Organisation
Automated Vulnerability Scanning
Network connected IT systems are subjected to automatic vulnerability scanning at least once per month. Scanning occurs authenticated where possible.
Coordinated Vulnerability Disclosure Policy
The organization has a published Coordinated Vulnerability Disclosure Policy to encourage security researchers and individuals to ethically find and report vulnerabilities.
DDoS Network Protections
Network of IT services must be hardened against Distributed Denial of Service (DDoS) attacks. Services are configured to avoid participating in DDoS attacks. There is a documented procedure in the...
Firewall Rule Management
The network firewall is set up to protect hosts on the network against networkflows that are potentially insecure. The firewall is one part of a layered defense. The firewall rules...
DMZ
The DMZ (demilitarized zone) is the network location for public-facing services. Only systems in the DMZ can accept communications initiated from outside the network. The DMZ is separated from the...
Network Segmentation and zoning
Networks are segmented if they serve different business purposes or have differing risk levels, determined by the classification of the assets in the same segment. Each network segment is separated...
Networking Hardware
Networking maintains a list of approved hardware components and their required configurations. Networking hardware components are not accessible to unauthorised individuals.
Block malicious sources
Identify known malicious domains, IPs or other content and block access to these sources from the organisational network, systems and managed devices. Enable Domain Name System (DNS) query logging to...
Network Access Control
Network Access Control is used to determine the level of access users are given to the internal network. Unidentified users get access to the guest network. The authentication system shall...
Network Intrusion Detection and Prevention Systems
A baseline for normal network and application packet traffic is established around critical IT services. Network Intrusion Prevention Systems are used to dynamically detect deviations from the baseline and block...