Part 1
This week you are to look at datasets that relate to threat information whether physical or technological. Once these datasets are found then you are to analyze using analytics tools such as RapidMiner, R Studio, or Python. Create a presentation regarding your findings. Also, attach your datasets.
Part 2
Review chapter 5 of the course text.
- What are the recommendations for improving business-IT communication?
- Do you agree with the list?
Respond to at least 2 learners’ posts.
Refer to
McKeen, J. D., & Smith, H. A. (2015). IT strategy: Issues and practices (3rd ed.). Pearson
on time Pearson
Lesson 2
1-1© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 4
4-1
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
“It is a set of beliefs that one party holds
about the other and how these beliefs are
formed from the interactions of […]
individuals as they engage in tasks
associated with an IT service” (Day 2007)
4-2
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-3
It is a multifaceted interaction of people
and processes.
It is complex. Different expectations and
accountabilities may lead to lack of trust.
It tends to cluster into patterns (e.g., IT is
a necessary evil; IT is a support but not a
partner; business and IT are partners).
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-4
IT has to keep proving itself.
The business is often disengaged from IT
work.
Business expectations of IT change
continually.
Business assumptions of IT tend to cluster.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-5
The relationship is affected by the
interaction of many people and
processes at multiple levels.
Clarity is often lacking around
expectations and accountabilities.
There are many “disconnects”
between the two groups.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-6
Trust
Credibility
Competence
Value
Interpersonal Interaction
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-7
Expertise – the ability to support a technical
recommendation and have up-to-date knowledge.
Financial awareness – the ability to
identify the value of IT in terms of ROI
and total cost of ownership.
Execution – the ability to understand
the business, develop a vision and
operationalize strategies.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-8
Find ways to develop business knowledge in
all IT staff.
Link IT’s success criteria to business metrics.
Make business value an explicit criteria in all
IT decisions.
Ensure effective execution in all IT activities.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-9
Credibility is the belief that others can be
counted on to do what they say they will do.
It is built by:
Keeping agreements.
Acting with integrity, honesty and openness.
Being responsive (e.g., delivering on time
and under budget).
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-10
Communicate frequently and explicitly.
Pay attention to the “little things”.
Utilize external cues to credibility.
Assess all business touch points.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-11
Professionalism – can be developed by five
sets of attitudes and behaviors:
Comportment (i.e., appearance and manners
on the job)
Preparation (i.e., displaying competence and
good organization.
Communication skills
Judgment (i.e., making right choices)
Attitude (i.e., caring about doing a job well)
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-12
Nontechnical communication
The ability to translate and interpret needs,
not only from business to technology and
vice versa, but also between business units.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-13
Social sk ills
The ability to build mutual understanding, to
enable all parties to get comfortable with one
another and to uncover hidden assumptions.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-14
Management of politics and conflict
The ability to understand the role of politics
and how they can affect the IT work (i.e.,
addressing conflict and use it to deliver
creative solutions).
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-15
Expect professionalism.
Promote a wide variety of social interactions
at all levels.
Develop “soft skills” in IT staff.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-16
The most important way to build trust is through
an effective governance:
Integrating planning, defined accountabilities,
and clarity of roles and responsibilities are key
aspects of an effective governance.
An effective governance addresses the business’
expectations of its IT function.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-17
Design governance for clarity and
transparency.
Mandate the relationship.
Design IT for business expectations.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 4-18
Business-IT relationships are complex, with
interactions of many types, at many levels,
and between both individuals and across
functional and organizational entities.
Four majors components are needed to
build a strong business-IT relationship:
competence, credibility, interpersonal skills,
and trust.
Chapter 5
5-1
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Communication is a key social element of
the organizational alignment between IT
and business.
One of the most important skills IT staff
needs to develop is how to communicate
effectively with businesses.
5-2
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Good communication is essential for:
Building trust and partnerships between
the business and
IT
Helping IT to manage the business
perceptions of IT
Understanding the priorities and pressures
of the business
Conveying the business value of IT
5-3
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Principle 1: The effectiveness of communication
is measured by its outcomes.
Principle 2: Communication is social behavior.
Principle 3: Shared knowledge improves
communication.
Principle 4: Mature organizations have better
communication.
5-4
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-5
Communication should be measure by its
outcomes rather than our intentions.
Communication can get distorted through
filters such as politics, culture, and
personal points of view.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-6
Communication not only transmits ideas;
it also negotiates relationships.
How you say what you mean is just as
important as what you say.
IT staff and managers need to become
aware of the power of different linguistic
styles in communication situations.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-7
The more IT staff
learns about the
business, the better
communication
becomes.
Shared knowledge is
the beginning of the
“virtuous circle”.
Shared Knowledge
Increased
Communication
Mutual Understanding
and “Common Sense”
Implementation
Success
THE VIRTUOUS
COMMUNICATION CYCLE
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-8
Strong organizational practices support and
reinforce good interpersonal communication.
Mature IT organizations embed appropriate
communication at the operational and
strategic level.
“You can’t be a partner unless
you’re a mature IT organization”
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-9
The changing nature of IT work:
IT work has become more complex over
time. Multiple cultures, different political
contexts, various times zones, and virtual
contacts make communication more
challenging.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-10
Hiring practices:
IT skills are changing to become more
consultative and collaborative, rather
than focused exclusively on technology.
“IT organizations can no longer support smart,
super-talented but socially disruptive people”
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-11
IT and business organization
structures:
IT staff is expected to play a “knowledge
broker” role, not only between IT and
business but also between business units.
Thus, business silos can make this
communication challenging.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-12
Nature and frequency of
communication:
Formal interactions improve communication,
but communication should not exclusively
occur in formal interactions (e.g., through IT
governance).
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-13
Attitude:
Many IT staff are motivated by the desire
to be right rather than the desire to
communicate effectively.
“We definitely need a ‘we’ attitude in IT,
rather than ‘us-them’ attitude”
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-14
Translation
: A four-step process
Business
Impact of
Technology
Issues
Business
Technology
Issues
IT Solutions
Business
Solutions
IT
Translation
Translation
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-15
Tailoring:
IT staff needs to adapt their communication
to the needs of their audience by:
— Understanding needs, agendas, and politics.
— Choosing the suitable communication
method (e.g., reports, face-to-face, e-mails).
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-16
Transparency:
The business needs to see what is being
done in IT and what it costs. This means:
— Communication that is honest, accurate,
ethical, and respectful.
— Getting the communication process
flowing both ways.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-17
Thinking, talk ing, and listening:
–IT staff needs to understand how and
where to speak and how to listen to others.
— Communicating innovative ideas effectively
involves “getting inside the head of the
business”.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-18
Make the importance of effective
communication visible.
Work with HR to develop new skill
expectations and roles.
Develop communication skills both
formally and informally.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-19
Increase the nature and frequency of
communication.
Spend more time on communication.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 5-20
Effective communication can overcome
misunderstandings, dysfunctional behavior,
and, above all, failures to deliver IT value.
Good communication has both social and
organizational dimensions.
A “virtuous circle” of communication can
improve IT performance and perceptions
of IT value.
Chapter 6
6-1© 2015 Pearson Education, Inc. Publishing as Prentice Hall
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 6-2
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 6-3
Traditional and hierarchical IT
organization is now in retreat, and there is
a growing recognition that IT
organizations must do a better job of
inculcating leadership behaviors in all their
staff.
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Top-Line Focus – New technologies and
applications drive the enterprise to
differentiation and transformation
strategies to deliver top line growth.
Strong IT leadership teams are needed to
take on roles to influence business
leaders.
6-4
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Credibility – IT must consistently deliver
on results. IT must demonstrate the skills
and competencies to deliver what it says
it will do.
6-5
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Impact – IT staff must have stronger
organizational perspectives, decision-
making, entrepreneurialism, and risk-
assessment capabilities at lower levels
because even small IT decisions can have
a major impact on the organization.
6-6
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Flexibility – IT staff and organizations
are expected to be responsive to changing
business needs. IT staffs must be
proactive, have strong technical skills and
the ability to quickly act in the best
interests of the organization when the
need arises.
6-7
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Complexity – IT is expected to offer
change and innovation leadership, low-
cost services and lead the way through
ever changing new technology
opportunities.
6-8
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
New Technology – Staffs are
increasingly mobile and their interactions
with their managers are mediated by
technology. New technologies change
how information is acquired and
disseminated, how communication takes
place, how people are influenced and
decisions made.
6-9
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
• Self-knowledge
• Awareness of individuals
approaches to work
• Adapt to different situations
Personal
Mastery
• Motivation & team building
• Collaboration & communication
• Risk assessment & problem
solving
• Coaching & mentoring
Leadership
Skill Mastery
6-10
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 6-11
• Strategic Vision
• Solid understanding of current
operations
• Solid understanding of future
direction
Business
Understanding
• Ability to Execute Enterprise
Transformation
• Ability to Integrate Technology with
People & Processes
• Political Savvy & Effective Use of
Governance Structures
Organizational
Understanding
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 6-12
Create an environment of:
• Trust
•
Accountability
•
Empowerment
Creating a
Supportive
Working
Environment
• Ability to concentrate on
biggest payoff areas
• Recognize where resources
should not be used
• Enhance people’s abilities
Effective Use
of Resources
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 6-13
• Know where and how to
exercise leadership
• Adjust style to suit the situation
Flexibility of
Approach
• Ability to articulate contributions in
business terms
• Ability to interact with business
leaders
• Ability to educate and guide business
leaders in the use of technology
Ability to Gain
Business
Attention
© 2015 Pearson Prentice Hall
Commanding –
“Do What I Tell You”
Pacesetting –
“Do as I Do Now”
Visionary –
“Come with Me”
Affiliate –
“People come First”
Coaching –
“Try This”
Democratic –
“What do You Think”
6-14
© 2015 Pearson Education, Inc. Publishing as Prentice Hall 6-15
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Well articulated and instantiated values
A climate of trust
Empowerment
Clear and frequent communication
Accountability
6-16
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Activities such as planning, budgeting,
conflict resolution, service delivery, and
financial reviews should be well defined
and documented.
Establish job rotations and mentoring
programs.
6-17
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Can be internally developed or externally
purchased.
Requires a time commitment to ensure
staff can take advantage of training.
Training is perceived as a tool for helping
individuals make their best contributions
and achieving success.
6-18
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Elements of value can be achieved by implementing
a leadership program that asks:
What is the value?
Who will deliver the value?
When will the value be realized?
How will the value be delivered?
6-19
© 2015 Pearson Education, Inc. Publishing as Prentice Hall
Senior IT leaders must make IT
leadership development a priority if IT is
going to contribute to business strategy.
Management must take a comprehensive
approach to integrate culture, behavior,
processes, and training to deliver business
value.
6-20
- Delivering Value with IT
- mckeen_its3_pp_ch04
- mckeen_its3_pp_ch05
- mckeen_its3_pp_ch06
Delivering Value with IT
Building a Strong Relationship with the Business
What is the IT-Business Relationship?
What do we know about the Business-IT relationship in organizations ?
��Characteristics of the Business-IT Relationship��
��Characteristics of the Business-IT Relationship (continued)��
��The Foundation of a Strong Business-IT Relationship��
��Building Block #1: Competence –�The Key Competences��
��Building Block #1: Competence –�Strengthening Competence��
��Building Block #2: Credibility��
��Building Block #2: Credibility –�Strengthening Credibility��
��Building Block #3: Interpersonal Interaction – Key Dimensions��
��Building Block #3: Interpersonal Interaction – Key Dimensions (continued)��
��Building Block #3: Interpersonal Interaction – Key Dimensions (continued)��
��Building Block #3: Interpersonal Interaction – Key Dimensions (continued)��
��Building Block #3: Interpersonal Interaction — Strengthening ��
��Building Block #4: Trust ��
��Building Block #4: Trust – Strengthening Trust ��
Conclusions
Communicating with Business Managers
The Importance of Communication
The Importance of Communication
Principles of “Good” Communication
��Principle 1: The effectiveness of communication is measured by its outcomes��
��Principle 2: Communication is Social Behavior��
��Principle 3: Shared Knowledge Improves Communication ��
Principle 4: Mature Organizations Have Better Communication �
Obstacles To Effective Communication
Obstacles To Effective Communication (continued)
Obstacles To Effective Communication (continued)
Obstacles To Effective Communication (continued)
Obstacles To Effective Communication (continued)
“T-Level” Communication Skills for IT Staff
“T-Level” Communication Skills for IT Staff (continued)
“T-Level” Communication Skills for IT Staff (continued)
“T-Level” Communication Skills for IT Staff (continued)
Recommendations to improve Business-IT communication
Recommendations to improve Business-IT communication (continued)
Conclusions
Building Better IT Leaders from the Bottom Up
Leadership Is Everyone’s Job
The Changing Role of the IT leader
Transformational IT Leadership Requires …
Transformational IT Leadership Requires … (continued)
Transformational IT Leadership Requires … (continued)
Transformational IT Leadership Requires … (continued)
Transformational IT Leadership Requires … (continued)
Transformational IT Leadership Requires … (continued)
What Makes a Good IT Leader?
What Makes a Good IT Leader? (continued)
What Makes a Good IT Leader? (continued)
What Makes a Good IT Leader? (continued)
Flexible Leadership Styles �(Roberts and Mingay, 2004)
Effective Leadership Development Requires…
Elements of a Supportive Environment
Elements of Process & Practices
Elements of Formal Training
Leadership Development: Articulating IT Value Proposition
Conclusion
Lavf57.37.101
customer-segmentation-data set.zip
Mall_Customers.csv
CustomerID,Gender,Age,Annual Income (k$),Spending Score (1-100)
1,Male,19,15,39
2,Male,21,15,81
3,Female,20,16,6
4,Female,23,16,77
5,Female,31,17,40
6,Female,22,17,76
7,Female,35,18,6
8,Female,23,18,94
9,Male,64,19,3
10,Female,30,19,72
11,Male,67,19,14
12,Female,35,19,99
13,Female,58,20,15
14,Female,24,20,77
15,Male,37,20,13
16,Male,22,20,79
17,Female,35,21,35
18,Male,20,21,66
19,Male,52,23,29
20,Female,35,23,98
21,Male,35,24,35
22,Male,25,24,73
23,Female,46,25,5
24,Male,31,25,73
25,Female,54,28,14
26,Male,29,28,82
27,Female,45,28,32
28,Male,35,28,61
29,Female,40,29,31
30,Female,23,29,87
31,Male,60,30,4
32,Female,21,30,73
33,Male,53,33,4
34,Male,18,33,92
35,Female,49,33,14
36,Female,21,33,81
37,Female,42,34,17
38,Female,30,34,73
39,Female,36,37,26
40,Female,20,37,75
41,Female,65,38,35
42,Male,24,38,92
43,Male,48,39,36
44,Female,31,39,61
45,Female,49,39,28
46,Female,24,39,65
47,Female,50,40,55
48,Female,27,40,47
49,Female,29,40,42
50,Female,31,40,42
51,Female,49,42,52
52,Male,33,42,60
53,Female,31,43,54
54,Male,59,43,60
55,Female,50,43,45
56,Male,47,43,41
57,Female,51,44,50
58,Male,69,44,46
59,Female,27,46,51
60,Male,53,46,46
61,Male,70,46,56
62,Male,19,46,55
63,Female,67,47,52
64,Female,54,47,59
65,Male,63,48,51
66,Male,18,48,59
67,Female,43,48,50
68,Female,68,48,48
69,Male,19,48,59
70,Female,32,48,47
71,Male,70,49,55
72,Female,47,49,42
73,Female,60,50,49
74,Female,60,50,56
75,Male,59,54,47
76,Male,26,54,54
77,Female,45,54,53
78,Male,40,54,48
79,Female,23,54,52
80,Female,49,54,42
81,Male,57,54,51
82,Male,38,54,55
83,Male,67,54,41
84,Female,46,54,44
85,Female,21,54,57
86,Male,48,54,46
87,Female,55,57,58
88,Female,22,57,55
89,Female,34,58,60
90,Female,50,58,46
91,Female,68,59,55
92,Male,18,59,41
93,Male,48,60,49
94,Female,40,60,40
95,Female,32,60,42
96,Male,24,60,52
97,Female,47,60,47
98,Female,27,60,50
99,Male,48,61,42
100,Male,20,61,49
101,Female,23,62,41
102,Female,49,62,48
103,Male,67,62,59
104,Male,26,62,55
105,Male,49,62,56
106,Female,21,62,42
107,Female,66,63,50
108,Male,54,63,46
109,Male,68,63,43
110,Male,66,63,48
111,Male,65,63,52
112,Female,19,63,54
113,Female,38,64,42
114,Male,19,64,46
115,Female,18,65,48
116,Female,19,65,50
117,Female,63,65,43
118,Female,49,65,59
119,Female,51,67,43
120,Female,50,67,57
121,Male,27,67,56
122,Female,38,67,40
123,Female,40,69,58
124,Male,39,69,91
125,Female,23,70,29
126,Female,31,70,77
127,Male,43,71,35
128,Male,40,71,95
129,Male,59,71,11
130,Male,38,71,75
131,Male,47,71,9
132,Male,39,71,75
133,Female,25,72,34
134,Female,31,72,71
135,Male,20,73,5
136,Female,29,73,88
137,Female,44,73,7
138,Male,32,73,73
139,Male,19,74,10
140,Female,35,74,72
141,Female,57,75,5
142,Male,32,75,93
143,Female,28,76,40
144,Female,32,76,87
145,Male,25,77,12
146,Male,28,77,97
147,Male,48,77,36
148,Female,32,77,74
149,Female,34,78,22
150,Male,34,78,90
151,Male,43,78,17
152,Male,39,78,88
153,Female,44,78,20
154,Female,38,78,76
155,Female,47,78,16
156,Female,27,78,89
157,Male,37,78,1
158,Female,30,78,78
159,Male,34,78,1
160,Female,30,78,73
161,Female,56,79,35
162,Female,29,79,83
163,Male,19,81,5
164,Female,31,81,93
165,Male,50,85,26
166,Female,36,85,75
167,Male,42,86,20
168,Female,33,86,95
169,Female,36,87,27
170,Male,32,87,63
171,Male,40,87,13
172,Male,28,87,75
173,Male,36,87,10
174,Male,36,87,92
175,Female,52,88,13
176,Female,30,88,86
177,Male,58,88,15
178,Male,27,88,69
179,Male,59,93,14
180,Male,35,93,90
181,Female,37,97,32
182,Female,32,97,86
183,Male,46,98,15
184,Female,29,98,88
185,Female,41,99,39
186,Male,30,99,97
187,Female,54,101,24
188,Male,28,101,68
189,Female,41,103,17
190,Female,36,103,85
191,Female,34,103,23
192,Female,32,103,69
193,Male,33,113,8
194,Female,38,113,91
195,Female,47,120,16
196,Female,35,120,79
197,Female,45,126,28
198,Male,32,126,74
199,Male,32,137,18
200,Male,30,137,83
Mall Customer Segmentation Data Analysis.pptx
Mall Customer Segment Data Analysis using RFM
Vivek Ijjagiri
Agenda
2
Introduction
Mall Customer Segmentation data
Mall Customer Segment analysis data using RFM
Problem Solving
Clustering
Conclusion
References
Introduction
When we want to increase the sales we need to do planning for marketing spend, or while formulating a new promotion, as a retail marketer we have to be more careful about how we segment and target the customers. It would be a waste of time and money if, for example, we launch an ad campaign that is central to a lot of customers. Such untargeted marketing and advertising is not likely to have a high conversion fee and may additionally even hurt our company value.
Retailers now use sophisticated strategies to section their customers and goal their marketing efforts to these segments. RFM analysis is one such famous patron segmentation technique that can assist shops to maximize the return on their advertising investments.
Why RFM.?
Improving customer segmentation marketing and widely used for surveys.
Superior and simplistic compared to other methods.(CHAID and logistic regression)
Focuses on transaction information and delivering better marketing to customers.
What is RFM?
R => Recency
F => Frequency
M=> Monetary
How are we using the RFM and target customers?
Simple we score the customers based on the RFM from high to low.
Greater the score there’s likely more chance to buy a product or take a new offer or promotion.
It’ll help us identify customers that are most likely to respond to a new offer or promotion.
Identifying the most valuable RFM segments can capitalize on chance relationships in the data used for this analysis.
Mall Customer Segment analysis data using RFM
7
Recency: Recency is most important predictor of customers who did the purchases recently. Customers who have purchased recently a product are more likely to purchase again from your store/mall compared to those who did not purchase recently.
Frequency: The second most important factor is how frequently these customers purchase from you. The higher the frequency, the higher of chances of them purchasing the products again.
Monetary: The third factor is the amount of money these customers have spent on purchases. Customers who have spent higher are more likely to purchase based on their recent purchase compared to those who have spent less.
How are we going to calculate RFM?
To implement the RFM analysis, we need to further process the data set in by the following steps:
Find the most recent date for each ID and calculate the days to the now or some other date, to get the Recency data
Calculate the quantity of translations of a customer, to get the Frequency data
Sum the amount of money a customer spent and divide it by Frequency, to get the amount per transaction on average, that is the Monetary data.
8
Problem Solving
Make sure we have the following libraries to procced with the data analysis, if the libraries not found in your R Studio install those packages.
library(data.table)
library(dplyr)
library(ggplot2)
library(tidyr)
library(knitr)
library(rmarkdown)
9
Load and examine data
> Mall_Customers<- fread('data.csv’) > glimpse(Mall_Customers)
Ijjagiri, Vivek (IV) – This is like a transposed version of print: columns run down the page, and data runs across. This makes it possible to see every column in a data frame. It’s a little like str applied to a data frame but it tries to show you as much data as possible. (And it always shows the underlying data, even when applied to a remote data source.)
View Data
14
Data Cleanup
Or
WRangle
15
> Mall_Customers<- Mall_Customers%>%
mutate(Quantity = replace(Quantity, Quantity<=0, NA), UnitPrice = replace(UnitPrice, UnitPrice<=0, NA)) > Mall_Customers<- Mall_Customers%>%
drop_na()
Recode Variables
> df_data <- df_data %>%
mutate(InvoiceNo=as.factor(InvoiceNo), StockCode=as.factor(StockCode),
InvoiceDate=as.Date(InvoiceDate, ‘%m/%d/%Y %H:%M’), CustomerID=as.factor(CustomerID),
Country=as.factor(Country))
> df_data <- df_data %>%
mutate(total_dolar = Quantity*UnitPrice)
> glimpse(df_data) | summary(df_data)
16
Calculate RFM
> df_RFM <- df_data %>%
group_by(CustomerID) %>%
summarise(recency=as.numeric(as.Date(“2012-01-01”)-max(InvoiceDate)),
frequency=n_distinct(InvoiceNo), monitery= sum(total_dolar)/n_distinct(InvoiceNo))
> summary(df_RFM)
17
Calculate RFM
> kable(head(df_RFM))
18
K-means clustering is one of the simplest and popular unsupervised machine learning algorithms.
The objective of K-means is simple: group similar data points together and discover underlying patterns.
To achieve this objective, K-means looks for a fixed number (k) of clusters in a dataset.”
A cluster refers to a collection of data points aggregated together because of certain similarities.
In other words, the K-means algorithm identifies k number of centroids, and then allocates every data point to the nearest cluster, while keeping the centroids as small as possible.
K Means Clustering Algorithm
1. Specify number of clusters K.
2. Initialize centroids by first shuffling the dataset and then randomly selecting K data points for the centroids without replacement.
3. Keep iterating until there is no change to the centroids. i.e assignment of data points to clusters isn’t changing.
K Means clustering algorithm
Recency
Recency – How recently did the customer purchase?
> Customer_Purchase_Recency <- df_RFM$recency
> hist(Customer_Purchase_Recency, main = ‘Recency’)
20
Frequency
Frequency – How often do they purchase?
> Customer_Purchase_Frequency <- df_RFM$frequency
> hist(Customer_Purchase_Frequency, main = ‘Frequency’)
21
Monetary
Monetary Value – How much do they spend?
> Customer_Purchase_Monitery <- df_RFM$monitery > hist(Customer_Purchase_Monitery, main = ‘Monetary’, breaks=50 )
22
Monetary Log
Because the data is skewed, we use log scale to normalize
> MoniteryLog <- log(df_RFM$monitery)
> hist(MoniteryLog, main =’MoniteryLog’)
23
Ijjagiri, Vivek (IV) – https://www.rdocumentation.org/packages/amap/versions/0.8-17/topics/hcluster
Ijjagiri, Vivek (IV) – This function is a mix of function hclust and function dist. hcluster(x, method = “euclidean”,link = “complete”) = hclust(dist(x, method = “euclidean”),method = “complete”)) It use twice less memory, as it doesn’t store distance matrix.
For more details, see documentation of hclust and Dist.
Clustering
> DataFrame_Clustering <- df_RFM
> DataFrame_CustomerID <- DataFrame_Clustering$CustomerID
> row.names(DataFrame_Clustering) <- DataFrame_CustomerID
> DataFrame_CustomerID <- NULL
> DataFrame_Clustering <- scale(DataFrame_Clustering)
> summary(DataFrame_Clustering )
24
Clustering
> d <- dist(DataFrame_Clustering) > c <- hclust(d, method = 'ward.D2’) > Plot(c)
25
Ijjagiri, Vivek (IV) – A dendrogram is a diagram that shows the hierarchical relationship between objects. It is most commonly created as an output from hierarchical clustering. The main use of a dendrogram is to work out the best way to allocate objects to clusters. The dendrogram below shows the hierarchical clustering of six observations shown to on the scatterplot to the left. (Dendrogram is often miswritten as dendogram.)
Plotting with less data
26
Plotting with less data
27
Plotting with less data
28
Conclusion
Customer segmentation process can be performed using various clustering algorithms.
We focused on k-means clustering in R.
The algorithm is quite simple to implement. However, representing data in the correct format and interpreting results is the difficult part.
RFM Analysis can segment customers, design offers, promotions specific to audience and produce products based on customer profile and interests.
References
Shubhankar Rawat (May 2019), Mall Customers Segmentation — Using Machine Learning retrieved from https://towardsdatascience.com/mall-customers-segmentation-using-machine-learning-274ddf5575d5
What is market segmentation, Different types explained retrieved from https://www.qualtrics.com/experience-management/brand/what-is-market-segmentation/
Bradley, P. S., Bennett, K. P., & Demiriz, A. (2000). Constrained k-means clustering (Technical Report MSR-TR-2000-65). Microsoft Research, Redmond, WA.
K means clustering, AlindGupta retrieved from https://www.geeksforgeeks.org/k-means-clustering-introduction/
Thank you
Any Questions
.MsftOfcThm_Accent1_Fill {
fill:#4472C4;
}
.MsftOfcThm_Accent1_Stroke {
stroke:#4472C4;
}
RcodeProject.R
##########################################
# section 3.3 Statistical Methods for Evaluation
##########################################
##########################################
# section 3.3.1 Hypothesis Testing
##########################################
# generate random observations from the two populations
x <- rnorm(10, mean=100, sd=5) # normal distribution centered at 100
y <- rnorm(20, mean=105, sd=5) # normal distribution centered at 105
# Student's t-test
t.test(x, y, var.equal=TRUE) # run the Student's t-test
# obtain t value for a two-sided test at a 0.05 significance level
qt(p=0.05/2, df=28, lower.tail= FALSE)
# Welch's t-test
t.test(x, y, var.equal=FALSE) # run the Welch's t-test
# Wilcoxon Rank-Sum Test
wilcox.test(x, y, conf.int = TRUE)
##########################################
# section 3.3.6 ANOVA
##########################################
offers <- sample(c("offer1", "offer2", "nopromo"), size=500, replace=T)
# Simulated 500 observations of purchase sizes on the 3 offer options
purchasesize <- ifelse(offers=="offer1", rnorm(500, mean=80, sd=30),
ifelse(offers=="offer2", rnorm(500, mean=85, sd=30),
rnorm(500, mean=40, sd=30)))
# create a data frame of offer option and purchase size
offertest <- data.frame(offer=as.factor(offers),
purchase_amt=purchasesize)
# display a summary of offertest where offer="offer1"
summary(offertest[offertest$offer=="offer1",])
# display a summary of offertest where offer="offer2"
summary(offertest[offertest$offer=="offer2",])
# display a summary of offertest where offer="nopromo"
summary(offertest[offertest$offer=="nopromo",])
# fit ANOVA test
model <- aov(purchase_amt ~ offers, data=offertest)
summary(model)
# Tukey's Honest Significant Difference (HSD) on all
# pair-wise tests for difference of means
TukeyHSD(model)
Week 10 – Analysing Data sets in RapidMiner
The data sets used for this weeks analysis relates to the CSRIC best practices:
The CSRIC Best Practices Search Tool allows you to search CSRIC’s collection of Best Practices using a variety of criteria including Network Type, Industry Role, Keywords, Priority Levels, and BP Number. The Communications Security, Reliability and Interoperability Council’s (CSRIC) mission is to provide recommendations to the FCC to ensure, among other things, optimal security and reliability of communications systems, including telecommunications, media, and public safety. CSRIC’s members focus on a range of public safety and homeland security-related communications matters, including: (1) the reliability and security of communications systems and infrastructure, particularly mobile systems; (2) 911, Enhanced 911 (E911), and Next Generation 911 (NG911); and (3) emergency alerting.
The CSRIC’s recommendations will address the prevention and remediation of detrimental cyber events, the development of best practices to improve overall communications reliability, the availability and performance of communications services and emergency alerting during natural disasters, terrorist attacks, cyber security attacks or other events that result in exceptional strain on the communications infrastructure, the rapid restoration of communications services in the event of widespread or major disruptions and the steps communications providers can take to help secure end-users and servers.
I have used RapidMiner to analyze the data set :
The statistical view of various names, types and attributes related to the data set.
