u z&O}6d|ISLf_j&9nn=_XXp2TMN^7HdJ(xVt>K zWAR@2?a_FTtzIlFH;N)9y^hnLk7#)6K`mjh53(Yhn2uxQoq{i5=(-`X>LO`~wB;#9 ziY_q(Mx#PdRULnH#CmOa#|?}3weA{Ek1RvS;}>ngSoGfT;2s^&>XXaT$VXyDB$*O# zLD$$5c6H@5yS07%@mo7|4=&({bAk_c3Qh5rzIX4VA>3p^&>*5{5ha+ z&-1<4kLcmbr=liqUYci_W_+)#Jl?{>_=k_rhm(A@{{c-;fR@%F^7rXl_`tg{tlGsZ z@X~OLmjeDPyu0FyF(tA^b=F2y6>8hR%d{)>O;jmxS5Y)@6wF6+|;DkzBv%`MN5%<$XD*9#EB9gXc)FuX_yBvJUpo>Mo)*J0^&7=U09xj zKw17d*Hhc*EoX(kt|{ffx~5CbS003IdAels1GV0F1|snz{7(2yT_whfE7v)~jSzr3 z*jN>^;^)pj1s_8UOr&P|cApI10Y+}Y1VuYj&7$m8ErFpw4}XqGV)m{abr?d>QO* zH7l6*s*B%wDO;SK$_y`5%?Smc#DEVi#W@VsffiV}l7_zU`trFF3rIAh#gNrrjG5^; zE87?qAC;PlDimFv9a@O78jN~1MYG0O+>S~&bzT12>Va<{B^~WTHN}tv`xx3C1OGBV z{V4yN9DRn`STm1l-G91GI3q%ft()}N0|S?YeX81x3~Q#7BQ9KAA$R_qxa6ga8=9cZRXJGKAhXfIdmu8%Q0}bURSjgO@9r}qbE+t0z zU4G9t7{yF(NxyOV=RXQ$R}Vw#egoPpyyHmOt9()DGO#U$>-}5%Hw77rkt?gyT3-oC zrv1yR?tk0OuX953geo{p^62T-bn&EOw|9u(eJmz}-WL+Trz8}(ud`_5Hy%FAsGZ{CIIXo$Ow-rZNNG-21!)!UdR8TwW2?r0d)Z)>e^;yMUA5g9~iB)TVCqtQh{w*ogizuk+OeGK+L1maHit|6^6ix1$ z6cE6M;vgH=@D|K_RPqDQE1pGoE0kwg2#gtalneWhwNPb(RNJ=q&FWtQq9lX-51C)4 znGfL>i@fVqygG*La!sMLy(LbKV@PwXxCY03OJN)Yk*P&O2X9ZGDz_tVehq}3Bk8gB z7mCd#x@+!sKSW~eK9XR4adSN;a~7=1LRAGiDI>3STcJ{^$J6Mpl-Q=n5b(aHL{H20 z%YOH5ItQWUiXnb#_NGeEygC1Cn*QuYJ5@KlT-_-)Um5#}9B_Mv}#cKIQ2{YWxC zS(G~GDM+}QKtAv^7OGa|wfW~i0j(eDWX_3;9VUxa)*;JrAcqwbc4XTIyH7VuhVUZH z-%Cz~k|aP+_z#MH6E2t8)U}ONIa1?P3O33abMh*;Ctt*apelEA@@cC?{<{lB08^?Q zW_=`(y=h*X3<3c6tL*)!CW-MHCF63TFm9&OJsyo|w?0~d*+@5x(~ikVu(3?NQ+1jO zo!S_M@!U!1_9%avGqGpWrTdu83RjYz)j9$T&#~HQIqk+b5O|Y}RYGI9VmGBn%{pk| ze=g0WZ_OGr!*N7+rzb4(D%5I4b|#;0Cu-LiZHC#k09MQOmVWITH+M3_YTOpJYqZlM zVe1^7&#EOR#wETjHOICdO|t%xoa~d?YOe9diFUCg`KHW1nmt6Rhf8-T^RjMuXP|7A z&97_gJwDryWuTnoXVt&Q+{VWJ7;g|ra|b0M+C$x*mT+M^TUe4MNk4eYeUzyg!`C9P6KE0+{cTu=cE8pneW7RzI3twbJs}h-`KE!hr$3 zWrY7J;RKuNt3ZIkb@~DjdEirh8p8jnDMJK-@IHz=|M%zuGa4`w{27$2t zxAEg@73^j}OZcDf5HRQ<(6HD4U!NJ=WFQS;3;t(7L-;=(?Sm^H5C5OT94uf+Mfg8F Y`lxP0`#-H9&`+?hAth|K-hYJu4>Gi1ivR!s