Configure Private Branch Exchanges in accordance with organizational standards.
CONTROL ID 02219
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Enable Direct Inward System Access, only when necessary., CC ID: 02220
Configure voicemail security inside each Private Branch Exchange., CC ID: 02221
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Private branch exchanges (PBXs) should be configured in an efficient manner to meet the organization's needs while ensuring the PBX is not misused. The organization should receive updates from the interexchange carrier (IXC) for new numbering plan area (NPA) changes, and these numbers should be bloc… (Pg 11-V-2, Protection of Assets Manual, ASIS International)
Changes to the configuration of settings for in-house telephone exchanges (including extension numbers) should be performed by authorized, skilled individuals. (CF.09.08.03, The Standard of Good Practice for Information Security)
Changes to the configuration of settings for in-house telephone exchanges (including extension numbers) should be performed by authorized, skilled individuals. (CF.09.08.03, The Standard of Good Practice for Information Security, 2013)
