Network Access Control Security Audit Checklist
Network Access Control Security Audit Checklist
Clause 11.4 ISO 17025
1. Policy on use of network services
• Whether users are provided with access only to the services that they have been specifically authorized to use.
• Whether there exists a policy that does address concerns relating to networks and network services.
2. User authentication for external connections
• Whether appropriate authentication mechanism is used to control access by remote users.
3. Equipment identification in networks
• Whether automatic equipment identification is considered as a means to authenticate connections from specific locations and equipment.
4. Remote diagnostic and configuration port protection
• Whether physical and logical access to diagnostic ports are securely controlled i.e., protected by a security mechanism.
5. Segregation in networks
• Whether groups of information services, users and information systems are segregated on networks.
• Whether the network (where business partner’s and/ or third parties need access to information system) is segregated using perimeter security mechanisms such as firewalls.
• Whether consideration is made to segregation of wireless networks from internal and private networks.
6. Network connection control
• Whether there exists an access control policy which states network connection control for shared networks, especially for those extend across organization’s boundaries.
7. Network routing control
• Whether the access control policy states routing controls are to be implemented for networks.
• Whether the routing controls are based on the positive source and destination identification mechanism.
Related documents
Advertisement
Sponsor sites:
1. Phrases For Performance Appraisals.
2. Interview questions and answers.
This entry was posted
on Wednesday, November 25th, 2009 at 3:14 am and is filed under ISO 27001 checklist.
You can leave a response, or trackback from your own site.
