S 2.55 Use of a security code

Initiation responsibility: IT Security Management

Implementation responsibility: IT-user

For answering machines with a remote-inquiry unit and a security code, the remote-inquiry function should preferably be activated only by means of an individually selected, secret code. In particular, any factory codes should be altered. The security code should be deposited in the same way as a password (c.f. S 2.22 Depositing of passwords) and altered on a regular basis.

When operating answering machines with a remote-inquiry unit, care should be taken to prevent entry of the code from being heard or viewed by any strangers present in the vicinity.

Additional controls:

• Have users been instructed on correct handling of the remote-inquiry unit?