12.2: Scan for Unauthorized Connections Across Trusted Network Boundaries
Perform regular scans from outside each trusted network boundary to detect any unauthorized connections which are accessible across the boundary.
Asset Type |
Security Function |
Implementation Groups |
|---|---|---|
Network |
Detect |
2, 3 |
Dependencies
Sub-control 1.4: Maintain Detailed Asset Inventory
Sub-control 1.5: Maintain Asset Inventory Information
Sub-control 12.1: Maintain an Inventory of Network Boundaries
Inputs
Inventory of Network Boundaries
List of most recent scan times for each network boundary
Maximum allowable time frame between scans
Operations
For each network boundary in Input 1, compare the corresponding time of most recent scan from Input 2 to the maximum allowable time provided in Input 3.
Create a list of network boundaries whose most recent scan time was within the allowable time frame (M1).
Create a list of network boundaries whose most recent scan time was outside the allowable time frame (M2).
Measures
M1 = List of network boundaries whose most recent scan time was within the allowable time frame (compliant list)
M2 = List of network boundaries whose most recent scan time was outside the allowable time frame (non-compliant list)
M3 = Count of network boundaries that were scanned recently enough (count of M1)
M4 = Total count of network boundaries (count of Input 1)
Metrics
Coverage
Metric |
The ratio of network boundary devices scanned within the allowable timeframe to the
total number of network boundary devices
|
Calculation |
|