The Network Systems Policy outlines the procedures for the management of Network Systems within the Netspective Communications LLC. [FII-SCF-002-AST-04]
-
The executive management of all relevant entities must authorize connections between systems and ensure the implementation of appropriate controls to protect them.
-
The information owner and the ISO/designated security representative must document all connections and their configurations, and review the documentation annually, at a minimum. This is to ensure that the business case for the connection is still valid and that the connection is still required. Additionally, the review should confirm that the security controls in place (filters, rules, access control lists, etc.) are appropriate and functioning correctly.
-
Establish and maintain a network architecture that includes tiered network segmentation between:
- Internet accessible systems and internal systems;
- Systems with high security categorizations (e.g., mission-critical, systems containing PII) and other systems; and
- User and server segments.
-
Perform network management from a secure, dedicated network.
-
Require authentication for all users connecting to internal systems.
User list
-
Require network authentication for all devices connecting to internal networks.
-
Only authorized individuals or business units may capture or monitor network traffic.
Network Log
Server Log:
- Consult with the ISO/designated security representative to perform a risk assessment before initiating or making significant changes to any network technology or project, including but not limited to wireless technology.