Visualization of public safety vs prioritization
Overall prioritization pie chart
Bar graph comparing various network types and internet/data usage
BP Number Priority Description Network Type(s) Industry Role(s) Keywords Reference cable internet/Data satellite wireless wireline Service Provider Network Operator Priority (1,2,3) Equipment Supplier Property Manager Government Public Safety
11-10-0404 Important Service Providers, Network Operators, Public Safety, and Equipment Suppliers should incorporate methodologies that continually improve network or equipment performance. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Hardware; Network Design; Network Elements; Network Operations; Policy; Software; true true true true true true true 1 true false false true
11-10-0407 Highly Important Network Operators and Service Providers should establish processes for NOC-to-NOC (Network Operations Center) peer communications for critical network activities (e.g., scheduled maintenance, upgrades and outages). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Industry Cooperation; Network Interoperability; Network Operations; Network Provisioning; Procedures; Facilities – Transport; true true true true true true true 2 false false false false
11-10-0409 Highly Important Service Providers should use virtual interfaces (i.e. a router loopback address) for routing protocols and network management to maintain connectivity to the network element in the presence of physical interface outages. Internet/Data; Service Provider; Network Design; Network Elements; false true false false false true false 2 false false false false
11-10-0411 Highly Important Network Operators, Service Providers, and Public Safety should consider developing and implementing cable labeling standards. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Facilities – Transport; true true true true true true true 2 false false false true
11-10-0418 Highly Important Network Operators, Service Providers, and Public Safety should, where appropriate, have a documented back-out plan as part of a Method of Procedure (MOP) for scheduled and unscheduled maintenance activities. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Procedures; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false true
11-10-0419 Highly Important Network Operators and Service Providers should design and capacity-manage EMSs (Element Management Systems) and OSSs (Operational Support Systems) to accommodate changes in network element capacity. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Design; Network Elements; Network Operations; Network Provisioning; true true true true true true true 2 false false false false
11-10-0420 Highly Important Network Operators and Service Providers should periodically measure EMS (Element Management System), NMS (Network Management System) and OSS (Operational Support System) performance using a benchmark or applicable requirements to verify that internal or vendor performance objectives are being met. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Operations; true true true true true true true 2 false false false false
11-10-0421 Highly Important Equipment Suppliers should design network elements intended for critical hardware and software with recovery mechanisms to minimize restoration times. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Public Safety; Hardware; Network Elements; Software; Common recovery mechanisms could include the fail-over to: a) the redundant hardware components (modules, FRUs), b) redundant and/or backup software processes, c) switch to alternate paths, circuits or virtual circuits, and, d) switch to redundant or backup storage of system data. true true true true true false false 2 true false false true
11-10-0424 Important Network Operators and Public Safety should whenever possible require specific applicable safety standards for network elements that they plan to purchase, procure or implement. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Hardware; Network Elements; Network Provisioning; Recognized standards may include UL, NEC, ANSI, NFPA, ASTM. Specific requirements such as “UL-498/NEC-250.146(A)-Receptacle Grounding-Surface-Mounted Box.” true true true true true false true 1 false false false true
11-10-0427 Highly Important Equipment Suppliers should maintain software documentation including revision change history and associated release notes. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Network Elements; Software; true true true true true false false 2 true false false false
11-10-0429 Highly Important Equipment Suppliers should provide for appropriate storage and retrieval mechanisms of system operational data to support analysis after a hardware or software crash. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Software; Information useful for diagnostics might include core dumps and register contents. true true true true true false false 2 true false false false
11-10-0430 Highly Important Equipment Suppliers should be able to recreate supported software from source including, where feasible, software obtained from third parties. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Software; true true true true true false false 2 true false false false
11-10-0431 Highly Important Equipment Suppliers should provide capacity and performance data for network elements. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Elements; Use commonly agreed upon terminologies and methodologies such as those developed by IETF Benchmarking Methodology Working Group (e.g., RFC 2544). true true true true true false false 2 true false false false
11-10-0432 Highly Important Equipment Suppliers should support standardized MIBs (Management Information Bases) and maintain documentation of private and enterprise MIBs. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Elements; Software; Enterprise MIBs are those written by vendors for their particular object. The managed object can furnish both standard MIB
and enterprise MIB information. The standard MIBs are those that have been approved by the IAB (Internet Architecture Board, http://www.iab.org) Equipment and software vendors define the private MIBs unilaterally. true true true true true false false 2 true false false false
11-10-0435 Critical Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should assess the functions of their organization and identify those critical to ensure network reliability. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; true true true true true true true 3 true true false true
11-10-0436 Highly Important Network Operators, Service Providers, and Public Safety should have a process to ensure smooth handling and clear ownership of problems that transition work shifts or organizational boundaries. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Procedures; true true true true true true true 2 false false false true
11-10-0437 Highly Important Network Operators and Service Providers should aggregate routes where appropriate (e.g., singly-homed downstream networks) in order to minimize the size of the global routing table taking care to not disrupt engineered circuit diversity. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Operations; Network Provisioning; false true false false false true true 2 false false false false
11-10-0438 Important Network Operators and Service Providers should enable CIDR (Classless Inter-Domain Routing) by implementing classless route prefixes on routing elements. Internet/Data; Network Operator; Service Provider; Network Operations; false true false false false true true 1 false false false false
11-10-0440 Highly Important Network Operators and Service Providers should set and periodically review situation-specific limits on numbers of routes imported from peers and customers in order to lessen the impact of misconfigurations. Internet/Data; Network Operator; Service Provider; Industry Cooperation; Network Operations; false true false false false true true 2 false false false false
11-10-0447 Important Network Operators and Service Providers should consider establishing a customer advocacy function to take part in the development and scheduling of network change activity in order to minimize impact. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Liaison; Network Operations; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false false false false
11-10-0448 Highly Important Equipment Suppliers should, where feasible, provide a memory management capability to reconfigure or expand memory without impacting stable calls or other critical processes (e.g., billing). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Network Provisioning; Software; true true true true true false false 2 true false false false
11-10-0449 Critical Network Operators, Service Providers, and Public Safety should, where feasible, deploy fraudulent traffic (e.g., SPAM) controls in relevant nodes (e.g., message centers, email gateways) in order to protect critical network elements and services. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Network Operations; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 3 false false false true
11-10-0450 Highly Important Property Managers should maintain current documentation that ensures that the tower loading is consistent with the engineering design (e.g., antenna loading, feedline loading, ice or wind loading). Cable; Wireless; Wireline; Property Manager; Documentation; Network Design; Network Provisioning; true false false true true false false 2 false true false false
11-10-0451 Highly Important Property Managers should conduct a periodic physical site audit to update and maintain accurate antenna and tower engineering documentation in order to positively identify every item on the tower structure (e.g., identifying rogue antennas). Cable; Wireless; Wireline; Property Manager; Buildings; Documentation; Network Design; true false false true true false false 2 false true false false
11-10-0452 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should post emergency contact number(s) and unique site identification in an externally visible location at unmanned communication facilities (e.g., towers, cell sites, Controlled Environment Vault (CEV), satellite earth stations), but should not reveal additional information about the facility, except when necessary. Cable; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Network Operations; Physical Security Management; Examples of site identification may include: Latitude/Longitude, Real Estate ID, FAA number, FCC registration number, ASR (Antenna Structure Registration) data base, cell ID, address, location. See Best Practice 5120. true false true true true true true 2 false true false true
11-10-0453 Important Network Operators, Service Providers, and Public Safety should prepare for HVAC or cabinet fan failures by ensuring that conventional fans are available to cool heat- sensitive equipment, as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Network Operations; true true true true true true true 1 false false false true
11-10-0454 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider establishing technical and managerial escalation policies and procedures based on the service impact, restoration progress and duration of the issue. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; Network Operations; Policy; Procedures; true true true true true true true 2 true false false true
11-10-0455 Highly Important Equipment Suppliers and Network Operators should consider a program to remove cards or modules from circulation that have a history of failure even if tests indicate �No Trouble Found�. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Hardware; Network Elements; Procedures; true true true true true false true 2 true false false false
11-10-0456 Critical Network Operators, Service Providers, and Public Safety should maintain records of pertinent information related to a cell site for its prioritization in disaster recovery and key coverage areas (e.g., emergency services, government agencies, proximity to hospitals). Wireless; Network Operator; Service Provider; Public Safety; Documentation; Emergency Preparedness; Note: This Best practice could impact 9-1-1 operations. false false false true false true true 3 false false false true
11-10-0457 Highly Important Network Operators and Service Providers should develop a process to identify Radio Frequency (RF) dead spots and, where feasible, provide a solution to fill the dead spot with RF coverage. Wireless; Network Operator; Service Provider; Network Design; Procedures; false false false true false true true 2 false false false false
11-10-0458 Highly Important Network Operators should verify that calls handoff between cells when a new cell site is added to the network. Wireless; Network Operator; Network Design; Network Provisioning; Procedures; false false false true false false true 2 false false false false
11-10-0459 Highly Important Equipment Suppliers and Property Managers should design outdoor equipment to operate in expected environmental conditions (e.g., weather, earthquakes). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Hardware; Network Design; true true true true true false false 2 true true false false
11-10-0461 Highly Important Equipment Suppliers should provide the capability to test failover routines of redundant network elements. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Design; Network Elements; Software; true true true true true false false 2 true false false false
11-10-0462 Important Network Operators should work in conjunction with Government to anticipate Radio Frequency (RF) capacity needs driven by changes in vehicle traffic patterns or other demographics. Wireless; Government; Network Operator; Liaison; Network Design; Network Provisioning; false false false true false false true 1 false false true false
11-10-0463 Important Network Operators and Service Providers should consider establishing agreements so that mobile customers can roam on other providers’ networks. Wireless; Network Operator; Service Provider; Emergency Preparedness; Industry Cooperation; Network Interoperability; false false false true false true true 1 false false false false
11-10-0464 Important Network Operators and Government should cooperate on zoning issues that affect reliability of communication networks serving the public good. Cable; Internet/Data; Satellite; Wireless; Wireline; Government; Network Operator; Essential Services; Liaison; Network Design; Power; Examples: noise from emergency backup power generators, aesthetics of tower placement, public safety and health concerns. true true true true true false true 1 false false true false
11-10-0465 Important Network Operators and Public Safety should account for the effects of environmental changes on attenuation, shadowing, and multipath (e.g., new buildings, tree growth, construction materials) during initial design and through periodic reviews of cell site coverage. Wireless; Network Operator; Network Design; Network Operations; Public Safety Service; false false false true false false true 1 false false false false
11-10-0466 Highly Important Network Operators should take into account link budget impacts due to propagation differences between various frequencies when planning network coverage. Wireless; Network Operator; Network Design; false false false true false false true 2 false false false false
11-10-0467 Important Network Operators should give consideration to the degree of balance between RF (Radio Frequency) channels on uplinks and downlinks, for both control and traffic for air interface reliability. Wireless; Network Operator; Network Design; false false false true false false true 1 false false false false
11-10-0469 Important Network Operators and Property Managers should consider the use of cable support (e.g., H-Frames, Ice Bridges) in tower and shelter designs. Cable; Internet/Data; Wireless; Wireline; Property Manager; Network Operator; Buildings; Network Design; true true false true true false true 1 false true false false
11-10-0470 Important Network Operators and Property Managers should consider tower and antenna designs that do not attract bird and animal nesting (e.g., no platforms, flush mounted panels, smooth radome). Cable; Internet/Data; Wireless; Wireline; Property Manager; Network Operator; Buildings; true true false true true false true 1 false true false false
11-10-0471 Important Network Operators, Property Managers, and Public Safety should consider remote, electronic antenna aiming and utilize tower-mounted equipment that minimizes the need for tower top maintenance where conditions prevent climbs (e.g., osprey nest, weather conditions). Wireless; Property Manager; Network Operator; Public Safety; Network Design; Network Operations; false false false true false false true 1 false true false true
11-10-0472 Important Network Operators, Public Safety, and Equipment Suppliers should consider connector choices and color coding to prevent inappropriate combinations of cables. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Public Safety; Hardware; Network Design; Network Elements; true true true true true false true 1 true false false true
11-10-0473 Highly Important Network Operators, Property Managers, and Public Safety should consider maintaining a list of authorized climbers and a log of authorized tower climbs. Wireless; Property Manager; Network Operator; Public Safety; Access Control; Contractors and Vendors; Human Resources; Physical Security Management; false false false true false false true 2 false true false true
11-10-0474 Important Network Operators, Property Managers, and Public Safety should periodically perform grounds maintenance at cell site facilities (e.g., pest control, mow grass, fence maintenance, snow removal). Wireless; Property Manager; Network Operator; Public Safety; Buildings; false false false true false false true 1 false true false true
11-10-0475 Highly Important Network Operators, Property Managers, and Public Safety should have agreements in place to ensure necessary and timely access to cell sites. Wireless; Property Manager; Network Operator; Public Safety; Access Control; Industry Cooperation; Physical Security Management; false false false true false false true 2 false true false true
11-10-0477 Highly Important Network Operators and Public Safety should consider the potential of electromagnetic coupling when designing cell sites with high voltage FAA beacons and, if present, take appropriate steps to mitigate the interference (e.g., squelch, physical separation, shielding). Wireless; Network Operator; Public Safety; Network Design; false false false true false false true 2 false false false true
11-10-0478 Important Network Operators and Public Safety should allow for deviation in elevation angle and azimuth resulting from deflection of the supporting structure (e.g., sun, load distribution, wind) during the design of a cell site. Wireless; Network Operator; Public Safety; Network Design; false false false true false false true 1 false false false true
11-10-0480 Highly Important Network Operators, Property Managers, and Public Safety should periodically inspect antennas, waveguide, and ancillary hardware to insure physical integrity and the absence of physical movement which can create intermittent and localized intermodulation interference generators (e.g., rusty joints) and/or alter predicted antenna radiation patterns (e.g., antennas swinging around in the
wind) potentially creating interference. Wireless; Property Manager; Network Operator; Public Safety; Hardware; Network Design; Policy; false false false true false false true 2 false true false true
11-10-0481 Important Network Operators, Property Managers, and Public Safety should ensure appropriate spacing between all antennas at a cell site in order to avoid interference, intermodulation, or other detrimental effects. Wireless; Property Manager; Network Operator; Public Safety; Network Design; false false false true false false true 1 false true false true
11-10-0482 Highly Important Network Operators and Public Safety should utilize RF propagation and other modeling tools to analyze and optimize designs to avoid interference and improve network performance. Wireless; Network Operator; Public Safety; Network Design; Network Operations; false false false true false false true 2 false false false true
11-10-0483 Highly Important Network Operators and Public Safety should have a master cell site database with configuration parameters, connectivity, and performance statistics that can be used to analyze and audit cell site performance. Wireless; Network Operator; Public Safety; Documentation; Network Design; Network Operations; false false false true false false true 2 false false false true
11-10-0484 Highly Important Network Operators and Public Safety should have a program (e.g., automated drive test equipment, network probes) to monitor and detect network performance anomalies. Wireless; Network Operator; Public Safety; Network Operations; Procedures; false false false true false false true 2 false false false true
11-10-0486 Important Network Operators should have an ongoing RF (Radio Frequency) performance improvement process to reduce air interface issues related to blocks, drops, and access failures. Wireless; Network Operator; Network Operations; Procedures; false false false true false false true 1 false false false false
11-10-0487 Highly Important Network Operators and Property Managers should have procedures in place to identify and correct degradations in cell site performance resulting from defects in feedlines and antennas (e.g., moisture, vandalism, kinking). Wireless; Property Manager; Network Operator; Industry Cooperation; Network Operations; Procedures; false false false true false false true 2 false true false false
11-10-0488 Important Network Operators, Service Providers, and Public Safety should consider registering critical circuits with Telecom Service Priority (TSP). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Liaison; Public Safety Service; http://www.dhs.gov/telecommunications- service-priority-tsp http://transition.fcc.gov/pshs/services/priority- services/tsp.html true true true true true true true 1 false false false true
11-10-0489 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider provisions in labor contracts to provide for cooperation between union and non-union personnel during disaster recovery situations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Emergency Preparedness; Human Resources; true true true true true true true 1 true false false true
11-10-0490 Important Network Operators, Service Providers, and Public Safety should consult NFPA (National Fire Prevention Association) Standards for guidance in the design of fire suppression systems, and, when building code regulations require sprinkler systems, should seek an exemption for the use of non-destructive systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Buildings; Fire; Network Design; NFPA 75 and 76. When zoning regulations require sprinkler systems, an exemption should be sought for the use of non- destructive systems. true true true true true true true 1 false false false true
11-10-0492 Critical Network Operators, Property Managers, and Public Safety should provide back-up power (e.g., some combination of batteries, generator, fuel cells) at cell sites and remote equipment locations, consistent with the site specific constraints, criticality of the site, the expected load and reliability of primary power. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Public Safety; Buildings; Emergency Preparedness; Network Design; Power; true true true true true false true 3 false true false true
11-10-0493 Critical Network Operators, Property Managers, and Public Safety should consider placing fixed power generators at cell sites, where feasible. Wireless; Property Manager; Network Operator; Public Safety; Power; false false false true false false true 3 false true false true
11-10-0494 Highly Important Network Operators, Property Managers, and Public Safety should consider including a provision in cell-site contracts for back-up power. Wireless; Property Manager; Network Operator; Buildings; Industry Cooperation; Network Design; Power; false false false true false false true 2 false true false false
11-10-0495 Critical Network Operators, Property Managers, and Public Safety should consider pre-arranging contact information and access to restoral information with local power companies. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Public Safety; Emergency Preparedness; Industry Cooperation; Network Operations; Power; true true true true true false true 3 false true false true
11-10-0496 Highly Important Network Operators, Property Managers, and Public Safety should consider storing their portable generators at critical sites that are not otherwise equipped with stationary generators. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Public Safety; Emergency Preparedness; Power; true true true true true false true 2 false true false true
11-10-0498 Highly Important Network Operators, Property Managers, and Public Safety should consider alternative measures for cooling network equipment facilities (e.g., powering HVAC on generator, deploying mobile HVAC units) in the event of a power outage. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Public Safety; Buildings; Disaster Recovery; Emergency Preparedness; Power; true true true true true false true 2 false true false true
11-10-0499 Critical Network Operators, Service Providers, and Public Safety should consider ensuring that the back-haul facility equipment located at the cell site is provided with backup power duration equal to that provided for the other equipment at the cell site. Wireless; Network Operator; Service Provider; Public Safety; Network Design; Power; Facilities – Transport; false false false true false true true 3 false false false true
11-10-0501 Important Network Operators, Service Providers, and Public Safety should report problems discovered from their operation of network equipment to the Equipment Supplier whose equipment was found to be the cause of problem. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Hardware; Network Elements; Network Operations; Policy; Procedures; Software; Technical Support; true true true true true true true 1 false false false true
11-10-0508 Important Network Operators and Service Providers should establish company-specific interconnection agreements, and where appropriate, utilize existing interconnection templates and existing data connection trust agreement. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Industry Cooperation; Network Design; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Facilities – Transport; For interconnection templates, see NRIC III Section 8.4, Internet Interconnection Template. For existing data connection trust agreements, see NRIC III, Section 6.7.
Also see NRIC V Focus Group 4’s Service Provider Interconnection for Internet. See http://www.nric.org/fg/fg4/ISP_Interconnection and http://www.nric.org/pubs/nric3/reportj9 FCC URL(s) needs added to this reference when available to provide user�s access to older NRIC Final Reports and supporting documents. true true true true true true true 1 false false false false
11-10-0511 Highly Important Operators, Service Providers, Public Safety, and Equipment Suppliers should ensure that appropriate operations personnel involved in the direct operation, maintenance, provisioning, security, troubleshooting, repair, and support of network elements are provided periodic training. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Network Elements; Network Operations; Procedures; Technical Support; Training Awareness; true true true true true true true 2 true false false true
11-10-0512 Important Network Operators, Service Providers, Public Safety, and Property Managers should perform periodic inspections of fire and water stops where cable ways pass through floors and walls (e.g., sealing compounds). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Fire; Network Operations; Physical Security Management; Procedures; Public Safety Service; true true true true true true true 1 false true false true
11-10-0514 Highly Important Network Operators and Service Providers should, when available, utilize a device management architecture that provides a single interface with access to alarms and monitoring information from all critical network elements. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Intrusion Detection; Network Design; Network Elements; Network Operations; Network Provisioning; Security Systems; Examples of device management architectures that support multiple platforms are Common Object Request Broker Architecture (CORBA) and Simple Network Management Protocol (SNMP). true true true true true true true 2 false false false false
11-10-0517 Highly Important Equipment Suppliers should design network elements and associated network management elements with the combined capability to dynamically handle peak load and overload conditions gracefully and queue or shed traffic as necessary (e.g., flow control). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Design; Network Elements; Network Interoperability; Pandemic; Software; The management of peak load and overload conditions can apply to bearer traffic, signaling traffic, routing and control protocol traffic, network management traffic and messaging, accounting statistics, and flow reporting. true true true true true false false 2 true false false false
11-10-0524 Highly Important Network Operators and Service Providers should operate an information-only route database containing the routing advertisement source and cannot be changed by peers, customers, and other users, should be highly secure, and should not affect or impact the actual routing table. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Industry Cooperation; Network Design; Network Interoperability; Network Operations; true true false true true true true 2 false false false false
11-10-0526 Highly Important Network Operators and Service Providers should operate a route registry database of all the routes advertised by their network with the source of that advertisement, with which outside entities can communicate with. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Industry Cooperation; Network Design; Network Interoperability; Network Operations; Network Provisioning; This database might be used as the source for interface configurations as well as troubleshooting problems. These outside entities may be central, regional, or global in nature. true true false true true true true 2 false false false false
11-10-0529 Highly Important Network Operators, Service Providers and Equipment Suppliers should support sharing of appropriate information pertaining to outages as an effort to decrease the potential of further propagation. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Documentation; Industry Cooperation; Liaison; Network Interoperability; Network Operations; Policy; See ATIS-0300028, Next Generation Interconnection Interoperability (NGIIF) Reference Document: Part VII, Information Sharing, at http://www.atis.org/docstore. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 true false false false
11-10-0531 Highly Important Network Operators, Service Providers, and Public Safety should require staff to use grounding straps when working with equipment where appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Procedures; true true true true true true true 2 false false false true
11-10-0540 Important Equipment Suppliers should share countermeasures resulting from analysis of an outage with Network Operators and Public Safety using the same equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Public Safety; Documentation; Industry Cooperation; Network Elements; Technical Support; true true true true true false false 1 true false false true
11-10-0542 Highly Important Equipment Suppliers should include steps to prevent and detect malicious code insertion from Original Equipment Manufacturers (OEMs), contractors, and disgruntled employees. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Contractors and Vendors; Corporate Ethics; Network Elements; Software; Supervision; true true true true true false false 2 true false false false
11-10-0543 Critical Network Operators and Service Providers should establish agreements with Property Managers for both regular and emergency power. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Buildings; Business Continuity; Emergency Preparedness; Network Design; Power; true true true true true true true 3 false true false false
11-10-0546 Critical Network Operators, Service Providers, and Public Safety should consider minimizing single points of failure (SPOF) in paths linking network elements deemed critical to the operations of a network. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Network Design; Network Provisioning; Facilities – Transport; Note: This Best practice could impact 9-1-1 operations. With this design, two or more simultaneous failures or errors need to occur at the same time to cause a service interruption. true true true true true true true 3 false false false true
11-10-0547 Highly Important Network Operators, Service Providers, and Public Safety should place critical network databases (e.g., directory server, feature server, Service Control Point (SCP)) in a secure environment across distributed locations to provide service assurance (e.g., maintainability, connectivity, security, reliability) consistent with other critical network elements. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Design; Network Elements; Network Provisioning; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false true
11-10-0548 Highly Important Network Operators, Service Providers, and Public Safety should have an internal post mortem process, which engages Equipment Suppliers and other involved parties as appropriate, to complete root cause analysis of major network events with follow-up implementation of corrective and preventive actions to minimize the probability of recurrence. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Elements; Technical Support; NRSC at http://www.atis.org. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 true false false true
11-10-0551 Important Network Operators should design their SS7 network components and interfaces consistent with industry base security guidelines to reduce the risk of potentially service affecting security compromises of the signaling networks supporting the public telephone network. Wireless; Wireline; Network Operator; Cyber Security; Network Elements; Network Interoperability; Network Operations; www.atis.org/niif/index.asp
Network Interconnection Interoperability Forum (NIIF)
Reference Document NIIF 5001
The NIIF Interconnection Template (Network Interconnection Bilateral Agreement Template), Issue 3.0
ATIS0300004. See NIIF Reference document Part 3, Appendix I. This document provides guidance for desirable security features for any network element (call agent, feature server, soft switch, cross connect, gateway, database). It identifies security functionality, which should be in place by design, device or procedure. It includes an assessment framework series of checklists. false false false true true false true 1 false false false false
11-10-0552 Highly Important Equipment Suppliers should perform software fault
insertion (including simulating network faults such as massive failures) as a standard part of the development process. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Elements; Software; true true true true true false false 2 true false false false
11-10-0553 Highly Important Equipment Suppliers should perform hardware fault insertion testing (including simulating network faults such as massive failures) as a standard part of the development process. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Software; true true true true true false false 2 true false false false
11-10-0554 Important Equipment Suppliers should converge hardware and software fault recovery design processes early in the development cycle. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Software; true true true true true false false 1 true false false false
11-10-0557 Highly Important Equipment Suppliers should take steps to minimize the possibility of having a silent failure on any system component, especially critical components, throughout the life of the product. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Software; true true true true true false false 2 true false false false
11-10-0559 Highly Important Service Providers, Network Operators, and Public Safety should consider validating upgrades, new procedures and commands in a lab or other test environment that simulates the target network and load prior to the first application in the field. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Hardware; Network Elements; Procedures; Software; true true true true true true true 2 false false false true
11-10-0561 Important Equipment Providers should provide timely documentation that is complete and easy-to-use. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Network Elements; Procedures; The operations and maintenance manual should give an overview of the system and identify procedures for regularly scheduled operations, including security administration (ref. GR-815, GR-1332) and should cover methods to recover from total and partial network element outages. In addition, the documentation should be clear on how to manage emergency and unforeseen situations, and include a technical support escalation process. true true true true true false false 1 true false false false
11-10-0564 Important Equipment Suppliers should develop and update training for their products with a clear understanding of customer needs and human factors. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Network Elements; Procedures; Training Awareness; Advanced training should be developed for personnel responsible for the technical support of various products, including operations supervisors, maintenance engineers, operational support personnel, communications technicians, and security administrators. true true true true true false false 1 true false false false
11-10-0565 Important Equipment Suppliers should identify key areas and establish and use metrics to measure progress in improving quality, reliability, and security during product development and field life cycle. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Network Elements; This can be done as follows: request and use customer feedback, jointly perform detailed Root Cause Analysis for reported hardware failures, software faults and procedural errors, working together to establish reliability and performance field objectives. true true true true true false false 1 true false false false
11-10-0582 Highly Important Public Safety and Government should use 911 as the standard access code for emergency services (e.g., PSAP, law enforcement, fire, EMS, hazardous materials). Cable; Internet/Data; Satellite; Wireless; Wireline; Government; Public Safety; Essential Services; Public Safety Service; true true true true true false false 2 false false true true
11-10-0584 Important Service Providers, Network Operators and Equipment Suppliers and Government representatives should work together to support appropriate industry and international organizations to develop and implement NS/EP standards in networks. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Government; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Essential Services; Industry Cooperation; Liaison; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 true false true false
11-10-0587 Important Government, Network Operators and Service Providers of critical services to National Security and Emergency Preparedness (NS/EP) users should be familiar with the Telecommunications Service Priority (TSP) program and support / promote it as applicable. Cable; Internet/Data; Satellite; Wireless; Wireline; Government; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Essential Services; Network Operations; Network Provisioning; Pandemic; Policy; Public Safety Service; The TSP Program is an FCC program used to identify and prioritize telecommunication services that support NSEP missions. The TSP Program also provides a legal means for the telecommunications industry to provide preferential treatment to services enrolled in the program. More information on the TSP Program can be obtained from the National Communications System (NCS) Office of Priority Telecommunications, Manager National Communications System, Attn: OPT/N3, 701 South Courthouse Road, Arlington, Virginia 22204-2198, on telephone 703-607-4932 or at http://www.dhs.gov/telecommunications-service- priority-tsp. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false false true false
11-10-0588 Highly Important Network Operators, Service Providers and Equipment Suppliers should provide awareness training that stresses the services impact of network failure, the risks of various levels of threatening conditions and the roles components play in the overall architecture. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Contractors and Vendors; Network Operations; Pandemic; Supervision; Training Awareness; Training should be provided for personnel involved in the direct operation, maintenance, provisioning, security and support of network elements. A successful program should educate its target audience on the technology, its benefits and risks, and the magnitude of traffic carried. The training might include the functionality and the network impact of failure of active and standby (protect) equipment in processors, interfaces, peripheral power supplies, and other related components, and the identification of active and standby (protect) units. Special emphasis should focus on the systematic processes for trouble isolation and repair. true true true true true true true 2 true false false false
11-10-0589 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should establish a minimum set of work experience and training courses which must be completed before personnel may be assigned to perform maintenance activities on production network elements, especially when new technology is introduced in the network. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Supervision; Training Awareness; This training should reinforce the importance of following procedures at all times and emphasize the steps required to successfully detect problems and to isolate the problem systematically and quickly without causing further system degradation. Lack of troubleshooting experience and proper training in trouble detection and isolation usually prolongs the trouble detection and isolation process. true true true true true true true 2 true false false true
11-10-0592 Highly Important Network Operators and Service Providers should provide duplicated, non-co-located maintenance administration, surveillance and support for network elements. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Network Elements; Network Operations; Network Provisioning; Monitoring and administration locations should be minimized to provide consistency of operations and overall management. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-10-0594 Highly Important Network Operators and Service Providers should follow industry guidelines for validating SS7 link diversity, which should be performed at a minimum of twice a year, and at least one of those validations should include a physical validation of equipment compared to the recorded documentation of diversity. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Operations; Procedures; Facilities – Transport; ATIS-0300018, Next Generation Interconnection Interoperability (NGIIF) Reference Document: Part III, Installation, Testing and Maintenance Responsibilities for SS7 Links and Trunks Attachment G Link Diversity Validation Guidelines, found at http://www.atis.org/docstore. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-10-0595 Highly Important Network Operators, Service Providers, and Public Safety should be aware of the dynamic nature of peak traffic periods and should consider scheduling potentially service- affecting procedures (e.g., maintenance, high risk procedures, growth activities) so as to minimize the impact on end-user services. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; Supervision; Training Awareness; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false true
11-10-0596 Highly Important Network Operators and Service Providers should carefully review all re-home procedures, undertake pre-planning before execution, and ensure that re-home procedures are carefully followed. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Network Operations; Network Provisioning; Note: This Best practice could impact 9-1-1 operations. true true false true true true true 2 false false false false
11-10-0600 Highly Important Network Operators and Service Providers should establish and document a process to plan, test, evaluate and implement major change activities in their network. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Documentation; Network Operations; Network Provisioning; Procedures; Supervision; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-10-0601 Important Network Operators and Service Providers should restrict commands available to technicians to ensure authorized access and use, and maintain, manage and protect an audit trail. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Corporate Ethics; Network Operations; Network Provisioning; Procedures; Supervision; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false false false false
11-10-0602 Important Network Operators and Service Providers should establish procedures to reactivate alarms after provisioning or maintenance activities (when alarms are typically deactivated). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Operations; Network Provisioning; Procedures; Training Awareness; Facilities – Transport; The volume of alarms during provisioning creates a potential for alarm saturation and makes it very difficult to differentiate between a real alarm and those caused by other activities. A common practice is to simply inhibit these alarms or set their thresholds so high they do not report. The danger here is that there must be a fail-safe measure to turn these alarms back on when the facility is carrying traffic. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false false false false
11-10-0605 Highly Important Network Operators and Service Providers should assess the synchronization needs of the network elements and interfaces that comprise their networks to develop and maintain a detailed synchronization plan. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Industry Cooperation; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Procedures; The synchronization plan should include interfaces, customers (both retail and wholesale) and network peers. The plan should encompass all services provided by and used by the Network Operators and Service Providers. The plan should include: synchronization hierarchy, failure avoidance, redundancy and backup for resilience, FMECA and SPOFA. Synchronization performance expectations (24hr slip rate) should be determined in both primary and backup operation scenarios. Timing loop analysis must be performed in the primary arrangement and in all potential failure scenarios. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-10-0607 Highly Important Inter-Provider Fault Isolation: Network Operators and Service Providers should ensure that bilateral technical agreements between interconnecting networks address the issue of inter-provider fault isolation. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Industry Cooperation; Network Interoperability; Network Operations; Policy; Procedures; Facilities – Transport; At a minimum, these agreements should address the escalation procedures to be used when a problem occurs in one network. The agreement should also address what information will be shared between the interconnected companies. true true true true true true true 2 false false false false
11-10-0608 Highly Important Network Operators and Service Providers should utilize network surveillance and monitoring to keep overflow traffic conditions from adversely affecting networks. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Industry Cooperation; Network Design; Network Interoperability; Network Operations; Network Provisioning; Pandemic; Procedures; Facilities – Transport; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-10-0609 Highly Important Network Operators and Service Providers should provide and maintain the contact information for mutual aid coordination for inclusion in mutual aid processes. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Network Interoperability; Pandemic; Policy; Procedures; See BP 1031 for additional mutual aid information. true true true true true true true 2 false false false false
11-10-0611 Important Equipment Suppliers and Service Providers should provide secure electronic distribution of documentation and software, where feasible. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Service Provider; Documentation; Information Protection; Procedures; Software; Electronic access to documentation will allow better version control and ease of access for field personnel. Additionally, electronic access allows implementation and delivery of future enhancements such as interactive methods and information. Local back-up copies should be readily available. true true true true true true false 1 true false false false
11-10-0612 Critical Network Operators and Service Providers should verify both local and remote alarms and remote network element maintenance access on all new critical equipment installed in the network, before it is placed into service. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Elements; Network Operations; Network Provisioning; Procedures; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 3 false false false false
11-10-0614 Important Network Operators, Service Providers and Equipment Suppliers should position the equipment designation information (e.g., location, labels, RFID tags) so that they are securely affixed and not on removable parts. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Hardware; Network Elements; The equipment designation should not be placed on removable parts such as covers, panels, doors, or vents that can be removed and mistakenly installed on a different network element. true true true true true true true 1 true false false false
11-10-0615 Highly Important Network Operators, Service Providers, and Public Safety should verify complex configuration changes before committing them and test after the change to ensure the appropriate and expected results. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Network Provisioning; Procedures; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false true
11-10-0617 Highly Important Network Operators and Service Providers should ensure that routing controls are implemented and managed to prevent adverse routing conditions. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Interoperability; Network Operations; Network Provisioning; Procedures; Adverse routing conditions may include such things as infinite looping and flooding of datagrams across data networks. Controls should be implemented across network boundaries to limit the frequency of route advertisements and prevent routing of reserved or private address space. Controls should also prevent unauthorized advertisements of other operators’ address space that is not legitimately allocated or assigned to the proper entity. For example, see those addressed in RFC 1918 – http://www.rfc-
editor.org/info/rfc1918. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-10-0618 Highly Important Network Operators and Service Providers should establish mutually agreed upon reliability thresholds with Equipment Suppliers for new hardware (e.g., routers, switches, call servers, signaling servers) brought into service on the network. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Hardware; Industry Cooperation; Network Design; Network Elements; Network Provisioning; Procedures; true true true true true true true 2 true false false false
11-10-0620 Important Equipment Suppliers should endeavor to meet requirements outlined in Industry Standards regarding Network Equipment-Building System (NEBS) practices for Power and Communication Cables (e.g., power, fire, temperature, humidity, vibration). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Fire; Network Design; Telcordia GR-63 01 Network Equipment-Building System (NEBS) Requirements may be purchased at http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=home true true true true true false false 1 true false false false
11-10-0621 Important Network Operators and Service Providers should consider abandoning and / or removing existing cable that does not meet New Equipment Building System (NEBS) standards, if it is economically feasible and safe to do so. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Fire; Policy; http://192.4.253.70/services/testing/nebs/index.html true true true true true true true 1 false false false false
11-10-0623 Important Network Operators and Service Providers using Valve Regulated Lead Acid (VRLA) batteries should perform annual maintenance by performing a discharge test or by using an ohmic test instrument. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Fire; Network Operations; Power; Procedures; The aging properties of these batteries can lead to thermal runaway that may cause a fire. See GR-4228, VRLA Battery String Certification Levels Based on Requirements for Safety and Performance and http://telecom-info.telcordia.com/site-cgi/ido/docs.cgi?DOCUMENT=gr-
4228&KEYWORDS=&TITLE=&ID=097222093
SEARCH true true true true true true true 1 false false false false
11-10-0624 Important Network Operators, Service Providers, and Property Managers are encouraged to establish rectifier case history files, by equipment category to facilitate decisions to replace equipment with more efficient equipment based on failure trends. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Documentation; Fire; Network Elements; Network Operations; Network Provisioning; Power; Procedures; true true true true true true true 1 false true false false
11-10-0625 Important Network Operators, Service Providers, Public Safety, and Property Managers should consider placing electric utility transformers external to buildings. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Fire; Power; true true true true true true true 1 false true false true
11-10-0626 Important Network Operators, Service Providers, Public Safety, and Property Managers should regularly inspect building mechanical equipment (e.g., air handling fans, air compressors, pumps). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Fire; Procedures; true true true true true true true 1 false true false true
11-10-0627 Important Network Operators, Service Providers, Public Safety, and Property Managers should exercise, service, and calibrate AC circuit breakers per manufacturers’ recommendations. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Fire; Network Operations; Power; Procedures; true true true true true true true 1 false true false true
11-10-0628 Important Network Operators and Service Providers should develop and implement defined procedures for removal of unused equipment and cable (e.g., cable mining) if it is economically feasible and safe to do so. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Operations; Procedures; true true true true true true true 1 false false false false
11-10-0629 Highly Important Network Operators, Service Providers and Property Managers should implement a training program for contractors working in critical equipment locations to ensure they understand the need to protect the continuity of service and all fire safety requirements applicable to the facility. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Contractors and Vendors; Fire; Procedures; Training Awareness; true true true true true true true 2 false true false false
