高级英语翻译英汉对照(共22页).doc

精选优质文档-倾情为你奉上高级英语翻译英汉对照 Retaining and reviewing records of CDA configuration changes and audit activities associated with CDAconfiguration changes and employing manual and/or automated mechanisms to:b5E2RGbCAP- Document changes to CDAs, Notify designated approval authorities, and Prohibit implementation of changes until designated approvals are received and documented.p1EanqFDPw3.11.5 Security Impact Analysis of Changes and EnvironmentDXDiTa9E3d3.11.5 环境变化和安全影响分析The Calvert Cliffs 3 Nuclear Project, LLCJ's CST performs a security impact assessment before making changes to CDAs consistent with Section 1.4.2.2 of this plan to manage the cyber risk resulting from the changes. The CST evaluates, documents, and incorporates into the security impact analysis any identified safety and security interdependencies.RTCrpUDGiTThe Calvert Cliffs 3 Nuclear Project, LLC performs and documents the security impact assessment as part of the change approval process.5PCzVD7HxA3.11.6 Access Restrictions for Change3.11.6 更改访问限制Calvert Cliffs 3 Nuclear Project, LLC defines, documents, approves, and enforces physical and logical access restrictions associated with changes to CDAs and generates, retains, and audits the record quarterly and when there are indications that unauthorized changes may have occurred. Calvert Cliffs 3 Nuclear Project, LLC implements its configuration management program to address discovered deviations.jLBHrnAILgCalvert Cliffs 3 Nuclear Project, LLC employs automated mechanisms to detect unauthorized changes, to enforce access restrictions and to support subsequent audits of enforcement actions.xHAQX74J0XCalvert Cliffs 3 Nuclear Project, LLC documents the justification and details for alternate (compensating) security controls for situations in which a CDA cannot support the use of automated mechanisms to enforce access restrictions and to support subsequent audits of enforcement actions, including all of the following: LDAYtRyKfE Physically restricting access, Monitoring and recording physical access to enable timely detection and response to intrusions, Employing auditing and validation measures (e.g., security officer rounds, periodic monitoring of tamper seals), Ensuring authorized individuals are trustworthy and reliable in accordance with 10 CFR 73.56, Ensuring that authorized individuals are operating under established work management controls, and Conducting post maintenance testing to validate that changes are implemented correctly.Zzz6ZB2Ltk3.11.7 Configuration Settings3.11.7 配置设置Calvert Cliffs 3 Nuclear Project, LLC applies configuration settings for CDAs by (1) documenting the most restrictive mode, (2) valuating operational requirements, and (3) enforcing and documenting the most restrictive operational configuration settings based upon explicit operational requirements. This is achieved by the following:dvzfvkwMI1 Establishing and documenting configuration settings for CDAs that reflect the most restrictive mode, Documenting and approving any exceptions from the most restrictive mode configuration settings for individual components within CDAs based upon explicit operational requirements, Enforcing the configuration settings in CDAs and monitoring and controlling changes to he configuration settings in accordance with Calvert Cliffs 3 Nuclear Project, LLC policies and procedures, Documenting and employing automated mechanisms to centrally manage, apply, and verify configuration settings, Documenting and employing automated mechanisms and/or manual mechanisms to respond torqyn14ZNXIunauthorized changes to Calvert Cliffs 3 Nuclear Project, LLC-defined configuration settings, andEmxvxOtOco Documenting the justification for alternate (compensating) security controls for situations n which a CDASixE2yXPq5cannot support the use of automated mechanisms to centrally manage, apply, and verify configuration settings, including all of the following:6ewMyirQFL- Physically restricting access, Monitoring and recording physical access to enable timely detection and response to intrusions, Employing auditing/validation measures (e.g., security officer rounds, periodic monitoring of tamper seals), Ensuring authorized individuals are trustworthy and reliable in accordance with 10 CFR 73.56, Ensuring that authorized individuals are operating under established work management controls, and Conducting post maintenance testing to validate that changes are implemented correctly.kavU42VRUs3.11.8 Least Functionality3.11.8 最小功能Calvert Cliffs 3 Nuclear Project, LLC configures and documents CDA configuration settings to provide only essential capabilities and specifically prohibits, protects, and restricts the use of insecure functions, ports, protocols and services. Calvert