PR.IR-01: Networks and environments are protected from logical access and unauthorized use.
1. For at least the relevant information and network systems, remote activities are defined and documented, and appropriate security measures for access are implemented.
2. An updated list is maintained of the information and network systems that can be accessed remotely, including a description of the access modes.
3. Perimeter systems, such as firewalls, are present, updated, maintained, and configured.
4. In compliance with the policies outlined in measure GV.PO-01, procedures related to points 1, 2, and 3 are adopted and documented.
Requirement Covered
Description
Networks and environments are protected from logical access and unauthorized use.
Resilience Measures
PR.IR-03: Mechanisms are implemented to meet resilience requirements in normal and adverse situations.
1. In accordance with the outcomes of the risk assessment outlined in measure ID.RA-05, protected emergency communication systems are used.
2. In compliance with the policies outlined in measure GV.PO-01, procedures are adopted and documented in relation to point 1.
Requirement Covered
Description
Mechanisms are implemented to meet resilience requirements in normal and adverse situations.