ID.AM-03.128

Does your organization maintain documentation of expected network ports, protocols, and services used among authorized systems?

Explanation

This documentation serves as a baseline for normal network activity, allowing security teams to identify unauthorized or suspicious communications. It should include details such as port numbers, protocols (TCP/UDP), services (HTTP, SSH, etc.), and the systems that legitimately use them. An acceptable deliverable would be a network communications matrix or spreadsheet that lists all authorized systems, the ports and protocols they use to communicate, the services running on those ports, and the business justification for each communication path. This document should be regularly reviewed and updated as the network environment changes.

Implementation Example

Maintain documentation of expected network ports, protocols, and services that are typically used among authorized systems

ID: ID.AM-03.128

Context

Function
ID: IDENTIFY
Category
ID.AM: Asset Management
Sub-Category
Representations of the organization's authorized network communication and internal and external network data flows are maintained

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron