Orange County NC Website
Browse       Search
DocuSign Envelope ID:24BBAFA9-CD81-4144-ACEF-E9036E703739 <br /> vulnerabilities /threats <br /> 31. How does the cloud provider defend against malware, including but not limited to <br /> viruses, bots, spyware, spam, phishing and pharming? <br /> Jende Solutions will deploy network perimeter controls to regulate traffic moving between trusted internal <br /> resources and external, untrusted entities. Jende Solutions's virtual network security controls <br /> implementation must protect against known and unknown threats through a combination of a thorough <br /> understanding of information risks, best-practice security configurations, and an alignment with Jende <br /> Solutions's business requirements. <br /> Applicability <br /> This policy applies to all the IT staff responsible for managing, implementing, and administering the <br /> security of the Jende Solutions networks. <br /> Standards <br /> Virtual Network administrators will maintain a configuration management program for network devices <br /> that identify all key aspects of the program and its management. At a minimum, the program must <br /> encompass network controls and routers, and include exact documentation of: <br /> • The current network topography (in diagram form, representing logical and physical composition) <br /> that includes all connections to and from confidential networks. <br /> • A list of all ports and services used for business connections to and from segments carrying <br /> confidential data. <br /> • Business justification for all insecure ports in use between confidential networks and <br /> public/untrusted networks (e.g., FTP, Telnet, etc). <br /> • Roles and responsibilities for device management. <br /> • The formal process for requesting and implementing changes to network control configuration. <br /> The Chief Information Security Officer will conduct periodic reviews of the network control configuration <br /> changes to ensure compliance to documented standards and completeness of documentation. Exact <br /> standards to be deployed on network devices must adhere to the following: <br /> Perimeter Security - Jende Solutions will deploy and maintain perimeter security protection that <br /> include: <br /> Network Segmentation <br /> • All Internet facing applications will be deployed in a Demilitarized Zone (DMZ). All VPN and other <br /> secure connections to partners and clients will be routed through the Jende Solutions network <br /> controls to establish monitoring and logging controls. Outbound DNS queries from a central DNS <br /> service are not required to originate within the DMZ. <br /> • All user LAN segments will be separated from production servers through the use of a firewall or <br /> an Access Control List (ACL)on the local switch/router. <br /> • All servers storing, processing, or transmitting confidential data must be segmented away from <br /> both non-confidential servers and user segments by the use of internal routers or firewalls. <br /> Virtual Network Controls <br /> • Jende Solutions will only use network controls capable of conducting stateful packet inspection. <br /> All network controls used to technically support the network control configuration program must <br /> have this feature as part of its core technical specification. <br /> • Active network controls configurations must comply with the network control configuration <br /> program approved by the CISO and maintained in the IT Procedures Guide. Tools will be <br />