PRIVATE AND CONFIDENTIAL

Attachment – Security Requirements

1. Refer to separate document Attachment – Policies, Procedures and Standards.
   1. Adoption of security policies and confidential data policies.
   2. The conformance of the above policies will provide an extensive cyber security coverage for all IT services.
2. Adoption of Antivirus Service is highly recommended to prevent all computing devices from malware infection.
3. Adoption of Backup Service is highly recommended to allow the ability to recover lost data.
4. Adoption of Patch Management Service is highly recommended to avoid any known vulnerabilities by each software vendors.
5. Adoption of Disaster Recovery Service is recommended for any pre-identified critical systems to allow business continuity in the event of disaster.
6. Adoption of Penetration Testing Service is recommended to identify any gaps in software security and compliance to any regulatory commitments.
7. Adoption and conformance of CIS Hardening guides where requested.
   1. Implementation of CIS Hardening guides will costed under Consultancy and Enhancement Services project.
   2. Updated CIS Hardening guides are found on the Center for Internet Security website.
   3. Strict adherence of CIS Hardening may impact applications and therefore, phased testing will be used incrementally for application of hardening on production services.
      1. CIS Aliyun Linux 2 Benchmark v1.0.0
      2. CIS Aliyun Linux 2 Benchmark v1.1.0
      3. CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.0
      4. CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1
      5. CIS Amazon Linux 2 Benchmark v1.0.0
      6. CIS Amazon Linux Benchmark v2.1.0
      7. CIS Amazon Web Services Foundations Benchmark v1.0.0
      8. CIS Amazon Web Services Foundations Benchmark v1.1.0
      9. CIS Amazon Web Services Foundations Benchmark v1.2.0
      10. CIS Amazon Web Services Foundations Benchmark v1.3.0
      11. CIS Amazon Web Services Three-tier Web Architecture Benchmark v1.0.0
      12. CIS Apache Cassandra 3.11 Benchmark v1.0.0
      13. CIS Apache HTTP Server 2.2 Benchmark v3.6.0
      14. CIS Apache HTTP Server 2.4 Benchmark v1.5.0
      15. CIS Apache Tomcat 7 Benchmark v1.1.0
      16. CIS Apache Tomcat 8 Benchmark v1.1.0
      17. CIS Apache Tomcat 9 Benchmark v1.0.0
      18. CIS Apple iOS 10 Benchmark v2.0.0
      19. CIS Apple iOS 11 Benchmark v1.0.0
      20. CIS Apple iOS 12 Benchmark v1.0.0
      21. CIS Apple iOS 13 and iPadOS 13 Benchmark v1.0.0
      22. CIS Apple iOS 6 Benchmark v1.0.0
      23. CIS Apple iOS 7 Benchmark v1.1.0
      24. CIS Apple iOS 8 Benchmark v1.0.0
      25. CIS Apple iOS 9 Benchmark v1.0.0
      26. CIS Apple macOS 10.12 Benchmark v1.1.0
      27. CIS Apple macOS 10.13 Benchmark v1.0.0
      28. CIS Apple macOS 10.14 Benchmark v1.0.0
      29. CIS Apple macOS 10.15 Benchmark v1.0.0
      30. CIS Apple OSX 10.10 Benchmark v1.2.0
      31. CIS Apple OSX 10.11 Benchmark v1.1.0
      32. CIS Apple OSX 10.8 Benchmark v1.3.0
      33. CIS Apple OSX 10.9 Benchmark v1.3.0
      34. CIS CentOS Linux 6 Benchmark v2.0.2
