S 2.105 Obtaining PBX-annexes

Initiation responsibility: Agency/company management

Implementation responsibility: Site technical service, purchase department

When obtaining a new PBX unit, at the outset it is possible to arrange this in such a way that at a later stage a higher amount of security can be attained with few personnel and little additional organisational effort. Primarily, attention must be paid to:

• the availability of suitable functions for administration of the unit,

• sufficient logging mechanisms and analysis tools and

• the ability of the PBX unit to carry out revision.

. The relevant requirements of the federal authorities have been elaborated by the German Information Security Agency (BSI) together with the Central Association for Electronic Technology and Electronic Industry and summarised in the brochure:

Security requirements for PBX-annexes

- Recommendations for federal authorities -

. From the point of view of the BSI, these recommendations can be passed on to other administrative areas and to private industry.

The brochure can be found on the IT-baseline protection manual CD-ROM: ..\HILFSMI\TK.DOC