11-10-0630 Highly Important Network Operators, Service Providers, Equipment Suppliers and Property Managers should develop and execute standard Methods of Procedure (MOP) for all vendor work in or external to equipment locations with emphasis on service continuity and safety precautions. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Contractors and Vendors; Fire; Network Operations; Network Provisioning; Procedures; Training Awareness; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 true true false false
11-10-0631 Important Network Operators, Service Providers, Equipment Suppliers, and Property Managers should develop a comprehensive Site Management and/or Building Certification Program to ensure that critical equipment locations have carefully documented procedures to ensure fire safety. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Buildings; Fire; Physical Security Management; Procedures; Training Awareness; These procedures should include, among other things, guidance for the safe operation of all electrical appliances at this facility, including space heaters which are a frequent source of fires. true true true true true true true 1 true true false false
11-10-0634 Critical Network Operators, Service Providers, Public Safety, and Property Managers together with the Power Company should verify that aerial power lines are not in conflict with hazards that could produce a loss of service during high winds or icy conditions. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Liaison; Network Design; Network Operations; Network Provisioning; Power; true true true true true true true 3 false true false true
11-10-0640 Important Network Operators, Service Providers, Public Safety, and Property Managers should ensure proper air filtration. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Network Operations; Procedures; true true true true true true true 1 false true false true
11-10-0645 Important Network Operators, Service Providers, Public Safety, and Property Managers should inspect and maintain heating, venting, air conditioning (HVAC) areas. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Buildings; Procedures; true true true true true true true 1 false true false false
11-10-0648 Important Network Operators, Service Providers, Public Safety, and Property Managers should ensure certified inspection of boilers & fuel storage units. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Buildings; Power; Procedures; true true true true true true true 1 false true false false
11-10-0649 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should ensure critical network facilities have appropriate fire detection and alarm systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Fire; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false true false true
11-10-0650 Critical Network Operators, Service Providers, Public Safety, and Property Managers should place strong emphasis on activities related to the operation of power systems (e.g., maintenance procedures, alarm system operation, response procedures, and training). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Network Operations; Power; Procedures; Supervision; Training Awareness; true true true true true true true 3 false true false true
11-10-0651 Critical Network Operators, Service Providers, Public Safety, and Property Managers should consider providing diversity within power supply and distribution systems so that a single point of failure (SPOF) is not catastrophic in critical network locations. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Network Design; Network Operations; Power; For large battery plants in critical offices, dual AC feeds should be considered. true true true true true true true 3 false true false true
11-10-0652 Highly Important Network Operators, Service Providers, Equipment Suppliers and Property Managers should adhere to applicable power engineering design standards. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Network Design; Network Operations; Network Provisioning; Power; http://telecom-info.telcordia.com/site- cgi/ido/docs2.pl?ID=170086171&page=home , http://www.atis.org/docstore , and Telcordia GR-513-CORE (Power – LSSGR section 13), Telcordia GR-63-CORE (NEBS), Telcordia GR-295-CORE (Isolated Ground Planes), Telcordia GR-1089-CORE (Electromagnetic Compatibility), and ATIS-0600311.2007 (DC Power Systems – Telecommunications Environment Protection). true true true true true true true 2 true true false false
11-10-0653 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should retain complete control concerning when to transfer from the electric utility and operate standby generators. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Policy; Power; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false true false true
11-10-0654 Important Network Operators, Service Providers and Property Managers should generally avoid entering into power curtailment or load shedding contracts with electric utilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Policy; Power; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false true false false
11-10-0656 Highly Important Network Operators, Service Providers, and Public Safety should establish a requirement for power conditioning, monitoring and protection for sensitive equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Power; Procedures; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false true
11-10-0663 Important Network Operators, Service Providers, Public Safety, and Property Managers should coordinate scheduled power generator tests with all building occupants to avoid interruptions. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Documentation; Network Operations; Power; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false true false true
11-10-0665 Highly Important Network Operators, Service Providers and Property Managers should provide and maintain accurate single line drawings of AC switch equipment on-site. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Documentation; Power; Procedures; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false true false false
11-10-0667 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should keep circuit breaker racking/ratchet tools, spare fuses, fuse pullers, etc. readily available. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Hardware; Network Provisioning; Power; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false true false true
11-10-0672 Critical Network Operators and Service Providers should provide a minimum of 3 hours battery reserve for central offices equipped with fully automatic standby systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Emergency Preparedness; Network Design; Power; true true true true true true true 3 false false false false
11-10-0673 Important Network Operators and Service Providers should provide some method to detect/prevent thermal runaway on rectifiers when valve regulated batteries are used. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Fire; Network Design; Power; Procedures; true true true true true true true 1 false false false false
11-10-0675 Important Network Operators, Service Providers and Property Managers should, for new installations, consider using multiple small battery plants in place of single very large plants, and consider using multiple battery strings in each plant. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Hardware; Network Design; Power; Procedures; true true true true true true true 1 false true false false
11-10-0679 Highly Important Network Operators, Service Providers and Equipment Suppliers should provide diverse power feeds for all redundant links (e.g., SS7, BITS clocks) and any components identified as critical single points of failure (SPOF) in the network. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Network Design; Network Elements; Power; Facilities – Transport; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 true false false false
11-10-0680 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should provide protective covers on vulnerable circuit breakers which power critical equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Hardware; Power; true true true true true true true 1 true true false true
11-10-0681 Important Network Operators, Service Provider, Equipment Suppliers and Property Managers should ensure that fuses and breakers meet quality reliability standards. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Hardware; Network Provisioning; Power; Refer to Technical Reference (SR-332), Reliability Prediction Procedure for Electronic Equipment, and http://telecom- info.telcordia.com/site- cgi/ido/docs.cgi?ID=SEARCH&DOCUMENT=S R-332& true true true true true true true 1 true true false false
11-10-0682 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should ensure that power wire, cable, and signaling cables used in communications locations meet Network Equipment Building Systems (NEBS) compliance. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Elements; Network Provisioning; Power; http://192.4.253.70/services/testing/nebs/index.html true true true true true true true 1 true true false true
11-10-0683 Important Network Operators, Service Providers, Property Managers, Public Safety, and Equipment Suppliers should not mix Direct Current (DC) power cables, Alternating Current (AC) power cables and telecommunications cables wherever possible. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Fire; Network Design; Power; true true true true true true true 1 true true false true
11-10-0684 Important Network Operators, Service Providers, Equipment Suppliers, and Property Managers should verify DC fusing levels throughout the power supply and distribution system, especially at the main primary distribution board, to ensure that fuses and breakers are not loaded at more than 80% of their rated ampacity. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Fire; Hardware; Network Operations; Power; Diode OR’ed arrangements require additional special overcurrent protection considerations true true true true true true true 1 true true false false
11-10-0685 Important Network Operators and Service Providers should have detailed methods and procedures to identify the protection required for energized DC buses. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Operations; Power; Procedures; true true true true true true true 1 false false false false
11-10-0692 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider using fail-safe alarm points (i.e., alarm point that does not require power to operate) for critical alarms. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Hardware; Network Design; Power; Security Systems; true true true true true true true 1 true false false true
11-10-0693 Important Network Operators, Service Providers and Property Managers should emphasize the use of Methods Of Procedures (MOPs), vendor monitoring, and performing work on in-service equipment during low traffic periods (i.e., maintenance window). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Contractors and Vendors; Network Operations; Procedures; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false true false false
11-10-0696 Important Network Operators and Service Providers should use infrared thermography to check power connections and cabling in central offices when trouble shooting, during installation test and acceptance, and as otherwise appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Fire; Network Operations; Power; Procedures; true true true true true true true 1 false false false false
11-10-0700 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider the use of power expertise/power teams. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Human Resources; Network Operations; Power; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 true false false true
11-10-0702 Important Network Operators and Service Providers should minimize dependence on equipment requiring AC power feeds in favor of DC-powered components. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Hardware; Network Elements; Network Operations; Power; true true true true true true true 1 false false false false
11-10-0703 Important Network Operators, Service Providers, Public Safety, and Property Managers should secure remote power maintenance systems to prevent unauthorized use. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Access Control; Cyber Security; Physical Security Management; Power; true true true true true true true 1 false true false true
11-10-0705 Important Network Operators should place warning tape 12 inches above buried cable facilities. Cable; Internet/Data; Satellite; Wireline; Network Operator; Procedures; Facilities – Transport; true true true false true false true 1 false false false false
11-10-0706 Important Network Operators should use visible cable markings on buried facilities and outside plant cables (unless prone to vandalism). Cable; Internet/Data; Satellite; Wireline; Network Operator; Facilities – Transport; true true true false true false true 1 false false false false
11-10-0707 Important Network Operators should ensure timely response once they receive notification from the One Call Center for all locate requests. Cable; Internet/Data; Wireline; Network Operator; Industry Cooperation; Network Operations; Procedures; Facilities – Transport; true true false false true false true 1 false false false false
11-10-0708 Important Network Operators should use appropriate technologies for locating buried facilities and consider upgrading as technologies evolve. Cable; Internet/Data; Wireline; Network Operator; Network Operations; Procedures; Facilities – Transport; true true false false true false true 1 false false false false
11-10-0709 Highly Important Network Operators should compare outside plant drawings relative to marking cable route maps when locating buried facilities and resolve any discrepancies. Cable; Internet/Data; Wireline; Network Operator; Documentation; Network Operations; Procedures; Facilities – Transport; true true false false true false true 2 false false false false
11-10-0710 Highly Important Network Operators should use ‘dig carefully’ concepts and utilize guidance from industry sources for the protection of underground facilities when excavation is to take place within the specified tolerance zone. Cable; Internet/Data; Wireline; Network Operator; Network Operations; Procedures; Facilities – Transport; Industry source example is the Common Ground Alliance. (http://www.commongroundalliance.com). Methods to consider, based on certain climate and geographical conditions include: hand-digging when practical (potholing), soft digging, vacuum excavation methods, pneumatic hand tools, other mechanical methods with the approval of the facility owner/operator, or other technical methods that may be developed and assign trained technical personnel to monitor activities at work sites where digging is underway. true true false false true false true 2 false false false false
11-10-0719 Important Network Operators should use ‘dig carefully’ concepts and utilize guidance from industry sources when installing underground facilities. Cable; Internet/Data; Wireless; Wireline; Network Operator; Network Operations; Procedures; Facilities – Transport; Industry source example is the Common Ground Alliance. (http://www.commongroundalliance.com). Methods to consider, based on certain climate and geographical conditions include: hand-digging when practical (potholing), soft digging, vacuum excavation methods, pneumatic hand tools, other mechanical methods with the approval of the facility owner/operator, or other technical methods that may be developed and assign trained technical personnel to monitor activities at work sites where digging is underway. true true false true true false true 1 false false false false
11-10-0722 Important Network Operators, Service Providers, Public Safety, and Property Managers should consider pest control measures to protect cables where appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Procedures; Facilities – Transport; Cables can be protected using armored cable or type “C” conduit in pest-infested areas. true true true true true true true 1 false true false true
11-10-0725 Important Network Operators and Government should increase stakeholder coordination and cooperation to improve the effectiveness of state one-call (811) legislation efforts. Cable; Internet/Data; Wireline; Government; Network Operator; Industry Cooperation; Liaison; Facilities – Transport; true true false false true false true 1 false false true false
11-10-0726 Important Network Operators should consider partnering with excavators, locators, and municipalities in a cable damage prevention program (811). Cable; Internet/Data; Wireline; Network Operator; Industry Cooperation; Liaison; Policy; Training Awareness; Facilities – Transport; true true false false true false true 1 false false false false
11-10-0729 Important Network Operators should establish training, qualification and performance standards for internal utility locators and establish performance standards with external utility locators. Cable; Internet/Data; Wireline; Network Operator; Contractors and Vendors; Human Resources; Industry Cooperation; Training Awareness; Facilities – Transport; true true false false true false true 1 false false false false
11-10-0731 Highly Important Network Operators and Service Providers should provide physical diversity on critical inter-office and wireless backhaul routes when justified by a risk or value analysis. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Network Design; Facilities – Transport; true true true true true true true 2 false false false false
11-10-0733 Important Network Operators should coordinate activities with other right-of-way occupants to minimize the potential for damage when they are relocating buried facilities in a common right-of-way area. Cable; Internet/Data; Wireless; Wireline; Network Operator; Industry Cooperation; Liaison; Facilities – Transport; true true false true true false true 1 false false false false
11-10-0735 Important Network Operators should evaluate the performance of their contracted excavators and internal excavators to foster improved network reliability. Cable; Internet/Data; Wireless; Wireline; Network Operator; Contractors and Vendors; Supervision; Facilities – Transport; true true false true true false true 1 false false false false
11-10-0736 Highly Important Network Operators should develop and implement a rapid restoration program for cables and facilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Disaster Recovery; Emergency Preparedness; Network Operations; Policy; Facilities – Transport; Note: This Best practice could impact 9-1-1 operations. true true true true true false true 2 false false false false
11-10-0741 Important Network Operators and Service Providers should review, and adopt as appropriate, Best Practices aimed at reducing damage to underground facilities that are maintained by the Common Ground Alliance. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Documentation; Policy; Procedures; Training Awareness; Facilities – Transport; The Common Ground Alliance Best Practices document (www.commongroundalliance.com) provides comprehensive guidance in the areas of Planning & Design, One-Call Centers, Locating & Marking, Excavation, Mapping, Compliance, Public Education, Reporting & Evaluation, and Homeland Security. Many of the Best Practice are applicable to the activities of Service Providers and Network Operators. true true false false true true true 1 false false false false
11-10-0745 Important Equipment Suppliers should design equipment so that changes and upgrades are non-service impacting. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Software; Technical Support; Note: This Best practice could impact 9-1-1 operations. true true true true true false false 1 true false false false
11-10-0746 Important Equipment Suppliers should emphasize human factors during design and development to reduce human errors and the impact of these errors. Automated systems should be considered to reduce operating errors. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Software; Technical Support; See GR 2914 at http://telecom-info.telcordia.com/site- cgi/ido/docs.cgi?ID=287618448SEARCH&DOCU MENT=GR-2914 true true true true true false false 1 true false false false
11-10-0747 Important Network Operators, Service Providers and Equipment Suppliers should work together to establish reliability and performance objectives in the field environment. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Industry Cooperation; Network Elements; Policy; true true true true true true true 1 true false false false
11-10-0748 Important Equipment Suppliers should provide troubleshooting job aids, with updates as appropriate, to assist operations support personnel during fault isolation and recovery. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Disaster Recovery; Documentation; Network Elements; Procedures; Technical Support; Training Awareness; true true true true true false false 1 true false false false
11-10-0749 Critical Equipment Suppliers should prevent critical systems from accepting or allowing service affecting activity without appropriate confirmation. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Procedures; Software; true true true true true false false 3 true false false false
11-10-0751 Important Equipment Suppliers should provide clear and specific engineering guidelines, ordering procedures, and installation documentation in support of their products. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Hardware; Network Elements; Procedures; Software; Technical Support; true true true true true false false 1 true false false false
11-10-0752 Important Network Operators, Service Providers, and Public Safety should evaluate support documentation as an integral part of the equipment selection process. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Documentation; Network Elements; Procedures; true true true true true true true 1 false false false true
11-10-0753 Important Network Operators, Service Providers, and Public Safety should be familiar with support documentation provided with the equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Documentation; Network Elements; Network Operations; Procedures; Training Awareness; true true true true true true true 1 false false false true
11-10-0754 Important Network Operators, Service Providers, Public Safety, and Property Managers should have documented installation guidelines for equipment deployment in their network or buildings. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Documentation; Hardware; Network Elements; Network Operations; Network Provisioning; Procedures; Technical Support; true true true true true true true 1 false true false true
11-10-0755 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should document and communicate their installation and maintenance guidelines (e.g., MOP) and the expectation of compliance by all involved parties. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Documentation; Network Operations; Procedures; Supervision; Training Awareness; true true true true true true true 1 true true false true
11-10-0756 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should consider including a quality review based on the installation guidelines as part of the on-site installation acceptance. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Operations; Procedures; true true true true true true true 1 true true false true
11-10-0757 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should have procedures for pre- qualification or certification of installation vendors. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Network Operations; Procedures; true true true true true true true 1 true false false true
11-10-0759 Important Network Operators and Service Providers should ensure that engineering, design, and installation processes address how new network elements are integrated into the office and network synchronization plan(s). Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Network Design; Network Elements; Network Operations; Network Provisioning; Procedures; Facilities – Transport; This Best practice could impact 9-1-1 operations. true true false true true true true 1 false false false false
11-10-0761 Important Network Operators, Service Providers, and Public Safety should conduct periodic verification of the office synchronization plan and the diversity of timing links, power feeds and alarms. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Elements; Network Operations; Power; Procedures; Facilities – Transport; Best Practice recommended by the NRSC Timing Outage Task Force Report – March 6, 2002. See http://www.atis.org/docstore true true true true true true true 1 false false false true
11-10-0763 Highly Important Service Providers implementing DNS (Domain Name System) servers in support of VoIP (Voice over Internet Protocol) telephone number mapping applications such as ENUM should provision those servers per Industry Standards for operation of DNS name servers. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Network Interoperability; Network Provisioning; Software; Reference IETF Best Current
Practices for operation of DNS nameservers: BCP
40 (RFC 2182) and BCP 16 (RFC 2870). true true true true true true false 2 false false false false
11-10-0764 Highly Important Network Operators and Service Providers should implement congestion control mechanisms for transporting
VoIP data on IP networks. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Interoperability; Pandemic; Software; See RFC 2309, RFC 2914, and RFC 3155 for examples. true true true true true true true 2 false false false false
11-10-0765 Highly Important Network Operators should configure their TCP algorithm parameters in order to optimize the performance of TCP/IP
data transport for VoIP over wireless networks. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Cyber Security; Network Interoperability; Software; true true true true true false true 2 false false false false
11-10-0766 Highly Important Service Providers should consider using a minimum interoperable subset for VoIP coding standards in a VoIP- to-PSTN gateway configuration in order to achieve interoperability and support all types of voice band communication (e.g., DTMF tones, facsimile, TTY/TDD). Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Network Interoperability; Software; Note: This Best practice could impact 9-1-1 operations. For example, TI 811 mandates the use of G.711 true true true true true true false 2 false false false false
11-10-0767 Highly Important Network Operators and Service Providers should consider using media gateway controllers to achieve interoperability with SS7/ISUP-signaled TDM voice networks. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Interoperability; Software; See IETF RFC 3372, BCP 63 for examples. true true false true true true true 2 false false false false
11-10-0768 Highly Important Network Operators and Service Providers implementing a SIP-signaled VoIP network should consider using media gateway controllers that map ISUP-to-SIP and SIP-to-ISUP messages in order to achieve a consistent interpretation of ISUP-to-SIP messaging industrywide. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Interoperability; Software; See IETF RFC 3398, Integrated Services Digital Network (ISDN) User Part (ISUP) to Session Initiation Protocol (SIP) Mapping. true true true true true true true 2 false false false false
11-10-0769 Highly Important Network Operators and Service Providers implementing a Bearer Independent Call Control (BICC)-signaled network should implement industry standards to achieve interoperability between an SS7/ISUP signaled TDM voice network and a SIP-signaled VoIP network. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Interoperability; Software; See ITU-T Recommendation Q.1912.5, �Interworking between Session Initiation Protocol (SIP) and Bearer Independent Call Control Protocol or ISDN User Part,� or 3GPP TS 29.163, �Interworking between the IP Multimedia (IM) Core Network (CN) subsystem and Circuit Switched (CS) networks�. true true true true true true true 2 false false false false
11-10-0770 Highly Important Network Operators and Service Providers who have deployed IS-41 or GSM Mobility Application Part (MAP) signaling networks should consider implementing and using the network management controls of SS7 within their networks. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Interoperability; Software; true true true true true true true 2 false false false false
11-10-0771 Highly Important Network Operators, Service Providers and Equipment Suppliers should have a procedure for pre-notification of visits to critical facilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Physical Security Management; Procedures; Visitors; true true true true true true true 2 true false false false
11-10-0772 Highly Important Collocated Service Providers should coordinate with Network Operators and Property Managers on equipment moves, adds or changes which could impact other occupants. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Industry Cooperation; true true true true true true true 2 false true false false
11-10-0775 Highly Important Network Operators and Service Providers should consult and update the synchronization plan whenever facility (e.g., intra-/inter-office or inter-provider interconnect circuits) rearrangements, additions, deletions, or consolidations are planned, and then verify the completed changes against the synchronization plan. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Documentation; Network Design; Network Operations; Network Provisioning; Procedures; Facilities – Transport; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-10-0776 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should conduct and periodically re- validate physical security assessments on critical network facilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Physical Security Management; Procedures; true true true true true true true 2 true false false true
11-10-0777 Important Equipment Suppliers should optimize equipment initializations to minimize service impact. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Software; true true true true true false false 1 true false false false
11-10-0778 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should ensure that handling installation/interconnection of circuit and signal paths continues to be performed by qualified communications technicians. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Operations; Network Provisioning; Supervision; Training Awareness; Facilities – Transport; true true true true true true true 1 true true false true
11-10-0779 Important Network Operators, Service Providers and Equipment Suppliers should establish a means to allow for coordination between cyber and physical security teams supporting preparedness, response, investigation and analysis. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Physical Security Management; true true true true true true true 1 true false false false
11-10-0781 Important Network Operators, Service Providers, Public Safety, and Property Managers should evaluate the use of automatic notification mechanisms to the local fire department at critical facilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Fire; Procedures; Security Systems; true true true true true true true 1 false true false true
11-10-0782 Highly Important Network Operators and Service Providers should detect transport simplex events and restore the duplex protective path expeditiously by executing appropriate incident response and escalation processes. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Contractors and Vendors; Disaster Recovery; Hardware; Network Operations; Procedures; Facilities – Transport; true true true true true true true 2 false false false false
11-10-0784 Important Network Operators, Service Providers, and Public Safety should utilize appropriate fiber/cable management equipment or racking systems to provide cable strain relief and ensure that bend radius is maintained to avoid micro- bends (e.g., pinched fibers). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Documentation; Hardware; Network Design; Procedures; Facilities – Transport; true true true true true true true 1 false false false true
11-10-0785 Critical Network Operators and Service Providers should consider secured remote access to critical network management systems for network management personnel working from distributed locations (e.g., back-up facility, home) in the event of a situation where the NOC cannot be staffed (e.g., pandemic). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Cyber Security; Emergency Preparedness; Information Protection; Network Operations; Pandemic; Physical Security Management; Procedures; true true true true true true true 3 false false false false
11-10-0787 Important Network Operators, Service Providers, and Property Managers should consider the use of fixed alternate fuel generators (e.g., natural gas) connected to public utility supplies to reduce the strain on refueling. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Disaster Recovery; Emergency Preparedness; Pandemic; Power; true true true true true true true 1 false true false false
11-10-0789 Important Network Operators, Service Providers, and Equipment Suppliers should consider modifying travel guidelines/policies for use during a pandemic or other crisis situations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Pandemic; Policy; true true true true true true true 1 true false false false
11-10-0790 Important Personal Protective Equipment: Network Operators, Service Providers, Equipment Suppliers and Public Safety should consider providing personal protective equipment (PPE) for infection control (e.g., masks, disposable gloves, and sanitizers) in locations where multiple employees are located. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Government; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Pandemic; Policy; true true true true true true true 1 true true true true
11-10-0791 Important Network Operators, Service Providers, Equipment Suppliers, Government, and Public Safety should consider providing personnel training in the use of personal protective equipment (PPE) specific to a pandemic or other crisis situations and the employee’s particular job. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Government; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Pandemic; Policy; Training Awareness; true true true true true true true 1 true true true true
11-10-0792 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider modifying attendance guidelines during a pandemic, or other crisis situations. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Essential Services; Human Resources; Pandemic; Policy; Supervision; true true true true true true true 1 true true false true
11-10-0793 Important Network Operators, Service Providers, and Equipment Suppliers should, as part of business continuity planning, identify employees that can perform their tasks from alternate locations and consider provisions for enabling them to do so. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Essential Services; Human Resources; Pandemic; Policy; Supervision; true true true true true true true 1 true false false false
11-10-0794 Important Network Operators, Service Providers, and Equipment Suppliers should, as part of business continuity planning, provide for elevated /increased utilization of remote access capabilities for telecommuting purposes by employees during a pandemic, or other crisis situations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Network Design; Network Operations; Pandemic; true true true true true true true 1 true false false false
11-10-0795 Important Network Operators, Service Providers, and Equipment Suppliers should as part of business continuity planning, plan for elevated/increased utilization of virtual collaboration and remote meetings capabilities during pandemics or other crisis situations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; true true true true true true true 1 true false false false
11-10-0796 Important Network Operators, Service Providers, and Equipment Suppliers should, as part of business continuity planning, consider developing guidelines for the deferral of specific maintenance or provisioning activities during certain situations (e.g., pandemic, holiday, National Special Security Event). Cable; Internet/Data; Satellite; Wireless; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; true true true true false true true 1 true false false false
11-10-0798 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider, as part of business continuity/disaster recovery, alternate transportation and delivery methods for equipment, spares, and personal protective equipment to prepare for situations where transportation and delivery may be delayed (e.g., pandemic, other crisis situations). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Contractors and Vendors; Disaster Recovery; Documentation; Emergency Preparedness; Hardware; Liaison; Materials Movement; Network Elements; Pandemic; Policy; Procedures; true true true true true true true 1 true true false true
11-10-0799 Important Service Providers, Network Operators and Property Managers should periodically evaluate the need for and feasibility of providing back up power at cell sites and broadband network equipment, at remote locations where economically and technically practical taking into consideration the criticality of the site or location, as well as local zoning laws, statutes, and contractual obligations. Cable; Internet/Data; Satellite; Wireless; Property Manager; Network Operator; Service Provider; Business Continuity; Documentation; Emergency Preparedness; Essential Services; Network Design; Policy; Power; Procedures; true true true true false true true 1 false true false false
11-10-0804 Important Service Providers should consider appropriate means for providing their customers with information about their traffic policies so that users may be informed when planning and utilizing their applications. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Documentation; Pandemic; Policy; true true true true true true false 1 false false false false
11-10-0805 Important Service Providers, Network Operators and Equipment Suppliers should work to establish operational standards and practices that support broadband capabilities and interoperability (e.g., video, voice, data, wireless). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Documentation; Industry Cooperation; Network Interoperability; Policy; Organizations that are working on operational standards and practices supporting broadband services and interoperability: ITU-T, particularly Study Groups 2, Study Group 12 and Study Group 13. Also the IETF, ANSI T1A1, DSL Forum, CableLabs, and the TeleManagement Forum. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 true false false false
11-10-0814 Highly Important Network Operators and Service Providers should design broadband networks with the ability to take active measures to detect and restrict or inhibit any network activity that adversely impacts performance or security. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Cyber Security; Network Design; Network Operations; Facilities – Transport; true true true true true false true 2 false false false false
11-10-0815 Important Network Operators, Service Providers, Property Managers, and Public Safety should deploy hardware in accordance with equipment suppliers� stated environmental specifications. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Hardware; Network Design; Network Elements; Network Provisioning; true true true true true true true 1 false true false true
11-10-0816 Important Service Providers that deploy Internet Access Service in a shared media environment should design Broadband systems that provide appropriate privacy and access restriction to the data packet information. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Network Design; true true true true true true false 1 false false false false
11-10-0818 Highly Important Network operators and service Providers that deploy Internet Access Service should deploy network equipment that report alarms. Cable; Internet/Data; Satellite; Wireless; Wireline; Government; Network Operator; Service Provider; Network Design; Network Elements; true true true true true true true 2 false false true false
11-10-0819 Important Service Providers, Network Operators and Property Managers should periodically evaluate the need for and feasibility of providing back up power at cell sites and broadband network equipment, at remote locations where economically and technically practical taking into consideration the criticality of the site or location, as well as local zoning laws, statutes, and contractual obligations. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Network Design; Power; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 true true false false
11-10-0820 Important Network Operators and Service Providers should deploy networks and services in a manner that mitigates the effects of harmful interference from other sources, and mitigates harmful interference into other services. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Design; Network Elements; true true true true true true true 1 false false false false
11-10-0821 Highly Important Network Operators, Service Providers and Property Managers should coordinate to ensure that network deployment and equipment installation, including equipment moves, adds or changes (MACs), do not physically impair the operation of other collocated communications networks/equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Industry Cooperation; Network Design; Network Elements; Network Provisioning; true true true true true true true 2 false true false false
11-10-0822 Highly Important Network operators and service providers should incorporate multilevel security schemes for network data integrity in the network design, as applicable, to prevent user traffic from interfering with network operations, administration, and management. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; true true true true true true true 2 false false false false
11-10-1002 Important Network Operators, Service Providers and Equipment Suppliers should consider establishing a business continuity executive steering committee (composed of executive managers and business process owners) to ensure executive support and oversight. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Policy; true true true true true true true 1 true false false false
11-10-1006 Highly Important Network Operators, Service Providers and Equipment Suppliers should consider establishing a designated Emergency Operations Center. This center should contain tools for coordination of service restoral including UPS, alternate means of communications, maps, and documented procedures to manage business interruptions and/or disasters. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Network Operations; Procedures; true true true true true true true 2 true false false false
11-10-1008 Important Network Operators, Service Providers, and Equipment Suppliers should use the Incident Command System for incident coordination and control in the emergency operations center and at the incident site. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Network Operations; Pandemic; Procedures; See the National Incident Management System (NIMS) http://www.fema.gov/national-incident-management-system. See also National Fire Protection Association Standard 1600. http://www.nfpa.org/codes-and-standards/document-information-pages?mode=code&code=1600 (Free but requires registration). true true true true true true true 1 true false false false
11-10-1013 Important Service Providers, Network Operators, Property Managers, and Equipment Suppliers should review their insurance requirements in order to maintain business continuity in the event of massive property damage or loss, incapacitation of senior officers, and other interruptive situations. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; true true true true true true true 1 true true false false
11-10-1016 Critical Network Operators, Service Providers, Equipment Suppliers, and Government, should develop processes or plans to quickly account for all employees (e.g. field techs) in or near the impact area of a disaster. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Government; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Procedures; true true true true true true true 3 true false true false
11-10-1033 Critical Network Operators should develop a strategy for deployment of emergency mobile assets such as Cell on Wheels (COWs), cellular repeaters, Switch on Wheels (SOWs), transportable satellite terminals, microwave equipment, power generators, HVAC units, etc. for emergency use or service augmentation for planned events (e.g., National Special Security Event (NSSE)). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Business Continuity; Disaster Recovery; Emergency Preparedness; Network Elements; Network Operations; Power; Note: This Best practice could impact 9-1-1 operations. true true true true true false true 3 false false false false
11-10-1036 Important Network Operators should determine in advance if they will use wireless alternate backhaul systems (microwave radio, free space optics, and satellite communications systems) to re-establish communications and if these technologies are to be deployed it is recommended that path designs be developed for each critical area in advance of deployment with personnel trained to install and optimize the systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Business Continuity; Disaster Recovery; Emergency Preparedness; Network Elements; true true true true true false true 1 false false false false
11-10-1039 Highly Important Equipment Suppliers should develop support processes that include interfaces with those internal organizations (e.g., sales, logistics, and manufacturing) that have a potential role in assisting Network Operators and Service Providers in disaster response efforts. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Materials Movement; Procedures; true true true true true false false 2 true false false false
11-10-1043 Important Equipment Supplies should, during major disasters, make it easy for customers to contact them by providing an Interactive Voice Response (IVR) option or dedicated contact information. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Business Continuity; Disaster Recovery; Industry Cooperation; Technical Support; true true true true true false false 1 true false false false
11-10-1044 Important Equipment Suppliers should consider providing a “Disaster Recovery Services Checklist” to all of the Service Providers they support to assist the Service Provider in identifying equipment needs and professional services during an event. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Business Continuity; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Materials Movement; Technical Support; true true true true true false false 1 true false false false
11-10-1045 Important Network Operators and Service Providers should use their escalation process, as needed, to address resource issues identified through damage and resource assessments. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Industry Cooperation; Escalation process should consider using employees from separate regions, working with equipment vendors, mutual aid partners, etc. true true true true true true true 1 false false false false
11-10-1047 Highly Important Network Operators, Service Providers, and Public Safety should develop a process to routinely archive critical system backups and provide for storage in a secure off-site facility which would provide geographical diversity. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Operations; Procedures; Software; true true true true true true true 2 false false false true
11-10-1048 Highly Important Network Operators and Service Providers should consider supplementing media backup storage with full system restoral media and documented restoration procedures that can be utilized at an alternate hot site, in case of total failure of the primary service site. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Network Operations; Procedures; true true true true true true true 2 false false false false
11-10-1049 Highly Important Service Providers should consider utilizing multiple network carriers for internet backbone connectivity if required to prevent isolation of service nodes. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Business Continuity; Emergency Preparedness; Network Design; Facilities – Transport; true true true true true true false 2 false false false false
11-10-1050 Critical Network Operators and Service Providers should consider alternative carrier/transport methods such as satellite, microwave or wireless to further reduce point of failures or as hot transport backup facilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Network Design; Facilities – Transport; true true true true true true true 3 false false false false
11-10-1051 Important Network Operators, Service Providers, Equipment Suppliers, and Government should work together to identify criteria for developing procedures to handle network elements affected by nuclear attack or nuclear accidents (e.g., shock wave, Electro-magnetic Pulse (EMP), Thermal, Fallout, fiber darkening of phosphorous based fiber cable). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Government; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Liaison; true true true true true true true 1 true false true false
11-10-1052 Highly Important Network Operators, Service Providers, and Public Safety should assess the functionality of network critical systems during disaster exercises. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Training Awareness; true true true true true true true 2 false false false true
11-10-1054 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should install fire detection systems and consider the use of suppression systems or devices at buildings supporting network functionality. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Business Continuity; Emergency Preparedness; Fire; Function, size and occupancy need to considered. This is not intended to include CEVs, tower sites, huts, regens, temporary or mobile facilities. true true true true true true true 2 false true false true
11-10-1061 Important Service Provider, Network Operators, Equipment Suppliers, and Public Safety should ensure that Telecommunication Service Priority (TSP) records and data bases are reconciled annually. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Documentation; Emergency Preparedness; Essential Services; Network Operations; http://www.dhs.gov/telecommunications-service-
priority-tsp true true true true true true true 1 true false false true
11-10-1065 Important Network Operators and Service Providers should identify and manage critical network elements and architecture that are essential for network connectivity and subscriber services considering security, functional redundancy and geographical diversity. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Network Design; Network Operations; true true true true true true true 1 false false false false
11-10-1068 Highly Important Network Operators, Service Providers and Property Managers should utilize Transfer Switch Equipment that conforms to industry standards. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Buildings; Network Design; Network Operations; Power; Procedures; http://www.ul.com/global/eng/pages/solutions/stan dards/accessstandards/ true true true true true true true 2 false true false false
11-10-1069 Highly Important Network Operators, Equipment Suppliers and Property Managers should consider marking or modifying copper bars and cable to deter theft, to make them easier to identify at scrap yards, and/or to reduce their value. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Hardware; Physical Security Management; Power; Facilities – Transport; This may include stamping
copper ground bars with �Registered Property�
and �Recycling Prohibited�, tinning copper ground bars or coating them with cold galvanizing spray, and marking cable with identifying markings. true true true true true false true 2 true true false
11-10-1070 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should utilize a UL standard for Transfer Switch Equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Network Design; Network Operations; Power; Procedures; http://www.ul.com/global/eng/pages/solutions/stan dards/accessstandards/ true true true true true true true 2 false true false true
11-10-1071 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should mechanically and electrically interlock transfer breaker systems when they are utilized. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Network Design; Network Operations; Power; Procedures; true true true true true true true 2 false true false true
11-10-1072 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should verify that protector size does not exceed cable rated current capacity. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Fire; Hardware; Network Operations; Power; true true true true true true true 2 false true false true
11-10-5001 Highly Important Network Operators, Service Providers and Equipment Suppliers should establish additional access control measures that provide two factor identification (e.g., cameras, PIN, biometrics) in conjunction with basic physical access control procedures at areas of critical infrastructure, as appropriate, to adequately protect the assets. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Buildings; Human Resources; Physical Security Management; Procedures; Security Systems; true true true true true true true 2 true false false false
11-10-5002 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should develop and implement periodic physical inspections and maintenance as required for all critical security systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Physical Security Management; Procedures; Security Systems; true true true true true true true 1 true true false true
11-10-5003 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should periodically audit compliance with physical security policies and procedures. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Guard Force; Physical Security Management; Procedures; Security Systems; Examples of policies and procedures for review may include access control, key control, property control, video surveillance, ID administration, sign-in procedures, guard compliance. true true true true true true true 1 true true false true
11-10-5005 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should conduct electronic surveillance (e.g., CCTV, access control logs, alarm monitoring) at critical access points and preserve the data for investigation. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Physical Security Management; Security Systems; true true true true true true true 2 true false false true
11-10-5009 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should ensure that access control records are retained in conjunction with company standards. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Documentation; Physical Security Management; Procedures; Security Systems; Visitors; true true true true true true true 1 true true false true
11-10-5010 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should deploy security measures in proportion to the criticality of the facility or area being served. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Physical Security Management; Policy; Security Systems; true true true true true true true 2 true false false true
11-10-5011 Highly Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should alarm and monitor critical facility access points to detect intrusion or unsecured access (e.g., doors being propped open). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Physical Security Management; Security Systems; true true true true true true true 2 true true false true