      35. CIS CentOS Linux 7 Benchmark v3.0.0
      36. CIS CentOS Linux 8 Benchmark v1.0.0
      37. CIS Cisco Firewall Benchmark v4.1.0
      38. CIS Cisco IOS 12 Benchmark v4.0.0
      39. CIS Cisco IOS 15 Benchmark v4.0.1
      40. CIS Cisco IOS 16 Benchmark v1.1.0
      41. CIS Cisco Wireless LAN Controller 7 Benchmark v1.1.0
      42. CIS Debian Linux 10 Benchmark v1.0.0
      43. CIS Debian Linux 7 Benchmark v1.0.0
      44. CIS Debian Linux 8 Benchmark v2.0.0
      45. CIS Debian Linux 8 Benchmark v2.0.1
      46. CIS Debian Linux 9 Benchmark v1.0.1
      47. CIS Distribution Independent Linux Benchmark v1.1.0
      48. CIS Distribution Independent Linux Benchmark v2.0.0
      49. CIS Docker 1.11.0 Benchmark v1.0.0
      50. CIS Docker 1.12.0 Benchmark v1.0.0
      51. CIS Docker 1.13.0 Benchmark v1.0.0
      52. CIS Docker 1.6 Benchmark v1.0.0
      53. CIS Docker Benchmark v1.2.0
      54. CIS Docker Community Edition Benchmark v1.1.0
      55. CIS Fedora 28 Family Linux Benchmark v1.0.0
      56. CIS Fedora 28 Family Linux Benchmark v1.1.0
      57. CIS Google Android 2.3 Benchmark v1.1.0
      58. CIS Google Android 4 Benchmark v1.0.0
      59. CIS Google Android 7 Benchmark v1.0.0
      60. CIS Google Android Benchmark v1.1.0
      61. CIS Google Android Benchmark v1.2.0
      62. CIS Google Android Benchmark v1.3.0
      63. CIS Google Chrome Benchmark v1.2.0
      64. CIS Google Chrome Benchmark v1.3.0
      65. CIS Google Chrome Benchmark v2.0.0
      66. CIS Google Cloud Platform Foundation Benchmark v1.0.0
      67. CIS Google Cloud Platform Foundation Benchmark v1.1.0
      68. CIS Google Kubernetes Engine (GKE) Benchmark v1.0.0
      69. CIS IBM AIX 7.1 Benchmark v1.1.0
      70. CIS IBM DB2 10 Benchmark v1.1.0
      71. CIS IBM DB2 9 Benchmark v3.0.1
      72. CIS IBM DB2 Benchmark v1.2.0
      73. CIS ISC BIND DNS Server 9.11 Benchmark v1.0.0
      74. CIS ISC BIND DNS Server 9.9 Benchmark v3.0.1
      75. CIS Juniper OS Benchmark v2.0.0
      76. CIS Kubernetes Benchmark v1.1.0
      77. CIS Kubernetes Benchmark v1.2.0
      78. CIS Kubernetes Benchmark v1.3.0
      79. CIS Kubernetes Benchmark v1.4.0
      80. CIS Kubernetes Benchmark v1.4.1
      81. CIS Kubernetes Benchmark v1.5.1
      82. CIS Kubernetes Benchmark v1.6.0
      83. CIS macOS Safari Benchmark v2.0.0
      84. CIS Microsoft 365 Foundations Benchmark v1.0.0
      85. CIS Microsoft 365 Foundations Benchmark v1.1.0
      86. CIS Microsoft 365 Foundations Benchmark v1.2.0
      87. CIS Microsoft Azure Foundations Benchmark v1.0.0
      88. CIS Microsoft Azure Foundations Benchmark v1.1.0
      89. CIS Microsoft Exchange Server 2010 Benchmark v1.1.0
      90. CIS Microsoft Exchange Server 2013 Benchmark v1.1.0
      91. CIS Microsoft Exchange Server 2016 Benchmark v1.0.0
      92. CIS Microsoft IIS 10 Benchmark v1.0.0
      93. CIS Microsoft IIS 10 Benchmark v1.1.1
      94. CIS Microsoft IIS 7 Benchmark v1.8.0
      95. CIS Microsoft IIS 8 Benchmark v1.5.0
      96. CIS Microsoft Internet Explorer 10 Benchmark v1.1.0
