UCF ID: 00541 |
Control Type: Configuration |
Status: Live |
Supporting and supported controls
This control directly supports:
- • Establish and maintain a standard and procedure for firewall design and configuration practices. [UCF Control ID 00544]
There are no supporting controls.
Authority documents complied with:
FFIEC IT Examination Handbook – Audit, August 2003, Exam Tier II Obj D.1; FFIEC IT Examination Handbook – Information Security, Exam Tier II Obj B.10; The Standard of Good Practice for Information Security, NW2.1.4; OECD / World Bank Technology Risk Checklist, Version 7.3, § V.16
Banking and Finance Guidance
[Exam Tier II Obj D.1, FFIEC IT Examination Handbook – Audit, August 2003]
[Exam Tier II Obj B.10, FFIEC IT Examination Handbook – Information Security]
General Guidance
Routers should verify the source and destination of routing updates and protect routing information by encrypting it in order to prevent unauthorized or incorrect updates. [NW2.1.4, The Standard of Good Practice for Information Security]
EU Guidance
Access to the management of interfaces of routers must be secured. [§ V.16, OECD / World Bank Technology Risk Checklist, Version 7.3]
Metrics
The metrics associated with this control are as follows:
- • Report on the percentage of systems for which approved configuration settings have been implemented as required by policy. [UCF Control ID 02097]
• Report on the percentage of systems with configurations that do not deviate from approved standards. [UCF Control ID 02098]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.