11-10-5013 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers in facilities where master key systems are used should consider establishing hierarchical key control system(s) (e.g., Master Key Control systems) with record keeping databases. Master Key Control system should be implemented so that keys are distributed only to those with need for access into the locked space (e.g., perimeter doors, offices, restricted areas). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Documentation; Physical Security Management; Procedures; Security Systems; true true true true true true true 1 true true false true
11-10-5014 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should establish and maintain inventory control measures to protect all media associated with Master Key Control (MKC) systems and access control systems (e.g. master keys, key blanks, cards, tokens, fobs). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Information Protection; Physical Security Management; Procedures; Security Systems; true true true true true true true 1 true true false true
11-10-5018 Important Network Operators, Service Providers and Equipment Suppliers should periodically conduct reviews to ensure that proprietary information is protected in accordance with established policies and procedures. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Corporate Ethics; Cyber Security; Human Resources; Information Protection; Policy; Procedures; true true true true true true true 1 true false false false
11-10-5019 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider establishing an employee awareness training program to inform employees who create, receive or transfer proprietary information of their responsibilities for compliance with proprietary information protection policies and procedures. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Corporate Ethics; Human Resources; Information Protection; Policy; Procedures; Supervision; Training Awareness; true true true true true true true 1 true false false true
11-10-5021 Highly Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should establish procedures for access control, exception access, and identification for all individuals (including visitors, contractors, and vendors) that provide for the issuing of ID badges, sign-in and escorting where appropriate, with challenging of non-badged personnel. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Contractors and Vendors; Guard Force; Human Resources; Physical Security Management; Policy; Procedures; Training Awareness; Visitors; true true true true true true true 2 true true false true
11-10-5022 Highly Important Network Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should internally identify locations of critical infrastructure for emergency planning and security, and protect it as highly sensitive proprietary information. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Business Continuity; Documentation; Emergency Preparedness; Information Protection; Physical Security Management; true true true true true true true 2 true true false true
11-10-5024 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should include physical security as an integral part of the strategic business planning and decision making process to ensure that security risks are properly identified and appropriately mitigated. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Corporate Ethics; Emergency Preparedness; Physical Security Management; Policy; true true true true true true true 2 true false false true
11-10-5025 Important Network Operators, Service Providers and Equipment Suppliers should include physical security as an integral part of the merger, acquisition and divestiture process to ensure that security risks are proactively identified and appropriate plans are developed to facilitate the integration and migration of organizational functions (e.g., Due Diligence investigations, integration of policy and procedures). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Corporate Ethics; Physical Security Management; Policy; true true true true true true true 1 true false false false
11-10-5026 Highly Important Network Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should include security as an integral part of the facility construction process to ensure that security risks are proactively identified and appropriate solutions are included in the design of the facility. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Materials Movement; Physical Security Management; Policy; Security Systems; See http://www.gsa.gov/graphics/ogp/2003springsecurityinsert_R2NX1-u_0Z5RDZ-i34K-pR . Where appropriate, this review may include elements such as facility location selection, security system design, configuration of the lobby, limitation of outside access points (both doors and windows), location of mailroom, compartmentalization of loading docks, design of parking setbacks, placement and protection of air handling systems and air intakes, structural enhancements, and ramming protection. Consider sign off authority for security and safety on all construction projects. true true true true true true true 2 true true false true
11-10-5027 Highly Important Network Operators, Service Providers, Equipment Suppliers, and Property Managers should collaborate during major events (e.g., hiring, downsizing, outsourcing, labor disputes, civil disorder).to ensure that security risks are identified and plans are developed to protect the company’s personnel and assets. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Access Control; Buildings; Contractors and Vendors; Corporate Ethics; Disaster Recovery; Emergency Preparedness; Human Resources; Industry Cooperation; Physical Security Management; Policy; true true true true true true true 2 true true false false
11-10-5029 Highly Important Network Operators, Service Providers, Equipment Suppliers and Property Managers should facilitate the availability of security related hardware and media (e.g., spare hardware) and/or a contingency plan for its availability in the event of a disaster. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Access Control; Emergency Preparedness; Physical Security Management; Security Systems; true true true true true true true 2 true true false false
11-10-5030 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should provide a level of security protection over critical inventory (i.e., spares) that is proportionate to the criticality of the equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Emergency Preparedness; Hardware; Materials Movement; Network Elements; Network Operations; Physical Security Management; Security Systems; true true true true true true true 2 true false false true
11-10-5031 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should establish a role for the security function (i.e., physical and cyber) in business continuity planning, including emergency response plans and periodic tests of such plans. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Cyber Security; Emergency Preparedness; Physical Security Management; Policy; Procedures; Training Awareness; true true true true true true true 2 true false false true
11-10-5032 Important Network Operators, Service Providers, Property Managers, Public Safety, and Equipment Suppliers should establish a procedure governing the assignment of facility access levels. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Guard Force; Information Protection; Physical Security Management; Procedures; Security Systems; This could include, but is not limited to buildings, equipment rooms, and access points. true true true true true true true 1 true true false true
11-10-5033 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety and Property Managers should consider establishing and implementing background investigation policies that include criminal background checks of employees. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Corporate Ethics; Human Resources; Liaison; Policy; The policy should detail elements of the background investigation as well as disqualification criteria. true true true true true true true 1 true true false true
11-10-5034 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should consider establishing contractual obligations requiring contractors, subcontractors and vendors to conduct background investigations of all personnel who require unescorted access to areas of critical infrastructure or who require access to sensitive information related to critical infrastructure. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Contractors and Vendors; Corporate Ethics; Guard Force; Human Resources; Physical Security Management; Policy; true true true true true true true 2 true true false true
11-10-5040 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should install environmental emergency response equipment (e.g., fire extinguishers, high rate automatically activated pumps) where appropriate, and periodically inspect the equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Fire; Physical Security Management; Procedures; true true true true true true true 2 true true false true
11-10-5041 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should establish and implement policies and procedures to secure and restrict access to power, environmental, security, and fire protection systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Fire; Physical Security Management; Policy; Power; Procedures; Examples of power, environmental systems security and fire protection systems: HVAC, standby emergency power, generators, UPS, access security, building automation, elevators, and fire alarm systems. true true true true true true true 2 true true false true
11-10-5042 Important Network Operators, Service Providers, Public Safety, and Property Managers should establish and implement policies and procedures to secure and restrict access to fuel supplies. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Emergency Preparedness; Fire; Physical Security Management; Policy; Power; Procedures; true true true true true true true 1 false true false true
11-10-5043 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should comply with security standards for perimeter lighting. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Physical Security Management; For example; SLB, IESNA (Illuminating Engineering Society of N. America) at http://www.iesna.org true true true true true true true 1 true true false true
11-10-5044 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, or Property Managers should plan and maintain landscaping at facilities to enhance the overall level of building security wherever possible. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Fire; Physical Security Management; Landscaping at critical facilities should not obstruct necessary security lighting or camera views of ingress and egress areas, and landscaping should also avoid creating fire hazards or hiding places. true true true true true true true 1 true true false true
11-10-5046 Highly Important Network Operators, Public Safety, and Property Managers should ensure critical infrastructure utility vaults are secured from unauthorized access. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Public Safety; Access Control; Buildings; Network Design; Physical Security Management; Facilities – Transport; true true true true true false true 2 false true false true
11-10-5048 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should implement a policy that requires approval by senior member(s) of the security department for security related goods and services contracts. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Contractors and Vendors; Guard Force; Physical Security Management; Policy; true true true true true true true 1 true false false true
11-10-5049 Important Network Operators, Service Providers, Equipment Suppliers and Property Managers should consider a strategy of using technology (e.g., access control, CCTV, sensor technology, person traps, turnstiles) to supplement the
guard force. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Access Control; Buildings; Guard Force; Physical Security Management; Security Systems; Visitors; true true true true true true true 1 true true false false
11-10-5050 Important Network Operators, Service Providers, Equipment Suppliers and Property Managers utilizing guard services should have a supervision plan that requires supervisory checks for all posts. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Guard Force; Physical Security Management; Procedures; Supervision; true true true true true true true 1 true true false false
11-10-5051 Important Network Operators, Service Providers and Equipment Suppliers utilizing guard services should consider establishing incentives and recognition programs to increase morale and reduce turnover. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Guard Force; Human Resources; true true true true true true true 1 true false false false
11-10-5052 Important Network Operators, Service Providers, Equipment Suppliers and Property Managers using guard services should ensure that each post has written detailed post orders including site specific instructions, up-to-date emergency contact information and ensure that on the job training occurs. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Access Control; Contractors and Vendors; Emergency Preparedness; Guard Force; Physical Security Management; Procedures; Training Awareness; true true true true true true true 1 true true false false
11-10-5053 Important Network Operators, Service Providers, Equipment Suppliers and Property Managers should periodically audit guard services to ensure satisfactory performance, and compliance with organizational contractual requirements. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Access Control; Contractors and Vendors; Guard Force; Human Resources; Physical Security Management; Procedures; Supervision; true true true true true true true 1 true true false false
11-10-5054 Important Network Operators, Service Providers, Equipment Suppliers, and Property Managers utilizing guard services should develop a process to quickly disseminate information to all guard posts. This process should be documented and should clearly establish specific roles and responsibilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Contractors and Vendors; Documentation; Emergency Preparedness; Guard Force; Physical Security Management; Procedures; Supervision; Training Awareness; true true true true true true true 1 true true false false
11-10-5055 Critical Network Operators, Service Providers and Equipment Suppliers should establish and maintain (or contract for) a 24/7 emergency call center for internal communications. Ensure staff at this center has access to all documentation pertinent to emergency response and up to date call lists to notify appropriate personnel. The number to this call center should be appropriately published so personnel know where to report information. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Contractors and Vendors; Documentation; Emergency Preparedness; Network Operations; Physical Security Management; Procedures; Training Awareness; true true true true true true true 3 true false false false
11-10-5057 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider an enhanced level of emergency response for locations supporting critical functions. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Disaster Recovery; Emergency Preparedness; Essential Services; Network Operations; Public Safety Service; true true true true true true true 2 true false false true
11-10-5058 Critical Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should ensure that all critical infrastructure facilities, including the security equipment, devices and appliances protecting it, are supported by backup power systems (e.g., batteries, generators, fuel cells). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Network Design; Network Operations; Physical Security Management; Power; Security Systems; Some local regulations and building codes may influence the options available. true true true true true true true 3 true true false true
11-10-5061 Important Equipment Suppliers should consider ergonomics and human-centric factors when designing user interfaces (e.g., hardware labeling, software, documentation). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Hardware; Network Elements; Software; See GR-2914 , Human Factors Requirements for Equipment to Improve Network Integrity, Telcordia and GR454 Requirements for Supplier-Provided Documentation, Telcordia at http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=home. See NRSC 105 Procedural Outage Reduction: Addressing the Human Part at http://www.atis.org/docstore true true true true true false false 1 true false false false
11-10-5062 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should staff critical functions at appropriate levels, considering human factors such as workload and fatigue. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Human Resources; Network Operations; Pandemic; Physical Security Management; Supervision; true true true true true true true 2 true false false true
11-10-5064 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should alarm and monitor critical electronic equipment areas to detect parameters that are outside operating specifications (e.g., temperature, humidity). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Fire; Network Operations; Reference: GR63 NEBS Requirements: Physical Protection, Telcordia, http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=home true true true true true true true 2 false true false true
11-10-5066 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should ensure that sensitive information pertaining to critical infrastructure is considered proprietary and access is restricted appropriately, both internally and externally. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Corporate Ethics; Cyber Security; Documentation; Information Protection; Policy; Appropriate markings are required to qualify for exemption from disclosure under FOIA. true true true true true true true 2 true true false true
11-10-5067 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should make security an ongoing priority and implement an annual compliance requirement for the completion of a security awareness program. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Policy; Training Awareness; true true true true true true true 1 true false false true
11-10-5068 Important Network Operators, Service Providers and Property Managers should establish standards, policies and procedures that, where feasible, restrict equipment access to authorized personnel where co-location exists. Cable; Internet/Data; Satellite; Wireline; Property Manager; Network Operator; Service Provider; Access Control; Buildings; Industry Cooperation; Materials Movement; Network Operations; Physical Security Management; Policy; Procedures; Facilities – Transport; true true true false true true true 1 false true false false
11-10-5069 Important Property Managers should require all tenants to adhere to the security standards set for colocation sites. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Access Control; Buildings; Corporate Ethics; Industry Cooperation; Physical Security Management; Policy; In order to prevent/mitigate security compromise/loss/downtime. true true true true true true true 1 false true false false
11-10-5070 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider establishment of a senior management function for a chief security officer (CSO) or functional equivalent to direct and manage both physical and cyber security. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Corporate Ethics; Cyber Security; Physical Security Management; Policy; true true true true true true true 2 true false false true
11-10-5071 Critical Network Operators, Service Providers and Property Managers should maintain liaison with local law enforcement, fire department and other security and emergency agencies to exchange critical information related to threats, warnings and mutual concerns. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Fire; Liaison; Physical Security Management; Policy; true true true true true true true 3 false true false true
11-10-5072 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should perform risk assessments on key network facilities and control areas on a regular basis, taking into account natural disasters and unintentional or intentional acts of people impacting the facility or nearby structures. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Network Design; Network Operations; Pandemic; Physical Security Management; Facilities – Transport; true true true true true true true 2 true false false true
11-10-5074 Critical Network Operators, Service Providers, Public Safety, and Equipment Suppliers should document in a Disaster Recovery Plan the process for restoring physical security control points for critical infrastructure facilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Disaster Recovery; Emergency Preparedness; Physical Security Management; Procedures; Security Systems; true true true true true true true 3 true false false true
11-10-5075 Highly Important Network Operators, Service Providers, and Public Safety should ensure that networks built with redundancy are also built with geographic separation where feasible (e.g., avoid placing mated pairs in the same location and redundant logical facilities in the same physical path). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Design; Network Elements; Network Operations; Network Provisioning; Policy; Facilities – Transport; true true true true true true true 2 false false false true
11-10-5078 Highly Important Network Operators, Service Providers, and Public Safety should be automatically notified upon the loss of alarm data and react accordingly. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Design; Network Operations; Physical Security Management; Security Systems; Facilities – Transport; true true true true true true true 2 false false false true
11-10-5080 Highly Important Network Operators, Service Providers, and Public Safety should identify and track critical network equipment, location of spares, and sources of spares to ensure the long term continuity and availability of communication service. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Hardware; Network Elements; Network Operations; true true true true true true true 2 false false false true
11-10-5083 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should maintain the availability of spares for critical network systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Hardware; Network Elements; Network Operations; Pandemic; true true true true true true true 2 true false false true
11-10-5084 Critical Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider ensuring that outsourcing of hardware and software includes a quality assessment, functional testing and security testing by an independent entity. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Corporate Ethics; Hardware; Network Elements; Policy; Software; Independent entities do not include the source supplier. Quality and security testing may include the following: GR929 (RQMS), GR815, TL9000. true true true true true true true 3 true false false true
11-10-5089 Important Service Providers, Network Operators, Property Managers, Public Safety, and Equipment Suppliers should establish, implement and enforce appropriate procedures for the storage and movement of equipment and material, including trash removal, to deter theft. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Corporate Ethics; Fire; Hardware; Information Protection; Materials Movement; Physical Security Management; Procedures; This will help minimize potential theft, tampering, introduction of harmful materials, inadvertent exposure of critical information, and reduce the risk of fire. true true true true true true true 1 true true false true
11-10-5091 Important Network Operators, Service Providers and Equipment Suppliers should develop and implement, as appropriate, travel security awareness training and briefings before traveling internationally. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Human Resources; Policy; Training Awareness; The US Department of State offers information on international travel at http://www.state.gov/travel/ true true true true true true true 1 true false false false
11-10-5092 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should establish an incident reporting mechanism and investigations program so that security or safety related events are recorded, analyzed, and investigated as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Physical Security Management; Procedures; true true true true true true true 1 true false false true
11-10-5095 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should implement a security response plan for communications facilities that recognizes the threats identified in the National Terrorism Advisory System. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Human Resources; Liaison; Physical Security Management; Policy; Procedures; In order to prevent terrorist/criminal access and activity. true true true true true true true 2 true true false true
11-10-5096 Highly Important Network Operators, Service Providers and Equipment Suppliers should require compliance with corporate security standards and programs for contractors (and their subcontractors), vendors and others as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Contractors and Vendors; Guard Force; Human Resources; Information Protection; Physical Security Management; Policy; Procedures; In order to prevent contamination of vendor provided equipment at vendor locations. (References: Protection of Assets Manual – http://www.asisonline.org). true true true true true true true 2 true false false false
11-10-5097 Highly Important Network Operators, Service Providers and Equipment Suppliers should establish and implement corporate standards for physical and system security requirements in consideration of the Best Practices of the communications industry. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Corporate Ethics; Physical Security Management; Policy; Security Systems; true true true true true true true 2 true false false false
11-10-5098 Important Network Operators, Service Providers and Equipment Suppliers should ensure that all network infrastructure equipment meets the minimum industry standards for fire resistance. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Fire; Hardware; Network Design; Network Elements; Facilities – Transport; In order to prevent fire. GR63 NEBS Requirements: Physical Protection, Telcordia at http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=home; ATIS-
0600319.2014, Equipment Assemblies–Fire Propogation Risk Assessment Criteria at http://www.atis.org/docstore true true true true true true true 1 true false false false
11-10-5099 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should consider keeping centralized trash storage outside the building and dumpsters located away from the building to reduce the potential for fire and access to the building. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Fire; Materials Movement; Physical Security Management; true true true true true true true 1 true true false true
11-10-5100 Important Network Operators, Service Providers and Equipment Suppliers should interact with federal, state, and local agencies to identify and address potential adverse security and service impacts of new laws and regulations (e.g., exposing vulnerability information, required security measures, fire codes). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Government; Network Operator; Service Provider; Fire; Industry Cooperation; Information Protection; Liaison; In order to prevent government from enacting policy that compromises security. true true true true true true true 1 true false true false
11-10-5105 Important Network Operators, Service Providers, and Equipment Suppliers should consider the security implications of equipment movement both domestically and internationally, including movement across borders and through ports of entry. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Hardware; Liaison; Materials Movement; Physical Security Management; US Custom’s and Trade Partnership Against Terrorism (C-TPAT) initiative to strengthen overall supply chain and border security). See http://www.cbp.gov/xp/cgov/trade/cargo_security/ctpat/ true true true true true true true 1 true false false false
11-10-5106 Important Network Operators, Service Providers, and Equipment Suppliers should consider participating in and complying with industry organizations that develops standards for security, logistics and transportation practices. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Industry Cooperation; Materials Movement; Physical Security Management; Policy; true true true true true true true 1 true false false false
11-10-5110 Highly Important Network Operators and Public Safety should not share information pertaining to the criticality of individual communication facilities or the traffic they carry, except with trusted entities for justified specific purposes with appropriate protections against further disclosure. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Corporate Ethics; Documentation; Industry Cooperation; Information Protection; Liaison; Policy; Facilities – Transport; true true true true true false true 2 false false false true
11-10-5111 Highly Important Network Operators, Service Providers, Public Safety, Government, and Equipment Suppliers should not share information regarding the location, configuration or composition of the telecommunication infrastructure without proper information protection measures. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Government; Network Operator; Service Provider; Public Safety; Corporate Ethics; Documentation; Industry Cooperation; Information Protection; Liaison; Policy; Facilities – Transport; true true true true true true true 2 true false true true
11-10-5114 Important Network Operators, Service Providers, Equipment Suppliers and Property Managers should establish, implement and enforce mailroom and delivery screening procedures that recognize changes in threat conditions and increase attention to security as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Disaster Recovery; Emergency Preparedness; Materials Movement; Physical Security Management; Procedures; Supervision; Training Awareness; true true true true true true true 1 true true false false
11-10-5116 Highly Important Network Operators, Service Providers, Public Safety, Equipment Suppliers, and Property Managers should provide periodic briefings on guidance to personnel (employees or contractors) involved in shipping, receiving or mailroom activities for identifying suspicious letters or parcels and protocols for handling any suspicious items. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Emergency Preparedness; Guard Force; Human Resources; Liaison; Materials Movement; Physical Security Management; Supervision; Training Awareness; true true true true true true true 2 true true false true
11-10-5117 Highly Important Equipment Suppliers of critical network elements should consider designing electronic hardware to industry requirements to minimize susceptibility to electromagnetic energy, shock, vibration, voltage spikes, and temperature. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; See GR-1089,
Electromagnetic Compatibility and Electrical
Safety – Generic Criteria for Network Telecommunications Equipment, Telcordia at http://telecom-info.telcordia.com/site- cgi/ido/docs.cgi?DOCUMENT=1089&KEYWOR DS=&TITLE=&ID=298454680SEARCH true true true true true false false 2 true false false false
11-10-5118 Highly Important Equipment Suppliers of critical network elements should test electronic hardware to ensure its compliance with design criteria for tolerance to electromagnetic energy, shock, vibration, voltage spikes, and temperature. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; GR-1089, Electromagnetic Compatibility and Electrical Safety – Generic Criteria for Network Telecommunications Equipment, Telcordia at http://telecom-info.telcordia.com/site- cgi/ido/docs.cgi?DOCUMENT=1089&KEYWOR DS=&TITLE=&ID=298454680SEARCH or See EN 300 386-2 Electromagnetic Compatibility and Radio Spectrum Matters (ERM); Telecommunication Network Equipment; Electromagnetic Compatibility (EMC) Requirements; Part 2: Product Family Standard, ETSI, http://webapp.etsi.org/WorkProgram true true true true true false false 2 true false false false
11-10-5119 Highly Important Equipment Suppliers of critical network elements should document the technical specifications of their electronic hardware, including characteristics such as tolerance limitations to electromagnetic energy, vibration, voltage spikes and temperature ranges. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Hardware; Information Protection; Network Elements; true true true true true false false 2 true false false false
11-10-5120 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should evaluate the potential benefits and security implications when making decisions about building and facility signage, both internally and externally. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Physical Security Management; Companies should weigh the marketing benefits of external signage versus identifying potential targets. For example, some believe posting restricted access signs in internal areas deters inadvertent access. Others believe restricted access signs identify potential targets. true true true true true true true 1 true true false true
11-10-5121 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should develop and consistently implement software delivery procedures that protect the integrity of the delivered software in order to prevent software loads from being compromised during the delivery process. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Materials Movement; Network Elements; Network Operations; Physical Security Management; Procedures; Software; true true true true true true true 1 true false false true
11-10-5129 Important Network Operators and Service Providers who are required by the government to file outage reports for major network outages should ensure that such reports do not unnecessarily contain information that discloses specific network vulnerabilities, in order to prevent such information from being unnecessarily available in public access. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Corporate Ethics; Documentation; Information Protection; Liaison; Network Operations; true true true true true true true 1 false false false false
11-10-5134 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider establishing a policy to manage the risks associated with key personnel traveling together. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Human Resources; Pandemic; Policy; true true true true true true true 1 true false false true
11-10-5135 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should participate in the Communications Security, Reliability and Interoperability Council (CSRIC) and its working groups in order to develop industry Best Practices for addressing and mitigating public communications infrastructure vulnerabilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Industry Cooperation; Liaison; Policy; true true true true true true true 1 true false false true
11-10-5138 Highly Important Network Operators and Public Safety should plan for the possibility that impacted network nodes cannot be accessed by company personnel for an extended period of time and define the corporate response for restoration of service. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Disaster Recovery; Emergency Preparedness; Network Design; Network Operations; Pandemic; For example; wide scale destruction, radiological, chemical or biological contamination. true true true true true false true 2 false false false true
11-10-5141 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider restricting, supervising, and/or prohibiting tours of critical network facilities, systems and operations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Disaster Recovery; Pandemic; Physical Security Management; Policy; Visitors; true true true true true true true 1 true false false true
11-10-5142 Highly Important Network Operators, Service Providers and Equipment Suppliers should work together to deploy safeguards to protect the software (i.e. generic or upgrade releases) being loaded to network elements in order to prevent sabotage. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Industry Cooperation; Network Elements; Network Operations; Network Provisioning; Software; true true true true true true true 2 true false false false
11-10-5143 Critical Network Operators responsible for satellite operations should maintain access to a back-up or secondary uplink site to provide tracking, telemetry and control (T.T.&C.) support for all operational communications spacecraft. The back-up or secondary site must be geographically diverse from the primary uplink facility, active and tested on a regular schedule to insure readiness and timely response. Satellite; Network Operator; Emergency Preparedness; Network Design; Network Operations; Facilities – Transport; false false true false false false true 3 false false false false
11-10-5144 Important Network Operators should maintain a current database of all satellite transmit and receive sites (i.e. uplink and downlink facilities) that are operational and/or support their services and networks. Satellite; Network Operator; Emergency Preparedness; Information Protection; Network Operations; Facilities – Transport; The database information should list location (i.e. street address, latitude and longitude), service provider/phone number, site manager contact/phone number, control point if remotely controlled, and equipment type used at the site. false false true false false false true 1 false false false false
11-10-5145 Important Network Operators and Public Safety should establish plans to perform interference analysis and mitigation to ensure timely resolution of all cases of interference (e.g., caused by equipment failure, intentional act/sabotage or frequency overlap), and, where feasible, identify the type and general location of the interference source. Satellite; Wireless; Network Operator; Public Safety; Network Operations; Facilities – Transport; false false true true false false true 1 false false false true
11-10-5146 Highly Important Network Operators and Service Providers should develop and manage Satellite service recovery plans to ensure the timely restoration of services in the event of transponder loss, payload failure, and satellite failure. Satellite; Network Operator; Service Provider; Emergency Preparedness; Network Design; Network Operations; Technical Support; Facilities – Transport; false false true false false true true 2 false false false false
11-10-5151 Important Network Operators, Service Providers and Property Managers located in the same facility should coordinate security matters and include all tenants in the overall security and safety notification procedures, as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Buildings; Emergency Preparedness; Industry Cooperation; Physical Security Management; true true true true true true true 1 false true false false
11-10-5152 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider performing targeted sweeps of critical infrastructures and network operations centers for listening devices when suspicion warrants. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Information Protection; Physical Security Management; true true true true true true true 1 true false false true
11-10-5153 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should ensure that critical information being provided to other companies as part of bid processes is covered under non-disclosure agreements and limited to a need to know basis. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Documentation; Information Protection; Policy; true true true true true true true 1 true false false true
11-10-5158 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider unannounced internal security audits at random intervals to enforce compliance with company security policies. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Guard Force; Physical Security Management; true true true true true true true 1 true false false true
11-10-5163 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should consider establishing procedures for security video equipment and recording, (e.g., storage, accurate time/date stamping, privacy protection, and regular operational performance checks). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Guard Force; Physical Security Management; Procedures; Security Systems; true true true true true true true 1 true true false true
11-10-5164 Highly Important “Technically Retired” – Network Operators, Service Providers, Public Safety, and Equipment Suppliers should establish and enforce a policy to immediately report stolen or missing company vehicles and trailers to the appropriate authorities. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Corporate Ethics; Physical Security Management; Policy; Public Safety Service; Supervision; true true true true true true true 2 true false false true
11-10-5165 Highly Important Network Operators, Service Providers and Equipment Suppliers should ensure that teleworkers have the equipment and support necessary to secure their computing platforms and systems at an equivalent level of those within company office facilities (e.g., Security software, firewalls and secure documents storage). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Contractors and Vendors; Corporate Ethics; Cyber Security; Human Resources; Information Protection; Pandemic; Physical Security Management; Policy; Software; Supervision; true true true true true true true 2 true false false false
11-10-5166 Important Equipment Suppliers should, wherever feasible, isolate R&D and software manufacturing of Network Elements from general office systems to prevent unauthorized access. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Cyber Security; Information Protection; Policy; Software; true true true true true false false 1 true false false false
11-10-5167 Important Network Operators, Service Providers and Equipment Suppliers should provide secured methods, both physical and electronic, for the internal distribution of software development and production materials. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Materials Movement; Software; true true true true true true true 1 true false false false
11-10-5168 Important Network Operators, Service Providers and Equipment Suppliers should review personnel background information prior to assignment to sensitive roles, to ensure there are no security risks, or risk of compromising processes as they evolve. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Contractors and Vendors; Corporate Ethics; Human Resources; Information Protection; Procedures; true true true true true true true 1 true false false false
11-10-5169 Important Network Operators, Service Providers and Equipment Suppliers should establish and implement an information protection process to control and manage the distribution of critical R&D documentation and the revisions thereto (e.g., serialize physical and electronic documentation to maintain audit trails). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Documentation; Information Protection; Procedures; true true true true true true true 1 true false false false
11-10-5171 Highly Important Equipment Suppliers should design network equipment to reduce the likelihood of malfunction due to failure of the connected devices (i.e. in order to reduce the potential for cascade failures; software or system damage). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Network Interoperability; true true true true true false false 2 true false false false
11-10-5172 Highly Important Network Operators, Service Providers and Equipment Suppliers should not permit unsecured wireless access points for the distribution of data or operating system upgrades during normal operations or system restoration efforts. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Information Protection; Network Operations; Policy; Procedures; Software; true true true true true true true 2 true false false false
11-10-5174 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should utilize a coordinated physical security methodology that incorporates diverse layers of security in direct proportion to the criticality of the site. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Physical Security Management; Policy; Security Systems; true true true true true true true 2 true true false true
11-10-5179 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should establish policies and procedures that prevent or reduce workplace violence. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Corporate Ethics; Guard Force; Human Resources; Physical Security Management; Policy; Procedures; Training Awareness; Visitors; true true true true true true true 1 true false false true
11-10-5185 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should ensure the inclusion of fire stair returns in their physical security designs with consideration that there should be no uncontrolled re-entry paths into areas of critical infrastructure, where permitted by code. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Fire; Physical Security Management; true true true true true true true 1 true true false true
11-10-5187 Highly Important Property Managers of collocation and telecom hotel facilities should be responsible and accountable for common space, critical shared areas (e.g., cable vault, power sources) and perimeter security for the building in accordance with industry standards and Best Practices. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Access Control; Buildings; Guard Force; Industry Cooperation; Physical Security Management; Policy; Visitors; GR-63, NEBS Requirements: Physical Protection, Telcordia at http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=home true true true true true false false 2 false true false false
11-10-5188 Important Network Operators and Service Providers in multi-tenan communications facilities (e.g., telecom hotels) should provide or arrange security for their own space with consideration of CSRIC Best Practices and in coordination with the existing security programs for the building. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Access Control; Buildings; Industry Cooperation; Physical Security Management; Policy; true true true true true true true 1 false false false false
11-10-5191 Important Network Operators, Service Providers that are tenants within telecom hotels should plan accordingly to protect their own facilities from potential risks within the building complex (e.g., fire suppression system, plumbing, hazardous materials). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Buildings; Emergency Preparedness; Fire; Hardware; Network Operations; Physical Security Management; true true true true true true true 1 false false false false
11-10-5192 Important Network Operators and Service Providers that are tenants of a telecom hotel should provide a current list of all persons authorized for access to the Property Manager, provide periodic updates to this list, and provide instructions for exceptions (e.g., emergency restoration personnel). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Access Control; Buildings; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Guard Force; Human Resources; Industry Cooperation; Pandemic; Physical Security Management; Procedures; Security Systems; true true true true true true true 1 false true false false
11-10-5194 Highly Important Equipment Suppliers should design electronic hardware to minimize susceptibility to electrostatic discharge. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; true true true true true false false 2 true false false false
11-10-5195 Highly Important Network Operators, Service providers and Equipment Suppliers should keep track of network product identification (e.g., circuit pack serial number), repair, modification and decommissioning records. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Hardware; Network Elements; true true true true true true true 2 true false false false
11-10-5197 Critical Network Operators, Service Providers, Public Safety, and Property Managers should periodically inspect, or test as appropriate, the grounding systems in critical network facilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Network Operations; Power; GR-1089 Electromagnetic Compatibility and Electrical Safety – Generic Criteria for Network Telecommunications Equipment, Telcordia at http://telecom-info.telcordia.com/site-cgi/ido/docs.cgi?DOCUMENT=1089&KEYWORDS=&TITLE=&ID=298454680SEARCH; Nation Electric Code, NEC-AAC at http://www.nfpa.org/categoryList.asp?categoryID=124&URL=Codes%20&%20Standards true true true true true true true 3 false true false true
11-10-5199 Highly Important Network Operators, Service Providers, and Public Safety should provide appropriate protection for outside plant equipment (e.g., Controlled Environmental Vault, remote terminals) against tampering and should, where practicable, monitor locations for intrusion. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Network Operations; Physical Security Management; Security Systems; Facilities – Transport; true true true true true true true 2 false false false true
11-10-5203 Critical Network Operators, Service Providers, Public Safety, and Property Managers should develop, maintain and administer a comprehensive program to sustain a reliable power infrastructure. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Business Continuity; Emergency Preparedness; Network Design; Network Operations; Power; true true true true true true true 3 false true false true
11-10-5209 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should restrict access to the AC transfer switch housing area, ensure that scheduled maintenance of the transfer switch is performed, and ensure that spare parts are available. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Emergency Preparedness; Network Operations; Physical Security Management; Power; true true true true true true true 2 false true false true
11-10-5210 Important Network Operators, Service Providers and Property Managers should discourage use of Emergency Power Off (EPO) switches between the primary battery supplies and the main power distribution board. EPO switches are not recommended for use in traditional -48V DC battery plants. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Hardware; Network Design; Network Operations; Power; true true true true true true true 1 false true false false
11-10-5211 Important Network Operators, Service Providers, Public Safety, and Property Managers should, under normal conditions, disable power equipment features that allow switching off of power equipment from a remote location (i.e. dial up modem), but may consider activating such features during severe service conditions, to allow a degree of remote control. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Network Operations; Power; true true true true true true true 1 false true false true
11-10-5212 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should consider placing generator sets and fuel supplies for critical sites within a secured area to prevent unauthorized access, reduce the likelihood of damage and/or theft, and to provide protection from explosions and weather. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Network Design; Network Operations; Physical Security Management; Power; true true true true true true true 2 false true false true
11-10-5213 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should, where feasible, place fuel tanks in a secured and protected area restrict access to fill pipes, fuel lines, vents, manways, to reduce the possibility of unauthorized access. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Network Design; Physical Security Management; Power; Restricting access may be accomplished via such things as fencing, walls, or burying. true true true true true true true 2 false true false true
11-10-5214 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should consider placing all power and network equipment in a location that affords physical protection from potential vulnerabilities based on risk of the location. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Hardware; Network Design; Power; Examples include floods, broken water mains, fuel spillage. In storm surge areas, consider placing all power related
equipment above the highest predicted or recorded storm surge levels. true true true true true true true 2 false true false true
11-10-5216 Important Network Operators, Service Providers, Public Safety, and Property Managers should consider providing secure pre- constructed exterior wall pathways for mobile generator connections or tap box connections. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Power; true true true true true true true 1 false true false true
11-10-5217 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should raise awareness of appropriate personnel regarding possible secondary events immediately after an incident, including the importance of promptly reporting any suspicious conditions. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Disaster Recovery; Guard Force; Human Resources; Physical Security Management; Training Awareness; For example, shipping and receiving, mailroom, emergency response and security personnel. true true true true true true true 2 true true false true
11-10-5218 Highly Important Equipment Suppliers should implement a comprehensive security program for protecting hardware, firmware and software from malicious code insertion or tampering during development and delivery, taking into consideration that some developmental environments around the world present a higher risk level than others. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Contractors and Vendors; Cyber Security; Hardware; Human Resources; Information Protection; Intrusion Detection; Network Elements; Policy; Software; true true true true true false false 2 true false false false
11-10-5220 Highly Important Network Operators, Service Providers and Equipment Suppliers who utilize foreign sites should establish and implement a comprehensive physical security program for protecting corporate assets, including personnel, at those sites. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Buildings; Information Protection; Physical Security Management; Policy; true true true true true true true 2 true false false false
11-10-5221 Important Network Operators, Service Providers and Equipment Suppliers should consider limiting the dissemination of information relating to future locations of key leadership. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Human Resources; Physical Security Management; Policy; true true true true true true true 1 true false false false
11-10-5222 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider providing trouble call centers with a physically diverse back-up capability that can quickly be configured to receive the incoming traffic and take appropriate action. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Design; Network Operations; Public Safety Service; Technical Support; true true true true true true true 2 true false false true
11-10-5226 Highly Important Network Operators, Service Providers and Property Managers should maintain liaison with local law enforcement, fire department, other utilities and other security and emergency agencies to ensure effective coordination for emergency response and restoration. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Emergency Preparedness; Fire; Industry Cooperation; Liaison; Pandemic; Physical Security Management; Public Safety Service; true true true true true true true 2 false true false false