      97. CIS Microsoft Internet Explorer 11 Benchmark v1.0.0
      98. CIS Microsoft Office 2013 Benchmark v1.1.0
      99. CIS Microsoft Office 2016 Benchmark v1.1.0
      100. CIS Microsoft Office Access 2013 Benchmark v1.0.1
      101. CIS Microsoft Office Access 2016 Benchmark v1.0.1
      102. CIS Microsoft Office Excel 2013 Benchmark v1.0.1
      103. CIS Microsoft Office Excel 2016 Benchmark v1.0.1
      104. CIS Microsoft Office Outlook 2013 Benchmark v1.1.0
      105. CIS Microsoft Office Outlook 2016 Benchmark v1.1.0
      106. CIS Microsoft Office PowerPoint 2013 Benchmark v1.0.1
      107. CIS Microsoft Office PowerPoint 2016 Benchmark v1.0.1
      108. CIS Microsoft Office Word 2013 Benchmark v1.1.0
      109. CIS Microsoft Office Word 2016 Benchmark v1.1.0
      110. CIS Microsoft Outlook 2010 Benchmark v1.0.0
      111. CIS Microsoft SharePoint 2016 Benchmark v1.0.0
      112. CIS Microsoft SharePoint 2016 Benchmark v1.1.0
      113. CIS Microsoft SharePoint 2019 Benchmark v1.0.0
      114. CIS Microsoft SQL Server 2008 R2 Benchmark v1.7.0
      115. CIS Microsoft SQL Server 2012 Benchmark v1.6.0
      116. CIS Microsoft SQL Server 2017 Benchmark v1.1.0
      117. CIS Microsoft SQL Server 2019 Benchmark v1.1.0
      118. CIS Microsoft Windows 10 Enterprise Release 1607 Benchmark v1.2.0
      119. CIS Microsoft Windows 10 Enterprise Release 1703 Benchmark v1.3.0
      120. CIS Microsoft Windows 10 Enterprise Release 1709 Benchmark v1.4.0
      121. CIS Microsoft Windows 10 Enterprise Release 1803 Benchmark v1.5.0
      122. CIS Microsoft Windows 10 Enterprise Release 1809 Benchmark v1.6.1
      123. CIS Microsoft Windows 10 Enterprise Release 1903 Benchmark v1.7.1
      124. CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark v1.8.1
      125. CIS Microsoft Windows 10 Enterprise Release 2004 Benchmark v1.9.0
      126. CIS Microsoft Windows 7 Workstation Benchmark v3.2.0
      127. CIS Microsoft Windows 8 Benchmark v1.0.0
      128. CIS Microsoft Windows 8.1 Workstation Benchmark v2.4.0
      129. CIS Microsoft Windows Server 2003 Benchmark v3.1.0
      130. CIS Microsoft Windows Server 2008 (non-R2) Benchmark v3.0.1
      131. CIS Microsoft Windows Server 2008 (non-R2) Benchmark v3.2.0
      132. CIS Microsoft Windows Server 2008 (non-R2) Benchmark v3.2.1
      133. CIS Microsoft Windows Server 2008 R2 Benchmark v3.2.0
      134. CIS Microsoft Windows Server 2008 R2 Benchmark v3.2.1
      135. CIS Microsoft Windows Server 2012 (non-R2) Benchmark v2.0.1
      136. CIS Microsoft Windows Server 2012 (non-R2) Benchmark v2.1.0
      137. CIS Microsoft Windows Server 2012 (non-R2) Benchmark v2.2.0
      138. CIS Microsoft Windows Server 2012 (non-R2) Benchmark v2.2.1
      139. CIS Microsoft Windows Server 2012 R2 Benchmark v2.0.0
      140. CIS Microsoft Windows Server 2012 R2 Benchmark v2.1.0
      141. CIS Microsoft Windows Server 2012 R2 Benchmark v2.4.0
      142. CIS Microsoft Windows Server 2012 R2 Benchmark v2.4.1
      143. CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark v1.0.0
      144. CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark v1.2.0
