Medium
DTAP
Description At a minimum there are distinct environments for acceptance and production. Where development activities take place, at least one separate environment for development exists. The environments are clearly distinguishable...
Service Accounts
Service accounts are only used when necessary for system authentication (no association with natural persons) or system-to-system authentication. The purpose of a service account is always documented. Each unique application-to-service...
Privileged Access
Privileged Access involves all user access that exposes more functionality than regular users have on any layer of the IT service infrastructure. Authorisations for privileged access are required to follow...
Access to admin interfaces
Administrative interfaces (other than application-level) are only accessible from an internal zone designated for administrative tasks. Access to this zone is secured via jumpservers. These jumpservers are used exclusively for...
Access to technical areas
Access to physical areas housing IT equipment or sensitive data must be logged and checked at least monthly for deviating situations. Procedures for working in secure areas are in place...
Firewall Rule Management
The network firewall is set up to protect hosts on the network against networkflows that are potentially insecure. The firewall is one part of a layered defense. The firewall rules...
Network Segmentation and zoning
Networks are segmented if they serve different business purposes or have differing risk levels, determined by the classification of the assets in the same segment. Each network segment is separated...
Network Access Control
Network Access Control is used to determine the level of access users are given to the internal network. Unidentified users get access to the guest network. The authentication system shall...
Password Monitoring
There is security monitoring on organisational credentials appearing in (publicized) data-breaches. If there are indications of compromise of passwords, or risks that the credentials of individuals are compromised, passwords will...
Account monitoring
At least every month for all current accounts the number of lock-outs, current account status, account end-date and account-deletion date (if relevant) is reported.