Infrastructure security
CONTROL
STATUS
Encryption key access restricted
The company restricts privileged access to encryption keys to authorized users with a business need.
✅
Unique account authentication enforced
The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys.
✅
Production application access restricted
System access restricted to authorized access only
✅
Production database access restricted
The company restricts privileged access to databases to authorized users with a business need.
✅
Firewall access restricted
The company restricts privileged access to the firewall to authorized users with a business need.
✅
Production OS access restricted
The company restricts privileged access to the operating system to authorized users with a business need.
✅
Production network access restricted
The company restricts privileged access to the production network to authorized users with a business need.
✅
Unique network system authentication enforced
The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys.
✅
Remote access encrypted enforced
The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection.
✅
Log management utilized
The company utilizes a log management tool to identify events that may have a potential impact on the company's ability to achieve its security objectives.
✅
Infrastructure performance monitored
An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met.
✅
Network firewalls utilized
The company uses firewalls and configures them to prevent unauthorized access.
✅
Network and system hardening standards maintained
The company's network and system hardening standards are documented, based on industry best practices, and reviewed at least annually.
✅
Last updated