Cliffs 3 Nuclear Project, LLC reviews CDAs monthly to identify and eliminate unnecessary functions, ports, protocols, and services. Calvert Cliffs 3 Nuclear Project, LLC documents and employs automated mechanisms to prevent program execution. Calvert Cliffs 3 Nuclear Project, LLC uses white-lists, black-lists, and gray-lists application control technologies.y6v3ALoS893.11.9 Component Inventory3.11.9 组件库存Calvert Cliffs 3 Nuclear Project, LLC develops, documents, and maintains an inventory of the components of CDAs that has the following attributes:M2ub6vSTnP Accurately reflects the current system configuration, Ensures that the location (logical and physical) of each component is consistent with the authorized boundary of the CDA, Provides the proper level of granularity deemed necessary for tracking and reporting and for effective property accountability, Updates the inventory of system components as an integral part of component installations and system updates, Employs automated mechanisms to maintain an up-to-date, complete, accurate, and readily available inventory of system components, Employs automated mechanisms to detect the addition of unauthorized components or devices into the0YujCfmUCwenvironment and disables access by such components or devices or notifies designated Calvert Cliffs 3 Nuclear Project, LLC officials, andeUts8ZQVRdDocuments the names or roles of the individuals responsible for administering those components. sQsAEJkW5TMANAGEMENT CONTROLS管理控制3.12 System and Service Acquisition3.12 系统和服务获取3.12.1 System and Services Acquisition Policy and ProceduresGMsIasNXkA3.12.1 系统与服务获取政策和程序Calvert Cliffs 3 Nuclear Project, LLC develops, disseminates, and annually reviews and updates a formal, documented system and services acquisition policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among Calvert Cliffs 3 Nuclear Project, LLC entities, associated system and service acquisition controls, and compliance.TIrRGchYzgCalvert Cliffs 3 Nuclear Project, LLC develops, disseminates, and annually reviews and updates formal, documented procedures to facilitate the implementation of the system and services acquisition policy and associated system and services acquisition controls.7EqZcWLZNX3.12.2 Supply Chain Protection3.12.2 供应链保护Calvert Cliffs 3 Nuclear Project, LLC protects against supply chain threats and vulnerability by employing the following list of measures to protect against supply chain threats to maintain the integrity of the CDAs that are acquired:lzq7IGf02E Establishment of trusted distribution paths, Validation of vendors, and Requiring tamper proof products or tamper evident seals on acquired products.zvpgeqJ1hkCalvert Cliffs 3 Nuclear Project, LLC performs an analysis for each product acquisition to determine that the product provides the security requirements necessary to address the security controls in Sections 2 and 3 of this plan.NrpoJac3v1Calvert Cliffs 3 Nuclear Project, LLC uses heterogeneity to mitigate vulnerabilities associated with the use of a single vendor's product.11nowfTG4KI3.12.3 TrustworthinessCalvert Cliffs 3 Nuclear Project, LLC requires that software developers employ software quality and validation methods to minimize flawed or malformed software.fjnFLDa5ZoCalvert Cliffs 3 Nuclear Project, LLC establishes, implements, and documents requirements to require all tools used to perform cyber security tasks or SSEP functions to undergo a commercial qualification process similar to that for software engineering tools that are used to develop digital instrumentation and control systems.tfnNhnE6e53.12.4 Integration of Security Capabilities3.12.4 安全功能集成Calvert Cliffs 3 Nuclear Project, LLC documents and implements a program to ensure that new acquisitions contain security design information, capabilities or both to implement security controls in Section 2 of this plan. Such security capabilities include the following:HbmVN777sL Being cognizant of evolving cyber security threats and vulnerabilities, Being cognizant of advancements in cyber security protective strategies and security controls, Conducting analyses of the effects that each advancement could have on the security, safety, and operation of critical assets, systems, CDAs, and networks and implementing these advancements in a timely manner, and Replacing legacy systems as they reach end of life with systems that incorporate security capabilities.V7l4jRB8HsCalvert Cliffs 3 Nuclear Project, LLC establishes timeframes to minimize the time it takes to deploy new and more effective protective strategies and security controls.83lcPA59W93.12.5 Developer Security Testing3.12.5 开发人员安全测试Calvert Cliffs 3 Nuclear Project, LLC documents and requires that system developers and integrators of acquired CDAs