SPHINX Functional Requirements and Guidelines: PART VIII

Continue form PART VII

SPHINX shall provide configurable dashboard views per user.

The SPHINX Platform shall enable users to establish the parameters of their own dashboard views, based on their role and duties concerning the operation of the IT ecosystem. Overall, this capability supports the users’ cyber security awareness, monitoring activities and decision-making with respect to the prevention of cyber threats and the mitigation of cyber-attacks.

IT Domain: Applications

Cyber Security Management Cycle: Not applicable.

SPHINX shall deliver query features.

The SPHINX Platform shall allow users to query the system concerning its prevailing risk status and incident reports to facilitate prompt intervention, whenever required, and to support incident notification obligations.

IT Domain: Applications

Cyber Security Management Cycle: Identify. Detect.

SPHINX shall allow for predefined data retention periods.

The SPHINX Platform when operating will deal with large volumes of data, this data is only useful for a given period. Following the least privilege principles and applying them to data, SPHINX should allow for data retention to be defined for user sensitive.

IT Domain: Applications

Cyber Security Management Cycle: Protect.

SPHINX shall provide a sandboxed environment to deploy and test devices, software and services.

The SPHINX Platform shall provide a safe and isolated sandboxed environment that is isolated from the IT infrastructure and its main services, therefore enabling the users to test devices, software and services in a valid environment, without disrupting or affecting the normal operations in the IT ecosystem.

IT Domain: Networking. Applications. Security/Privacy.

Cyber Security Management Cycle: Identify.

SPHINX shall provide third-party access to SPHINX functionalities.

The SPHINX Platform shall provide the opportunity for third-parties to access the SPHINX cyber security services and to extend their own products, solutions and services by incorporating SPHINX features. This should work through dynamically orchestrating the different tools inside SPHINX. A stable user API shall be delivered to ensure backward compatibility for updates.

IT Domain: Applications.

Cyber Security Management Cycle: Not applicable.

SPHINX shall require the authentication of third-parties accessing the SPHINX functionalities.

The SPHINX Platform shall enable the protection of a third-party’s access to the SPHINX functionalities by means of authentication, that in turn ensure privacy and confidentiality of information and of the certification results. The process to generate authentication credentials to third parties shall be efficient and, preferably, automated. The credentials might be revoked by either the third-party or the SPHINX system. Auditing records for the authentication and authorization shall be kept for a pre-defined retention period and shall be consumable inside the SPHINX system.

IT Domain: Applications. Security/Privacy.

Cyber Security Management Cycle: Not applicable.

 

More information about the Functional Requirements and Guidelines of SPHINX can be found in Deliverable 2.8 that is publicly available here.