高级英语翻译英汉对照

高级英语翻译英汉比照•RetainingandreviewingrecordsofCDAconfigurationchangesandauditactivitiesassociatedwithCDAconfigurationchangesandemploying{manualand/orautomated}mechanismsto:-DocumentchangestoCDAs,Notifydesignatedapprovalauthorities,andProhibitimplementationofchangesuntildesignatedapprovalsarereceivedanddocumented.3.11.5SecurityImpactAnalysisofChangesandEnvironment.11.5环境改变和平安影响分析The{CalvertCliffs3NuclearProject,LLCJ'sCSTperformsasecurityimpactassessmentbeforemakingchangestoCDAsconsistentwith{Section1.4.2.2ofthisplan}tomanagethecyberriskresultingfromthechanges.TheCSTevaluates,documents,andincorporatesintothesecurityimpactanalysisanyidentifiedsafetyandsecurityinterdependencies.The{CalvertCliffs3NuclearProject,LLC}performsanddocumentsthesecurityimpactassessmentaspartofthechangeapprovalprocess..11.6AccessRestrictionsforChange3.11.6更改访问限制•Inappropriateprivilegesbeinggrantedtousers,processes,orapplications,Weakauthenticationmechanisms,Improperlyorfailingtovalidateinputandoutputdata,Insecureorinadequateloggingofsystemerrorsorsecurity-relatedinformation,Inadequatelyboundedbuffers,Formatstringvulnerabilities,Privilegeescalationvulnerabilities,Unsafedatabasetransactions,Unsafeuseofnativefunctioncalls,Hiddenfunctionsandvulnerablefeaturesembeddedinthecode,Implementedsecurityfeaturesdonotthemselvesacttoincreasetheriskofsecurityvulnerabilities,increasesusceptibilitytocyberattack,orreducethereliabilityofdesign-basisfunctions.Useofunsupportedorundocumentedmethodsorfunctions,andUseofundocumentedcodeormaliciousfunctionsthatmightalloweitherunauthorizedaccessoruseofthesystemorthesystemtobehavebeyondthesystemrequirements.(2)anddeveloperscybersecurityprogrammaintainstheintegrityoftheacquiredsystemuntiltheproductisdeliveredtothe{CalvertCliffs3NuclearProject,LLC}byimplementingequivalentsecuritycontrolsasdescribedinRG5.71topreventtamperingandtoprovidehighassurancethattheintegrityofthedevelopedCDAismaintaineduntildeliveredtothelicensee.{CalvertCliffs3NuclearProject,LLC}requiresthedevelopertoperformanddocumentthatsecurityrequirementsareverifiedandvalidatedandthatsecuritycontrolsimplementedintheproductandusedtomeettherequirementsofthisplanaretestedtoensuretheyareeffectiveperSection1.4.1.2.{CalvertCliffs3NuclearProject,LLC}requiresdocumentationofallofthefollowingactivities:Systemdesigntransformedintocode,databasestructures,andrelatedmachineexecutablerepresentations,Hardwareandsoftwareconfigurationandsetup,Softwarecodingpracticesandtesting,Communicationconfigurationandsetup(includingtheincorporationofreusedsoftwareandcommercialoff-the-shelfproducts),Theresultsofunittestsperformedtoensurethatthecodewasdevelopedcorrectlyandaccuratelyandcompletelyreflectsthesecuritydesignconfigurationtransformationsfromtherequirements,Detailsoftheimplementationofeachrequiredsecurityfeaturewithinthedevelopedcodebase.Thelistingincludesreferencethecodedfunctionsandmoduleswithinthecodebasethatweredevelopedtoimplementthesecurityfeatures,Securityconfigurationsimplementedtomeetsecuritydesignfeaturesspecifiedintherequirements,Operatingsystemsecurityconfigurationsimplementedtomeetsecuritydesignfeaturesspecifiedintherequirementsaredocumented,Forprogramminglanguagesthatsupportstaticanalysissourcecodescanners,resultsofthefollowingaredocumented:Thestaticsourcecodevulnerabilityanalysisperformedtoinspectthedevelopedcodeforpotentialsecuritydefects,poorprogrammingpractices,hiddenfunctions,andvulnerablefeatureswithinthecodeduringtheimplementationofthecodebaseandmethodsappliedtoeliminatethesevulnerabilities,•Thesecuritydefecttrackingmetricsusedtocaptureandtracktheidentification,type,classification,cause,andremediationofsecuritydefectsfoundwithinthecode,andThedefectsencounteredduringthetranslationofthedesignfeaturesspecifiedintherequirementsintocode.Forallprogramminglanguages,theresultsofthefollowingaredocumented:-Adynamicsourcecodevulnerabilityanalysisperformedtoinspectthedevelopedcodeforpotentialsecuritydefects,poorprogrammingpractices,hiddenfunctions,andvulnerablefeatureswithinthecodeduringtheimplementationofthecodebaseandmethodsappliedtoeliminatethesevulnerabilities,Thesecuritydefecttrackingmetricsusedtocaptureandtracktheidentification,type,classification,cause,andremediationofsecuritydefectsfoundwithinthecode,andThedefectsencounteredduringthetranslationofthedesignfeaturesspecifiedintherequirementsintocode.一一{CalvertCliffs3NuclearProject,LLC}requiresthatCDAdevelopers/integrators:•PerformconfigurationmanagementduringCDAdesign,development,implementation,andoperation,ManageandcontrolchangestotheCDA,Implementonly{CalvertCliffs3NuclearProject,LLC}approvedchanges,DocumentapprovedchangestotheCDA,andTracksecurityflawsandflawresolution.Licensee/Applicanttesting被许可方/申请人测试{CalvertCliffs3NuclearProject,LLC}verifiesandvalidatestheresultsofthedeveloper'ssecuritytestinginconductedinaccordancewithSection3.12.5above.{CalvertCliffs3NuclearProject,LLC}isresponsibleforthefollowing:TestingCDA(e.g.,offlineonacomparableCDA)securitydevices,securitycontrols,andsoftwaretoensurethattheydonotcompromisetheCDAortheoperationofaninterconnectedCDAoperationbeforeinstallation,TestingtoensurethatCDAsdonotprovideapathwaytocompromisetheCDAorotherCDAs,ImplementationofthesecuritycontrolsinSections2and3ofthisplaninaccordancewiththeprocessdescribedinSection1.3.1.6ofthisplan,Testingofthesecuritycontrolsforeffectiveness,asdescribedinSection1.4.1.2ofthisplan,Performanceofvulnerabilityscans,inaccordancewithSection1.4.1.3ofthisplanandSection3.13.1ofthisplan,againsttheCDAinitsintegratedstateandcorrection,elimination,ordiscussionofdiscoveredvulnerabilities,InstallationandtestingoftheCDAinthetargetenvironment,andPerformanceofanacceptancereviewandtestoftheCDAsecurityfeatures. {CalvertCliffs3NuclearProject,LLC}documentsthefollowing:・SecuritycontrolsimplementedinaccordancewithSection2ofthisplan.VerificationoftheeffectivenessofthesecuritycontrolsimplementedinaccordancewithSection3ofthisplan.SecuritydesignfeaturesdevelopedtoaddresstheidentifiedsecurityrequirementsfortheCDA(ifany),inadditiontothesecuritycontrolsimplementedinaccordancewithSection2ofthisplan.Foreachsecurityfeatureorconfigurationtobeimplemented,thedocumentationincludesadescriptionofthefeature,itsmethodofimplementation,andanyconfigurableoptionsassociatedwiththefeatureareprovided.Eachsecurityfeaturedesignedintothesystemistraceabletoitscorrespondingsecurityrequirement.Thesecurityreviewsoftheimplementeddesignbythecybersecurityorganizationresponsiblefortheprotectionofthecriticalassets/systems/networksaredocumented.Thereviewensuresthatthesecuritydesignconfigurationitemtransformationsfromtherequirementsimplementedarecorrect,accurate,andcomplete.