Duplicate telecom feeds

Status: Live

The organization will ensure that duplicate telecom feeds are being brought into any facility that contains key interconnected high availability systems or VoIP capabilities to protect against external environmental factors. [UCF ID 00726]

Supporting and supported controls

This control directly supports:

Maintain adequate environmental controls [UCF Control ID 00724]

There are no supporting controls.

Authority documents complied with:

FFIEC IT Examination Handbook – Operations, July 2004, Pg 18, Exam Tier I Obj 7.1, Exam Tier II Obj D.1; Protection of Assets Manual, ASIS International, Pg 7-I-5, Revised Volume 4 1-I-25; NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006, § 5-904; The Standard of Good Practice for Information Security, NW5.2.2(c); ISO 17799:2005 Code of Practice for Information Security Management, § 9.2.2; ISO/IEC 27002-2005 Code of practice for information security management, § 9.2.2

Banking and Finance Guidance

Operations centers should have telecommunications feeds from different vendors. The feeds should be traced to ensure there is not a single point of failure or redundancy with different vendors using the same cables. [Pg 18, Exam Tier I Obj 7.1, Exam Tier II Obj D.1, FFIEC IT Examination Handbook – Operations, July 2004]

US Federal Security Guidance

For large installations or highly protected facilities, two physically separated telecommunications paths to the telephone center should be used. [Pg 7-I-5, Revised Volume 4 1-I-25, Protection of Assets Manual, ASIS International]

Intrusion Detection Systems' alarm signals must have two independent transmission routes to the monitoring station. [§ 5-904, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006]

ISO Guidance

Two diverse routes should be used to connect the telecommunications equipment to the utility provider. This redundancy will prevent the organization from losing voice services if one path is damaged or lost. [§ 9.2.2, ISO 17799:2005 Code of Practice for Information Security Management]

Two diverse routes should be used to connect the telecommunications equipment to the utility provider. This redundancy will prevent the organization from losing voice services if one path is damaged or lost. [§ 9.2.2, ISO/IEC 27002-2005 Code of practice for information security management]

General Guidance

Telephone exchanges should be protected by having a duplicate set of telephone exchanges available. [NW5.2.2(c), The Standard of Good Practice for Information Security]