11-10-5229 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should have controlled access to comprehensive facility cabling documentation (e.g., equipment installation plans, network connections, power, grounding and bonding) and keep a backup copy of this documentation at a secured off-site location. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Documentation; Emergency Preparedness; Information Protection; Network Design; Network Operations; Power; true true true true true true true 2 false true false true
11-10-5233 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should verify proper functioning of electronic surveillance equipment (e.g., CCTV, access control logs, alarm monitoring) at critical access points after any incident that may impact such equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Disaster Recovery; Fire; Physical Security Management; Security Systems; true true true true true true true 1 true false false true
11-10-5235 Important Network Operators and Service Providers should ensure that impacted alarms and monitors associated with critical utility vaults are operational after a disaster event. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Access Control; Disaster Recovery; Emergency Preparedness; Network Operations; Physical Security Management; Security Systems; Facilities – Transport; true true true true true true true 1 false false false false
11-10-5236 Important Property Managers should take the lead in restoration efforts of the base building infrastructure for an incident at a multi-tenant facility, ensuring that they have points of contact for each tenant to allow for coordination, support, security, and additional resources as necessary. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Liaison; Network Operations; Physical Security Management; true true true true true true true 1 false true false false
11-10-5239 Important Property Managers of multi-tenant facilities should maintain crisis management plan(s) for incident resolution and restoration. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Emergency Preparedness; Industry Cooperation; true true true true true false false 1 false true false false
11-10-5242 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should reassess the criticality of associated facilities following a catastrophic incident (i.e. loss of one facility may make others more critical). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Network Design; Network Operations; true true true true true true true 2 true false false true
11-10-5243 Important Network Operators, Service Providers and Equipment Suppliers should consider restricting, supervising, and/or prohibiting tours of critical network facilities, restoration sites and operations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Disaster Recovery; Liaison; Physical Security Management; Visitors; true true true true true true true 1 true false false false
11-10-5244 Important Network Operators, Service Providers and Equipment Suppliers should make all employees, contractors, and others with access to critical infrastructure during restoration, aware of changes to security posture resulting from the incident, and the need for increased vigilance. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Contractors and Vendors; Disaster Recovery; Guard Force; Human Resources; Physical Security Management; Training Awareness; true true true true true true true 1 true false false false
11-10-5245 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should document the use of non- standard equipment or cable during restoration to review and/or replace those devices or cable as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Documentation; Hardware; Network Elements; Network Provisioning; Facilities – Transport; true true true true true true true 1 true false false true
11-10-5248 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should perform risk assessment on significant network changes (e.g., technology upgrades, temporary or permanent changes due to restoration efforts). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Network Design; Network Elements; Network Operations; Network Provisioning; Facilities – Transport; true true true true true true true 2 true false false true
11-10-5249 Highly Important Network Operators and Service Providers should consider geographic separation of network redundancy during restoration, and address losses of redundancy and geographic separation following restoration. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Disaster Recovery; Emergency Preparedness; Hardware; Network Design; Network Elements; Network Operations; Procedures; Facilities – Transport; true true true true true true true 2 false false false false
11-10-5250 Highly Important Network Operators and Service Providers should develop an engineering design for critical network elements and inter-office facilities that addresses diversity, and utilize management systems to provision, track, and maintain and restore that inter-office and intra-office diversity. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Buildings; Disaster Recovery; Emergency Preparedness; Network Design; Network Operations; Network Provisioning; Policy; Power; Facilities – Transport; true true true true true true true 2 false false false false
11-10-5252 Highly Important Network Operators and Public Safety should evaluate the priority on re-establishing diversity of facility entry points (e.g., copper or fiber conduit, network interfaces for entrance facilities) during the restoration process. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Buildings; Disaster Recovery; Network Design; Facilities – Transport; Note: This Best practice could impact 9-1-1 operations. true true true true true false true 2 false false false true
11-10-5255 Important Network Operators, Service Providers and Equipment Suppliers should ensure that temporary wireless networks (e.g., terrestrial microwave, free-space optical, satellite, point-to-point, multi-point, mesh) used during an incident are subsequently disabled or secured. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Disaster Recovery; Information Protection; Network Design; Network Operations; Facilities – Transport; true true true true true true true 1 true false false false
11-10-5256 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should monitor temporary connections of network test equipment that are established for restoration to prevent access by unauthorized personnel. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Network Operations; Technical Support; true true true true true true true 1 true false false true
11-10-5261 Highly Important Network Operators, Service Providers, Public Safety, and Property Managers should identify carrier interconnection points and coordinate restoral plans, as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Network Interoperability; Network Operations; Network Provisioning; Facilities – Transport; true true true true true true true 2 false true false true
11-10-5263 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should use cables with adequate reliability and cable signal integrity, (e.g., flammability, strain reliefs, signal loss) and should mark as temporary and replace with standard cables as soon as practical any non- standard cables used because of an emergency restoration. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Network Design; Network Operations; Network Provisioning; Facilities – Transport; true true true true true true true 1 true false false true
11-10-5264 Highly Important Satellite Operators should maintain an alternate recovery facility that would duplicate operations and Tracking, Telemetry, Control and Monitoring (TTC&M). The alternate recovery facility should be geographically diverse from the primary facility, maintained and tested on a regular schedule to ensure readiness and timely response. Satellite; Network Operator; Business Continuity; Emergency Preparedness; Network Design; Network Operations; Facilities – Transport; false false true false false false true 2 false false false false
11-10-5265 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers’ senior management should actively support compliance with established corporate security policies and procedures. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Corporate Ethics; Human Resources; Physical Security Management; Policy; Security Systems; true true true true true true true 1 true true false true
11-10-5267 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should ensure that operating procedures are clearly defined and followed by personnel during emergency situations in order to avoid degradation of cyber and physical security due to a diversion. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Guard Force; Network Operations; Physical Security Management; Procedures; Supervision; Training Awareness; true true true true true true true 2 true true false true
11-10-5269 Important Network Operators, Service Providers, Equipment Suppliers and Property Managers should incorporate various types of diversionary tactics into exercises to assess the security response. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Emergency Preparedness; Guard Force; Physical Security Management; Training Awareness; true true true true true true true 1 true true false false
11-10-5270 Highly Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers personnel should authenticate and cross-verify information, knowing that terrorists or malicious groups may use false information to divert attention and resources away from their intended physical or cyber target. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Physical Security Management; Training Awareness; Cross Reference BP 8567 “News Disinformation” true true true true true true true 2 true true false true
11-10-5271 Important Network Operators, Service Providers, and Public Safety should consider physical and cyber security issues in Mutual Aid Agreements (e.g., authorization, access control, badging). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Access Control; Business Continuity; Cyber Security; Emergency Preparedness; Industry Cooperation; Physical Security Management; true true true true true true true 1 false false false false
11-10-5272 Highly Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should include security considerations in disaster recovery plans for critical infrastructure sites. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Disaster Recovery; Emergency Preparedness; Physical Security Management; true true true true true true true 2 true false false true
11-10-5274 Highly Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should, in facilities using automated access control systems, install one mechanical lock to permit key override access to the space(s) secured by the access control system in the event the system fails in the locked mode. An appropriate procedure should be followed to track and control the keys. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Physical Security Management; Procedures; Security Systems; true true true true true true true 2 true true false true
11-10-5275 Critical Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider backup power capabilities for Command and Control (Crisis Teams) so that communications and access to critical systems can be maintained in the event of a significant disruption to commercial power. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Network Operations; Power; This could include, but is not limited to, moving crisis team personnel to locations where there exists long-term power backup, installing generator backup at certain critical sites, etc. true true true true true true true 3 true false false true
11-10-5277 Highly Important Network Operators, Service Providers and Equipment Suppliers who develop hardware, software or firmware should ensure that appropriate security programs are in place for protecting the product from theft or industrial espionage, taking into consideration that some developmental environments around the world present a higher risk level than others. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Contractors and Vendors; Corporate Ethics; Hardware; Human Resources; Information Protection; Physical Security Management; Software; See Best Practice 5218 true true true true true true true 2 true false false false
11-10-5279 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider site specific (e.g., location, region, country) threat information during security program development. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Physical Security Management; true true true true true true true 2 true false false true
11-10-5280 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety, and Property Managers should instruct security personnel to confirm the authenticity of directions to supersede existing security processes or procedures before implementing changes. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Corporate Ethics; Disaster Recovery; Emergency Preparedness; Guard Force; Physical Security Management; Policy; Procedures; Supervision; Training Awareness; true true true true true true true 1 true false false true
11-10-5282 Important Network Operators and Service Providers should coordinate with Property Managers to ensure adequate growth space. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Buildings; Industry Cooperation; true true true true true true true 1 false true false false
11-10-5284 Service Providers, Network Operators, Equipment Suppliers, and Public Safety should develop a communication plan for informing customers (both internal and external) on expected impacts and possible mitigation of impact. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; NRSC developed w/Emergency Preparedness Checklist true true true true true true true true false false true
11-10-5285 Network Operators, Service Providers, Equipment Suppliers, and Public Safety should establish and implement a policy that calls for the storing of emergency supplies; this could include but is not limited to food, water, sleeping supplies, power equipment to include batteries and other supplies needed to survive an event. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Facilities – Transport; Materials Movement; Pandemic; Physical Security Management; Policy; Power; Procedures; NRSC developed w/Emergency Preparedness Checklist true true true true true true true true false false true
11-10-5286 Network Operators, Service Providers, Equipment Suppliers, and Public Safety should establish and implement a policy which establishes a means to verify the status of employees and their families and to provide support as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Business Continuity; Disaster Recovery; Emergency Preparedness; Facilities – Transport; Fire; Guard Force; Human Resources; Industry Cooperation; Pandemic; Policy; Procedures; NRSC developed w/Emergency Preparedness Checklist true true true true true true true true false false true
11-10-5287 Network Operators, Service Providers, Equipment Suppliers, and Public Safety should establish a procedure governing the accounting of finances needed during events. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Facilities – Transport; Materials Movement; Policy; Procedures; NRSC developed w/Emergency Preparedness Checklist true true true true true true true true false false true
11-10-5288 Network Operators, Service Providers, Equipment Suppliers, and Public Safety should establish and implement a policy which works with local, regional, state and federal agencies to provide access or letters of access to personnel during emergency events. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Essential Services; Facilities – Transport; Fire; Guard Force; Industry Cooperation; Liaison; Materials Movement; Network Operations; Pandemic; Physical Security Management; Policy; Power; Public Safety Service; Training Awareness; NRSC developed w/Emergency Preparedness Checklist true true true true true true true true false false true
11-10-5289 Network Operators, Service Providers, Public Safety and Property Managers should verify availability of generators, power technicians, and all tools necessary for generator deployment prior to a disaster. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Essential Services; Facilities – Transport; Fire; Guard Force; Hardware; Materials Movement; Network Operations; Power; Training Awareness; NRSC developed w/Emergency Preparedness Checklist true true true true true true true true false false true
11-11-0901 Important Voice over Internet Protocol (VoIP) Service Providers (VSP) should conduct extensive 9-1-1 call-through testing for environments that have a high user capacity (e.g., university campuses, large commercial enterprise campuses, and densely populated multi-tenant buildings/complexes) to immediately reduce the risk of misrouting a block of callers at a particular facility. Network Operator; Public Safety; Public Safety Service; Because the “originating end user” customers are also stakeholders in the success of a 9-1-1 call, they should also participate in testing with the VSP. This best practice is also applicable to legacy private branch exchange (PBX) environments; the PBX service provider should perform the extensive call-through testing steps. false false false false false false true 1 false false false true
11-11-0902 Highly Important Service Providers and Network Operators when reconfiguring their network (e.g., changes to VoIP Positioning Center (VPC), Mobile Position Center (MPC), Gateway Mobile Location Center (GMLC), or Emergency Services Gateway (ESGW)) should assess the impact on the routing of 9-1-1 calls. Cable; Internet/Data; Wireless; Wireline; Public Safety; Network Provisioning; Public Safety Service; true true false true true false false 2 false false false true
11-11-3215 Important For Network Operators that operate Mobile Switching Centers (MSCs), the MSC should default route 9-1-1 calls based on cell sector/tower location toward the designated serving Public Safety Answering Point (PSAP) when necessary and where feasible. Wireless; Network Operator; Public Safety; Essential Services; Network Design; Public Safety Service; false false false true false false true 1 false false false true
11-11-3223 Highly Important Network Operators, Public Safety and Service Providers should implement dedicated and as diverse trunk groups as feasible and commercially reasonable as possible between the Mobile Switching Center (MSC) end office or similar source and the E9-1-1 Selective Router (SR), based on the geography served by the default Public Safety Answering Points (PSAPs). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Design; Public Safety Service; This should be done rather than aggregating traffic from centralized switching architectures serving wide spread geographic areas onto a single trunk group to the E9-1-1 Selective Router. This should be done in conjunction with the local PSAP jurisdictional authorities to ensure that correct choices are made. true true true true true true true 2 false false false true
11-11-3224 Highly Important Network Operators, Service Providers, and Public Safety should use dedicated and diverse Signaling System 7 (SS7) or Multi-Frequency (MF) controlled trunk groups as feasible and commercially reasonable as possible for the normal routing of 9-1-1 calls from originating switching entities to 9-1-1 Selective Routers (SRs) rather than using shared Public Switched Telephone Network (PSTN) trunk arrangements and where appropriate and necessary supported by service level agreements. Network Operators, Service Providers, and NG9-1-1 PSAPs should use dedicated, geo-diverse and redundant IP connection points when feasible & commercially available. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Design; Public Safety Service; true true true true true true true 2 false false false true
11-11-3240 Highly Important Network Operators, Service Providers, and Public Safety should establish a provisioning accuracy process to ensure pseudo Automatic Number Identification (pANI) shell records are built correctly during original pANI provisioning to reduce negative impact and mis-routing of 9-1-1 calls. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Provisioning; Public Safety Service; true true false true true true true 2 false false false true
11-11-3244 Highly Important Public Safety should develop relationships and agreements with PSAPs outside of their normal service jurisdiction in an effort to improve their ability to handle calls in an overflow, backup, or disaster situation. Features within NG9-1-1 will help foster the capabilities available to PSAP administrators to meet these enhanced operational needs. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-11-3245 Highly Important Network Operators, Service Providers, and Public Safety should develop procedures that consider the full capability of NG9-1-1, including the rerouting of calls from other PSAPs as a result of overflow, backup, and disaster situations. Inter-agency agreements should be updated to reflect the updated procedures. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true true true 2 false false false true
11-11-3246 Highly Important Network Operators, where MSC capabilities exist, should default route calls based on the location of the cell tower, to the MSC-SR trunks designated for that cell site to the serving PSAP. Switch level defaulted calls shall be routed to a “fast busy” tone or, where that option is not available, to an appropriate recorded announcement. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true true true 2 false false false true
11-11-3247 Highly Important Public Safety should conduct on-going regional meetings with several bordering or nearby PSAPs to clarify the wireless 9-1-1 call routing determination process. For example, it may be appropriate to route a cell site/sector based on the area covered or where the highest density population exists. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-11-3248 Highly Important Public Safety should consider obtaining GIS data from bordering PSAP jurisdictions and expanding and testing their transfer list to bordering PSAPs. This is necessary as the routing of wireless 9-1-1 calls may require a PSAP to receive and transfer calls for an area larger than the wireline coverage area. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-11-3249 Highly Important “Technically Retired” – When the initial PSAP receives a call that should be transferred to another jurisdiction, the transferring PSAP should transfer to the primary PSAP for that jurisdiction and not directly to the secondary PSAP. While transferring directly to the secondary PSAP seems a time saver, it bypasses local protocols, causing confusion and disjointed responses. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-11-3250 Highly Important Public Safety should use one year of 9-1-1 call data to determine the best PSAP to designate as the pre-selected PSAP under current routing sheet methods for each cell and sector. This may require coordination with adjacent PSAPs to make joint decisions on the most effective routing plans with wireless carriers. If there is a state level data group and/or use of wide ranging data across many PSAPs for call handling analysis, this can assist the overall analysis of routing. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-11-3251 Highly Important Public Safety should avoid the use of cold transfers (non-handshake transfer) of 9-1-1 calls. The initial PSAP should transfer and stay on the line to coordinate already gathered info from the caller, rather than force the caller to repeat from scratch. This allows verification that the transfer was accurately performed, to avoid reprocessing of the call. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-11-3252 Highly Important Public Safety should review 9-1-1 call routing decisions for a given area at least every 3 years. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-11-3253 Highly Important Public Safety should review routing on new cell towers six months after deployment using call data captured at the PSAP to determine if routing should be adjusted. The review period could be extended to a year in areas with low call volumes. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-11-3254 Highly Important Public Safety should keep call transfers for mobile 9-1-1 callers that move across public safety jurisdictions, at a minimum due to the potential increase to response time from the transfer coordination between the two jurisdictions. It is estimated that every transfer adds 45 seconds to response time. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true false false 2 false false false true
11-6-1007 Highly Important Network Operators, Service Providers and Equipment Suppliers should consider establishing a geographically diverse back-up Emergency Operations Center. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Network Operations; true true true true true true true 2 true false false false
11-6-3203 Important Service Providers should consider developing options that allow for call delivery from Emergency Notification Services to subscribers with call blocking/screening services in order to assist in the effectiveness of Emergency Notification Systems (Public Safety Mass Calling) and return calls from PSAPs. Cable; Internet/Data; Wireless; Wireline; Service Provider; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Liaison; Network Design; Pandemic; Public Safety Service; true true false true true true false 1 false false false false
11-6-5081 Highly Important Equipment Suppliers should provide serial numbers on critical network components (e.g., circuit packs, field replaceable units). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; In order to mitigate theft, tampering true true true true true false false 2 true false false false
11-6-5086 Important Equipment Suppliers should consider electronically
encoding a unique identifier into non-volatile memory of critical elements (e.g., Field Replaceable Units, FRUs) for integrity and tracking. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; In order to prevent theft of supply. For example, a HECI code (Human Equipment Catalog Item Code) is a 10 character (alfa-numeric) code that identifies a piece of equipment down to the circuit pack level. true true true true true false false 1 true false false false
11-6-5149 Important Network Operators, Service Providers and Equipment Suppliers should, where feasible, ensure that intentional emissions (e.g., RF and optical) from network equipment and transmission facilities are secured sufficiently to ensure that monitoring from outside the intended transmission path or beyond facility physical security boundaries cannot lead to the obtaining of critical network operations information. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Hardware; Information Protection; Network Design; Network Elements; Network Operations; Facilities – Transport; true true true true true true true 1 true false false false
11-6-5170 Critical Network Operators, Service Providers and Equipment Suppliers should control or disable all administrative access ports (e.g., manufacturer) into R&D or production systems (e.g., remap access ports, require callback verification, add second level access gateway). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Network Elements; Network Operations; Technical Support; To eliminate the use of default and undocumented ports to penetrate into software and distribution systems. true true true true true true true 3 true false false false
11-6-5173 Highly Important Network Operators and Equipment Suppliers should design wireless networks (e.g., terrestrial microwave, free-space optical, satellite, point-to-point, multi-point, mesh) to minimize the potential for interception. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Information Protection; Network Design; Facilities – Transport; true true true true true false true 2 true false false false
11-6-8021 Important Switched Hubs for OAM&P Networks: In critical networks for Operations, Administration, Management, and Provisioning (OAM&P), Network Operators, Service Providers and Equipment Suppliers should use switched network hubs so that devices in promiscuous mode are less likely to be able to see/spoof all of the traffic on that network segment. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Design; true true true true true true true 1 true false false false
11-6-8023 Critical Scanning Operations, Administration, Management and Provisioning (OAM&P) Infrastructure: Network Operators and Service Providers should regularly scan infrastructure for vulnerabilities/exploitable conditions. Operators should understand the operating systems and applications deployed on their network and keep abreast of vulnerabilities, exploits, and patches. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Operations; true true true true true true true 3 false false false false
11-6-8028 Critical Distribution of Encryption Keys: When Network Operators, Service Providers and Equipment Suppliers use an encryption technology in the securing of network equipment and transmission facilities, cryptographic keys must be distributed using a secure protocol that: a) Ensures the authenticity of the recipient, b) Does not depend upon secure transmission facilities, and c) Cannot be emulated by a non-trusted source. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; true true true true true true true 3 true false false false
11-6-8059 Highly Important Protect Cellular Data Channel: Network Operators and Service Providers should encourage the use of IPsec VPN, wireless TLS, or other end-to-end encryption services over the cellular/wireless network. Also, Network Operators should incorporate standards based data encryption services and ensure that such encryption services are enabled for end users. (Data encryption services are cellular/wireless technology specific). Wireless; Network Operator; Service Provider; Cyber Security; Encryption; Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc. false false false true false true true 2 false false false false
11-6-8078 Highly Important Protect User IDs and Passwords During Network Transmission: Network Operators, Service Providers and Equipment Suppliers should not send user IDs and passwords in the clear, or send passwords and user IDs in the same message/packet. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; true true true true true true true 2 true false false false
11-6-8093 Critical Validate Source Addresses: Service Providers should validate the source address of all traffic sent from the customer for which they provide Internet access service and block any traffic that does not comply with expected source addresses. Service Providers typically assign customers addresses from their own address space, or if the customer has their own address space, the service provider can ask for these address ranges at provisioning. (Network Operators may not be able to comply with this practice on links to upstream/downstream providers or peering links, since the valid source address space is not known). Cable; Internet/Data; Wireless; Wireline; Service Provider; Cyber Security; Intrusion Detection; Network Provisioning; IETF rfc3013 sections 4.3 and 4.4 and NANOF ISP Resources. www.IETF.net true true false true true true false 3 false false false false
11-6-8102 Important Discourage Use of Personal Equipment for Corporate Activities: Network Operators, Service Providers and Equipment Suppliers should discourage the use of personal equipment for telecommuting, virtual office, remote administration, etc. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Human Resources; Intrusion Detection; true true true true true true true 1 true false false false
11-7-0408 Highly Important Ingress Filtering: Network Operators and Service Providers should, where feasible, implement RFC 3704 (IETF BCP84) ingress filtering. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; See http://www.IETF.org false true false false false true true 2 false false false false
11-7-0410 Highly Important Security Services and Procedures: Network Operators and Service Providers should, as appropriate, review, understand, and implement “Internet Service Provider Security Services and Procedures” (RFC3013/BCP46). Internet/Data; Network Operator; Service Provider; Cyber Security; Encryption; Intrusion Detection; Procedures; See http://www.IETF.org false true false false false true true 2 false false false false
11-7-0426 Highly Important Equipment Suppliers should use software change control to
manage changes to source material used in the production of their products. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Elements; Software; As such, the software change control system used by equipment suppliers should be able to manage both ASCII and binary (source object code) files. true true true true true false false 2 true false false false
11-7-0433 Highly Important Equipment Suppliers should support, clearly define and
document environmental variables in Management
Information Bases (MIB). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Elements; Software; MIB Environmental variables include the location of hosts, servers, terminals and other nodes as well as the traffic for the object. true true true true true false false 2 true false false false
11-7-0439 Critical Network Operators and Service Providers should authenticate BGP sessions (e.g., using TCP MD5) with their own customers and other providers. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Operations; false true false false false true true 3 false false false false
11-7-0441 Highly Important Network Operators and Service Providers should, where feasible, implement Unicast RPF (Reverse Path Forwarding) to help minimize DOS attacks that use source address spoofing. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; false true false false false true true 2 false false false false
11-7-0485 Important Network Operators should optimize cell sites, including relationships between neighboring cells, using a combination of drive testing and network statistics. Wireless; Network Operator; Network Design; Network Operations; false false false true false false true 1 false false false false
11-7-0491 Critical Network Operators, Service Providers and Equipment Suppliers should, where programs exist, coordinate with local, state and/or federal emergency management and law enforcement agencies for pre-credentialing to help facilitate access by technicians to restricted areas during an event. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Emergency Preparedness; Liaison; Pandemic; Physical Security Management; true true true true true true true 3 true false false false
11-7-0497 Highly Important Network Operators and Property Managers should consider connecting the power load to portable generators stored at critical sites, and configuring them for auto-engage in the event of a failover. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Emergency Preparedness; Power; true true true true true false true 2 false true false false
11-7-0515 Important Network Operators and Service Providers should, for easy communication with subscribers and other operators and providers, use specific role-based accounts (e.g., abuse@provider.net, ip-request@provider.net) versus general accounts (e.g., noc@provider.net) which will help improve organizational response time and also reduce the impact of Spam. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Emergency Preparedness; Industry Cooperation; Network Operations; Policy; Procedures; Technical Support; See http://www.ietf.org/rfc/rfc2142.txt true true true true true true true 1 false false false false
11-7-0516 Highly Important Network Operators and Service Providers should manage the volatility of route advertisements in order to maintain stable IP service and transport. Procedures and systems to manage and control route flapping at the network edge should be implemented. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Interoperability; Network Operations; Procedures; http://www.ietf.org, RFC 2439, “BGP Route Flap Damping” true true false true true true true 2 false false false false
11-7-0518 Important Capacity Monitoring: Network Operators should design and implement procedures for traffic monitoring, trending and forecasting so that capacity management issues may be understood. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Network Design; Network Elements; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; See BP 0616 for ‘Failure Effects Analysis’ true true true true true false true 1 false false false false
11-7-0520 Highly Important Network Operators and Service Providers should have a route policy that is available, as appropriate. A consistent route policy facilitates network stability and inter-network troubleshooting. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Industry Cooperation; Network Design; Network Interoperability; Network Operations; Network Provisioning; Procedures; A route policy or routing policy is the description of what routes a Service Provider will accept and readvertise. Some will only take full blocks and only from the registered owner (registered in ARIN or RIPE). Some will allow customers to multihome (ie advertise the same routes via two different providers) some will allow customers to advertise specific routes as well as blocks. true true true true true true true 2 false false false false
11-7-0521 Highly Important Industry Standards: Network Operators, Service Providers and Equipment Suppliers should work toward implementing industry standards for interconnection points. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Industry Cooperation; Network Design; Network Elements; Network Interoperability; Policy; For example, IETF standards and applicable ANSI T-1 Standards. true true true true true true true 2 true false false false
11-7-0522 Highly Important Industry Forum Participation: Network Operators, Service Providers, and Equipment Suppliers should participate in standards development organizations and industry forums. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Industry Cooperation; Liaison; Policy; The current environment of numerous Network Operators, Service Providers and Equipment Suppliers elevates the importance of industry dialogue and standards (e.g., IETF, ITU-T, NANOG, CSRIC). true true true true true true true 2 true false false false
11-7-0538 Highly Important Equipment Suppliers’ network element (including OSS) software should be backward compatible. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Elements; Software; true true true true true false false 2 true false false false
11-7-0539 Important Equipment Suppliers should share trend information (availability, etc.) with their Network Operators and Service Providers. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Industry Cooperation; Network Elements; Technical Support; true true true true true false false 1 true false false false
11-7-0549 Highly Important Network Operators should develop an engineering design for critical network elements and inter-office facilities that addresses diversity, and utilize management systems to provision, track and maintain that inter-office and intra- office diversity. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Buildings; Network Design; Network Operations; Network Provisioning; Policy; Power; Facilities – Transport; true true true true true false true 2 false false false false
11-7-0555 Important Equipment Suppliers should continually enhance their software development methodology to ensure effectiveness by employing modern processes of assessment. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Elements; Software; Formal design and code inspections may be performed as a part of the software development cycle. Test environments may be enhanced to provide more realistic network settings. Fault tolerance levels and failure probabilities should be shared with Network Operators and Service Providers. true true true true true false false 1 true false false false
11-7-0562 Important Equipment Suppliers should use a change control and release planning process to keep track of the changes to the product and the corresponding documentation. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Network Elements; Procedures; true true true true true false false 1 true false false false
11-7-0604 Highly Important Network Operators and Service Providers should establish synchronization coordinator(s) who has responsibility for the network synchronization. The synchronization coordinator(s) should be accessible to their Network Operations Centers. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Industry Cooperation; Network Operations; Procedures; Telcordia SR-2275; for NIIF, see http://www.atis.org/docstore true true true true true true true 2 false false false false
11-7-0676 Important Network Operators and Service Providers should not use low voltage disconnects or battery disconnects at central office battery plants. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Buildings; Network Design; Power; true true true true true true true 1 false false false false
11-7-0677 Important Network Operators, Service Providers and Property Managers should only use rectifier sequence controllers where necessary to limit load on the backup power generator. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Network Design; Power; true true true true true true true 1 false true false false
11-7-0686 Important Network Operators, Service Providers and Equipment Suppliers should verify front and rear stenciling on equipment during installation for accurate identification. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Hardware; Procedures; true true true true true true true 1 true false false false
11-7-0715 Important Network Operators should proactively communicate with land owners regarding rights-of-way or easements near critical buried facilities to prevent accidental service interruption. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Liaison; Facilities – Transport; true true true true true false true 1 false false false false
11-7-0716 Important Network Operators should encourage employees to become proactive in preventing buried facilities damages. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Human Resources; Training Awareness; Facilities – Transport; true true true true true false true 1 false false false false
11-7-0738 Important Network Operators and Service Providers should track and analyze facility outages taking action if any substantial negative trend arises or persists. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Operations; Facilities – Transport; true true true true true true true 1 false false false false
11-7-0744 Important Equipment Suppliers should periodically review the results of root cause analysis to ensure that the least impacting methods for fault recovery are being used. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Elements; Technical Support; true true true true true false false 1 true false false false
11-7-1040 Important Network Operators, Service Providers and Equipment Suppliers should consider using lab, demonstration or training equipment if replacement equipment is unavailable in disaster situations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Disaster Recovery; Emergency Preparedness; Technical Support; true true true true true true true 1 true false false false
11-7-1064 Highly Important Network Operators, Service Providers and Equipment Suppliers should implement minimum network management controls in order to promote reliability of the interconnected network. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Disaster Recovery; Emergency Preparedness; Network Operations; See ATIS-0300026, Next Generation Interconnection Interoperability (NGIIF) Reference Document: Part VI, Network Management Guidelines, at http://www.atis.org/docstore true true true true true true true 2 true false false false
11-7-3201 Highly Important Service Providers and Public Safety organizations should jointly develop a response plan to notify the public, through the broadcast media, of alternate means of contacting emergency services during a 911 outage. Cable; Internet/Data; Wireless; Wireline; Service Provider; Disaster Recovery; Emergency Preparedness; Essential Services; Industry Cooperation; Liaison; Public Safety Service; true true false true true true false 2 false false false false
11-7-3209 Important CATV Service Providers, shall where practical, receive signals from local broadcasters as the primary source with automatic fail over to the off-air signal as the secondary source, to support public notification in disasters or emergencies. Cable; Service Provider; Emergency Preparedness; Public Safety Service; true false false false false true false 1 false false false false
11-7-3210 Important Emergency Operations Centers and PSAPs should consider obtaining connections to provide video (for viewing local weather and news information and monitoring distribution of information over EAS), and utilize that connection to provide diverse access to the Internet and telecommunications. Cable; Internet/Data; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Network Operations; Pandemic; Public Safety Service; true true false false false true true 1 false false false false
11-7-3232 Important Handsets that use a Global Positioning System (GPS) algorithm for E9-1-1: Equipment Suppliers should ensure that the Phase II handsets commence Global Positioning System (GPS) acquisition before the GPS satellite location identification information is received so that GPS acquisition time is minimized and to reduce the number of database query rebids. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Public Safety Service; true true true true true false false 1 true false false false
11-7-5006 Important Network Operators, Service Providers, Equipment Suppliers and Property Managers should have policies and procedures that address tailgating (i.e. following an authorized user through a doorway or vehicle gateway). At critical sites, consider designing access points to minimize tailgating. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Access Control; Buildings; Physical Security Management; Procedures; Security Systems; true true true true true true true 1 true true false false
11-7-5015 Highly Important Network Operators, Service Providers and Equipment Suppliers should establish separation policies and procedures that require the return of all corporate property and invalidate access to all corporate resources (physical and logical) to coincide with the separation of employees, contractors and vendors. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Contractors and Vendors; Corporate Ethics; Human Resources; Information Protection; Physical Security Management; Policy; Procedures; Supervision; true true true true true true true 2 true false false false
11-7-5020 Important Network Operators, Service Providers and Equipment Suppliers should consider establishing corporate standards and practices to drive enterprise-wide access control to a single card and single system architecture to mitigate the security risks associated with administering and servicing multiple platforms. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Buildings; Physical Security Management; Policy; Security Systems; true true true true true true true 1 true false false false
11-7-5064 Highly Important “Technically Retired” – Network Operators, Service Providers and Property Managers should alarm and monitor critical electronic equipment areas to detect parameters that are outside operating specifications (e.g., temperature, humidity). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Buildings; Fire; Network Operations; Reference: GR63 NEBS Requirements: Physical Protection, Telcordia, http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=home true true true true true true true 2 false true false false
11-7-5076 Highly Important Network Operators and Service Providers should ensure and periodically review intra-office diversity of critical resources including power, timing source and signaling leads (e.g., SS7). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Essential Services; Network Design; Network Operations; Policy; Power; Facilities – Transport; true true true true true true true 2 false false false false
11-7-5079 Highly Important Network Operators and Service Providers should, where feasible, provide both physical and logical diversity of critical facilities links (e.g., nodal, network element). Particular attention should be paid to telecom hotels and other concentration points. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Design; Network Operations; Network Provisioning; Facilities – Transport; true true true true true true true 2 false false false false
11-7-5088 Important Equipment Suppliers should ensure appropriate physical
security controls are designed and tested into new products and product upgrades (e.g., tamper resistant enclosures). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Physical Security Management; true true true true true false false 1 true false false false
11-7-5107 Critical Network Operators, Service Providers and Equipment Suppliers should evaluate and manage risks (e.g., alternate routing, rapid response to emergencies) associated with a concentration of infrastructure components. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Emergency Preparedness; Network Design; Network Operations; Network Provisioning; Facilities – Transport; To mitigate single points of failure (SPOF). true true true true true true true 3 true false false false
11-7-5198 Important Equipment Suppliers should design their products to take
into consideration protection against the effects of corrosion and contamination. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; true true true true true false false 1 true false false false
11-7-5283 Important Equipment Suppliers should provide network element thermal specifications or other special requirements in order to properly size Heating, Ventilation, and Air Conditioning (HVAC) systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Documentation; Hardware; Network Elements; true true true true true false false 1 true false false false
11-7-8027 Important Source, Object, and Binary Code Integrity: Network Operators and Service Providers should use software change management systems that control, monitor, and record access to master source of software. Ensure network equipment and network management code consistency through checks such as digital signatures, secure hash algorithms, and periodic audits. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Elements; Network Operations; http://www.atis.org/ – T1 276-2003 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: July, 2003 true true true true true true true 1 false false false false
11-7-8029 Critical Network Access to Critical Information: Network Operators and Service Providers and Equipment Suppliers should carefully control and monitor the networked availability of sensitive security information for critical infrastructure by: Periodic review public and internal website, file storage sites HTTP and FTP sites contents for strategic network information including but not limited to critical site locations, access codes. Documenting sanitizing processes and procedures required before uploading onto public internet or FTP site. Ensuring that all information pertaining to critical infrastructure is restricted to need-to-know and that all transmission of that information is encrypted. Screening, limiting and tracking remote access to internal information resources about critical infrastructure. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; true true true true true true true 3 true false false false
11-7-8062 Highly Important IR (Incident Response) Team: Network Operators and Service Providers should identify and train a Computer Security Incident Response (CSIRT) Team. This team should have access to the CSO (or functional equivalent) and should be empowered by senior management. The team should include security, networking, and system administration specialists but have the ability to augment itself with expertise from any division of the organization. Organizations that establish part-time CSIRTs should ensure representatives are detailed to the team for a suitable period of time bearing in mind both the costs and benefits of rotating staff through a specialized team. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Emergency Preparedness; Training Awareness; IETF RFC2350, CMU/SEI-98-HB-001. Also, NRIC BP 0598. true true true true true true true 2 false false false false
11-7-8067 Highly Important Evidence Collection Guidelines: Network Operators, Service Providers should develop a set of processes detailing evidence collection and preservation guidelines. Procedures should be approved by management/legal counsel. Those responsible for conducting investigations should test the procedures and be trained according to their content. Organizations unable to develop a forensic computing capability should establish a relationship with a trusted third party that possesses a computer forensics capability. Network Administrators and System Administrators should be trained on basic evidence recognition and preservation and should understand the protocol for requesting forensic services. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Procedures; Training Awareness; IETF RFC3227, http://www.cybercrime.gov true true true true true true true 2 false false false false
11-7-8076 Highly Important Denial of Service (DoS) Attack – Vendor: Equipment Suppliers should develop effective DoS/DDoS survivability features for their product lines. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Cyber Security; Intrusion Detection; Network Elements; e.g., SYN Flood attack defense, CERT/CC� Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks – http://www.cert.org/advisories/CA-1996-21.html. Related to NRIC BP 8563. true true true true true false false 2 true false false false
11-7-8077 Highly Important Compensating Control for Weak Authentication Methods: For Network Operators and Service Providers legacy systems without adequate access control capabilities, access control lists (ACLs) should be used to restrict which machines can access the device and/or application. In order to provide granular authentication, a bastion host that logs user activities should be used to centralize access to such devices and applications, where feasible. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; In the long term, the vendor should be engaged to correct the issue, either by allowing the built in method to be changed periodically, or by allowing the user to add complementary authentication means that they control, hence creating a two-factor authentication.
Where authentication methods must be shared, create an enforceable authentication method policy that addresses the periodic changing of the characteristics of the authentication method, and the dissemination of the method based on the principle of least privilege. If the authentication methods are shared, policy to implement least privilege access and periodic authentication characteristic change should be developed and implemented. Consider replacement of device at end of life, especially if the device is protecting key equipment. Implement a periodic audit program to verify policy compliance.Garfinkel, Simson, and Gene Spafford. Users and Passwords. Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O’Reilly and Associates, Inc. 1996. 49-69
King, Christopher M., Curtis E. Dalton, and T. Ertem Osmanoglu. Applying Policies to Derive the Requirements. Security Architecture, Design, Deployment & Operations. Berkley, CA: The McGraw-Hill Companies. 2001. 66-110
National Institute of Standards and Technology. User Account Management. Generally Accepted Principles and Practices for Securing Information Technology Systems. September 1996.
Dependency on NRIC BP 8007. true true true true true true true 2 false false false false
11-7-8084 Highly Important Create Trusted PKI Infrastructure When Using Generally Available PKI Solutions: When using digital certificates, Network Operators, Service Providers and Equipment Suppliers should create a valid, trusted PKI infrastructure, using a root certificate from a recognized Certificate Authority or Registration Authority. Assure your devices and applications only accept certificates that were created from a valid PKI infrastructure. Configure your Certificate Authority or Registration Authority to protect it from denial of service attacks. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Nichols, Randall K., Daniel J. Ryan, Julie J. C. H. Ryan. “Digital Signatures and Certification Authorities – Technology, Policy, and Legal Issues”. Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves. New York, NY. The McGraw-Hill Companies. 2000. 263-294. true true true true true true true 2 true false false false
11-7-8089 Critical Conduct Risk Assessments to Determine Appropriate Security Controls: Network Operators, Service Providers and Equipment Suppliers should perform a risk assessment of all systems and classify them by the value they have to the company, and the impact to the company if they are compromised or lost. Based on the risk assessment, develop a security policy which recommends and assigns the appropriate controls to protect the system. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Cyber Security; Nichols, Randall K., Daniel J. Ryan, Julie J. C. H. Ryan. “Access Controls – Two Views”. Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves. New York, NY. The McGraw-Hill Companies. 2000. 242-261 true true true true true true true 3 true false false false
11-7-8091 Highly Important Protect Cached Security Material: Network Operators, Service Providers and Equipment Suppliers should evaluate cache expiration and timeouts of security material (such as cryptographic keys and passwords) to minimize exposure in case of compromise. Cached security material should be immediately deleted from the cache when the cached security material expires. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; true true true true true true true 2 true false false false
11-7-8104 Important Proper Wireless LAN/MAN Configurations: Network Operators and Service Providers should secure Wireless WAN/LAN networks sufficiently to ensure that a) monitoring of RF signals cannot lead to the obtaining of proprietary network operations information or customer traffic and that b) Network access is credibly authenticated. Internet/Data; Wireless; Network Operator; Service Provider; Cyber Security; Encryption; Intrusion Detection; false true false true false true true 1 false false false false
11-7-8109 Critical Automated Patch Distribution Systems: Network Operators, Service Providers and Equipment Suppliers should ensure that patching distribution hosts properly sign all patches. Critical systems must only use Operating Systems and applications which employ automated patching mechanisms, rejecting unsigned patches. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; true true true true true true true 3 true false false false
11-7-8110 Important News Disinformation: Information from news sources may be spoofed, faked, or manipulated by potential attackers. Network Operators, Service Providers and Equipment Suppliers should ensure news sources are authenticated and cross-verified to ensure accuracy of information, especially when not from a trusted source. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Also, see NRIC BP 8567. true true true true true true true 1 true false false false
11-7-8123 Important Handle Policy Violations Consistently: Network Operators, Service Providers and Equipment Suppliers should handle violations of policy in a manner that is consistent , and, depending on the nature of the violation, sufficient to either deter or prevent a recurrence. There should be mechanisms for ensuring this consistency. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Policy; true true true true true true true 1 true false false false
11-7-8137 Important Notification Diversity Equipment Suppliers (hardware and software) should support diverse notification methods, such as using both e-mail, websites, and tech support in order to properly notify users of newly discovered relevant vulnerabilities, viruses, or other threats. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Cyber Security; Intrusion Detection; Technical Support; This could mitigate , for example, the communication blockage that could be caused when a virus blocks e-mail distribution channels. true true true true true false false 1 true false false false
11-7-8521 Important Recover from Misuse of Equipment for Remote Access of Corporate Resources: In the event of misuse or unauthorized use in a remote access situation contrary to the AUP (Acceptable Use Policy), Network Operators and Service Providers should terminate the VPN (Virtual Private Network) connection and issue a warning in accordance with the employee code of conduct. If repeated, revoke employee VPN remote access privileges. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Human Resources; Intrusion Detection; true true true true true true true 1 false false false false
11-7-8526 Highly Important Recover from Interior Routing Table Corruption: If the interior routing has been corrupted, Network Operators and Service Providers should implement policies that filters routes imported into the routing table. The same filtering methods used in NRIC 8045 can be applied more aggressively. The malicious routes will expire from the table, be replaced by legitimate updates, or in emergencies, can be manually deleted from the tables. If needed, the authentication mechanism/crypto keys between IGP neighbors should also be changed. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Encryption; Network Operations; true true true true true true true 2 false false false false
11-7-8548 Important “Technically Retired” – Incident Response (IR) Procedures: When a service outage or security incident occurs, Network Operators and Service Providers should follow processes similar to Appendix X. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; IETF RFC2350, US-CERT
NRIC BP 8074, 8075, 0561, 0599, 5092, 5239, 1001, 1002, 1004, 1006, 1009, 1010, 1016 true true true true true true true 1 false false false false
11-7-8565 Highly Important Recovery from Authentication System Failure: In the event an authentication system fails, Network Operators, Service Providers and Equipment Suppliers should make sure the system being supported by the authentication system is in a state best suited for this failure condition. If the authentication system is supporting physical access, the most appropriate state may be for all doors that lead to outside access be unlocked. If the authentication system supporting electronic access to core routers fails, the most appropriate state may be for all access to core routers be prohibited. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Access Control; Cyber Security; Physical Security Management; Security Systems; true true true true true true true 2 true false false false
11-7-8567 Important News Disinformation after Recovery: Network Operators, Service Providers and Equipment Suppliers should ensure that actions taken due to a spoofed, faked or distorted news item should be cross-correlated against other sources. Any actions taken should be ‘backed out’ and corrective measures taken to restore the previous state. News source authentication methods should be implemented to ensure future accuracy. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Cross-reference BP 5270 true true true true true true true 1 true false false false
11-8-0507 Highly Important Attack Trace Back: Service Providers, Network Operators and Equipment Suppliers should have the processes and/or capabilities to analyze and determine the source of malicious traffic, and then to trace-back and drop the packets at, or closer to, the source. The references provide several different possible techniques. (Malicious traffic is that traffic such as Distributed Denial of Service (DDoS) attacks, smurf and fraggle attacks, designed and transmitted for the purpose of consuming resources of a destination of network to block service or consume resources to overflow state that might cause system crashes). Internet/Data; Network Operator; Service Provider; Cyber Security; Network Operations; Security Systems; “Practical Network Support for IP Trace back”” by Stefan Savage et.al., Dept. of Computer Science and Engineering, Univ of Washington, Tech Report UW-CSE-2000-02-01 with a version published in the Proceedings of the 2000 ACM SIBCOMM pp256-306 Stockholm, Sweden, August 2000
Hash based as described in “”Hash Based IP Traceback”” by Alex C Snoeren et.al of BBN published in Proceedings of the 2001 ACM SIBCOMM, San Diego, CA August 2001
A physical network arrangement as described in “”CENTERTRACK, An IP Overlay Network”” by Robert Stone of UUNET presented at NANOG #17 October 5, 1999.
John Ioannidis and Steven M. Bellovin, “”Implementing Pushback: Router-Based Defense Against DDoS Attacks””, NDSS, February 2002. http://www.ietf.org/rfc/rfc3882.txt. false true false false false true true 2 false false false false
11-8-0590 Important Network Operators, Service Providers, and Equipment Suppliers should develop Methods of Procedure (MOP) for core infrastructure hardware and software growth and change activities and periodically review and update as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Documentation; Hardware; Network Elements; Network Operations; Network Provisioning; Procedures; Software; Supervision; true true true true true true true 1 true false false false
11-8-0806 Critical Service Policies: Service Providers should establish policies and develop internal controls to ensure that the infrastructure supporting high speed broadband is protected from external threats, insider threats and threats from customers. These policies should cover protocol and port filtering as well as general security best practices. Cable; Internet/Data; Wireline; Service Provider; Cyber Security; Intrusion Detection; Network Operations; true true false false true true false 3 false false false false
11-8-0807 Critical Service Policies: Service Providers should establish policies and develop internal controls to ensure that individual users have availability, integrity, and confidentiality and are protected from external threats, insider threats and threats from other customers. These policies should cover protocol and port filtering as well as general security best practices. Cable; Internet/Data; Wireline; Service Provider; Cyber Security; Intrusion Detection; Network Operations; true true false false true true false 3 false false false false
11-8-0808 Important Release Filtering Information/Policies to Customers: Service Providers and Network Operators should make information available to customers about traffic filtering (both static and dynamic), where required by law. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Operations; Economic Espionage Act 1996
Telecommunications Act 1996
Electronic Communications Privacy Act 1986
Graham-Leach-Bliley Act 2002
Sarbannes-Oxley 2003
USA PATRIOT Act 2002
Health Insurance Portability and Accountability Act (HIPAA)
2001. false true false false false true true 1 false false false false
11-8-0813 Critical Service Awareness: Service Providers should encourage users to take steps to maintain the availability, integrity and confidentiality of their systems and to protect their systems from unauthorized access. Service Providers should enable customers to get the tools and expertise to secure their systems. Cable; Internet/Data; Wireline; Service Provider; Cyber Security; Network Operations; true true false false true true false 3 false false false false
11-8-8000 Important Disable Unnecessary Services: Service Providers and Network Operators should establish a process, during design/implementation of any network/service element or management system, to identify potentially vulnerable, network-accessible services (such as Network Time Protocol (NTP), Remote Procedure Calls (RPC), Finger, Rsh-type commands, etc.) and either disable, if unneeded, or provided additional compensating controls, such as proxy servers, firewalls, or router filter lists, if such services are required for a business purpose. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; Configuration guides for security from NIST (800-53 Rev. 3), NSA (Security Configuration Guides), and Center For Internet Security (CIS Benchmarks). false true false false false true true 1 false false false false
11-8-8001 Important Strong Encryption Algorithms and Keys: Service Providers, Network Operators, and Equipment Suppliers should use industry-accepted algorithms and key lengths for all uses of encryption, such as 3DES or AES. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. true true true true true true true 1 true false false false
11-8-8003 Important Control Plane Reliability: Service Providers and Network Operators should minimize single points of failure in the control plane architecture (e.g., Directory Resolution and Authentications services). Critical applications should not be combined on a single host platform. All security and reliability aspects afforded to the User plane (bearer) network should also be applied to the Control plane network architecture. Internet/Data; Equipment Supplier; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; false true false false false true false 1 true false false false
11-8-8004 Important Harden Default Configurations: Equipment Suppliers should work closely and regularly with customers to provide recommendations concerning existing default settings and to identify future default settings which may introduce vulnerabilities. Equipment Suppliers should proactively collaborate with network operators to identify and provide recommendations on configurable default parameters and provide guidelines on system deployment and integration such that initial configurations are as secure as allowed by the technology. Internet/Data; Equipment Supplier; Cyber Security; Network Design; Network Elements; Cross reference with 7-7-8004 developed under NRIC. false true false false false false false 1 true false false false
11-8-8006 Highly Important Protection of Externally Accessible Network Applications: Service Providers and Network Operators should protect servers supporting externally accessible network applications by preventing the applications from running with high-level privileges and securing interfaces between externally accessible servers and back-office systems through restricted services and mutual authentication. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Operations; ISF CB63. false true false false false true true 2 false false false false
11-8-8007 Important Define Security Architecture(s): Service Providers and Network Operators should develop formal written Security Architecture(s) and make the architecture(s) readily accessible to systems administrators and security staff for use during threat response. The Security Architecture(s) should anticipate and be conducive to business continuity plans. Internet/Data; Network Operator; Service Provider; Business Continuity; Cyber Security; Network Design; Network Operations; Policy; NIST Special Publication 800-53, Revision 3, Control Number PM-7
Recommended Security Controls for Federal Information Systems
http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010
NIST Special Pub 800-12, NIST Special Pub 800-14. false true false false false true true 1 false false false false
11-8-8010 Important OAM&P Product Security Features: Equipment Suppliers should implement current industry baseline requirements for Operations, Administration, Management, and Provisioning (OAM&P) security in products — software, network elements, and management systems. Internet/Data; Equipment Supplier; Cyber Security; Network Design; Network Elements; Network Operations; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. false true false false false false false 1 true false false false
11-8-8011 Important Request OAM&P Security Features: Service Providers and Network Operators should request products from vendors that meet current industry baseline requirements for Operations, Administration, Management, and Provisioning (OAM&P) security. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. false true false false false true true 1 false false false false
11-8-8012 Important Secure Communications for OAM&P Traffic: To prevent unauthorized users from accessing Operations, Administration, Management, and Provisioning (OAM&P) systems, Service Providers and Network Operators should use strong authentication for all users. To protect against tampering, spoofing, eavesdropping, and session hijacking, Service Providers and Network Operators should use a trusted path for all important OAM&P communications between network elements, management systems, and OAM&P staff. Examples of trusted paths that might adequately protect the OAM&P communications include separate private-line networks, VPNs or encrypted tunnels. Any sensitive OAM&P traffic that is mixed with customer traffic should be encrypted. OAM&P communication via TFTP and Telnet is acceptable if the communication path is secured by the carrier. OAM&P traffic to customer premises equipment should also be via a trusted path. Internet/Data; Network Operator; Service Provider; Cyber Security; Encryption; Network Operations; “http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008
ITU – CCITT Rec. X.700 (X.720) Series
ITU – CCITT Rec. X.800 Series
ITU-T Rec. X.805
ITU-T Rec. X.812”. false true false false false true true 1 false false false false
11-8-8013 Important Controls for Operations, Administration, Management, and Provisioning (OAM&P) Management Actions: Service Providers and Network Operators should authenticate, authorize, attribute, and log all management actions on critical infrastructure elements and management systems. This especially applies to management actions involving security resources such as passwords, encryption keys, access control lists, time-out values, etc. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; Department of Defense Telecommunications and Defense Switched Network Secuirty Technical Implementation Guide (Version 2, Release 3).
‘http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. true true true true true true true 1 true false false false
11-8-8014 Highly Important OAM&P Privilege Levels: For OAM&P systems, Service Providers and Network Operators should use element and system features that provide “least-privilege” for each OAM&P user to accomplish required tasks using role-based access controls where possible. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. true true true true true true true 2 false false false false
11-8-8015 Critical Segmenting Management Domains: For OAM&P activities and operations centers, Service Providers and Network Operators should segment administrative domains with devices such as firewalls that have restrictive rules for traffic in both directions and that require authentication for traversal. In particular, segment OAM&P networks from the Network Operator’s or Service Provider’s intranet and the Internet. Treat each domain as hostile to all other domains. Follow industry recommended firewall policies for protecting critical internal assets. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; “http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008
ITU-T X.805”. false true false false false true true 3 false false false false
11-8-8016 Important OAM&P Security Architecture: Service Providers and Network Operators should design and deploy an Operations, Administration, Management, and Provisioning (OAM&P) security architecture based on industry recommendations. Internet/Data; Network Operator; Service Provider; Business Continuity; Cyber Security; Network Design; Network Operations; Policy; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. false true false false false true true 1 false false false false
11-8-8017 Important OAM&P Protocols: Service Providers, Network Operators, and Equipment Suppliers should use Operations, Administration, Management and, Provisioning (OAM&P) protocols and their security features according to industry recommendations. Examples of protocols include SNMP, SOAP, XML, and CORBA. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Provisioning; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. false true false false false true true 1 false false false false
11-8-8020 Critical Expedited Security Patching: Service Providers, Network Operators, and Equipment Suppliers should have special processes and tools in place to quickly patch critical infrastructure systems when important security patches are made available. Such processes should include determination of when expedited patching is appropriate and identifying the organizational authority to proceed with expedited patching. This should include expedited lab testing of the patches and their affect on network and component devices. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Operations; Configuration guide for security from NIST (800-53 Rev. 3). true true true true true true true 3 true false false false
11-8-8022 Critical Remote Operations, Administration, Management and Provisioning (OAM&P) Access: Service Providers and Network Operators should have a process by which there is a risk assessment and formal approval for all external connections. All such connections should be individually identified and restricted by controls such as strong authentication, firewalls, limited methods of connection, and fine-grained access controls (e.g., granting access to only specified parts of an application). The remote party’s access should be governed by contractual controls that ensure the provider’s right to monitor access, defines appropriate use of the access, and calls for adherence to best practices by the remote party. Internet/Data; Network Operator; Service Provider; Cyber Security; Information Protection; Network Operations; false true false false false true true 3 false false false false
11-8-8024 Important Limited Console Access: Service Providers, Network Operators, and Equipment Suppliers should not permit users to log on locally to the Operation Support Systems or network elements. System administrator console logon should require as strong authentication as practical. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Operations; Some systems differentiate a local account database and network account database. Users should be authenticated onto the network using a network accounts database, not a local accounts database. ‘http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. false true false false false true true 1 false false false false
11-8-8025 Critical Protection from SCADA Networks: Telecom/Datacomm OAM&P networks for Service Providers and Network Operators should be isolated from other OAM&P networks, e.g., SCADA networks, such as for power, water, industrial plants, pipelines, etc.
��������� Isolate the SCADA network from the OAM&P network (segmentation)
��������� Put a highly restrictive device, such as a firewall, as a front-end interface on the SCADA network for management access.
��������� Use an encrypted or a trusted path for the OAM&P network to communicate with the SCADA “”front-end.””” Internet/Data; Network Operator; Service Provider; Cyber Security; Encryption; Network Design; Network Elements; Network Operations; Note: Service providers MAY provide an offer of ‘managed’ SCADA services or connectivity to other utilities. This should be separate from the provider’s OAM&P network. ITU-T Rec. X.1051. false true false false false true true 3 false false false false
11-8-8031 Critical LAES Interfaces and Processes: Service Providers, Network Operators, and Equipment Providers should develop and communicate Lawfully Authorized Electronic Surveillance (LAES) policy. They should:
��������� Limit the distribution of information about LAES interfaces
��������� Periodically conduct risk assessments of LAES procedures
��������� Audit LAES events for policy compliance
��������� Limit access to those who are authorized for LAES administrative functions or for captured or intercepted LAES content
��������� Promote awareness of all LAES policies among authorized individuals Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. true true true true true true true 3 true false false false
11-8-8033 Important Software Development: Service Providers, Network Operators, and Equipment Suppliers should adopt internationally accepted standard methodologies, such as ISO 15408 (Common Criteria) or ISO 17799, to develop documented Information Security Programs that include application security development lifecycles that include reviews of specification and requirements designs, code reviews, threat modeling, risk assessments, and training of developers and engineers. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Policy; Software; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008
Common Criteria: http://www.iso.org, http://csrc.nist.gov/cc/; Carnegie-Mellon Software Engineering Institute secure software development: http://www.sei.cmu.edu/engineering/engineering.html;
Secure Programming Educational Material at http://www.cerias.purdue.edu/homes/pmeunier/secprog/sanitized/;
http://www.atstake.com/services/smartrisk/application.html. false true false false false true true 1 true false false false
11-8-8036 Critical Exceptions to Patching: Service Provider and Network Operator systems that are not compliant with the patching policy should be noted and these particular elements should be monitored on a regular basis. These exceptions should factor heavily into the organization’s monitoring strategy. Vulnerability mitigation plans should be developed and implemented in lieu of the patches. If no acceptable mitigation exists, the risks should be communicated to management. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Operations; Policy; Software; Configuration guide for security from NIST (800-53 Rev. 3). true true true true true true true 3 false false false false
11-8-8040 Important Mitigate Control Plane Protocol Vulnerabilities: Service Providers and Network Operators should implement architectural designs to mitigate the fundamental vulnerabilities of many control plane protocols (eBGP, DHCP, SS7, DNS, SIP, etc): 1) Know and validate who you are accepting information from, either by link layer controls or higher layer authentication, if the protocol lacks authentication, 2) Filter to only accept/propagate information that is reasonable/expected from that network element/peer. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Operations; false true false false false true true 1 false false false false
11-8-8041 Important Prevent Network Element Resource Saturation: Equipment Suppliers for layer 3 switches/routers, with interfaces that mix user and control plane data, should provide filters and access lists on the header fields to protect the control plane from resource saturation by filtering out untrusted packets destined to for control plane. Measures may include: 1) Allowing the desired traffic type from the trusted sources to reach the control-data processor and discard the rest, 2) separately rate-limiting each type of traffic that is allowed to reach the control-data processor, to protect the processor from resource saturation. Internet/Data; Equipment Supplier; Cyber Security; Network Design; Network Elements; Network Operations; false true false false false false false 1 true false false false
11-8-8042 Critical BGP (Border Gateway Protocol) Validation: Service Providers and Network Operators should validate routing information to protect against global routing table disruptions. Avoid BGP peer spoofing or session hijacking by applying techniques such as: 1) eBGP hop-count (TTL) limit to end of physical peering link, 2) MD5 session signature to mitigate route update spoofing threats (keys should be changed periodically where feasible). Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; NSTAC ISP Working Group – BGP/DNS, Scalable key
distribution mechanisms, NRIC V FG 4: Interoperability.
NIST SP 800-54 Border Gateway Protocol Security . false true false false false true true 3 false false false false
11-8-8043 Critical Prevent BGP (Border Gateway Protocol) Poisoning: Service Providers and Network Operators should use existing BGP filters to avoid propagating incorrect data. Options include: 1) Avoid route flapping DoS by implementing RIPE-229 to minimize the dampening risk to critical resources, 2) Stop malicious routing table growth due to de-aggregation by implementing Max-Prefix Limit on peering connections, 3) Employ ISP filters to permit customers to only advertise IP address blocks assigned to them, 4) Avoid disruption to networks that use documented special use addresses by ingress and egress filtering for “Martian” routes, 5) Avoid DoS caused by unauthorized route injection (particularly from compromised customers) by egress filtering (to peers) and ingress filtering (from customers) prefixes set to other ISPs, 6) Stop DoS from un-allocated route injection (via BGP table expansion or latent backscatter) by filtering “bogons” (packets with unauthorized routes), not running default route or creating sink holes to advertise “bogons”, and 7) Employ “Murphy filter” (guarded trust and mutual suspicion) to reinforce filtering your peer should have done. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; “http://www.cymru.com/Bogons/index.html, NSTAC ISP Working Group – BGP/DNS, RIPE-181, “”A Route-Filtering Model for Improving Global Internet Routing Robustness”” 222.iops.org/Documents/routing.html
NIST SP 800-54 Border Gateway Protocol Security”. false true false false false true true 3 false false false false
11-8-8044 Important BGP (Border Gateway Protocol) Interoperability Testing: Service Providers and Network Operators should conduct configuration interoperability testing during peering link set-up; Encourage Equipment Suppliers participation in interoperability testing forums and funded test-beds to discover BGP implementation bugs. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; NSTAC ISP Working Group – BGP/DNS, also NANOG (http://www.nanog.org) and MPLS Forum interoperability testing (http://www.mplsforum.org). false true false false false true true 1 false false false false
11-8-8045 Critical Protect Interior Routing Tables: Service Providers and Network Operators should protect their interior routing tables with techniques such as 1) Not allowing outsider access to internal routing protocol and filter routes imported into the interior tables 2) Implementing MD5 between IGP neighbors. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; http://www.ietf.org/rfc/rfc1321.txt. false true false false false true true 3 false false false false
11-8-8046 Critical Protect DNS (Domain Name System) Servers Against Compromise: Service Providers and Network Operators should protect against DNS server compromise by implementing protection such as physical security, removing all unnecessary platform services, monitoring industry alert channels for vulnerability exposures, scanning DNS platforms for known vulnerabilities and security breaches, implementing intrusion detection on DNS home segments, not running the name server as root user/minimizing privileges where possible, and blocking the file system from being compromised by protecting the named directory. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Elements; Network Operations; RFC-2870 ISO/IED 15408 ISO 17799 US-CERT “”Securing an Internet Name Server””
NIST SP 800-81 & SP 800-81 R1 Secure Domain Name System(DNS) Deployment Guide. false true false false false true true 3 false false false false
11-8-8047 Highly Important Protect Against DNS (Domain Name System) Denial of Service: Service Providers and Network Operators should provide DNS DoS protection by implementing protection techniques such as: 1) increase DNS resiliency through redundancy and robust network connections, 2) Have separate name servers for internal and external traffic as well as critical infrastructure, such as OAM&P and signaling/control networks, 3) Where feasible, separate proxy servers from authoritative name servers, 4) Protect DNS information by protecting master name servers with appropriately configured firewall/filtering rules, implement secondary masters for all name resolution, and using Bind ACLs to filter zone transfer requests. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; RFC-2870, ISO/IEC 15408, ISO 17799, US-CERT “Securing an Internet Name Server” (http://www.cert.org/archive/pdf/dns ). false true false false false true true 2 false false false false
11-8-8048 Highly Important Protect DNS (Domain Name System) from Poisoning: Service Providers, Network Operators, and Equipment Suppliers should mitigate the possibility of DNS cache poisoning by using techniques such as 1) Preventing recursive queries, 2) Configure short (2 day) Time-To-Live for cached data, 3) Periodically refresh or verify DNS name server configuration data and parent pointer records. Service Providers, Network Operators, and Equipment Suppliers should participate in forums to define an operational implementation of DNSSec. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; RFC-1034, RFC-1035, RFC-2065, RFC-2181, RFC-2535, ISC BIND 9.2.1 US-CERT “Securing an Internet Name Server” (http://www.cert.org/archive/pdf/dns ). false true false false false true true 2 false false false false
11-8-8049 Highly Important Protect DHCP (Dynamic Host Configuration Protocol) Server from Poisoning: Service Providers and Network Operators should employ techniques to make it difficult to send unauthorized DHCP information to customers and the DHCP servers themselves. Methods can include OS Hardening, router filters, VLAN configuration, or encrypted, authenticated tunnels. The DHCP servers themselves must be hardened, as well. Mission critical applications should be assigned static addresses to protect against DHCP-based denial of service attacks. Internet/Data; Network Operator; Service Provider; Cyber Security; Encryption; Network Design; Network Elements; Network Operations; draft-ietf-dhc-csr-07.txt, RFC 3397, RFC2132, RFC1536, RFC3118. false true false false false true true 2 false false false false
11-8-8050 Critical MPLS (Multi-Protocol Label Switching) Configuration Security: Service Providers and Network Operators should protect the MPLS router configuration by 1) Securing machines that control login, monitoring, authentication and logging to/from routing and monitoring devices, 2) Monitoring the integrity of customer specific router configuration provisioning, 3) Implementing (e)BGP filtering to protect against labeled-path poisoning from customers/peers. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Elements; Network Operations; IETF RFC 2547, RFC 3813 & draft-ietf-l3vpn-security-framework-02.txt
NIST SP 800-54 Border Gateway Protocol Security ITU – CCITT Rec. X.800 Series (X.811 & X.812). false true false false false true true 3 false false false false
11-8-8051 Important “Technically Retired” – Network Access Control for SS7: Network Operators should ensure that SS7 signaling interface points that connect to the IP Private and Corporate networks interfaces are well hardened, protected with packet filtering firewalls; and enforce strong authentication. Similar safeguards should be implemented for e-commerce applications to the SS7 network. Network Operators should implement rigorous screening on both internal and interconnecting signaling links and should investigate new, and more thorough screening capabilities. Operators of products built on general purpose computing products should proactively monitor all security issues associated with those products and promptly apply security fixes, as necessary. Operators should be particularly vigilant with respect to signaling traffic delivered or carried over Internet Protocol networks. Network Operators that do employ the Public Internet for signaling, transport, or maintenance communications and any maintenance access to Network Elements should employ authentication, authorization, accountability, integrity, and confidentiality mechanisms (e.g., digital signature and encrypted VPN tunneling). Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Network Elements; Network Operations; Policy; ITU SS7 Standards, �Securing SS7 Telecommunications Networks�, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 5-6 June 2001. false false false false true true true 1 true false false false
11-8-8052 Highly Important “Technically Retired” – SS7 Authentication: Network Operators should mitigate limited SS7 authentication by enabling logging for SS7 element security related alarms on SCPs and STPs, such as: unauthorized dial up access, unauthorized logins, logging of changes and administrative access logging. Network operators should implement rigorous screening on both internal and interconnecting signaling links and should investigate new and more thorough screening capabilities. Operators of products built on general purpose computing products should proactively monitor all security issues associated with those products and promptly apply security fixes, as necessary. Operators should establish login and access controls that establish accountability for changes to node translations and configuration. Operators should be particularly vigilant with respect to signaling traffic delivered or carried over Internet Protocol networks. Network operators that do employ the Public Internet for signaling, transport or maintenance communications and any maintenance access to Network Elements shall employ authentication, authorization, accountability, integrity and confidentiality mechanisms (e.g. digital signature and encrypted VPN tunneling). Operators making use of dial-up connections for maintenance access to Network Elements should employ dial-back modems with screening lists. One-time tokens and encrypted payload VPNs should be the minimum. Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Operations; NIIF Guidelines for SS7 Security. false false false false true false true 2 false false false false
11-8-8053 Important SS7 DoS Protection: Network Operators should establish thresholds for various SS7 message types to ensure that DoS conditions are not created. Also, alarming should be configured to monitor these types of messages to alert when DoS conditions are noted. Rigorous screening procedures can increase the difficulty of launching DDoS attacks. Care must be taken to distinguish DDoS attacks from high volumes of legitimate signaling messages. Maintain backups of signaling element data. Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Operations; false false false false true false true 1 false false false false
11-8-8054 Highly Important Anonymous Use of SS7 Services or Services Controlled by SS7: Network Operators should have defined policies and process for addition and configuration of SS7 elements to the various tables. Process should include the following: personal verification of the request (e.g., one should not simply go forward on a faxed or emailed request without verifying that it was submitted legitimately), approval process for additions and changes to SS7 configuration tables (screening tables, call tables, trusted hosts, calling card tables, etc.) to ensure unauthorized elements are not introduced into the network. Companies should also avoid global, non-specific rules that would allow unauthorized elements to connect to the network. Screening rules should be provisioned with the greatest practical depth and finest practical granularity in order to minimize the possibility of receiving inappropriate messages. Network operators should log translation changes made to network elements and record the user login associated with each change. These practices do not mitigate against the second threat mentioned below, the insertion of inappropriate data within otherwise legitimate signaling messages. To do so requires the development of new capabilities, not available in today’s network elements. Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Operations; false false false false true false true 2 false false false false
11-8-8055 Important Voice over IP (VoIP) Device Masquerades: Network Operators and Equipment Suppliers supplied VoIP CPE devices need to support authentication service and integrity services as standards based solutions become available. Network Operators need to turn-on and use these services in their architectures. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Encryption; Network Design; Network Operations; PacketCable Security specifications. true true false false true true true 1 false false false false
11-8-8056 Important Operational Voice over IP (VoIP) Server Hardening: Network Operators should ensure that network servers have authentication, integrity, and authorization controls in place in order to prevent inappropriate use of the servers. Enable logging to detect inappropriate use. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Design; Network Operations; NSA (VOIP and IP Telephony Security Configuration Guides), and PacketCable Security 2.0 Technical Report (PKT-TR-SEC-V05-080425). true true false false true false true 1 false false false false
11-8-8057 Important Voice over IP (VoIP) Server Product Hardening: Equipment Suppliers should provide authentication, integrity, and authorization mechanisms to prevent inappropriate use of the network servers. These capabilities must apply to all levels of user, general, control, and management. Cable; Internet/Data; Wireline; Equipment Supplier; Cyber Security; Intrusion Detection; Network Design; Network Operations; NSA (VOIP and IP Telephony Security Configuration Guides), and PacketCable Security 2.0 Technical Report (PKT-TR-SEC-V05-080425). true true false false true false false 1 true false false false
11-8-8058 Important Protect Cellular Service from Anonymous Use: Service Providers and Network Operators should prevent theft of service and anonymous use by enabling strong user authentication as per cellular/wireless standards. Employ fraud detection systems to detect subscriber calling anomalies (e.g. two subscribers using same ID or system access from a single user from widely dispersed geographic areas). In cloning situation remove the ESN to disable user thus forcing support contact with service provider. Migrate customers away from analog service if possible due to cloning risk. Wireless; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Telcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc. false false false true false true true 1 false false false false
11-8-8060 Important Protect Against Cellular Network Denial of Service: Service Providers & Network Operators should ensure strong separation of data traffic from management/signaling/control traffic, via firewalls. Network operators should ensure strong cellular network backbone security by employing operator authentication, encrypted network management traffic and logging of security events. Network operators should also ensure operating system hardening and up-to-date security patches are applied for all network elements, element management system and management systems. Wireless; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Telcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc. false false false true false true true 1 false false false false
11-8-8063 Highly Important Intrusion Detection/Prevention Tools (IDS/IPS): Service Providers and Network Operators should install and actively monitor IDS/IPS tools. Sensor placement should focus on resources critical to the delivery of service. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Elements; Network Operations; NIST SP800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94 . false true false false false true true 2 false false false false
11-8-8066 Important Sharing Information with Industry & Government: Service Providers, Network Operators, and Equipment Suppliers should participate in regional and national information sharing groups such as the National Coordinating Center for Telecommunications (NCC), Telecom-ISAC, and the ISP-ISAC (when chartered). Formal membership and participation will enhance the receipt of timely threat information and will provide a forum for response and coordination. Membership will also afford access to proprietary threat and vulnerability information (under NDA) that may precede public release of similar data. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Industry Cooperation; false true false false false true true 1 true false false false
11-8-8069 Important Monitoring Requests: Service Providers and Network Operators should identify a Point of Contact (POC) for handling requests for the installation of lawfully approved intercept devices. Once a request is reviewed and validated, the primary POC should serve to coordinate the installation of any monitoring device with the appropriate legal and technical staffs. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; false true false false false true true 1 false false false false
11-8-8070 Important Abuse Reporting: Service Providers and Network Operators should have Abuse Policies and processes posted for customers (and others), instructing them where and how to report instances of service abuse. Service Providers, Network Operators, and Equipment Suppliers should support the email IDs listed in rfc 2142 �MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS.� Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations; Reference with 7-7-8070 true true true true true true true 1 false false false false
11-8-8072 Critical Intrusion Detection/Prevention Tools (IDS/IPS) Maintenance: Service Provider and Network Operator should maintain and update IDS/IPS tools regularly to detect current threats, exploits, and vulnerabilities. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Security Systems; “NIST SP800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94 “. false true false false false true true 3 false false false false
11-8-8075 Important Identity Administration: Network Operators and Service Providers should have procedures for verifying identity of users to IT department and IT personnel to users (secret PINs, callback procedures, etc.). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; Policy; Training Awareness; Source:http://www.windowsecurity.com/articles/Social_Engineers.html true true true true true true true 1 false false false false
11-8-8085 Important Expiration of Digital Certificates: Service Providers, Network Operators, and Equipment Suppliers, certificates should have a limited period of validity, dependent upon the risk to the system, and the value of the asset.