{CalvertCliffs3NuclearProject,LLC}requires{annual}auditsofCDAstoverifythefollowing:Thesecuritycontrolspresentduringtestingremaininplaceandarefunctioningcorrectlyintheproductionsystem.CDAsarefreefromknownvulnerabilitiesandsecuritycompromisesandcontinuetoprovideinformationonthenatureandextentofcompromises,shouldtheyoccur.Thechangemanagement{processand/orprogram)isfunctioningeffectivelyandisrecordingconfigurationchangesappropriately.3.13SecurityAssessmentandRiskManagement3.13平安评估与风险管理3.13.1ThreatandVulnerabilityManagement3.13.1威逼和漏洞管理{CalvertCliffs3NuclearProject,LLC}doesthefollowing:PerformassessmentsandscansforvulnerabilitiesinCDAs{nolessfrequentlythanonceaquarter}andatrandomintervalsinaccordancewithSection1.4.1.3ofthisplanandwhennewpotentialCDAvulnerabilitiesarereportedoridentified.Employvulnerabilityscanningtoolsandtechniquesthatpromoteinteroperabilityamongtoolsandautomatingpartsofthevulnerabilitymanagementprocessby:Enumeratingplatforms,softwareflaws,andimproperconfigurations,Formattingandmakingtransparentchecklistsandtestprocedures,andMeasuringvulnerabilityimpacts.•AnalyzevulnerabilityscanreportsandremediatevulnerabilitieswithinatimeperiodthatwillprovidehighassurancethatCDAsareprotectedfromcyberattacksuptoandincludingtheDBT.EliminatesimilarvulnerabilitiesinotherCDAs.EmployvulnerabilityscanningtoolsthatincludethecapabilitytoupdatethelistofcybervulnerabilitiesscannedandupdatethelistofCDAvulnerabilitiesscanned{monthly}andwhennewvulnerabilitiesareidentifiedandreported.Employvulnerabilityscanningproceduresthatmaximizethebreadthanddepthofcoverage(i.e.,CDAcomponentsscannedandvulnerabilitieschecked).DiscernanddocumentwhatinformationassociatedwiththeCDAisdiscoverablebyadversaries.PerformsecuritytestingtodeterminethelevelofdifficultyincircumventingthesecuritycontrolsoftheCDA.{Testingmethodsincludepenetrationtesting,malicioususertesting,andindependentverificationandvalidation.}IncludeprivilegedaccessauthorizationtoCDAsforselectedvulnerabilityscanningactivitiestofacilitatemorethoroughscanning.EmployautomatedmechanismstocomparetheresultsofvulnerabilityscansovertimetodeterminetrendsinCDAvulnerabilitiesandmitigation/flawremediationactivities.EmployautomatedmechanismstodetectandnotifyauthorizedpersonnelofthepresenceofunauthorizedsoftwareonCDAs.EnsurethatSSEPfunctionsarenotadverselyimpactedbythescanningprocess.Wherethismayoccur,CDAsareremovedfromserviceorreplicated(totheextentfeasible)beforescanningisconductedorbescheduledtooccurduringplannedCDAoutageswheneverpossible.Where{CalvertCliffs3NuclearProject,LLC}cannotconductvulnerabilityscanningonaproductionCDAbecauseofthepotentialforanadverseimpactonSSEPfunctions,alternatecontrols(e.g.,providingareplicatedsystemorCDAtoconductscanning)areemployed.The{CalvertCliffs3NuclearProject,LLC}reviewshistoricauditlogstodetermineifavulnerabilityidentifiedintheCDAhasbeenpreviouslyexploited.3.13.2RiskMitigation.13.2缓解风险Protectionandmitigationofriskareachievedbyimplementing(1)thedefense-in-depthstrategiesdiscussedinSectionC.3.2oftoRG5.71,(2)thesecuritycontrolsdescribedinSections2and3ofthisplan,and(3)digitalequipmentandsoftwarecyberattackdetection,prevention,andrecoverytechniquesandtoolstothesystems,structures,andcomponentswithinthescopeoftheruleand(4)Section1.4ofthisplan.