* Integrate aggregate outputs from security assessment and authorization activities into security architecture lifecycle processes, to ensure reference artefacts remain relevant and valid
+
* Establish processes to maintain visibility of assets and ensure the prompt application of security-related patches and updates in order to reduce exposure to vulnerabilities, in accordance with GC Patch Management Guidance.
−
* Design processes to operate and manage services securely, and continuously monitor system events and performance in order to detect, prevent, and respond to attacks
+
* Enable event logging, in accordance with GC Event Logging Guidance, and perform monitoring of systems and services in order to detect, prevent, and respond to attacks.
−
* Establish processes to monitor security advisories, and apply security-related patches and updates to reduce exposure to vulnerabilities. Apply appropriate risk-based mitigations when patches cannot be applied
+
* Establish an incident management plan in alignment with the [https://www.canada.ca/en/treasury-board-secretariat/services/access-information-privacy/security-identity-management/government-canada-cyber-security-event-management-plan.html GC Cyber Security Event Management Plan (GC CSEMP)] and report incidents to the [https://cyber.gc.ca/en/contact-us Canadian Centre for Cyber Security (CCCS)].