Operator Controls
Controls that must be implemented by each deployment operator (the organization running a SirosID wallet instance). These cover governance, people, physical security, and operational procedures that are specific to each deployment environment.
18 controls with this tag.
| ID | Title | Status | Owner | CSF Function |
|---|---|---|---|---|
| SID-ORG-01 | Information Security Policy | to_do | operator | govern |
| SID-ORG-02 | Roles, Responsibilities, and Segregation of Duties | to_do | operator | govern |
| SID-ORG-03 | Risk Management Framework | to_do | operator | identify |
| SID-ORG-04 | Supplier and Third-Party Security | to_do | operator | govern |
| SID-ORG-05 | Legal, Regulatory, and Contractual Compliance | to_do | operator | govern |
| SID-ORG-06 | Wallet Service Practice Statement | to_do | operator | govern |
| SID-ORG-07 | Terms of Service and Privacy Policy | to_do | operator | govern |
| SID-OPS-01 | Incident Response and Management | to_do | operator | respond |
| SID-OPS-02 | Business Continuity and ICT Readiness | to_do | operator | recover |
| SID-OPS-03 | Backup and Recovery | to_do | operator | recover |
| SID-OPS-06 | Monitoring and Alerting | to_do | operator | detect |
| SID-OPS-07 | Fraud Management | to_do | operator | detect |
| SID-PPL-01 | Personnel Screening and Onboarding | to_do | operator | protect |
| SID-PPL-02 | Security Awareness, Education, and Training | to_do | operator | protect |
| SID-PPL-03 | Confidentiality and Non-Disclosure Agreements | to_do | operator | protect |
| SID-PPL-04 | Information Security Event Reporting | to_do | operator | detect |
| SID-PHY-01 | Data Center Physical Security | to_do | operator | protect |
| SID-PHY-02 | Equipment and Media Security | to_do | operator | protect |