{CalvertCliffs3NuclearProject,LLC}hasthedetailedinformationonhowtheserequirementsareimplementedtoachievethehighassuranceobjectivesofsecuritycontrolsspecifiedinthisplan.ThedetailedinformationisavailableforNRCinspectionsandaudits..13.3CorrectiveActionProgram3.13.3订正措施方案{CalvertCliffs3NuclearProject,LLC}established,implemented,anddocumentedthecriteriaconsistentwithRG5.71foradverseconditionsandtherequirementsforcorrectiveaction.Theadverseimpactresultingfromacybersecurityincidentisevaluated,tracked,andadjustedinaccordancewiththe{CalvertCliffs3NuclearProject,LLC}CorrectiveActionProgramandinamannerconsistentwithRG5.71.{CalvertCliffs3NuclearProject,LLC)defines,documents,approves,andenforcesphysicalandlogicalaccessrestrictionsassociatedwithchangestoCDAsandgenerates,retains,andauditstherecord{quarterly)andwhenthereareindicationsthatunauthorizedchangesmayhaveoccurred.{CalvertCliffs3NuclearProject,LLC}implementsitsconfigurationmanagementprogramtoaddressdiscovereddeviations.{CalvertCliffs3NuclearProject,LLC}employsautomatedmechanismstodetectunauthorizedchanges,toenforceaccessrestrictionsandtosupportsubsequentauditsofenforcementactions.{CalvertCliffs3NuclearProject,LLC}documentsthejustificationanddetailsforalternate(compensating)securitycontrolsforsituationsinwhichaCDAcannotsupporttheuseofautomatedmechanismstoenforceaccessrestrictionsandtosupportsubsequentauditsofenforcementactions,includingallofthefollowing:••Physicallyrestrictingaccess,Monitoringandrecordingphysicalaccesstoenabletimelydetectionandresponsetointrusions,Employingauditingandvalidationmeasures(e.g.,securityofficerrounds,periodicmonitoringoftamperseals),Ensuringauthorizedindividualsaretrustworthyandreliableinaccordancewith10CFR73.56,Ensuringthatauthorizedindividualsareoperatingunderestablishedworkmanagementcontrols,andConductingpostmaintenancetestingtovalidatethatchangesareimplementedcorrectly.3.11.7ConfigurationSettings3.11.7配置设置{CalvertCliffs3NuclearProject,LLC}appliesconfigurationsettingsforCDAsby(1)documentingthemostrestrictivemode,(2)valuatingoperationalrequirements,and(3)enforcinganddocumentingthemostrestrictiveoperationalconfigurationsettingsbaseduponexplicitoperationalrequirements.Thisisachievedbythefollowing:EstablishinganddocumentingconfigurationsettingsforCDAsthatreflectthemostrestrictivemode,DocumentingandapprovinganyexceptionsfromthemostrestrictivemodeconfigurationsettingsforindividualcomponentswithinCDAsbaseduponexplicitoperationalrequirements,EnforcingtheconfigurationsettingsinCDAsandmonitoringandcontrollingchangestoheconfigurationsettingsinaccordancewith{CalvertCliffs3NuclearProject,LLC}policiesandprocedures,Documentingandemployingautomatedmechanismsto{centrally}manage,apply,andverifyconfigurationsettings,Documentingandemploying{automatedmechanismsand/ormanualmechanisms}torespondtounauthorizedchangesto{CalvertCliffs3NuclearProject,LLC)-definedconfigurationsettings,andDocumentingthejustificationforalternate(compensating)securitycontrolsforsituationsnwhichaCDAcannotsupporttheuseofautomatedmechanismsto{centrally}manage,apply,andverifyconfigurationsettings,includingallofthefollowing:-Physicallyrestrictingaccess,Monitoringandrecordingphysicalaccesstoenabletimelydetectionandresponsetointrusions,Employingauditing/validationmeasures(e.g.,securityofficerrounds,periodicmonitoringoftamperseals),Ensuringauthorizedindividualsaretrustworthyandreliableinaccordancewith10CFR73.56,Ensuringthatauthorizedindividualsareoperatingunderestablishedworkmanagementcontrols,andConductingpostmaintenancetestingtovalidatethatchangesareimplementedcorrectly.3.11.8LeastFunctionality.11.8最小功能{CalvertCliffs3NuclearProject,LLC}configuresanddocumentsCDAconfigurationsettingstoprovideonlyessentialcapabilitiesandspecificallyprohibits,protects,andrestrictstheuseofinsecurefunctions,ports,protocolsandservices.