|
|
Site
|
|
Security Feature
|
A
|
B
|
C
|
D
|
E
|
F
|
|
Authentication
|
|
|
|
|
|
|
|
Individual user IDs and passwords
|
•
|
•
|
•
|
|
|
•
|
|
Token-based authentication (e.g., token plus password)
|
|
|
|
|
|
|
|
Change passwords often
|
|
|
|
|
|
|
|
No unencrypted passwords
|
|
|
|
|
|
|
|
Uniform user IDs across organization
|
|
•
|
•
|
|
|
|
|
Incentives to reduce key sharing
|
•
|
•
|
•
|
|
•
|
|
|
Access Control
|
|
|
|
|
|
|
|
Need to know, right to know
|
|
|
•
|
|
|
|
|
Access control list technology and management
|
|
|
|
|
|
|
|
Role-based access profiles
|
|
|
•
|
|
|
|
|
Access overrides for emergencies
|
|
|
|
|
|
|
|
Audit Trails
|
|
|
|
|
|
|
|
Audit trails and self-audit
|
|
|
|
|
•
|
|
|
Software-based audit analysis
|
|
|
|
|
|
|
|
Physical Security
|
|
|
|
|
|
|
|
Terminal security
|
|
|
|
|
|
|
|
Security perimeter, network layout
|
|
|
•
|
|
|
•
|
|
Network physical security
|
|
|
•
|
|
|
|
|
Server physical security
|
•
|
|
•
|
•
|
•
|
•
|
|
Secure destruction of obsolete data or equipment
|
|
|
|
|
|
|
|
Control of Links
|
|
|
|
|
|
|
|
Firewall
|
•
|
|
•
|
•
|
|
•
|
|
Dial-in protections
|
•
|
|
|
|
|
|
