|
Initiation responsibility: PBX officer; IT Security Management
Implementation responsibility: IT security management, revisor
After each configuration change, e.g. release of a subscriber's authorisation, this should be recorded in an ACTUAL inventory. That list may be kept manually or by automatic means. Periodically (not necessarily at regular intervals), e.g. every six months, reconciliation checks should, at least randomly, be made of such an ACTUAL inventory and of the actual status. Incongruities should be cleared by means of the listings/audit trails. In particular, it should be verified whether
In collaboration with ZVEI, the Central Association of the Electrical and Electronics Industry, BSI has drawn up a catalogue of requirements which contains improved audit. This catalogue is to be used when purchasing new PBX systems for federal agencies. In the event that PBX systems are already in place, the extent to which manufacturers can offer improvements as updates should be reviewed.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |