S 4.8 Protection of the PBX operator's console

Initiation responsibility: PBX officer; IT Security Management

Implementation responsibility: Administrators

Where administration of a PBX is ensured by means of an operator's PC, the latter must be provided, as a minimum, with the safeguards usually furnished for PCs (cf. Part I, Chapter 5.1 DOS PC (single user)).

Optionally:

In the event that the PBX system does not have sufficient security functions for the management of rights and access protection, the use of conventional devices (port controllers) available on the market may be considered. Using devices of this kind, reliable identification and authentication procedures can be carried out.

Additional controls:

• Has the operator's PC been provided with password protection?
• Is the operator's PC installed in a secure environment?
• Who can access the operator's PC?
• Who has access rights to the operator's PC?