From Network Infrastructure Policy Security Technical Implementation Guide
Part of External connections not documented or reviewed.
Associated with: CCI-001121
A network is only as secure as its weakest link. It is imperative that all external connections be reviewed and kept to a minimum needed for operations. All external connections should be treated as untrusted networks. Reviewing who or what the network is connected to empowers the security manager to make sound judgements and security recommendations. Minimizing backdoor circuits and connections reduces the risk for unauthorized access to network resources.
Review the network topology and interview the ISSO to verify that external connections to the network are reviewed and documented on a semi-annual basis. If there are any external connections that have not been documented, or if the connections are not reviewed on a semi-annual basis, this is a finding.
Implement a semi-annual review process to document and account for external connections to the organization.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer