CSA N290.7:2014被替代

This Standard pertains to the securing of essential computer systems and components against cyber attacks resulting in loss of availability, degradation or loss of ability to perform their intended function, compromise of their integrity, and loss of confidentiality of their information. This Standard does not apply to business systems (e.g., work management), and offline engineering systems (e.g., analytical, scientific, and design computer programs as per CSA N286.7). In this Standard, “shall” is used to express a requirement, i.e., a provision that the user is obliged to satisfy in order to comply with the standard; “should” is used to express a recommendation or that which is advised but not required; and “may” is used to express an option or that which is permissible within the limits of the standard. Notes accompanying clauses do not include requirements or alternative requirements; the purpose of a note accompanying a clause is to separate from the text explanatory or informative material. Notes to tables and figures are considered part of the table or figure and may be written as requirements. Annexes are designated normative (mandatory) or informative (nonmandatory) to define their application.

CSA N290.7:2014(R2019)