Bijlage A Tabellen
A.1 Overzicht Bedrijfsgrootteklassen en bedrijfstakken
| Code | Bedrijfsgrootte |
|---|---|
| 2-10 | 2 tot 10 werkzame personen |
| 10-50 | 10 tot 50 werkzame personen |
| 50-250 | 50 tot 250 werkzame personen |
| 100-250 | 100 tot 250 werkzame personen |
| 250+ | 250 of meer werkzame personen |
| Code | Bedrijfsklasse |
|---|---|
| C | Industrie |
| D-E | Energie, water, afvalbeheer |
| F | Bouwnijverheid |
| G | Handel |
| H | Vervoer en opslag |
| I | Horeca |
| J | Informatie en communicatie |
| K | Financiële dienstverlening |
| L | Verhuur en handel van onroerend goed |
| M | Specialistische zakelijke diensten |
| N | Verhuur en overige zakelijke diensten |
| Q | Gezondheids- en welzijnszorg |
| ICT | ICT-sector |
A.2 Kenmerken websitescans Internet.nl
| Categorie | Subgroep | Testomschrijving | Testuitkomsten | Variabelenaam |
|---|---|---|---|---|
| HTTPS | https | HTTPS beschikbaar | good/bad/other | tests_web_https_http_available_verdict |
| HTTPS-doorverwijzing | good/bad/other/not tested | tests_web_https_http_redirect_verdict | ||
| HTTPS-compressie | good/bad/not tested | tests_web_https_http_compress_verdict | ||
| HSTS aangeboden | good/bad/other/not tested | tests_web_https_http_hsts_verdict | ||
| cert | Vertrouwensketen van certificaat | good/bad/not tested | tests_web_https_cert_chain_verdict | |
| Publieke sleutel van certificaat | good/bad/not tested | tests_web_https_cert_pubkey_verdict | ||
| Handtekening van certificaat | good/bad/not tested | tests_web_https_cert_sig_verdict | ||
| Domeinnaam op certificaat | good/bad/not tested | tests_web_https_cert_domain_verdict | ||
| tls | TLS Versie | good/bad/phase out/not tested | tests_web_https_tls_version_verdict | |
| TLS ciphers | good/bad/phase out/not tested | tests_web_https_tls_ciphers_verdict | ||
| TLS cipher-volgorde | good/bad/other/not tested | tests_web_https_tls_cipherorder_verdict | ||
| TLS sleuteluitwisselingsparameters | good/bad/phase out/not tested | tests_web_https_tls_keyexchange_verdict | ||
| Hashfunctie voor sleuteluitwisseling | good/bad/phase out/not tested | tests_web_https_tls_keyexchangehash_verdict | ||
| TLS-compressie | good/bad/not tested | tests_web_https_tls_compress_verdict | ||
| Secure renegotiation | good/bad/not tested | tests_web_https_tls_secreneg_verdict | ||
| Client initiated renegotiation | good/bad/not tested | tests_web_https_tls_clientreneg_verdict | ||
| 0-RTT | good/bad/N.A./not tested | tests_web_https_tls_0rtt_verdict | ||
| TLS OCSP-stapeling | good/ok/bad/not tested | tests_web_https_tls_ocsp_verdict | ||
| dane | DANE aanwezig | good/bad/not tested | tests_web_https_dane_exist_verdict | |
| DANE geldigheid | good/bad/not tested | tests_web_https_dane_valid_verdict | ||
| IPv6 | ipv6 | IPv6-adressen voor nameservers | good/bad/other | tests_web_ipv6_ns_address_verdict |
| IPv6-bereikbaarheid van nameservers | good/bad/not tested | tests_web_ipv6_ns_reach_verdict | ||
| IPv6-adressen voor webserver | good/bad | tests_web_ipv6_ws_address_verdict | ||
| IPv6-bereikbaarheid van webservers | good/bad/not tested | tests_web_ipv6_ws_reach_verdict | ||
| Gelijke website op IPv6 en IPv4 | good/bad/not tested | tests_web_ipv6_ws_similar_verdict | ||
| DNSSEC | dnssec | DNSSEC aanwezig | good/bad/server failed | tests_web_dnssec_exist_verdict |
| DNSSEC geldigheid | good/bad/not tested | tests_web_dnssec_valid_verdict | ||
| appsec | X-Frame-options | good/bad/phase out/not tested | tests_web_appsecpriv_x_frame_options_verdict | |
| opties | X-Content-Type-Options | good/bad/phase out/not tested | tests_web_appsecpriv_x_content_type_options_verdict | |
| Content-Security-Policy | good/bad/not tested | tests_web_appsecpriv_csp_verdict | ||
| Referrer-Policy aanwezig | good/bad/not tested | tests_web_appsecpriv_referrer_policy_verdict | ||
