Status: Live
The organization will secure the interfaces of its routers against rouge and unauthorized changes. [UCF ID 00541]
Supporting and supported controls
This control directly supports:
- • Establish and maintain firewall design and configuration practices [UCF Control ID 00544]
There are no supporting controls.
Authority documents complied with:
FFIEC IT Examination Handbook – Audit, August 2003, Exam Tier II Obj D.1; FFIEC IT Examination Handbook – Information Security, Exam Tier II Obj B.10; The Standard of Good Practice for Information Security, NW2.1.4; OECD / World Bank Technology Risk Checklist, Version 7.3, § V.16; Archer Control Table, ATCS-348, ATCS-357
Banking and Finance Guidance
[Exam Tier II Obj D.1, FFIEC IT Examination Handbook – Audit, August 2003]
[Exam Tier II Obj B.10, FFIEC IT Examination Handbook – Information Security]
General Guidance
Routers should verify the source and destination of routing updates and protect routing information by encrypting it in order to prevent unauthorized or incorrect updates. [NW2.1.4, The Standard of Good Practice for Information Security]
EU Guidance
Access to the management of interfaces of routers must be secured. [§ V.16, OECD / World Bank Technology Risk Checklist, Version 7.3]
Metrics
The metrics associated with this control are as follows:
- • Report on the percentage of systems for which approved configuration settings have been implemented as required by policy [UCF Control ID 02097]
• Report on the percentage of systems with configurations that do not deviate from approved standards [UCF Control ID 02098]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.