{CalvertCliffs3NuclearProject,LLC)reviewsCDAs{monthly}toidentifyandeliminateunnecessaryfunctions,ports,protocols,andservices.{CalvertCliffs3NuclearProject,LLC)documentsandemploysautomatedmechanismstopreventprogramexecution.(CalvertCliffs3NuclearProject,LLC}uses{white-lists,black-lists,andgray-lists}applicationcontroltechnologies..11.9ComponentInventory3.11.9组件库存{CalvertCliffs3NuclearProject,LLC}develops,documents,andmaintainsaninventoryofthecomponentsofCDAsthathasthefollowingattributes:•Accuratelyreflectsthecurrentsystemconfiguration,Ensuresthatthelocation(logicalandphysical)ofeachcomponentisconsistentwiththeauthorizedboundaryoftheCDA,Providestheproperlevelofgranularitydeemednecessaryfortrackingandreportingandforeffectivepropertyaccountability,Updatestheinventoryofsystemcomponentsasanintegralpartofcomponentinstallationsandsystemupdates,Employsautomatedmechanismstomaintainanup-to-date,complete,accurate,andreadilyavailableinventoryofsystemcomponents,Employsautomatedmechanismstodetecttheadditionofunauthorizedcomponentsordevicesintotheenvironmentanddisablesaccessbysuchcomponentsordevicesornotifiesdesignated{CalvertCliffs3NuclearProject,LLC}officials,andDocumentsthe{namesorroles}oftheindividualsresponsibleforadministeringthosecomponents.•MANAGEMENTCONTROLS管理限制12SystemandServiceAcquisition3.12系统和服务获得SystemandServicesAcquisitionPolicyandProcedures12.1系统与服务获得政策和程序{CalvertCliffs3NuclearProject,LLC)develops,disseminates,and{annually)reviewsandupdatesaformal,documentedsystemandservicesacquisitionpolicythataddressespurpose,scope,roles,responsibilities,managementcommitment,{coordinationamong{CalvertCliffs3NuclearProject,LLC}entities},associatedsystemandserviceacquisitioncontrols,andcompliance.{CalvertCliffs3NuclearProject,LLC}develops,disseminates,and{annually)reviewsandupdatesformal,documentedprocedurestofacilitatetheimplementationofthesystemandservicesacquisitionpolicyandassociatedsystemandservicesacquisitioncontrols.SupplyChainProtection{CalvertCliffs3NuclearProject,LLC}protectsagainstsupplychainthreatsandvulnerabilitybyemployingthefollowinglistofmeasurestoprotectagainstsupplychainthreatstomaintaintheintegrityoftheCDAsthatareacquired:•Establishmentoftrusteddistributionpaths,Validationofvendors,andRequiringtamperproofproductsortamperevidentsealsonacquiredproducts.{CalvertCliffs3NuclearProject,LLC}performsananalysisforeachproductacquisitiontodeterminethattheproductprovidesthesecurityrequirementsnecessarytoaddressthesecuritycontrolsinSections2and3ofthisplan.{CalvertCliffs3NuclearProject,LLC}usesheterogeneitytomitigatevulnerabilitiesassociatedwiththeuseofasinglevendor5sproduct.1Trustworthiness{CalvertCliffs3NuclearProject,LLC}requiresthatsoftwaredevelopersemploysoftwarequalityandvalidationmethodstominimizeflawedormalformedsoftware.{CalvertCliffs3NuclearProject,LLC}establishes,implements,anddocumentsrequirementstorequirealltoolsusedtoperformcybersecuritytasksorSSEPfunc