3.2.1.4: Managed Switches

1. Risk: Unauthorized access attempts go unnoticed.

a. SOX.2.1.4.1: SWITCH authentication attempts are limited to attempts specified by the Corporate IT standard.

2. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.

a. SOX.2.1.4.2: SWITCH administrator level access is password restricted and is limited to the designated SWITCH administrators only.

3. Risk: Unscheduled access by support vendors may result in business process interruptions or loss of production data.

a. SOX.2.1.4.3: SWITCH access by support vendors is granted through a service request.

4. Risk: Unauthorized users might exploit privileged access to critical business processes and data.

a. SOX.2.1.4.4: New SWITCH user accounts are pre-expired.

5. Risk: Unauthorized users might exploit unauthorized access to critical business processes and data.

a. SOX.2.1.4.5: The SWITCH operating application has a session "Time-Out" function enabled.

6. Risk: Unnecessary disruptions to business processes or data corruption may occur.

a. SOX.2.1.4.6: SWITCH rule changes are scheduled during maintenance windows.

7. Risk: Unidentifiable users may compromise critical business processes and data.

a. SOX.2.1.4.7: The SWITCH system will not allow identical administrator IDs.

8. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.

a. SOX.2.1.4.8: SWITCH passwords are required for each administrator ID. Password configuration is based on Corporate IT standards.

9. Risk: Inappropriate administrative actions are executed without accountability measures.

a. SOX.2.1.4.9: The SWITCH operating application has the functionality to monitor administrator access related events.

10. Risk: Reactive security monitoring results in data compromise and financial loss or liability.

a. SOX.2.1.4.10: SWITCH administration team is notified when security violations occur.

11. Risk: Forensic evidence is not available to resolve malfunctions, compromises or other security compromising incidents.

a. SOX.2.1.4.11: The SWITCH administration team reviews security logs looking for security violations.

12. Risk: Unauthorized access is granted to business systems or data stores.

a. SOX.2.1.4.12: SWITCH access is granted through a service request.

13. Risk: Unauthorized access may occur resulting in business data compromise or destruction.

a. SOX.2.1.4.13: Terminations are sent through the HR process. An Email is sent from HR with all terminations to the SWITCH system administrators.

14. Risk: Insufficient security standards may allow unauthorized access to production systems and business data stores.

a. SOX.2.1.4.14: SWITCH password expiration is set to Corporate IT standards.

15. Risk: Security violations or data corruption may occur with no forensic evidence available to resolve the situation.

a. SOX.2.1.4.15: SWITCH rules and logging is applied to everyone equally including system administrators.

16. Risk: Unauthorized access (i.e. terminated employees) may occur.

a. SOX.2.1.4.16: A semi-annual revalidation of SWITCH administrator accounts are performed by security administration.

17. Risk: Unauthorized execution of privileged system commands may disrupt business processes, and corrupt critical business data stores.

a. SOX.2.1.4.17: Privileged level access is password restricted. This password is known only by the system administrators.

18. Risk: Unauthorized routing parameters or virtual LAN connections established may disrupt business capabilities or bypass security controls causing business data loss and confidentiality loss.

a. SOX.2.1.4.18: Routing protocols are approved by management.

19. Risk: Confidentiality and or privacy may be compromised.

a. SOX.2.1.5.19: Unauthorized network tapping does not occur without the approval of management.