create, implement, and document a security test and evaluation plan to ensure that the acquired products meet all specified security requirements (1) that the products are free from known, testable vulnerabilities and malicious code by identifying and eliminating these following vulnerabilities and other vulnerabilities that may change with new technology:mZkklkzaaP1Weak, unproven, or nonstandard cryptographic modules, Heterogeneity will be deployed in the acquisition of all CDAs where possible and applicable.AVktR43bpw Insecure network protocols for sensitive communications, Known insecure software components or libraries, Known vulnerabilities, Insecure configuration files or options that act to control features of the application, Inadequate or inappropriate use of access control mechanisms to control access to system resources,ORjBnOwcEd Inappropriate privileges being granted to users, processes, or applications, Weak authentication mechanisms, Improperly or failing to validate input and output data, Insecure or inadequate logging of system errors or security-related information, Inadequately bounded buffers, Format string vulnerabilities, Privilege escalation vulnerabilities, Unsafe database transactions, Unsafe use of native function calls, Hidden functions and vulnerable features embedded in the code, Implemented security features do not themselves act to increase the risk of security vulnerabilities, increase susceptibility to cyber attack, or reduce the reliability of design-basis functions. Use of unsupported or undocumented methods or functions, and Use of undocumented code or malicious functions that might allow either unauthorized access or use of the2MiJTy0dTTsystem or the system to behave beyond the system requirements.gIiSpiue7A(2) and developers cyber security program maintains the integrity of the acquired system until the product is delivered to the Calvert Cliffs 3 Nuclear Project, LLC by implementing equivalent security controls as described in RG 5.71 to prevent tampering and to provide high assurance that the integrity of the developed CDA is maintained until delivered to the licensee.uEh0U1YfmhCalvert Cliffs 3 Nuclear Project, LLC requires the developer to perform and document that security requirements are verified and validated and that security controls implemented in the product and used to meet the requirements of this plan are tested to ensure they are effective per Section 1.4.1.2.IAg9qLsgBXCalvert Cliffs 3 Nuclear Project, LLC requires documentation of all of the following activities:WwghWvVhPE System design transformed into code, database structures, and related machine executable representations, Hardware and software configuration and setup, Software coding practices and testing, Communication configuration and setup (including the incorporation of reused software and commercial off- the-shelf products), The results of unit tests performed to ensure that the code was developed correctly and accurately and completely reflects the security design configuration transformations from the requirements, Details of the implementation of each required security feature within the developed code base. The listingasfpsfpi4kincludes reference the coded functions and modules within the code base that were developed to implement the security features,ooeyYZTjj1Security configurations implemented to meet security design features specified in the requirements,BkeGuInkxIOperating system security configurations implemented to meet security design features specified in the requirements are documented,PgdO0sRlMo For programming languages that support static analysis source code scanners, results of the following are3cdXwckm15documented:- The static source code vulnerability analysis performed to inspect the developed code for potentialh8c52WOngMsecurity defects, poor programming practices, hidden functions, and vulnerable features within the code during the implementation of the code base and methods applied to eliminate these vulnerabilities,v4bdyGious- The security defect tracking metrics used to capture and track the identification, type, classification, cause, and remediation of security defects found within the code, and The defects encountered during the translation of the design features specified in the requirements into code. For all programming languages, the results of the following are documented:J0bm4qMpJ9- A dynamic source code vulnerability analysis performed to inspect the developed code for potentialXVauA9grYPsecurity defects, poor programming practices, hidden functions, and vulnerable features within the code during the implementation of the code base and methods applied to eliminate these vulnerabilities,bR9C6TJscwThe security defect tracking metrics used t