Communication and Connectivity. 7.1 Zoom must implement controls over its communication network to safeguard data. Controls must include securing the production network and implementation of encryption, logging and monitoring, and disabling communications where no business need exists.
7.2 Network Identification. A production network diagram, to include production devices, must be kept current to facilitate analysis and incident response.
Communication and Connectivity. Zoom must implement controls over its communication network to safeguard data. Controls must include securing the production network and implementation of encryption, logging and monitoring, and disabling communications where no business need exists.
1. Network Identification. A production network diagram, to include production devices, must be kept current to facilitate analysis and incident response.
2. A current data flow diagram must depict data from origination to endpoint (including data which may be shared with dependent suppliers).
3. Data Storage. All Customer Data, including Customer Data shared with dependent suppliers, must be stored and maintained in a manner that allows for its return or secure destruction upon request from Customer.
Communication and Connectivity. CLIENT will furnish at its expense the appropriate form(s) of communication(s) method for the monitored equipment also including electricity and connectivity equipment (RJ-31X, router, static IP, modem...etc.). To be monitored by the central monitoring station, one of the appropriate communication paths need to be in place;
(a) plain ordinary telephone service (PSTN), (b) cellular service including global packet radio service (GPRS) and global system for mobile communications (GSM), (c) or internet (cable, DSL, broadband...etc.), (d) voice over internet protocol (VoIP). CLIENT’S equipment type and chosen alarm monitoring service determines the appropriate communication path.
Communication and Connectivity. 4.1 Data flow is documented for all CyberGRX data, from origination to end-point. CyberGRX Confidential Information is encrypted when in transit outside of CyberGRX’s network.
4.2 Firewall management processes are documented. All changes to the firewall are performed via change management processes. Firewall access is restricted to a small set of super users/administrators with appropriate approvals.
4.3 Periodic network vulnerability scans are performed, and any critical vulnerabilities identified are promptly remediated.
4.4 Defined Access Control Lists (ACLs) to restrict traffic on routers and/or firewalls are reviewed and approved by network administrators. IP addresses in the ACLs are specific and anonymous connections are not allowed.
4.5 Unauthorized remote connections from devices are disabled as part of standard configuration.
4.6 The data flow in the remote connection is encrypted and multi-factor authentication is used during the login process.
4.7 Remote connection settings limit the ability of remote users to access both initiating network and remote network simultaneously.
4.8 Dependent third party service provider remote access adheres to the same or similar controls, and any subcontractor remote access has valid business justification.
4.9 Emails are encrypted via opportunistic TLS if leaving CyberGRX’s network. CyberGRX employees are trained to use manual encryption or an alternate, secure sharing mechanism if they are unsure whether encryption is available. If an external organization is sending emails on behalf of CyberGRX, additional controls are implemented to restrict spam and phishing emails.
Communication and Connectivity. MEMBER will furnish at its expense the appropriate form(s) of communication(s) method for the monitored equipment also including electricity and connectivity equipment (RJ-31X, router, static IP, modem...
