Responsibility
Emergency Power
Emergency power to IT equipment is available or a hot-site connected to a separate power source is available.
Access to technical areas
Access to physical areas housing IT equipment or sensitive data must be logged and checked at least monthly for deviating situations. Procedures for working in secure areas are in place...
DDoS Network Protections
Network of IT services must be hardened against Distributed Denial of Service (DDoS) attacks. Services are configured to avoid participating in DDoS attacks. There is a documented procedure in the...
Firewall Rule Management
The network firewall is set up to protect hosts on the network against networkflows that are potentially insecure. The firewall is one part of a layered defense. The firewall rules...
DMZ
The DMZ (demilitarized zone) is the network location for public-facing services. Only systems in the DMZ can accept communications initiated from outside the network. The DMZ is separated from the...
Network Segmentation and zoning
Networks are segmented if they serve different business purposes or have differing risk levels, determined by the classification of the assets in the same segment. Each network segment is separated...
Networking Hardware
Networking maintains a list of approved hardware components and their required configurations. Networking hardware components are not accessible to unauthorised individuals.
Block malicious sources
Identify known malicious domains, IPs or other content and block access to these sources from the organisational network, systems and managed devices. Enable Domain Name System (DNS) query logging to...
Network Access Control
Network Access Control is used to determine the level of access users are given to the internal network. Unidentified users get access to the guest network. The authentication system shall...
Network Intrusion Detection and Prevention Systems
A baseline for normal network and application packet traffic is established around critical IT services. Network Intrusion Prevention Systems are used to dynamically detect deviations from the baseline and block...