| RPKI | rpki | Route Oorsprong Autorisatie bestaat | good/badnoaddress | tests_web_rpki_exists_verdict |
| Route Oorsprong Autorisatie is geldig | good/badnotrouted | tests_web_rpki_valid_verdict | ||
| RPKI voor nameserver bestaat | good/badnoaddress | tests_web_ns_rpki_exists_verdict | ||
| RPKI voor nameserver is geldig | good/badinvalid | tests_web_ns_rpki_valid_verdict | ||
A.3 Kenmerken e-mailscan Internet.nl
| Categorie | Subgroep | Testomschrijving | Testuitkomsten | Variabelenaam |
|---|---|---|---|---|
| IPv6 | ipv6 | IPv6-adressen voor nameservers | good/badother | tests_mail_ipv6_ns_address_verdict |
| IPv6-bereikbaarheid nameservers | good/badothernt | tests_mail_ipv6_ns_reach_verdict | ||
| IPv6 voor mailservers | good/badothermx | tests_mail_ipv6_mx_address_verdict | ||
| IPv6 mailservers bereikbaarheid | good/badothernt | tests_mail_ipv6_mx_reach_verdict | ||
| DNSSEC | dnssec | Email-adres heeft DNSSEC | good/badothermx | tests_mail_dnssec_mailto_exist_verdict |
| Email-adres DNSSEC geldig | good/badothernt | tests_mail_dnssec_mailto_valid_verdict | ||
| Ontvangende mailserver DNSSEC | good/badothermx | tests_mail_dnssec_mx_exist_verdict | ||
| Ontv. mailserver DNSSEC geldig | good/badothernt | tests_mail_dnssec_mx_valid_verdict | ||
| Authenticatie | auth | DMARC bestaat | good/badothernt | tests_mail_auth_dmarc_exist_verdict |
| DMARC strict | good/badpolicy | tests_mail_auth_dmarc_policy_verdict | ||
| DKIM bestaat | good/badnoemail | tests_mail_auth_dkim_exist_verdict | ||
| SPF bestaat | good/badothernt | tests_mail_auth_spf_exist_verdict | ||
| SPF beleid | good/badnt | tests_mail_auth_spf_policy_verdict | ||
| STARTTLS | starttls | beschikbaar | good/badnomx | tests_mail_starttls_tls_available_verdict |
| sleuteluitwisselingsparameters | good/badphaseoutnt | tests_mail_starttls_tls_keyexchange_verdict | ||
| Alleen veilige algoritmeselecties | good/badphaseoutnt | tests_mail_starttls_tls_ciphers_verdict | ||
| Volgorde Algoritmeselectie | good/badnt | tests_mail_starttls_tls_cipherorder_verdict | ||
| tls | alleen veilige TLS versies | good/badphaseoutnt | tests_mail_starttls_tls_version_verdict | |
| geen TLS-compressie | good/badothernt | tests_mail_starttls_tls_compress_verdict | ||
| secure renegotiation | good/badothernt | tests_mail_starttls_tls_secreneg_verdict | ||
| client-initiated renegotiation | good/badothernt | tests_mail_starttls_tls_clientreneg_verdict | ||
| 0-RTT | good/badnt | tests_mail_starttls_tls_0rtt_verdict | ||
| Hashfunctie voor sleuteluitwisseling | good/badphaseoutnt | tests_mail_starttls_tls_keyexchangehash_verdict | ||
| certificaat | Vertrouwensketen | good/badnt | tests_mail_starttls_cert_chain_verdict | |
| Publieke sleutel | good/badothernt | tests_mail_starttls_cert_pubkey_verdict | ||
| Handtekening van certificaat | good/badothernt | tests_mail_starttls_cert_sig_verdict | ||
| Domein op certificaat | good/badothernt | tests_mail_starttls_cert_domain_verdict | ||
| dane | DANE bestaat | good/badothernt | tests_mail_starttls_dane_exist_verdict | |
| DANE geldigheid | good/badothernt | tests_mail_starttls_dane_valid_verdict | ||
| DANE Rollover-schema | good/badothernt | tests_mail_starttls_dane_rollover_verdict | ||
| RPKI | rpki | Route Oorsprong Autorisatie bestaat | good/badnt | tests_mail_rpki_exists_verdict |
| Route Oorsprong Autorisatie is geldig | good/badnotrouted | tests_mail_rpki_valid_verdict | ||
| nameserver bestaat | good/badnt | tests_mail_ns_rpki_exists_verdict | ||
| Geldigheid voor nameserver | good/badnt | tests_mail_ns_rpki_valid_verdict | ||
| Mx | voor ontvangende mailserver bestaat | good/badnt | tests_mail_mx_ns_rpki_exists_verdict | |
| Geldigheid voor mail-servers | good/badothernt | tests_mail_mx_ns_rpki_valid_verdict | ||