Data Recovery
Establish and maintain an isolated instance of recovery data. Example implementations include, version controlling backup destinations through offline, cloud, or off-site systems or services.
Data Recovery
Level 2
Test backup recovery quarterly, or more frequently, for a sampling of in-scope enterprise assets.
Network Infrastructure Management
Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
Network Infrastructure Management
Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
Network Infrastructure Management
Securely manage network infrastructure. Example implementations include version-controlled-infrastructure-as-code, and the use of secure network protocols, such as SSH and HTTPS.
Network Infrastructure Management
Establish and maintain architecture diagram(s) and/or other network system documentation. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
Network Infrastructure Management
Centralize network AAA.
Network Infrastructure Management
Use secure network management and communication protocols (e.g., 802.1X, Wi-Fi Protected Access 2 (WPA2) Enterprise or greater).
Network Infrastructure Management
Level 2
Require users to authenticate to enterprise-managed VPN and authentication services prior to accessing enterprise resources on end-user devices.
Network Infrastructure Management
Establish and maintain dedicated computing resources, either physically or logically separated, for all administrative tasks or tasks requiring administrative access. The computing resources should be segmented from the enterprise's primary network and not be allowed internet access.
