Networks. Cisco shall, at a minimum, use the following controls to secure its networks that access or Process Protected Data: A. Network traffic shall pass through firewalls, which are monitored at all times. Cisco must implement intrusion prevention systems that allow traffic flowing through the firewalls and LAN to be logged and protected at all times. B. Network devices used for administration must utilize industry standard cryptographic con- trols when Processing Protected Data. C. Anti-spoofing filters and controls must be enabled on routers. D. Network, application, and server authentication passwords are required to meet minimum complexity guidelines (at least 7 characters with at least 3 of the following four classes: upper case, lower case, numeral, special character) and be changed at least every 180 days; or utilize other strong log-in credentials (e.g., biometrics). E. Initial user passwords are required to be changed at first log-on. Cisco shall have a policy prohibiting the sharing of user IDs, passwords, or other log-in credentials. F. Firewalls must be deployed to protect the perimeter of Cisco’s networks.
Appears in 4 contracts
Samples: Data Protection Agreement, Data Protection Agreement, Data Protection Agreement
