Open adammontville opened 5 years ago
For Controls team:
If the machine is segmented from the organization's primary network, how can that machine be used to administer the machines on that network?
UNCC objected to the "composing documents" part. We pointed out the possibility of malicious documents from removable media.
UNCC is proposing testing the level of isolation of the dedicated admin machine using a tool such as ConfigChecker.
Coordinate this with 11.6 (IG2) which is very similar
Inputs:
Operations:
Measures:
Metrics:
Ensure administrators use a dedicated machine for all administrative tasks or tasks requiring administrative access. This machine will be segmented from the organization's primary network and not be allowed Internet access. This machine will not be used for reading email, composing documents, or browsing the Internet.
Measures
Metrics