Organisation

Automated Vulnerability Scanning

Network connected IT systems are subjected to automatic vulnerability scanning at least once per month. Scanning occurs authenticated where possible.

DDoS Network Protections

Network of IT services must be hardened against Distributed Denial of Service (DDoS) attacks. Services are configured to avoid participating in DDoS attacks. There is a documented procedure in the...

Firewall Rule Management

The network firewall is set up to protect hosts on the network against networkflows that are potentially insecure. The firewall is one part of a layered defense. The firewall rules...

DMZ

The DMZ (demilitarized zone) is the network location for public-facing services. Only systems in the DMZ can accept communications initiated from outside the network. The DMZ is separated from the...

Network Segmentation and zoning

Networks are segmented if they serve different business purposes or have differing risk levels, determined by the classification of the assets in the same segment. Each network segment is separated...

Networking Hardware

Networking maintains a list of approved hardware components and their required configurations. Networking hardware components are not accessible to unauthorised individuals.

Block malicious sources

Identify known malicious domains, IPs or other content and block access to these sources from the organisational network, systems and managed devices. Enable Domain Name System (DNS) query logging to...

Network Access Control

Network Access Control is used to determine the level of access users are given to the internal network. Unidentified users get access to the guest network. The authentication system shall...

Network Intrusion Detection and Prevention Systems

A baseline for normal network and application packet traffic is established around critical IT services. Network Intrusion Prevention Systems are used to dynamically detect deviations from the baseline and block...