      145. CIS Microsoft Windows Server 2016 RTM (Release 1607) Benchmark v1.2.1
      146. CIS Microsoft Windows Server 2016 STIG Benchmark v1.0.0
      147. CIS Microsoft Windows Server 2016 STIG Benchmark v1.0.1
      148. CIS Microsoft Windows Server 2019 Benchmark v1.1.0
      149. CIS Microsoft Windows Server 2019 Benchmark v1.1.1
      150. CIS Microsoft Windows XP Benchmark v3.1.0
      151. CIS MongoDB 3.2 Benchmark v1.0.0
      152. CIS MongoDB 3.4 Benchmark v1.0.0
      153. CIS MongoDB 3.6 Benchmark v1.0.0
      154. CIS MongoDB Benchmark v1.0.0
      155. CIS Mozilla Firefox 24 ESR Benchmark v1.0.0
      156. CIS Mozilla Firefox 38 ESR Benchmark v1.0.0
      157. CIS Multi-Function Device Benchmark v1.0.0
      158. CIS NGINX Benchmark v1.0.0
      159. CIS Oracle Cloud Infrastructure Foundations Benchmark v1.0.0
      160. CIS Oracle Database 11g R2 Benchmark v2.2.0
      161. CIS Oracle Database 12c Benchmark v3.0.0
      162. CIS Oracle Database 18c Benchmark v1.0.0
      163. CIS Oracle Database Server 11 – 11g R2 Benchmark v1.0.0
      164. CIS Oracle Linux 6 Benchmark v1.1.0
      165. CIS Oracle Linux 7 Benchmark v3.0.0
      166. CIS Oracle Linux 8 Benchmark v1.0.0
      167. CIS Oracle MySQL Community Server 5.6 Benchmark v1.1.0
      168. CIS Oracle MySQL Community Server 5.7 Benchmark v1.0.0
      169. CIS Oracle MySQL Enterprise Edition 5.6 Benchmark v1.1.0
      170. CIS Oracle MySQL Enterprise Edition 5.7 Benchmark v1.0.0
      171. CIS Oracle Solaris 10 Benchmark v5.2.0
      172. CIS Oracle Solaris 11 Benchmark v1.1.0
      173. CIS Oracle Solaris 11.1 Benchmark v1.0.0
      174. CIS Oracle Solaris 11.1 Benchmark v1.0.1
      175. CIS Oracle Solaris 11.4 Benchmark v1.0.0
      176. CIS Palo Alto Firewall 6 Benchmark v1.0.0
      177. CIS Palo Alto Firewall 7 Benchmark v1.0.0
      178. CIS Palo Alto Firewall 8 Benchmark v1.0.0
      179. CIS Palo Alto Firewall 9 Benchmark v1.0.0
      180. CIS PostgreSQL 10 Benchmark v1.0.0
      181. CIS PostgreSQL 11 Benchmark v1.0.0
      182. CIS PostgreSQL 12 Benchmark v1.0.0
      183. CIS PostgreSQL 9.5 Benchmark v1.1.0
      184. CIS PostgreSQL 9.6 Benchmark v1.0.0
      185. CIS Red Hat Enterprise Linux 5 Benchmark v2.2.0
      186. CIS Red Hat Enterprise Linux 6 Benchmark v2.1.0
      187. CIS Red Hat Enterprise Linux 8 Benchmark v1.0.0
      188. CIS Security Metrics – Quick Start Guide v1.0.0
      189. CIS Security Metrics v1.1.0
      190. CIS SUSE Linux Enterprise 11 Benchmark v2.1.0
      191. CIS SUSE Linux Enterprise 12 Benchmark v2.1.0
      192. CIS SUSE Linux Enterprise 15 Benchmark v1.0.0
      193. CIS Ubuntu 12.04 LTS Server Benchmark v1.1.0
      194. CIS Ubuntu Linux 14.04 LTS Benchmark v2.1.0
      195. CIS Ubuntu Linux 16.04 LTS Benchmark v1.1.0
      196. CIS Ubuntu Linux 18.04 LTS Benchmark v2.0.1
      197. CIS Ubuntu Linux 20.04 LTS Benchmark v1.0.0
      198. CIS VMware ESXi 5.1 Benchmark v1.0.1
      199. CIS VMware ESXi 5.5 Benchmark v1.2.0
      200. CIS VMware ESXi 6.5 Benchmark v1.0.0
      201. CIS VMware ESXi 6.7 Benchmark v1.1.0