(Back)
Establish secure connections, and monitor network traffic.
This section contains the Guardrails that address controls in the following contexts:
- Access Control (AC)
- Authorization (AU)
- Security Assessment and Authorization (CA)
Activity | Validation |
---|---|
Use HTTPS for all network traffic |
|
Perform Regular Audits |
|
Activity | Validation |
---|---|
Use Network Segmentation |
|
Use Managed Interfaces |
|
Use Boundary Protection |
|
Perform Regular Audits |
|
Employ Network monitoring tools |
|
Provide system monitoring information to necessary stakeholders |
|
Heighten the level of information system monitoring activity whenever there is an indication of increased risk to organizational assets. |
|
Obtain a legal opinion with regard to system monitoring |
|
- Direction on the Secure Use of Commercial Cloud Services: Security Policy Implementation Notice (SPIN) 2017-01, subsection 6.2.4
- Cyber Centre’s top 10 IT security actions, number 1
- network security zoning guidance in Baseline Security Requirements for Network Security Zones (ITSP.80.022) and Network Security Zoning (ITSG-38)
- Guidance on Defence in Depth for Cloud-Based Services (ITSP.50.104), subsection 4.3
AC-19, AC-20(1) AU-6, CA-3