Infrastructure security
CONTROL | STATUS |
Encryption key access restricted The company restricts privileged access to encryption keys to authorized users with a business need. | ✅ |
Unique account authentication enforced The company requires authentication to systems and applications to use unique username and password or authorized Secure Socket Shell (SSH) keys. | ✅ |
Production application access restricted System access restricted to authorized access only | ✅ |
Production database access restricted The company restricts privileged access to databases to authorized users with a business need. | ✅ |
Firewall access restricted The company restricts privileged access to the firewall to authorized users with a business need. | ✅ |
Production OS access restricted The company restricts privileged access to the operating system to authorized users with a business need. | ✅ |
Production network access restricted The company restricts privileged access to the production network to authorized users with a business need. | ✅ |
Unique network system authentication enforced The company requires authentication to the "production network" to use unique usernames and passwords or authorized Secure Socket Shell (SSH) keys. | ✅ |
Remote access encrypted enforced The company's production systems can only be remotely accessed by authorized employees via an approved encrypted connection. | ✅ |
Log management utilized The company utilizes a log management tool to identify events that may have a potential impact on the company's ability to achieve its security objectives. | ✅ |
Infrastructure performance monitored An infrastructure monitoring tool is utilized to monitor systems, infrastructure, and performance and generates alerts when specific predefined thresholds are met. | ✅ |
Network firewalls utilized The company uses firewalls and configures them to prevent unauthorized access. | ✅ |
Network and system hardening standards maintained The company's network and system hardening standards are documented, based on industry best practices, and reviewed at least annually. | ✅ |
Last updated