Maintain up to date network diagrams

Status: Live

The organization will ensure there are regularly updated network maps, diagrams and documentation on setups of routers, switches, and architectures that can identify unreported systems. [UCF ID 00531]

Supporting and supported controls

This control directly supports:

There are no supporting controls.

Authority documents complied with:

FFIEC IT Examination Handbook – E-Banking, August 2003, Pg 28; FFIEC IT Examination Handbook – Information Security, Pg 11, Exam Tier I Obj 2.3, Exam Tier II Obj B.1, Exam Tier II Obj M.1; FFIEC IT Examination Handbook – Operations, July 2004, Pg 6, Exam Tier I Obj 4.2; Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2, § 1.1.2; Federal Information System Controls Audit Manual (FISCAM), February 2009, AC-3.2(B); The Standard of Good Practice for Information Security, NW1.4.2(a), NW1.4.2(c), NW1.4.3; DISA Wireless STIG Apriva Sensa Secure Wireless Email System Security Checklist, V5R2.2, Version 5 Release 2.2, § 2.2 (WIR1080); DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, V5R2.3, Version 5 Release 2.3, § 2.2 (WIR1080); DISA Wireless STIG Windows Mobile Messaging Wireless EChecklist Version 5,Release 2.4, Version 5 Release 2.4, § 2.2 (WIR2080); OECD / World Bank Technology Risk Checklist, Version 7.3, § I.20; Australian Government ICT Security Manual (ACSI 33), § 2.7.24, § 3.10.6; Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2, § 1.1.2; Archer Control Table, ATCS-350; Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless Guideline, Version 1.2, July 2009, § 4.3.1.G

Banking and Finance Guidance

An up-to-date network diagram should be maintained. The diagram should document the network connectivity to include internal databases, remote users, and gateway servers to any third party. [Pg 28, FFIEC IT Examination Handbook – E-Banking, August 2003]

The network diagram should identify service providers and how the information is passed between the systems. [Pg 11, Exam Tier I Obj 2.3, Exam Tier II Obj B.1, Exam Tier II Obj M.1, FFIEC IT Examination Handbook – Information Security]

Management should maintain an up-to-date network map. [Pg 6, Exam Tier I Obj 4.2, FFIEC IT Examination Handbook – Operations, July 2004]

Payment Card Guidance

The organization must maintain an up to date network diagram. The diagram should show all connections, including wireless access, to cardholder data.
Verify the organization has a current network diagram that documents all network connections, including wireless networks, to cardholder data. Check the network diagram date to ensure the organization keeps it current. [§ 1.1.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2]

The organization must maintain an up to date network diagram. The diagram should show all connections, including wireless access, to cardholder data. [§ 1.1.2, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2]

Maintain a current topology of all physical locations of access points. [§ 4.3.1.G, Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless Guideline, Version 1.2, July 2009]

US Federal Security Guidance

All network access paths must be identified and controlled. Careful analysis is needed to identify all of the systems entry points and paths to sensitive files. [AC-3.2(B), Federal Information System Controls Audit Manual (FISCAM), February 2009]

Other Configuration Guidance

[§ 2.2 (WIR1080), DISA Wireless STIG Apriva Sensa Secure Wireless Email System Security Checklist, V5R2.2, Version 5 Release 2.2]

[§ 2.2 (WIR1080), DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, V5R2.3, Version 5 Release 2.3]

[§ 2.2 (WIR2080), DISA Wireless STIG Windows Mobile Messaging Wireless EChecklist Version 5,Release 2.4, Version 5 Release 2.4]

General Guidance

The network diagram should note all nodes and connections, including in-house cable runs, and should be kept up-to-date, readily accessible, reviewed regularly, and generated automatically. [NW1.4.2(a), NW1.4.2(c), NW1.4.3, The Standard of Good Practice for Information Security]

EU Guidance

Inventory of each access point to the network is called for to identify potential points of vulnerability. Proper system configuration suggested as well as a frequently reviewed network topology diagram. Organizations should scan for unknown system users and unidentified access attempts. [§ I.20, OECD / World Bank Technology Risk Checklist, Version 7.3]

Asia and Pacific Rim Guidance

A site/floor cabling diagram and a network diagram (showing all connections and devices) should be developed, updated on a regular basis, and contain a "current as of (date)" on each page. [§ 2.7.24, § 3.10.6, Australian Government ICT Security Manual (ACSI 33)]


Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.