Patches and security updates for operating systems and critical system components shall be installed.
Patches and security updates for operating systems and critical system components shall be installed.
The organisation shall enforce accountability for all its business-critical assets throughout the system lifecycle, including removal, transfers, and disposal.
The organisation shall enforce accountability for all its business-critical assets throughout the system lifecycle, including removal, transfers, and disposal.
The organisation shall ensure that the necessary measures are taken to deal with loss, misuse, damage, or theft of assets.
The organisation shall ensure that the necessary measures are taken to deal with loss, misuse, damage, or theft of assets.
The organisation shall ensure that disposal actions are approved, tracked, documented, and verified.
The organisation shall ensure that disposal actions are approved, tracked, documented, and verified.
The organisation shall plan, perform and document preventive maintenance and repairs on its critical system components according to approved processes and tools.
The organisation shall plan, perform and document preventive maintenance and repairs on its critical system components according to approved processes and tools.
The organisation should prevent unauthorised removal of maintenance equipment which contains critical system information of the organisation.
The organisation should prevent unauthorised removal of maintenance equipment which contains critical system information of the organisation.
The organisation should pre-approve, monitor and enforce maintenance tools for use on its critical systems.
The organisation should pre-approve, monitor and enforce maintenance tools for use on its critical systems.
Maintenance tools and portable storage devices shall be inspected as they enter the facility and shall be protected by anti-malware solutions that scan them for malicious code before they are used on the organisation's systems.
Maintenance tools and portable storage devices shall be inspected as they enter the facility and shall be protected by anti-malware solutions that scan them for malicious code before they are used on the organisation's systems.
The organisation shall verify security controls following maintenance or repairs/patching, and take action as appropriate.
The organisation shall verify security controls following maintenance or repairs/patching, and take action as appropriate.
Remote maintenance and diagnostic activities of organisational assets shall be pre-approved and the performance logged.
Remote maintenance and diagnostic activities of organisational assets shall be pre-approved and the performance logged.
Setting up non-local maintenance and diagnostic sessions over remote network connections shall require strong authenticators and these connections shall be terminated when non-local maintenance is completed.
Setting up non-local maintenance and diagnostic sessions over remote network connections shall require strong authenticators and these connections shall be terminated when non-local maintenance is completed.
The organisation shall require remote maintenance diagnostic services to be performed from a system that implements security features similar to the security features implemented on the equivalent organisation's critical system.
The organisation shall require remote maintenance diagnostic services to be performed from a system that implements security features similar to the security features implemented on the equivalent organisation's critical system.