Policy
Policy Name
Network Access Control Policy

Overview
Network security must ensure that the network and connections between systems and network devices are used to support business purposes.

Statement
  • Network devices and systems must be securely configured to the organization's configuration standards and authorized to support business purposes.
  • Networks must be segregated and controlled based on data classification or critical business service (e.g. separation of non-production from production networks or separation of customer and internal networks).
  • Connections to the internet and supplier networks must be specifically authorized and controlled according to approved solutions (e.g. internet proxy).
  • Network traffic must be controlled and managed (e.g. firewalls, aproved security monitoring solutions).
  • Possession and use of monitoring, scanning or diagnostics tools must be limited to authorized individuals based on job responsibilities.
  • Vulnerability scanning must be implemented to detect, analyze and remediate vulnerabilities on systems, devices, networks and applications in an ongoing manner.

Justification

The following benefits will be achieved:

  • improved network and systems security
  • minimize potential for unauthorized access to information resources
  • ensure authorized devices and systems can connect to network

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Network Security
Access Control