Back

Scan the system to verify modems are disabled or removed, except the modems that are explicitly approved.


CONTROL ID
00560
CONTROL TYPE
Testing
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Control all methods of remote access and teleworking., CC ID: 00559

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Require an operator to leave the modems unplugged or disabled by default, to enable modems only for specific and authorized external requests, and disable the modem immediately when the requested purpose is completed (Critical components of information security 25) iv.a., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • If portable computers process classified information, modems should be removed or disabled, unless authorized. (§ 3.4.63, Australian Government ICT Security Manual (ACSI 33))
  • A remote system access policy should include using standardized equipment whenever remotely accessing a system. (§ II.24, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the organization check for modems attached to personal computers, routers, or printers? (Table Row IV.18, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Does the organization have controls in place to detect modem scanning attempts on its systems? (Table Row IV.21, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Is approval required prior to connecting any outbound or inbound modem lines to a desktop or other Access Point directly connected to the company-managed network? (§ G.11.19, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • Is approval required prior to connecting any cable modem lines to a desktop or other Access Point directly connected to the company-managed network? (§ G.11.19, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • Are modems used? if so, are they all set to auto-answer and required to use an authentication or encryption device? (§ G.11.20, Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0)
  • The organization must prohibit users from installing desktop modems. (CSR 1.13.6, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • Remote access servers and remote clients must have the dial-up communication link configured to use Point to Point Protocol (PPP), not Serial Line Internet Protocol (SLIP). The operation of the NIC and the modem must be configured to be mutually exclusive on all remote access devices. (§ 4.2.2, § 5, DISA Secure Remote Computing Security Technical Implementation Guide, Version 1 Release 2)
  • Federal agencies should consider installing systems that continuously check for unauthorized connections to networks. Agency policy and procedures should reflect careful consideration of additional risk reduction methods such as bi-directional authentication, shielding standards and other technical … (Pg 47, The National Strategy to Secure Cyberspace, February 2003)
  • Management should have a strict policy against the use of unauthorized modems or other devices unless they have been explicitly approved. (Pg 23, FFIEC IT Examination Handbook - Operations, July 2004)
  • Are there adequate controls for installed modems? (IT - General Q 29, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union Information Technology policy include the use of modems? (IT - Policy Checklist Q 11, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Are there implemented methods to ensure modems are not susceptible to unauthorized access? (IT - Remote Access Q 4, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • If feasible, disconnect modems when not in use or consider automating this disconnection process by having modems disconnect after being on for a given amount of time. It should be noted that sometimes modem connections are part of the legal support service agreement with the vendor (e.g., 24x7 supp… (§ 6.2.1.4 ICS-specific Recommendations and Guidance Bullet 5, Guide to Industrial Control Systems (ICS) Security, Revision 2)