If there are existing certificates with unlimited validity periods, and it is impractical to replace certificates, consider the addition of passwords that are required to be changed on a periodic basis. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; McClure, Stuart, Joel Scambray, George Kurtz. “Dial-Up, PBX, Voicemail, and VPN Hacking”. Hacking Exposed, Network Security Secrets and Solutions, 4th Edition. Berkley, CA. The McGraw-Hill Companies. 2003. 341-389. true true true true true true true 1 true false false false
11-8-8087 Important Use Time-Specific Access Restrictions: Service Providers and Network Operators should restrict access to specific time periods for high risk users (e.g., vendors, contractors, etc.) for critical assets (e.g., systems that cannot be accessed outside of specified maintenance windows due to the impact on the business). Assure that all system clocks are synchronized. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; false true false false false true true 1 false false false false
11-8-8088 Important Develop Regular Access Audit Procedures: Service Providers, Network Operators, and Equipment Suppliers should charter an independent group (outside of the administrators of the devices) to perform regular audits of access and privileges to systems, networks, and applications. The frequency of these audits should depend on the criticality or sensitivity of the associated assets. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; Information Security Forum. �Security Audit/Review�. The Forum�s Standard of Good Practice, The Standard for Information Security. November 2000. false true false false false true true 1 true false false false
11-8-8090 Highly Important Restrict Use of Dynamic Port Allocation Protocols: Service Providers, Network Operators, and Equipment Suppliers should restrict dynamic port allocation protocols such as Remote Procedure Calls (RPC) and some classes of Voice-over-IP protocols (among others) from usage, especially on mission critical assets, to prevent host vulnerabilities to code execution. Dynamic port allocation protocols should not be exposed to the internet. If used, such protocols should be protected via a dynamic port knowledgeable filtering firewall or other similar network protection methodology. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Elements; Network Operations; ITU-T Rec. X.815 (?? ISO/IEC 8073 ) Rec. ITU-T X.1031. false true false false false true true 2 true false false false
11-8-8092 Important Adopt and Enforce Acceptable Use Policy: Service Providers and Network Operators should adopt a customer-directed policy whereby misuse of the network would lead to measured enforcement actions up to and including termination of services. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Human Resources; Policy; Training Awareness; IETF rfc3013 section 3 and NANOG ISP Resources (http://www.nanog.org/isp.html). true true true true true true true 1 false false false false
11-8-8094 Important Strong Encryption for Customer Clients: Service Providers should implement customer client software that uses the strongest permissible encryption appropriate to the asset being protected. Cable; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; http://www.securityforum.org and http://www.sans.org/resources/; Schneier, Bruce. 1996. Applied Cryptography. 2d.ed. John Wiley & Sons. true false true true true true false 1 false false false false
11-8-8095 Important Establish System Resource Quotas: Service Providers and Network Operators should establish, where technology allows, limiters to prevent undue consumption of system resources (e.g., system memory, disk space, CPU consumption, network bandwidth) in order to prevent degradation or disruption of performance of services. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; Additional resources are required to provide prioritized transport even when overloaded. false true false false false true true 1 false false false false
11-8-8096 Highly Important Users Should Employ Protective Measures: Service Providers and Network Operators should educate service customers on the importance of, and the methods for, installing and using a suite of protective measures (e.g., strong passwords, anti-virus software, firewalls, IDS, encryption) and update as available. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Operations; Security Systems; http://www.stonybrook.edu/nyssecure, http://www.fedcirc.gov/homeusers/HomeComputerSecurity/ Industry standard tools (e.g., LC4). false true false false false true true 2 false false false false
11-8-8097 Important Create Policy on Information Dissemination: Service Providers, Network Operators, and Equipment Suppliers should create an enforceable policy clearly defining who can disseminate information, and what controls should be in place for the dissemination of such information. The policy should differentiate according to the sensitivity or criticality of the information. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Policy; Octave Catalog of Practices, Version 2.0,CMU/SEI-2001-TR-20 (http://www.cert.org/archive/pdf/01tr020 ) Practice OP3.1.1& OP3.2.1; NIST Special Pub 800-12. King, Christopher M., Curtis E. Dalton, and T. Ertem Osmanoglu. �Validation and Maturity�. Security Architecture, Design, Deployment & Operations. Berkley, CA: The McGraw-Hill Companies. 2001. 443-470
McClure, Stuart, Joel Scambray, George Kurtz. “”Advanced Techniques””. Hacking Exposed, Network Security Secrets and Solutions, 4th Edition. Berkley, CA. The McGraw-Hill Companies. 2003. 555-592
Nichols, Randall K., Daniel J. Ryan, Julie J. C. H. Ryan. “”Risk Management and Architecture of Information Security (INFOSEC)””. Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves. New York, NY. The McGraw-Hill Companies. 2000. 69-90. false true false false false true true 1 true false false false
11-8-8098 Critical Create Policy on Removal of Access Privileges: Service Providers, Network Operators, and Equipment Suppliers should have policies on changes to and removal of access privileges upon staff members status changes such as terminations, exits, transfers, and those related to discipline or marginal performance. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Octave Catalog of Practices, Version 2.0,CMU/SEI-2001-TR-20 (http://www.cert.org/archive/pdf/01tr020 ) Practice OP1.3.1-OP1.3.2, OP3.2.1-OP3.3 and OP3.1.1-Op3.1.3; NIST Special Pub 800-26; OMB Circular A-130 Appendix III. US Government and National Security Telecommunications Advisory Committee (NSTAC) Network Security Information Exchange (NSIE). �Administration of Static Passwords and User Ids�. Operations, Administration, Maintenance, & Provisioning (OAM&P) Security Requirements for Public Telecommunications Network. Draft 2.0, August 2002. false true false false false true true 3 false false false false
11-8-8099 Important Create Policy on Personnel Hiring Merits: Service Providers, Network Operators, and Equipment Suppliers should perform background checks that are consistent with the sensitivity of the position’s responsibilities and that align with HR policy. These checks could include those that verify employment history, education, experience, certification, and criminal history. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Human Resources; Policy; true true true true true true true 1 true false false false
11-8-8100 Important Training for Security Staff: Service Providers, Network Operators, and Equipment Suppliers should establish security training programs and requirements for ensuring security staff knowledge and compliance. This training could include professional certifications in cyber security. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; Policy; Training Awareness; NIST Special Publication 800-53, Revision 3, Control Number AT-3
Recommended Security Controls for Federal Information Systems
http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010 . true true true true true true true 1 true false false false
11-8-8105 Critical Protection of Cellular User Voice Traffic: Service Providers and Network Operators should incorporate cellular voice encryption services and ensure that such encryption services are enabled for end users. (Voice encryption services depend on the wireless technology used, and are standards based). Wireless; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; Cellular Standards: GSM, GPRS, PCS2000, CDMA, 1XRTT, UMTS, 3GPP, 3GPP2. false false false true false true true 3 false false false false
11-8-8106 Critical Protect Wireless Networks from Cyber Security Vulnerabilities: Service Providers, Network Operator, and Equipment Suppliers should employ operating system hardening and up-to-date security patches for all accessible wireless servers and wireless clients. Employ strong end user authentication for wireless IP connections. Employ logging of all wireless IP connections to ensure traceability back to end user. Employ up-to-date encryption capabilities available with the devices. In particular, vulnerable network and personal data in cellular clients must be protected if the handset is stolen. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; IPSec. Telcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc.
Dependency on NRIC BP 5018. NIST SP 800-40 v2.0 Creating a Patch and Vulnerability Management Program. true true true true true true true 3 true false false false
11-8-8108 Critical Authentication System Failure: In the event of an authentication system failure, Service Providers and Network Operators should determine how the system requiring support of the authentication system responds (i.e., determine what specific effect(s) the failure caused). The system can either be set to open or closed in the event of a failure. This will depend on the needs of the organization. For instance, an authentication system supporting physical access may be required to fail OPEN in the event of a failure so people will not be trapped in the event of an emergency. However, an authentication system that supports electronic access to core routers may be required to fail CLOSED to prevent general access to the routers in the event of authentication system failure.
In addition, it is important to have a means of alternate authenticated access to a system in the event of a failure. In the case of core routers failing CLOSED, there should be a secondary means of authentication (e.g., use of a one-time password) reserved for use only in such an event; this password should be protected and only accessible to a small key-contingent of personnel. Internet/Data; Network Operator; Service Provider; Cyber Security; Encryption; Network Elements; Network Operations; Security Systems; ITU-T Rec. X.1051. false true false false false true true 3 false false false false
11-8-8112 Highly Important Protect Management of Externally Accessible Systems: Service Providers and Network Operators should protect the systems configuration information and management interfaces for Web servers and other externally accessible applications, so that it is not inadvertently made available to 3rd parties. Techniques, at a minimum, should include least privilege for external access, strong authentication, application platform hardening, and system auditing. Internet/Data; Network Operator; Service Provider; Cyber Security; Encryption; Network Operations; false true false false false true true 2 false false false false
11-8-8113 Important Limited Local Logon: Service Providers, Network Operators, and Equipment Suppliers should not permit local logon of users other than the system administrator. Local logon of a system administrator should be used only for troubleshooting or maintenance purposes. Some systems differentiate a local account database and network-accessible, centralized account database. Users should be authenticated via a network-accessible, centralized account database, not a local accounts database. Cable; Internet/Data; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; Department of Defense Telecommunications and Defense Switched Network Secuirty Technical Implementation Guide (Version 2, Release 3).
‘http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. true true false false true true true 1 true false false false
11-8-8114 Important SNMP Community String Vulnerability Mitigation: Service Providers, Network Operators, and Equipment Suppliers should use difficult to guess community string names, or current SNMP version equivalent. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Network Design; Network Elements; Network Operations; false true false false false true true 1 true false false false
11-8-8115 Critical Mitigate Control Plane Protocol Vulnerabilities in Suppliers Equipment: Equipment Suppliers should provide controls to protect network elements and their control plane interfaces against compromise and corruption. Vendors should make such controls and filters easy to manage and minimal performance impacting Internet/Data; Equipment Supplier; Cyber Security; Hardware; Intrusion Detection; Network Operations; false true false false false false false 3 true false false false
11-8-8116 Important Participate in Industry Forums to Improve Control Plane Protocols: Network Operators, Service Providers, and Equipment Suppliers should participate in industry forums to define secure, authenticated control plane protocols and operational, business processes to implement them. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; ATIS Packet Technologies and Systems Committee (previously part of T1S1)
ATIS Protocol Interworking Committee (previously part of T1S1). false true false false false true true 1 true false false false
11-8-8117 Important DNS Servers Disaster Recovery Plan: Service Providers and Network Operators should prepare a disaster recovery plan to implement upon DNS server compromise. Internet/Data; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Network Operations; Disaster recovery plan may need to address backup DNS strategy (addressed by 7-7-8527). false true false false false true true 1 false false false false
11-8-8118 Critical Protect Against DNS (Domain Name System) Distributed Denial of Service: Service Providers and Network Operators should provide DNS DDoS protection by implementing protection techniques such as: 1) Rate limiting DNS network connections 2) Provide robust DNS capacity in excess of maximum network connection traffic 3) Have traffic anomaly detection and response capability 4) Provide secondary DNS for back-up 5) Deploy Intrusion Prevention System in front of DNS. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; RFC-2870, ISO/IEC 15408, ISO 17799,US-CERT “Securing an Internet Name Server” (http://www.cert.org/archive/pdf/dns ). true true true true true true true 3 false false false false
11-8-8119 Critical Security-Related Data Correlation: Service Providers and Network Operators should correlate data from various sources, including non-security related sources, (i.e., syslogs, firewall logs, IDS alerts, remote access logs, asset management databases, human resources information, physical access logs, etc.) to identify security risks and issues across the enterprise. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; true true true true true true true 3 false false false false
11-8-8120 Critical Revocation of Digital Certificates: Service Providers, Network Operators, and Equipment Suppliers should use equipment and products that support a central revocation list and revoke certificates that are suspected of having been compromised. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; true true true true true true true 3 true false false false
11-8-8125 Critical Policy Acknowledgement: Service Providers, Network Operators, and Equipment Suppliers should ensure that employees formally acknowledge their obligation to comply with their corporate Information Security policies. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Policy; Training Awareness; ISO 27002 Information Security Standards – 8.1.3 Terms and conditions of employment. Cross reference with 7-7-8125 developed under NRIC. true true true true true true true 3 true false false false
11-8-8126 Highly Important Use Risk-Appropriate Authentication Methods: Service Providers, Network Operators, and Equipment Suppliers should employ authentication methods commensurate with the business risk of unauthorized access to the given network, application, or system. For example, these methods would range from single-factor authentication (e.g., passwords) to two-factor authentication (e.g., token and PIN) depending on the estimated criticality or sensitivity of the protected assets. When two-factor authentication generates one-time passwords, the valid time-duration should be determined based on an assessment of risk to the protected asset(s). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. true true true true true true true 2 true false false false
11-8-8127 Important Verify Audit Results Through Spot-Checking: Service Providers, Network Operators, and Equipment Suppliers should validate any regular auditing activity through spot-checking to validate the competency, thoroughness, and credibility of those regular audits. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; false true false false false true true 1 true false false false
11-8-8128 Important Promptly Address Audit Findings: Service Providers, Network Operators, and Equipment Suppliers should promptly verify and address audit findings assigning an urgency and priority commensurate with their implied risk to the business. The findings as well as regular updates to those findings should be reported to management responsible for the affected area. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; false true false false false true true 1 true false false false
11-8-8129 Critical Staff Training on Technical Products and Their Controls: To remain current with the various security controls employed by different technologies, Service Providers, Network Operators, and Equipment Suppliers should ensure that technical staff participate in ongoing training and remain up-to-date on their certifications for those technologies. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Training Awareness; true true true true true true true 3 false false false false
11-8-8130 Highly Important Staff Trained on Incident Reporting: Service Providers, Network Operators, and Equipment Suppliers should provide procedures and training to staff on the reporting of security incidents, weaknesses, and suspicious events. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; ISO 27002 Information Security Standards – 13.1.1 Reporting information security events. true true true true true true true 2 false false false false
11-8-8133 Important Consistent Security Controls for DR Configurations: A Service Provider’s or Network Operator’s disaster recovery or business continuity solutions should adhere to the same Information Security best practices as the solutions used under normal operating conditions. Internet/Data; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Cross reference with 7-7-8133 developed under NRIC. false true false false false true true 1 false false false false
11-8-8135 Important Protection of Devices Beyond Scope of Control: Equipment Suppliers should implement techniques such as tamper-proof cryptochips/authentication credentials and authentication for (service provider) configuration controls, in customer premises equipment. Internet/Data; Equipment Supplier; Cyber Security; Encryption; Network Operations; PacketCableTM Security Specification PKT-SP-SEC-I11-040730, IETF RFC 3261. false true false false false false false 1 true false false false
11-8-8138 Highly Important Renewal of Digital Certificates: Service Providers, Network Operators, and Equipment Suppliers should establish a procedure to track the expiration date for digital certificates used in services and critical applications, and start the process to renew such certificates in sufficient time to prevent disruption of service. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; true true true true true true true 2 true false false false
11-8-8500 Critical Recovery from Digital Certificate Key Compromise: In the event the key in a digital certificate becomes compromised, Service Providers, Network Operators, and Equipment Suppliers should immediately revoke the certificate, and issue a new one to the users and/or devices requiring it. Perform Forensics and Post-mortem, as prescribed in NRIC BP 8061, to review for additional compromise as soon as business processes allow. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; NIST SP800-57 Recommendation for key management
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007 . true true true true true true true 3 true false false false
11-8-8501 Critical Recovery from Root Key Compromise: In the event the root key in a digital certificate becomes compromised, Service Providers, Network Operators, and Equipment Providers should secure a new root key, and rebuild the PKI (Public Key Infrastructure) trust model. Perform Forensics and Post-mortem, as prescribed in NRIC BP 8061, to review for additional compromise as soon as business processes allow. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; NIST SP800-57 Recommendation for key management
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007 . true true true true true true true 3 true false false false
11-8-8503 Critical Recovery from Encryption Key Compromise or Algorithm Failure. When improper use of keys or encryption algorithms is discovered, or a breach has occurred, Service Providers and Network Operators should conduct a forensic analysis to assess the possibility of having potentially compromised data and identify what may have been compromised and for how long it has been in a compromised state; implement new key (and revoke old key if applicable), or encryption algorithm, and ensure they are standards-based and implemented in accordance with prescribed procedures of that standard, where possible. When using wireless systems, ensure vulnerabilities are mitigated with proper and current security measures. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; http://www.atis.org/ – T1 276-2003 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: July, 2003
802.11i & 802.16
Related to NRIC BP 8001. true true true true true true true 3 false false false false
11-8-8505 Highly Important Roll-out of Secure Service Configuration, or Vulnerability Recovery Configurations: When new default settings introduce vulnerabilities or the default configuration is found to be vulnerable, Service Providers and Network Operators should work with the Equipment Supplier to resolve the inadequacies of the solution, using a pre-deployment, staging area, where hardened configurations can be tested. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Software; Configuration guide for security from NIST (800-53 Rev. 3). true true true true true true true 2 true false false false
11-8-8507 Highly Important Enforce Least-Privilege-Required Access Levels During Recovery: When it is discovered that a system is running with a higher level of privilege than necessary, Service Providers and Network Operators should consider which systems/services the affected system could be disconnected from to minimize access and connectivity while allowing desired activities to continue; conduct a forensic analysis to assess the possibility of having potentially compromised data and identify what may have been compromised and for how long it has been in a compromised state; and reconnect system to back-office with appropriate security levels implemented. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Operations; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008
ISF CB63. false true false false false true true 2 false false false false
11-8-8513 Critical Recovery from Not Having and Enforcing an Acceptable Use Policy: In the event that an Acceptable Use Policy is not in place, or an event occurs that is not documented within the AUP, Service Providers and Network Operators should consult with legal counsel. Consulting with legal counsel, develop and adapt a policy based on lessons learned in the security incident and redistribute the policy when there are changes. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations; IETF rfc3013 section 3 and NANOG ISP Resources (www.nanog.org/isp.html). true true true true true true true 3 false false false false
11-8-8514 Critical Recovery from Network Misuse via Invalid Source Addresses: Upon discovering the misuse or unauthorized use of the network, Service Providers should shut down the port in accordance with AUP (Acceptable Use Policy) and clearance from legal counsel. Review ACL (Access Control List) and temporarily remove offending address pending legal review and reactivate the port after the threat has been mitigated. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; IETF rfc3013 sections 4.3 and 4.4. NANOG ISP Resources. www.IATF.net. true true true true true true true 3 false false false false
11-8-8515 Critical Recovery from Misuse or Undue Consumption of System Resources: If a misuse or unauthorized use of a system is detected, Service Providers and Network Operators should perform forensic analysis on the system, conduct a post-mortem analysis and enforce system resource quotas. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; IETF RFC2350, CMU/SEI-98-HB-001. true true true true true true true 3 false false false false
11-8-8517 Critical Recovery from Unauthorized Information Dissemination: If information has been leaked or the release policy has not been followed, Service Providers, Network Operators, and Equipment Suppliers should review audit trails; Change passwords, review permissions, and perform forensics as needed; Inform others at potential risk for similar exposure; and include security responsibilities in performance improvement programs that may include security awareness refresher training. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations; true true true true true true true 3 true false false false
11-8-8519 Important Recover from Failure of Hiring Procedures: When it is discovered that there has been a failure in the hiring process and the new employee does not in fact have the proper capabilities or qualifications for the job, Service Providers, Network Operators, and Equipment Suppliers should undertake one or more of the following: 1) Provide additional employee training. 2) Reassign, dismiss, or discipline the employee. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Human Resources; Policy; Training Awareness; true true true true true true true 1 true false false false
11-8-8525 Critical Recovery from BGP (Border Gateway Protocol) Poisoning: If the routing table is under attack from malicious BGP updates, Service Providers and Network Operators should apply the same filtering methods used in NRIC BP 8043 more aggressively to stop the attack. When under attack, the attack vector is usually known and the performance impacts of the filter are less of an issue than when preventing an attack. The malicious routes will expire from the table, be replaced by legitimate updates, or in emergencies, can be manually deleted from the tables. Contact peering partner to coordinate response to attack. Internet/Data; Network Operator; Cyber Security; Network Design; Network Elements; Network Operations; RIPE-181, “A Route-Filtering Model for Improving Global Internet Routing Robustness” www.iops.org/Documents/routing.html. false true false false false false true 3 false false false false
11-8-8527 Critical Recover from Compromised DNS (Domain Name System) Servers or Name Record Corruption: If the DNS (Domain Name System) server has been compromised or the name records corrupted, Service Providers and Network Operators should first flush the DNS cache and, failing that, implement the pre-defined disaster recovery plan. Elements may include but are not limited to: 1) bring-on additional hot or cold spare capacity, 2) bring up a known good DNS server from scratch on different hardware, 3) Reload and reboot machine to a know good DNS server software (from bootable CD or spare hard drive), 4) Reload name resolution records from a trusted back-up. After the DNS is again working, conduct a post-mortem of the attack/response. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; RFC-2870, ISO/IEC, 15408, ISO 17799, US-CERT “Securing an Internet Name Server”. true true true true true true true 3 false false false false
11-8-8528 Critical Recover from DNS (Domain Name Server) Denial of Service Attack: If the DNS server is under attack, Service Providers and Network Operators should consider one or more of the following steps 1) Implement reactive filtering to discard identified attack traffic, if possible, 2) Rate-limiting traffic to the DNS server complex, 3) Deploy suitable Intrusion Prevention System in front of DNS servers, 4) Deploy additional DNS server capacity in a round-robin architecture, 5) Utilize DoS/DDoS tracking methods to identify the source(s) of the attack, or 6) Move name resolution service to a 3rd party provider. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; RFC-2870, ISO/IEC 15408, ISO 17799 US-CERT “Securing an Internet Name Server”. true true true true true true true 3 false false false false
11-8-8530 Critical Recover from DHCP-based DoS Attack: If a DHCP ((Dynamic Host Configuration Protocol) attack is underway, Service Provider and Network Operators should isolate the source to contain the attack. Plan to force all DHCP clients to renew leases in a controlled fashion at planned increments. Re-evaluate architecture to mitigate similar future incidents. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; true true true true true true true 3 false false false false
11-8-8531 Critical Recover from MPLS (Multi-Protocol Label Switching) Misconfiguration: If a customer MPLS-enabled trusted VPN (Virtual Private Network) has been compromised by mis-configuration of the router configuration, Service Provider and Network Operators should 1) restore customer specific routing configuration from a trusted copy, 2) notify customer of potential security breach, 3) Conduct an investigation and forensic analysis to understand the source, impact and possible preventative measures for the security breach. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; IETF RFC 2547. false true false false false true true 3 false false false false
11-8-8532 Critical Recover from SCP Compromise: No prescribed standard procedures exist for Service Providers and Network Operators to follow after the compromise of an SCP (Signaling Control Point). It will depend on the situation and the compromise mechanism. However, in a severe case, it may be necessary to disconnect it to force a traffic reroute, then revert to known good, back-up tape/disk and cold boot. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; true true true true true true true 3 false false false false
11-8-8533 Critical Recover from SS7 DoS Attack: If an SS7 Denial of Service (DoS) attack is detected, Service Provider and Network Operators should more aggressively apply the same thresholding and filtering mechanism used to prevent an attack (NRIC BP 8053). The alert/alarm will specify the target of the attack. Isolate, contain and, if possible, physically disconnect the attacker. If necessary, isolate the targeted network element and disconnect to force a traffic reroute. Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; false false false false true true true 3 false false false false
11-8-8534 Important Recover from Anonymous SS7 Use: If logs or alarms determine an SS7 table has been modified without proper authorization, Service Provider and Network Operators should remove invalid records, or in the event of a modification, rollback to last valid version of record. Investigate the attack to identify required security changes. Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Elements; Network Operations; Cross reference with 7-7-8534 developed under NRIC. false false false false true true true 1 false false false false
11-8-8535 Critical Recover from Voice over IP (VoIP) Device Masquerades or Voice over IP (VoIP) Server Compromise: If a Voice over IP (VoIP) server has been compromised, Service Provider and Network Operators should disconnect the server; the machine can be rebooted and reinitialized. Redundant servers can take over the network load and additional servers can be brought on-line if necessary. In the case of VoIP device masquerading, if the attack is causing limited harm, logging can be turned on and used for tracking down the offending device. Law enforcement can then be involved as appropriate. If VoIP device masquerading is causing significant harm, the portion of the network where the attack is originating can be isolated. Logging can then be used for tracking the offending device. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Operations; PacketCable Security specification. Cross reference with 7-7-8535 developed under NRIC. true true false false true true true 3 false false false false
11-8-8537 Critical Recover from Cellular Service Anonymous Use or Theft of Service: If anonymous use or theft of service is discovered, Service Providers and Network Operators should 1) disable service for attacker, 2) Involve law enforcement as appropriate, since anonymous use is often a platform for crime. If possible, triangulate client to identify and disable. If the wireless client was cloned, remove the ESN (Electronic Serial Number) to disable user thus forcing support contact with service provider. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Telcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc. Cross reference with 7-7-8537 developed under NRIC. true true true true true true true 3 true false false false
11-8-8539 Critical Recover from Cellular Network Denial of Service Attack: If the attack is IP based, Service Provider and Network Operators should reconfigure the Gateway General Packet Radio Service Support Node (GGSN) to temporarily drop all connection requests from the source. Another approach is to enforce priority tagging. Triangulate the source(s) to identify and disable. (It is easier to recover from a cellular network denial of service attack if the network is engineered with redundancy and spare capacity). Wireless; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Telcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc. Cross reference with 7-7-8539 developed under NRIC. false false false true false true true 3 false false false false
11-8-8549 Critical Lack of Business Recovery Plan: When a Business Recovery Plan (BRP) does not exist, Service Providers and Network Operators should bring together an ad-hoc team to address the current incident. The team should have technical, operations, legal, and public relations representation. Team should be sponsored by senior management and have a direct communication path back to management sponsor. If situation exceeds internal capabilities consider contracting response/recovery options to 3rd party security provider. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations; IETF RFC2350, CMU/SEI-98-HB-001. Cross reference with 7-7-8549 developed under NRIC. true true true true true true true 3 false false false false
11-8-8551 Critical Responding to New or Unrecognized Event: When responding to a new or unrecognized event, Service Providers and Network Operators should follow processes similar to Appendix Y of the NRIC VII, Focus Group 2B Report Appendices. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Network Operations; Cross reference with 7-7-8551 developed under NRIC. true true true true true true true 3 false false false false
11-8-8555 Critical Recovery from Lack of an Incident Communications Plan: If an incident occurs and a communications plan is not in place, Service Providers, Network Operators, and Equipment Suppliers should, depending on availability of resources and severity of the incident, assemble a team as appropriate:
��������� In person
��������� Conference Bridge
��������� Other (Email, telephonic notification lists)
Involve appropriate organizational divisions (business and technical)
��������� Notify Legal and PR for all but the most basic of events
��������� PR should be involved in all significant events
��������� Develop corporate message(s) for all significant events � disseminate as appropriate
If not already established, create contact and escalation procedures for all significant events.” Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations; true true true true true true true 3 true false false false
11-8-8556 Highly Important Recovery from the Absence of a Monitoring Requests Policy: In the absence of a monitoring request policy, Service Providers and Network Operators should refer all communications intercept requests to corporate counsel. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; true true true true true true true 2 false false false false
11-8-8557 Critical Recovery from Lack of Security Reporting Contacts: If an abuse incident occurs without reporting contacts in place, Service Providers and Network Operators should: 1) Ensure that the public-facing support staff is knowledgeable of how both to report incidents internally and to respond to outside inquiries. 2) Ensure public facing support staff (i.e, call/response center staff) understands the security referral and escalation procedures. 3) Disseminate security contacts to industry groups/coordination bodies where appropriate. 4) Create e-mail IDs per rfc2142 and disseminate. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; true true true true true true true 3 true false false false
11-8-8559 Critical Recovery from Lack of IDS/IPS Maintenance: In the event of a security threat, Service Providers and Network Operators should upload current IDS/IPS signatures from vendors and re-verify stored data with the updated signatures. Evaluate platform’s ability to deliver service in the face of evolving threats and consider upgrade/replacement as appropriate. Review Incident Response Post-Mortem Checklist (NRIC BP 8564). Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; NIST SP800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94 . true true true true true true false 3 false false false false
11-8-8561 Critical Recovery from Denial of Service Attack – Target: If a network element or server is under DoS attack, Service Providers and Network Operators should evaluate the network and ensure issue is not related to a configuration/hardware issue. Determine direction of traffic and work with distant end to stop inbound traffic. Consider adding more local capacity (bandwidth or servers) to the attacked service. Where available, deploy DoS/DDoS specific mitigation devices and/or use anti-DoS capabilities in local hardware. Coordinate with HW vendors for guidance on optimal device configuration. Where possible, capture hostile code and make available to organizations such as US-CERT and NCS/NCC for review. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Cyber Security; Disaster Recovery; Emergency Preparedness; true true true true true false true 3 false false false false
11-8-8562 Critical Recovery from Denial of Service Attack – Unwitting Agent: If an infected (zombie) device is detected, Service Providers and Network Operators should isolate the box and check integrity of infrastructure and agent. Adjust firewall settings, patch all systems and restart equipment. Consider making system or hostile code available for analysis to 3rd party such as US-CERT, NCC, or upstream provider’s security team if hostile code does not appear to be known to the security community. Review Incident Response Post-Mortem Checklist (NRIC BP 8548). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; true true true true true true true 3 false false false false
11-8-8563 Critical Recovery from Denial of Service Attack � Equipment Vulnerability: When a denial of service vulnerability or exploit is discovered, Equipment Suppliers should work with clients to ensure devices are optimally configured. Where possible, analyze hostile traffic for product improvement or mitigation/response options, disseminate results of analysis. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Cyber Security; Disaster Recovery; Emergency Preparedness; true true true true true false false 3 true false false false
11-8-8566 Highly Important Recovery from Unauthenticated Patching Systems: Service Providers, Network Operators, and Equipment Suppliers should assure that patching distribution hosts properly sign all patches. Critical systems must only use OSs and applications which employ automated patching mechanisms, rejecting unsigned patches. If a patch fails or is considered bad, restore OS and applications from known good backup media. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Operations; Software; Configuration guide for security from NIST (800-53 Rev. 3). true true false true true true true 2 false false false false
11-8-8600 Critical Ad-hoc Wifi Policies: Service Providers and Network Operators should implement policies and practices that prohibit ad-hoc wireless networks. An ad-hoc wireless network is a peer-to-peer style network connecting multiple computers with no core infrastructure. They are not considered secure and are commonly associated with malicious activity. Wireless; Network Operator; Service Provider; Cyber Security; http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97 false false false true false true true 3 false false false false
11-8-8601 Critical Wifi Policies: Service Providers and Network Operators should establish policies to ensure only authorized wireless devices approved by the network managing body or network security are allowed on the network. Unauthorized devices should be strictly forbidden. Wireless; Network Operator; Service Provider; Cyber Security; http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97 false false false true false true true 3 false false false false
11-8-8602 Critical Wifi Standards: Service Providers and Network Operators, should implement applicable industry standards for wireless authentication, authorization, and encryption (e.g. WPA2 should be considered a minimum over WEP which is no longer considered secure). Wireless; Network Operator; Service Provider; Cyber Security; Encryption; http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97 false false false true false true true 3 false false false false
11-8-8603 Critical Wifi Standards: Service Providers and Network Operators should implement applicable industry standards to ensure all devices on the Wireless LAN (WLAN) network enforce network security policy requirements. Wireless; Network Operator; Service Provider; Cyber Security; Encryption; Policy; http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97 false false false true false true true 3 false false false false
11-8-8604 Highly Important Wifi Intrusion Prevention/Detection: Network Operators should consider installation of a Wireless Intrusion System at all locations to detect the presence of unauthorized wireless systems. At a minimum, routine audits must be undertaken at all sites to identify unauthorized wireless systems. Wireless; Network Operator; Cyber Security; Encryption; Intrusion Detection; http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97
https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml false false false true false false true 2 false false false false
11-8-8605 Important WiFI Signal Strength: Service Providers and Network Operators should minimize wireless signal strength exposure outside of needed coverage area. Wireless; Network Operator; Service Provider; Cyber Security; http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97 false false false true false true true 1 false false false false
11-8-8606 Important Blue Tooth Interfaces: Network Operators should turn off Bluetooth interfaces when not in use and disable Bluetooth’s discovery feature, whereby each device announces itself to all nearby devices. Wireless; Network Operator; Cyber Security; Hardware; Network Interoperability; http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.html false false false true false false true 1 false false false false
11-8-8607 Important Blue tooth Power: Network Operators should configure Bluetooth devices to use the lowest power that meets business needs. Class 3 (encrypts all traffic) devices transmit at 1 mW and cannot communicate beyond 10 meters, while class 1 devices transmit at 100 mW to reach up to 100 meters. For best results, use mode 3 to enforce link authentication and encryption for all Bluetooth traffic, and discourage business use of devices that support only mode 1 (no encryption). Wireless; Network Operator; Cyber Security; Hardware; Network Interoperability; http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.html false false false true false false true 1 false false false false
11-8-8608 Important Bluetooth Passwords: Network Operators should password protect both devices to prevent use of lost / stolen units. If possible, do not permanently store the pairing PIN code on Bluetooth devices. Wireless; Network Operator; Cyber Security; Hardware; Network Interoperability; http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.html false false false true false false true 1 false false false false
11-8-8609 Important Awareness: Service Providers and Government should promote education for the safe use of all Bluetooth-capable devices and define security policies that impact business. Wireless; Government; Service Provider; Cyber Security; Hardware; Network Interoperability; http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.html false false false true false true false 1 false false true false
11-8-8610 Important Bluetooth Paring: Network Operators should pair devices in a private location using a long random PIN code. Avoid default PIN codes, easily guessed PIN codes (“000”) and devices that do not support configurable PIN Codes. Wireless; Network Operator; Cyber Security; Hardware; Network Interoperability; http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.html false false false true false false true 1 false false false false
11-8-8611 Important Bluetooth Authentication: Network Operators should require authentication on both devices. Configure Bluetooth products so that users must accept incoming connection requests. Wireless; Network Operator; Cyber Security; Hardware; Intrusion Detection; Network Interoperability; http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.html false false false true false false true 1 false false false false
11-8-8612 Important Bluetooth Scanning: Network Operators and Government should scan the airwaves (where possible) inside your business to locate all Bluetooth capable devices. Inventory all discovered devices with Bluetooth interfaces, including hardware model, OS, and version. Perform searches on Bluetooth vulnerability and exposure databases to determine whether the devices are impacts. Wireless; Government; Network Operator; Cyber Security; Hardware; Network Interoperability; http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.html false false false true false false true 1 false false true false
11-8-8613 Important Awareness: Service providers should educate their Enterprise customers on the importance of establishing a mobile device security policy to reduce threats without overly restricting usability. Wireless; Service Provider; Cyber Security; Hardware; Intrusion Detection; http://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-security false false false true false true false 1 false false false false
11-8-8614 Highly Important Mobility Handset Passwords: Service Providers and Network Operators should enforce strong passwords for mobile device access and network access. Automatically lock out access to the mobile device after a predetermined number of incorrect passwords (typically five or more). Wireless; Network Operator; Service Provider; Cyber Security; Hardware; http://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-security false false false true false true true 2 false false false false
11-8-8615 Highly Important Mobility Handset Wipe: Service Providers and Network Operators should perform a remote wipe (i.e. reset the device back to factory defaults) when an employee mobile device is lost, stolen, sold, or sent to a third party for repair. Organizations need to have a procedure set for users who have lost their devices. Wireless; Network Operator; Service Provider; Cyber Security; Hardware; http://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-security false false false true false true true 2 false false false false
11-8-8616 Important Mobility Handset Encryption: Network Operators should encrypt local storage (where possible), including internal and external memory. Wireless; Network Operator; Cyber Security; Encryption; Hardware; http://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-security false false false true false false true 1 false false false false
11-8-8617 Important Mobility Handset VPN: Network Operators should enforce the use of virtual private network (VPN) connections between the employee mobile device and enterprise servers. Wireless; Network Operator; Cyber Security; Hardware; http://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-security false false false true false false true 1 false false false false
11-8-8618 Important Mobility Handset Upgrades: Network Operators should perform centralized configuration and software upgrades “over the air” rather than relying on the user to connect the device to a laptop / PC for local synchronization. Wireless; Network Operator; Cyber Security; Hardware; http://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-security false false false true false false true 1 false false false false
11-8-8619 Important Mobility Handset Security: Network Operators should ensure that mobile applications remove all enterprise information from the device. Wireless; Network Operator; Cyber Security; Hardware; http://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-security false false false true false false true 1 false false false false
