S 4.12 Disabling of unneeded user facilities

Initiation responsibility: Agency/company management; PBX officer; IT Security Management

Implementation responsibility: Administrators

The scope of available user facilities should be confined to the required minimum. Where possible, the software for features not required should be removed from the installation. Since this often cannot be done, the only choice is to disable these user facilities. From time to time it should be checked whether these user facilities are actually de-activated.

Additional controls:

• Is the actual need for approved user facilities being checked?
• Is de-activation ensured of those user facilities which are not used and thus are obviously not required?