Integrity

Emergency power to IT equipment is available or a hot-site connected to a separate power source is available.

Access to physical areas housing IT equipment or sensitive data must be logged and checked at least monthly for deviating situations. Procedures for working in secure areas are in place and adherence to them monitored. The procedures include at a minimum rules regarding: how and when access can be obtained by whom work should be supervised or checked no recordings can be made in secure areas how guests and contractors can perform their work activities rules regarding consumption of food emergency protocols and how any out-of-ordinary situations can be reported.

Network of IT services must be hardened against Distributed Denial of Service (DDoS) attacks. Services are configured to avoid participating in DDoS attacks. There is a documented procedure in the event of high network load (in the case of DDoS attacks for example). A procedure is in place to throttle traffic from non-critical sources, to ensure continued minimal essential functioning of the service.

The network firewall is set up to protect hosts on the network against networkflows that are potentially insecure. The firewall is one part of a layered defense. The firewall rules are set to deny all traffic that is not explicitly allowed by default. Rules that allow traffic necessary for functionality follow the architectural design. All firewall rules are documented with a textual explanation of their purpose and a revision date. Firewall rules are revised on or before their revision dates. Access to the firewall itself should be appropriately protected, has a safe configuration by default: filtering all traffic and not...

The DMZ (demilitarized zone) is the network location for public-facing services. Only systems in the DMZ can accept communications initiated from outside the network. The DMZ is separated from the outside world and the internal network with Firewalls. Only the public facing component of a service can be in the DMZ, data processing and storage must be in separate parts of the network according to the data classification. Systems within the DMZ treat other DMZ systems as non-trusted. Inside services verify requests from DMZ hosts to have the right source and authorisation.

Networks are segmented if they serve different business purposes or have differing risk levels, determined by the classification of the assets in the same segment. Each network segment is separated by a (virtual) Firewall. Best practices for Network Naming Security are followed. Managed systems belong to one organisationally managed security domain.

Networking maintains a list of approved hardware components and their required configurations. Networking hardware components are not accessible to unauthorised individuals.

Identify known malicious domains, IPs or other content and block access to these sources from the organisational network, systems and managed devices. Enable Domain Name System (DNS) query logging to detect hostname lookups for known malicious domains.

Network Access Control is used to determine the level of access users are given to the internal network. Unidentified users get access to the guest network. The authentication system shall be tied to the hardware asset inventory data to ensure only authorised devices can connect to the network. Authenticated users with managed devices can be allowed on the internal network pending verification by a client program of the device OS security update level and anti-malware status. Filters are in place against spoofed addresses.

A baseline for normal network and application packet traffic is established around critical IT services. Network Intrusion Prevention Systems are used to dynamically detect deviations from the baseline and block traffic until it has been established if the traffic does not pose unwanted risks.