Back

Install and maintain remote control software and other remote control mechanisms on critical systems.


CONTROL ID
06371
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Control remote access through a network access control., CC ID: 01421

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization shall install automatic operation facilities (devices that control automatic start/stop of each device in an ATM room according to a schedule created by a preset program) for unattended facilities. (F117, FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • Activation and termination of middleware and business applications such as DBMS (P102.2. ¶ 1(2), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It may be necessary to monitor servers installed in head offices and branch offices, depending on the importance of the system. If it is difficult to assign a person who has the necessary skill to operate the system for head offices and branch offices, it is recommended to provide not only remote ce… (P102.2. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Distributed data access and transaction priority control (P102.2. ¶ 1(4), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Power control of a server (remote power-ON/OFF) (P102.2. ¶ 1(1), FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Information System, network, and telecommunication installations should be set up so that they can be configured remotely. (CF.07.01.02c-1, The Standard of Good Practice for Information Security)
  • Information System, network, and telecommunication installations should be set up so that they can be configured remotely. (CF.07.01.02c-1, The Standard of Good Practice for Information Security, 2013)
  • Configure remote control software to use unique user names and passwords, strong authentication, encryption if determined appropriate, and audit logs. Use of this software by remote users should be monitored on an almost real-time frequency. (§ 6.2.1.4 ICS-specific Recommendations and Guidance Bullet 4, Guide to Industrial Control Systems (ICS) Security, Revision 2)