Final issue has published the final version of the standard for enterprise will telework and remote access security. The standard covers information security issues such as employees working from home and vendors working from remote sites.
The document is very impressive as its covers more or less all aspects of the telework and remote access life cycle. This includes components like security threats and vulnerabilities and associated risks.
It also indicates that a proper risk assessment shall be performed in order to ensure protection of the various devices included in the remote access connectivity is secured.
It urges organizations to protect the client devices from malware infection and implement the security controls accordingly. This security standard requires organizations to harden the internal systems which are made available thru remote access.
Then this standard discusses about the importance of securing the remote access server / system, be it a VPN gateway, a portal / SSL VPN gateway as any compromise of these devices can cause security risks to the organization. It also emphasizes on the importance of the use of encryption while transmitting confidential information over public networks
Read the full standard at http://csrc.nist.gov/publications/nistpubs/800-46-rev1/sp800-46r1.pdf
PCI DSS complaince requirements 8.3 and 12.3 refers to the remote access security and this document will be a great way in implementing those PCI DSS controls
0 Comments