11-8-8620 Important Mobility Handeset Security Education: Service Providers and Network Operators should provide a program of employee education that teaches employees about mobile device threats and enterprise mobile device management and security policies. Wireless; Network Operator; Service Provider; Cyber Security; Hardware; http://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-security false false false true false true true 1 false false false false
11-8-8621 Important Mobility Handset Applications: Network Operators should limit the installation of unsigned third party applications to prevent outside parties from requisitioning control of your devices. Wireless; Network Operator; Cyber Security; Hardware; http://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/ false false false true false false true 1 false false false false
11-8-8622 Important Mobility Handset Firewalls: Network Operators, where possible, should setup unique firewall policies specifically for traffic coming from smart phones. Wireless; Network Operator; Cyber Security; Hardware; http://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/ false false false true false false true 1 false false false false
11-8-8623 Important Mobility Handset Intrusion Detection: Network Operators, where possible, should have intrusion prevention software examine traffic coming through mobile devices. Wireless; Network Operator; Cyber Security; Hardware; Intrusion Detection; http://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/ false false false true false false true 1 false false false false
11-8-8624 Important Mobility Handset Antivirus: Network Operators, where possible, should utilize anti-virus software for the mobile devices. Wireless; Network Operator; Cyber Security; Hardware; http://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/ false false false true false false true 1 false false false false
11-8-8625 Highly Important Femtocell Security: Service Providers and Network Operators should ensure connections between Femtocell and Femto Gateway follow industry standardized IPSec protocol. Connection between Femtocell and Femto OAM system must be based on TLS/SSL protocol while management traffic flow is outside of the IPSec tunnel. Optionally, the management traffic may also be transported through Secure Gateway over IPSec once the IPSec tunnel between Femtocell and Secure Gateway is established. Wireless; Network Operator; Service Provider; Cyber Security; Encryption; Hardware; Network Interoperability; false false false true false true true 2 false false false false
11-8-8626 Highly Important Femtocell Security: Service Providors should ensure that enterprise Femtocell Hardware authentication must be certificate based. Wireless; Service Provider; Cyber Security; Hardware; Network Interoperability; false false false true false true false 2 false false false false
11-8-8627 Important Femtocell Security: Equipment Suppliers should ensure enterprise Femtocell hardware shall be tamper-proof. Wireless; Equipment Supplier; Cyber Security; Hardware; Network Interoperability; false false false true false false false 1 true false false false
11-8-8628 Important Service Providers should ensure all Base Transceiver Station (BTS) security relevant events, e.g. apparent security violations, completion status of operations, invalid or unsuccessful logon attempts, userid, logon time, etc are to be recorded. Wireless; Service Provider; Cyber Security; Hardware; Intrusion Detection; Network Interoperability; false false false true false true false 1 false false false false
11-8-8630 Important Femtocell Security: Service Providers and Network Operators should ensure Femtocell access control is flexible to be based on: individual Femtocell; or group of Femtocells; and/or entire Enterprise Femto System. The access control list administration, where feasible should be web GUI based, and userid / password authenticated. Wireless; Network Operator; Service Provider; Cyber Security; Hardware; Intrusion Detection; Network Interoperability; false false false true false true true 1 false false false false
11-8-8631 Important Wireless Encryption: Service Providers and Equipment Suppliers should establish application support for cryptography that are based on open and widely reviewed and implemented encryption algorithms and protocols. Examples of acceptable algorithms and protocols include AES, Blowfish, RSA, RC5, IDEA, SSH2, SSLv3, TLSv1, and IPSEC. Products should not rely on proprietary or obscure cryptographic measures for security. Wireless; Equipment Supplier; Service Provider; Cyber Security; Encryption; Hardware; false false false true false true false 1 true false false false
11-8-8632 Important Wireless Encryption: Equipment Suppliers in order to secure all key exchange applications, algorithms with strengths similar to 2,048-bit RSA or Diffie-Hillman algorithms with a prime group of 2,048 bits should be used. Anonymous Diffie-Hillman must not be supported. Wireless; Equipment Supplier; Cyber Security; Encryption; Hardware; false false false true false false false 1 true false false false
11-8-8633 Important Wireless Policies and Standards: Service Providers, Network Operators, and Equipment Suppliers should design passwords used for an application login to be consistent with applicable industry security guidelines and policies. Whether between the client and the server or among servers, passwords must not be transmitted �in the clear.� SSL should be used for any transaction involving authentication. The transmission of session IDs should be similarly protected with SSL. Wireless; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Hardware; Information Protection; false false false true false true true 1 true false false false
11-8-8634 Important Wireless Encryption: Service Providers and Network Operators should implement for all symmetric secure data integrity applications, algorithms with strengths similar to HMAC-MD5-96 with 128-bit keys, HMAC-SHA-1-96 with 160-bit keys, or AES-based randomized message authentication code (RMAC) being the standard used. Wireless; Network Operator; Service Provider; Cyber Security; Encryption; Hardware; false false false true false true true 1 false false false false
11-8-8635 Highly Important Wireless Encryption: Service Providers and Network Operators should implement Authenticated Key Agreement (AKA) protocol to provide user and network with a session specific random shared-key that can be used for confidential communication. Wireless; Network Operator; Service Provider; Cyber Security; Encryption; false false false true false true true 2 false false false false
11-8-8636 Highly Important Protection from eavesdropping: Service Providers and Network operators should take steps to protect user data from evasdropping and/or being tampered in transit; Ensure user has the correct credentials; Accuracy and efficiency of accounting. Wireless; Network Operator; Service Provider; Cyber Security; Intrusion Detection; false false false true false true true 2 false false false false
11-8-8637 Highly Important Wireless Encryption: Service Providers and Network Operators should take steps to ensure all traffic on a 4G network is encrypted using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) which uses AES for transmission security and data integrity authentication. Wireless; Network Operator; Service Provider; Cyber Security; Encryption; false false false true false true true 2 false false false false
11-8-8638 Important Wireless Encryption: Service Providers and Network Operators should enable the Mobile MiMAX system to provide secure communications by encrypting data traffic and use PKM (Privacy Key Management) Protocol that allows for the Base Station to authenticate the MS/CPE and not vice versa. Wireless; Network Operator; Service Provider; Cyber Security; Encryption; false false false true false true true 1 false false false false
11-8-8639 Important Wireless Authentication: Service Providers and Network Operators should use strong certificate-based authentication ensuring network access, digital content and software services can be secured from unauthorized access. Wireless; Network Operator; Service Provider; Cyber Security; false false false true false true true 1 false false false false
11-8-8640 Highly Important Wireless Encryption: Service Providers, Network Operators, and Equipment Suppliers should use NSA approved encryption and authentication for all Satcom command uplinks; downlink data encrypted as applicable depending on sensitivity/classification. Satellite; Network Operator; Service Provider; Cyber Security; Encryption; Committee on National Security Systems Policy (CNSSP) 12, National Information Assurance Policy for Space Systems Used to Support National Security Missions, 20 March 2007 false false true false false true true 2 false false false false
11-8-8641 Important Mitigation Strategies: Service Providers and Network Operators should implement mitigation strategies against physical threat vectors that affect the satellite, the availability of communications, the integrity and confidentiality of satellite, and the performance of communications. Satellite; Network Operator; Service Provider; Cyber Security; �Satellite Security� Online Journal of Space Communication, number 6 (Winter 2004) http://spacejournal.ohio.edu/issue6/main.html false false true false false true true 1 false false false false
11-8-8642 Important Wireless Standards: Service Providers and Network Operators should consider integration of open standardized protocols to meet communication-level performance and security goals. Satellite; Network Operator; Service Provider; Cyber Security; Space Communications Protocol Standards (SCPS) Including ISO Standards 15891:2000 through 15894:2000 and related documents http://www.scps.org/ false false true false false true true 1 false false false false
11-8-8643 Important Mobility Handset Standards: Network Operators should sanitize employee mobile devices when removed from service. Mobile devices and other electronic equipment that contain or access sensitive information, or have been used to access sensitive information in the past, should be processed to ensure all data is permanently removed in a manner that prevents recovery before they are disposed of as surplus equipment or returned to the vendor. Wireless; Network Operator; Cyber Security; Hardware; Intrusion Detection; Source: http://www.k-state.edu/its/security/procedures/mobile.html false false false true false false true 1 false false false false
11-8-8644 Important Mobility Handset Standards: Network Operators should required Data Encryption for all employee mobile devices that contain sensitive data. If sensitive information must reside on a mobile device, it should be encrypted. The decryption key should be entered manually; this step should not be automated. A means should exist to recover encrypted data when the decryption key is lost. Require the use of laptop encryption and password-protection. Wireless; Network Operator; Cyber Security; Encryption; Hardware; Source: http://www.k-state.edu/its/security/procedures/mobile.html false false false true false false true 1 false false false false
11-8-8645 Important Mobility Handset Standards: Network Operators should set policy that requires any sensitive information transmitted to or from the employee mobile device be encrypted and/or transferred with a secure data transfer utility. Use of a secure connection or protocol, such as SSL, that guarantees end-to-end encryption of all data sent or received should be included in policy. Devices with wireless capability pose an additional risk of unauthorized access and tampering. These capabilities should be disabled, secured, or protected with a firewall. Wireless; Network Operator; Cyber Security; Encryption; Hardware; Source: http://www.k-state.edu/its/security/procedures/mobile.html false false false true false false true 1 false false false false
11-8-8646 Important Wireless Tethering: Service providers should devise a means of enforcing security over tethered connections. When Tethering via a mobile device for data communication, an encryption methodology, such as IPSEC or SSL/VPN should be utilized to ensure session security. Wireless; Service Provider; Cyber Security; http://en.wikipedia.org/wiki/Tethering false false false true false true false 1 false false false false
11-8-8649 Important General: Service Providers should classify their cloud service against one of the defined industry cloud service architecture models (e.g., software as a service [SaaS], platform as a service [PaaS] or infrastructure as a service [IaaS]) and the deployment model being utilized (e.g., private cloud, community cloud, public cloud or hybrid cloud) to determine the general �security� posture of the specific cloud service, how it relates to asset�s assurance and security protection requirements, and define the needed security architecture to mitigate security risks. Cable; Wireless; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; NIST 800-53 revision 3: Recommended Security Controls for Federal Information Systems and Organizations security control catalogue. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 true false false true false true true 1 false false false false
11-8-8650 Important Risk Management and Governance in the Cloud: Service Providers should periodically conduct risk assessments of their information security governance structure and processes, security controls, information security management processes, and operational processes. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; NIST 800-53 revision 3: Recommended Security Controls for Federal Information Systems and Organizations security control catalogue. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 true true false false true true true 1 false false false false
11-8-8651 Highly Important Cloud Business Continuity Planning and Disaster Recovery: Service Provider should have a documented Business Continuity and Disaster Recovery Plan. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations; NIST 800-53 revision 3: Recommended Security Controls for Federal Information Systems and Organizations security control catalogue. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1. true true false false true true true 2 false false false false
11-8-8652 Highly Important General: Service Provider and Network Operators should implement access controls (firewalls, access control lists, etc.) to administrative interfaces as well as those normally carrying customer traffic. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Interoperability; Network Operations; IETF RFC 4942 true true false false true true true 2 false false false false
11-8-8653 Highly Important General: Service Providers and Network Operators should test current equipment for IPv4/IPv6 compatibility for the specific network deployment. Cable; Internet/Data; Wireless; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; Network Operations; NIST SP 800-119 (Draft) 2.4 true true false true false true true 2 false false false false
11-8-8654 Important Routing Integrity: Service Providers and Network Operators should use explicit static configuration of addresses, routing protocols and parameters at peering point interfaces rather than neighbor discovery or defaults. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; Network Operations; true true false false true true true 1 false false false false
11-8-8655 Important Routing Integrity: Service Providers and Network Operators should employ protocol-specific mechanisms or IPSec as applicable. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; Network Operations; NIST SP 800-119 (Draft) 3.6.2 true true false false true true true 1 false false false false
11-8-8656 Important Routing Integrity: Service Provider and Network Operators should use static neighbor entries rather than neighbor discovery for critical systems Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; Network Operations; true true false false true true true 1 false false false false
11-8-8657 Important Routing Integrity: Service Provider and Network Operators should use BGP ingress and egress prefix filtering, TCP MD5 or SHA-1 authentication. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Interoperability; Network Operations; NIST SP 800-54 true true false false true true true 1 false false false false
11-8-8658 Important Routing Integrity: Service Providers and Network Operators should use IPv6 BOGON lists to filter un-assigned address blocks at Network boundaries. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Interoperability; Network Operations; true true false false true true true 1 false false false false
11-8-8659 Important Packet Filtering: Service Providers and Network Operators should apply IPv6 and IPv4 anti-spoofing and firewall rules as applicable, wherever tunnel endpoints decapsulate packets. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Interoperability; Network Operations; NIST SP 800-119 (Draft) 6.5.2 true true false false true true true 1 false false false false
11-8-8660 Important Packet Filtering: Service Providers and Network Operators should have access control lists for IPv6 that are comparable to those for IPv4, and that also block new IPv6 multicast addresses that ought not to cross the administrative boundary. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Interoperability; Network Operations; NIST SP 800-119 (Draft) 4.2.3 true true false false true true true 1 false false false false
11-8-8661 Important Packet Filtering: Service Providers and Network Operators should block tunneling protocols (for example, IP protocol 41 and UDP port 3544) at points where they should not be used. Tunnels can bypass firewall/perimeter security. Use static tunnels where the need for tunneling is known in advance. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Interoperability; Network Operations; NIST SP 800-119 (Draft) 2.4 true true false false true true true 1 false false false false
11-8-8662 Important Packet Filtering: Service Providers and Network Operators should filter internal-use IPv6 addresses at provider edge and network perimeter. Internet/Data; Wireless; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Interoperability; Network Operations; IETF RFC 4942 2.1.3 false true false true false true false 1 false false false false
11-8-8663 Important VOIP Standards: Service Providers and Network Operators should use dedicated VoIP servers for the VOIP service, if possible Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Operations; DISA – VoIP0270 true true false false true true true 1 false false false false
11-8-8664 Important Packet Filtering: Service Providers and Network Operators should block protocols meant for internal VoIP call control use at the VoIP perimeter. Cable; Internet/Data; Wireless; Network Operator; Service Provider; Cyber Security; Network Design; Network Operations; DISA-VoIP0220; DISA-VoIP0230 true true false true false true true 1 false false false false
11-8-8665 Important Packet Filtering: Service Providers and Network Operators should proxy remote HTTP access to the VoIP perimeter firewalls. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Operations; DISA-VoIP0245 true true false false true true true 1 false false false false
11-8-8666 Important Administration: Service Providers and Network Operators should block VoIP firewall administrative/management traffic at the perimeter or Tunnel/encrypt this traffic using VPN technology or administer/manage this traffic out of band. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Encryption; Intrusion Detection; Network Design; Network Operations; DISA-VoIP0210 true true false false true true true 1 false false false false
11-8-8667 Important VOIP Standards: Service Providers and Network Operators should route HTTP access from the VoIP environment through the data environment and use HTTPS if at all possible. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Operations; DISA-VoIP0245 true true false false true true true 1 false false false false
11-8-8668 Important Use continuity management to protect information: Service Providers and Network Operators should establish a business continuity process for information, identify the events that can classified as business interuption, test and update the business continuity plan. Internet/Data; Network Operator; Service Provider; Business Continuity; Cyber Security; Network Operations; ISO 27002 Information Security Standards false true false false false true true 1 false false false false
11-8-8669 Highly Important Network Connection Control: Service Providers and Network Operators should ensure that access to shared networks, including those that cross organizational boundaries, as well as internal network and customer management infrastructures, is restricted, as per the Company’s access control policy. These restrictions apply to systems, applications, and users, and is enforced via a router, firewall,or similar device allowing for rule-based traffic filtering, thereby ensuring a logical separation of networks. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Elements; Network Operations; Security Systems; ISO/IEC 27002 (17799) [2005] false true false false false true true 2 false false false false
11-8-8670 Important Protect exchange of information: Service Providers, Network Operators, and Equipment Suppliers should consider establishing information exchange policies and procedures, establish information and software exchange agreements, safeguard transportation of physical media. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Design; Network Operations; Policy; ISO 27002 Information Security Standards false true false false false true true 1 true false false false
11-8-8671 Important Protect Unattended Workstations: Service Providers and Network Operators should have policies and enforce that unattended workstations should be protected from unathorized access 1) Individual Username/Password authentication must be required to access resources. 2) Physical access must be restricted to workstations. 3) Where possible idle workstations must default to password protected screensaver after an established time lapse (e.g. 15 minutes). Internet/Data; Network Operator; Service Provider; Access Control; Cyber Security; Hardware; Intrusion Detection; Network Operations; Policy; http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1 Octave Catalog of Practices, Version 2.0, CMU/SEI-2001- TR-20 (http://www.cert.org/archive/pdf/01tr020 ) Practice OP1.2.4 false true false false false true true 1 false false false false
11-8-8672 Important Spam: Network Operators should block incoming email file attachments with specific extensions know to carry infections, or should filter email file attachment based on content properties. Internet/Data; Network Operator; Cyber Security; Intrusion Detection; Network Operations; Source: Stopping Spam � Report of the Task Force on Spam � May 2005IS false true false false false false true 1 false false false false
11-8-8673 Important Spam: Network Operators should establish inbound connection limits on all services. Internet/Data; Network Operator; Cyber Security; Intrusion Detection; Network Design; Network Operations; Source: http://www.linuxmagic.com/opensource/anti_spam/bestpractices false true false false false false true 1 false false false false
11-8-8674 Important Spam: Service Providers and Network Operators should stop all access attempts from IP Addresses with no reverse DNS at the connection level. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: http://www.linuxmagic.com/opensource/anti_spam/bestpractices false true false false false true true 1 false false false false
11-8-8675 Important Spam: Network Operators should stop all SMTP traffic that has reverse DNS, which reflects home PC connections (i.e. 0.0.127.mydialup.bigisp.com). Internet/Data; Network Operator; Cyber Security; Intrusion Detection; Network Operations; Source: http://www.linuxmagic.com/opensource/anti_spam/bestpractices false true false false false false true 1 false false false false
11-8-8676 Important Spam: Network Operators should employ Optical Character Recognition techniques which allow the ability to read text even when it appears as a graphic image. Internet/Data; Network Operator; Cyber Security; Intrusion Detection; Network Operations; Source: Anti-Spam Best Practices and Technical Guidelines false true false false false false true 1 false false false false
11-8-8677 Important Spam: Network Operators should perform content analysis of In-bound e-mails. Internet/Data; Network Operator; Cyber Security; Intrusion Detection; Network Operations; Source: Anti-Spam Best Practices and Technical Guidelines false true false false false false true 1 false false false false
11-8-8678 Important Spam: Network Operators and Service Providers should apply URL detection techniques to detect the domain name of spammers. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: Anti-Spam Best Practices and Technical Guidelines. false true false false false true true 1 false false false false
11-8-8679 Important Spam: Network Operators and Service Providers should avoid acting as a backup MX for other companies. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: http://www.linuxmagic.com/opensource/anti_spam/bestpractices false true false false false true true 1 false false false false
11-8-8680 Important Spam: Network Operators should avoid quarantining email as much as possible. Internet/Data; Network Operator; Cyber Security; Intrusion Detection; Network Operations; Source: http://www.linuxmagic.com/opensource/anti_spam/bestpractices false true false false false false true 1 false false false false
11-8-8681 Important Spam: Network Operators and Service Providers should consider employing IP Reputation Services. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: Combating Spam � Best Practices false true false false false true true 1 false false false false
11-8-8682 Important Spam: Network Operators and Service Providers should enforce SMTP authentication. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: http://www.linuxmagic.com/opensource/anti_spam/bestpractices false true false false false true true 1 false false false false
11-8-8683 Important Spam: Network Operators and Service Providers should not allow default catch all addresses. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: http://www.linuxmagic.com/opensource/anti_spam/bestpractices false true false false false true true 1 false false false false
11-8-8684 Important Spam: Network Operators and Service Providers should not routinely bounce email wherever possible (valid user checking and virus scanning). Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: http://www.linuxmagic.com/opensource/anti_spam/bestpractices false true false false false true true 1 false false false false
11-8-8685 Important Spam: Network Operators should check sender authentication Internet/Data; Network Operator; Cyber Security; Intrusion Detection; Network Operations; Source: Anti-Spam Best Practices and Technical Guidelines false true false false false false true 1 false false false false
11-8-8686 Important Spam: Network Operators and Service Providers should employ DNS lookup techniques which are able to determine if the sending e-mail is legitimate and has a valid host name. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: Anti-Spam Best Practices and Technical Guidelines false true false false false true true 1 false false false false
11-8-8687 Important Spam: Network Operators and Service Providers should establish an Internal Email Address to which Spam can be forwarded by Employees. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: Anti-Spam Best Practices and Technical Guidelines false true false false false true true 1 false false false false
11-8-8688 Important Spam: Network Operators and Service Providers should use Anti-Relay Systems to Protect Mail servers from being hijacked. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Source: Anti-Spam Best Practices and Technical Guidelines false true false false false true true 1 false false false false
11-8-8689 Critical Network Access Control for Signaling: Network Operators should ensure that signaling interface points that connect to IP Private and Corporate networks interfaces are well hardened and protected with firewalls that enforce strong authentication policies. Internet/Data; Network Operator; Cyber Security; Intrusion Detection; Network Design; Network Operations; Security Systems; false true false false false false true 3 false false false false
11-8-8690 Important Protect Network/Management Infrastructure from Unexpected File System Changes: Service Providers and Network Operators should deploy tools to detect unexpected changes to file systems on Network Elements and Management Infrastructure systems where feasible and establish procedures for reacting to changes. Use techniques such as cryptographic hashes. Internet/Data; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Design; Network Operations; Security Systems; www.cert.org/security-improvement/practices/p072.html, www.cert.org/security-improvement/practices/p096.html; Dependency on NRIC BP 8548. Related to BP 8103. false true false false false true true 1 false false false false
11-8-8691 Important Cybersecurity Awareness: Network Operators, Service Providers and Equipment Suppliers should develop employee education programs that emphasize the need to comply with security policies. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Intrusion Detection; Policy; Public Safety Service; Training Awareness; http://www.alertboot.com/blog/blogs/endpoint_security/archive/2010/06/15/laptop-encryption-software-for-social-security-administration-telecommuters.aspx true true true true true true true 1 true false false false
11-8-8692 Important Customer Acceptable Use Policy: Network Operators and Service Providers should develop an acceptable use policy for customers of their services and enforce it. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Policy; true true true true true true true 1 false false false false
11-8-8693 Important Cybersecurity Awareness: Network Operators, Service Providers and Equipment Suppliers should create a security awareness strategy that includes communicating to everyone from new hires to human resources to senior management. Utilize multiple channels and target each audience specifically. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Intrusion Detection; Training Awareness; http://www.securityinnovation.com/pdf/security-awareness-best-practices true true true true true true true 1 true false false false
11-8-8694 Important Threat Management: Network Operators, Service Providers and Equipment Suppliers should keep their programs flexible. What is considered a security best practice today might be obsolete tomorrow. Changing factors include new technologies, changing business models, emerging threats and growth of the network and the user base. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Training Awareness; http://ezinearticles.com/?Employee-Security-Awareness&id=4084497 true true true true true true true 1 true false false false
11-8-8695 Important Management Support: Network Operators, Service Providers and Equipment Suppliers should obtain senior management approval and support for a corporate wide People/Awareness/Security Awareness program. This will help to lead to behavior and policy changes. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Training Awareness; http://www.securityinnovation.com/pdf/security-awareness-best-practices true true true true true true true 1 true false false false
11-8-8696 Important Employment: Network Operators, Service Providers and Equipment Suppliers should work with their HR departments to consider making acknowledgement and agreement regarding information security a condition of employment. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Human Resources; Training Awareness; http://ezinearticles.com/?Employee-Security-Awareness&id=4084497 true true true true true true true 1 false false false false
11-8-8697 Important Social Engineering Vulnerability Assessment: Network Operators and Service Providers should consider conducting Social Engineering Audits such as tests for vulnerabilities or unauthorized access to systems, networks and information. Systems range from computer networks to physical access to locations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Human Resources; Intrusion Detection; Security Systems; Training Awareness; “Sources : http://social-engineer.org/wiki/archives/PenetrationTesters/Pentest-Sharon.htm
http://social-engineer.org/wiki/archives/PenetrationTesters/Pentest-HackerTactics.html
http://social-engineer.org/wiki/archives/PenetrationTesters/Pentest-Dolan.html
http://social-engineer.org/wiki/archives/PenetrationTesters/Pentest-Winkler.html
” true true true true true true true 1 true false false false
11-8-8698 Important Firewall Protection: Service Providers & Network Operators should utilize firewall protection on all computing devices.: Whenever available for a mobile communications device, firewall software should be installed and utilized. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Security Systems; Source: http://www.k-state.edu/its/security/procedures/mobile.html true true true true true true true 1 false false false false
11-8-8699 Important Data Leakage: Service Providers and Network Operators should develop employee education programs that emphasize the need to comply with policies and the DLP program. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Training Awareness; Source: http://www.alertboot.com/blog/blogs/endpoint_security/archive/2010/06/15/laptop-encryption-software-for-social-security-administration-telecommuters.aspx true true true true true true true 1 false false false false
11-8-8700 Important Data Leakage: Service Providers and Network Operators should have and enforce disciplinary programs for employees who do not follow Data Loss Prevention (DLP) Guidelines. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Training Awareness; Source:http://www.alertboot.com/blog/blogs/endpoint_security/archive/2010/06/15/laptop-encryption-software-for-social-security-administration-telecommuters.aspx true true true true true true true 1 false false false false
11-8-8701 Important Security Maturity and Metrics: Network Operators, Service Providers and Equipment Suppliers should measure the effectiveness of their Security programs. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; Training Awareness; http://ezinearticles.com/?Employee-Security-Awareness&id=4084497 true true true true true true true 1 true false false false
11-8-8702 Important Security Policy: Network Operators and Service Providers should develop a detailed security policy addressing social engineering issues and enforce it throughout the company. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; Training Awareness; Source:http://www.windowsecurity.com/articles/Social_Engineers.html true true true true true true true 1 false false false false
11-8-8703 Important Security Policy: Network Operators, Service Providers and Equipment Suppliers should establish and enforce policy to lock up paperwork and magnetic media containing confidential information and destroy it when it is no longer needed. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Training Awareness; Source:http://www.windowsecurity.com/articles/Social_Engineers.html true true true true true true true 1 true false false false
11-8-8704 Important Security Policy: Network Operators, Service Providers and Equipment Suppliers should establish and enforce policy to physically secure the computers and network devices. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; Physical Security Management; Policy; Training Awareness; Source:http://www.windowsecurity.com/articles/Social_Engineers.html true true true true true true true 1 true false false false
11-8-8705 Important Identity Administration: Network Operators and Service Providers should have procedures for verifying identity of users to IT department and IT personnel to users (secret PINs, callback procedures, etc.). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; Training Awareness; Source:http://www.windowsecurity.com/articles/Social_Engineers.html true true true true true true true 1 false false false false
11-8-8706 Important Identity Administration: Network Operators and Service Providers should establish and enforce policy to prohibit disclosing passwords, to whom (if anyone) passwords can be disclosed and under what circumstances, procedure to follow if someone requests disclosure of passwords. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; Policy; Source:http://www.windowsecurity.com/articles/Social_Engineers.html true true false true true true true 1 false false false false
11-8-8707 Important Physical Security: Network Operators and Service Providers should establish and enforce policy to require users to log off, to use password protected screensavers when away from the computer, enable screenlock upon activity timeout, cautionary instructions on ensuring that no one is watching when you type in logon information, etc. Physical security measures to prevent visitors and outside contractors from accessing systems to place key loggers, etc. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Access Control; Cyber Security; Information Protection; Physical Security Management; Policy; Training Awareness; Source:http://www.windowsecurity.com/articles/Social_Engineers.html true true true true true true true 1 false false false false
11-8-8708 Important Security Policy: Network Operators and Service Providers should establish clear guidelines and policy on the corporate use of Social Media outlets. Before utilizing social media in any capacity, stop and consider the motivation of those that you are interacting with or targeting. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; Policy; Training Awareness; Source: Social Engineering Newsletter Volume 2, issue 7 http://www.social-engineer.org/Newsletter/SocialEngineerNewsletterVol02Is07.htm true true true true true true true 1 false false false false
11-8-8709 Important Identity Administration: Network Operators and Service Providers should establish policies governing destruction (shredding, incineration, etc.) of paperwork, disks and other media that hold information a hacker could use to breach security. Cable; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; Intrusion Detection; Policy; Training Awareness; Source: 2009 Carnegie Mellon University, Author: Mindi McDowell posted on: http://www.us-cert.gov/cas/tips/ST04-014.html true false false true true true true 1 false false false false
11-8-8710 Important Third Party and Supply Chain Management: Service Providers, Network Operators, and Equipment Suppliers should ensure supply chain security by having security language in their contracts and periodic risk assessments on their 3rd party verifing the outside party’s security practices. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Policy; Training Awareness; “NIST 800-53 revision 3: Recommended Security Controls for Federal Information Systems and Organizations security control catalogue.
NIST IR-7622, DRAFT Piloting Supply Chain Risk Management Practices for Federal Information Systems
Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1” true true true true true true true 1 true false false false
11-8-8711 Important Media Gateway Availability: Network Operators and Service Providers should engineer networks to provide redundant and highly available application layer services. (e.g., DNS and other directory services, SIP, H.323). Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; true true false false true true true 1 false false false false
11-8-8712 Important Media Gateway Interoperability: Network Operators and Service Providers should implement applicable industry standards governing protocol (e.g., IP Protocols from the IETF) and established policies and procedures to maintain currency within these publications to ensure interoperability. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; true true false false true true true 1 false false false false
11-8-8713 Important Media Gateway Interoperability With Legacy Networks: Network Operators and Service Providers implementing a signaling gateway should consider using media gateway controllers that map gateway responses to SS7 in an anticipated and predictable fashion (e.g., RFC 3398 for SIP-to-SS7 mapping). Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; true true false false true true true 1 false false false false
11-8-8714 Important Media Gateway Codecs: Network Operators and Service Providers should use a minimum interworking subset for encoding standards (e.g., a fallback to G.711) in a PSTN gateway configuration in order to achieve interoperability and support all types of voice band communication (e.g., DTMF tones, facsimile, TTY/TDD). Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; true true false false true true true 1 false false false false
11-8-8715 Important CALEA Distribution: Network Operators and Service Providers should establish policies and procedures to limit the distribution of CALEA information, requests, and network documents regarding CALEA interfaces to those operationally involved with CALEA activities. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; Policy; true true false false true true true 1 false false false false
11-8-8716 Important CALEA Risk Assessment: Network Operators and Service Providers should establish policies and procedures to periodically conduct risk assessments of CALEA procedures and policies. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Policy; true true false false true true true 1 false false false false
11-8-8717 Important CALEA Access and Authorization: Network Operators and Service Providers should establish policies and procedures to limit access to captured or intercepted CALEA content to those who are authorized. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Policy; true true false false true true true 1 false false false false
11-8-8718 Important CALEA Awareness: Network Operators and Service Providers should establish policies and procedures to promote awareness of appropriate CALEA policies among network employees and equipment vendors. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Policy; true true false false true true true 1 false false false false
11-8-8719 Important GSM MAP Signaling and Network Management: Wireless Service Providers and Network Operators who have deployed IS-41 (ANSI-41) or GSM Mobility Application Part (MAP) signaling networks should consider equipping their networks with network management and congestion controls. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Design; Network Interoperability; true true false true true true true 1 false false false false
11-8-8720 Important Signaling Policies: Network Operators should implement rigorous screening and/or filtering on both internal and interconnecting signaling links and establish policies to review and improve screening capabilities. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Design; Network Interoperability; true true false false true false true 1 false false false false
11-8-8721 Important Signaling on General Purpose Computers: Network Operators and Equipment Vendors of products built on general purpose computing products should proactively monitor all security issues associated with those products and cooperatively identify and apply security fixes, as necessary. Cable; Internet/Data; Wireline; Equipment Supplier; Network Operator; Cyber Security; Hardware; Intrusion Detection; Network Elements; true true false false true false true 1 true false false false
11-8-8722 Important Signaling Over Public IP: Network Operators should be particularly vigilant with respect to signaling traffic delivered by or carried over Internet Protocol networks. Network Operators that utilize the Public Internet for signaling, transport, or maintenance communications should employ authentication, authorization, accountability, integrity, and confidentiality mechanisms (e.g., digital signature and encrypted VPN tunneling). Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Encryption; Hardware; Intrusion Detection; Network Elements; Security Systems; true true false false true false true 1 false false false false
11-8-8723 Important Signaling Authentication: Network Operators should consider enabling logging for element security related alarms on network elements, (e.g., unauthorized access, unauthorized logins, logging of changes (i.e. configuration and translation), administrative access logging), and establish review policies for these records to mitigate network element authentication vulnerabilities. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Operations; Security Systems; true true false false true false true 1 false false false false
11-8-8724 Important Network Element Access: Network Operators utilizing dial-up connections for maintenance access to Network Elements should consider implementing dial-back modems with screening lists, communication encryptions (i.e. VPN’s) and token based access control. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Encryption; Network Elements; Network Operations; Security Systems; true true false false true false true 1 false false false false
11-8-8726 Important Signaling Network Design: Network Operators should design their signaling network elements and interfaces consistent with applicable industry security guidelines and policies (e.g. ATIS-300011). Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Encryption; Intrusion Detection; Network Elements; Network Operations; Policy; true true false false true false true 1 false false false false
11-8-8728 Important Maintaining Logical Link Diversity: Network Operators who deploy next generation signaling networks should consider industry guidelines for logical diversity (e.g. multi-homing), and perform network diversification validation on a scheduled basis (e.g., twice a year). Processes and procedures should exist for tracking discrepancies and maintaining a historical record. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Interoperability; Network Operations; true true false false true false true 1 false false false false
11-8-8730 Highly Important Logging of Requested Changes: Network Operators should log changes made to network elements and consider recording the user login, time of day, IP address, associated authentication token, and other pertinent information associated with each change. Policies should be established to audit logs on a periodic bases and update procedures as needed. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Operations; Policy; true true false false true false true 2 false false false false
11-8-8731 Important Non-Repudiation: Network Operators should establish policies and procedures to ensure that actions taken on the network can be positively attributed to the person or entity that initiated the action. This may include, but is not limited to electronic logging, access control, physical records, or tickets. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Operations; Policy; true true false false true false true 1 false false false false
11-8-8732 Important General: Service Providers should classify identity management services against the service architecture and deployment model being utilized to determine the general �security� posture of the identity services, how it relates to asset�s assurance and security protection requirements, and define the needed security architecture to mitigate security risks.
Specifically, if identity related functions are distributed among multiple parties, all parties involved should be clearly identified (e.g., relying parties such as users and service providers, credential providers, verifier or authentication providers, or federation members) with clearly defined roles, responsibilities, and accountability for the security of the identity service and all associated assets. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Information Protection; Intrusion Detection; ITU-T X.1250, Baseline capabilities for enhanced global identity management and interoperability
NIST SP 800-63, Electronic Authentication Guideline true true true true true true false 1 false false false false
11-8-8733 Important Federated Identity: If identity is being federated (i.e., for use among members of a federation), Service Providers should clearly define and enforce rules, policies and trust model for the federated identity services. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Information Protection; Intrusion Detection; true true true true true true false 1 false false false false
11-8-8734 Important Identity Data Security � Service providers creating, maintaining, using or disseminating individually identifiable information should take appropriate measures to assure its reliability and should take reasonable precautions to protect it from loss, misuse or alteration. Organizations should take reasonable steps to assure that third parties to which they transfer such information are aware of these security practices, and that the third parties also take reasonable precautions to protect any transferred information. Cable; Internet/Data; Satellite; Wireless; Service Provider; Cyber Security; Information Protection; Liberty Alliance Project, Privacy and Security Best Practices Version 2.0 true true true true false true false 1 false false false false
11-8-8735 Important Identity Data Quality and Access: Service Providers creating, maintaining, using or disseminating individually identifiable information should take reasonable steps to assure that the data are accurate, complete and timely for the purposes for which they are to be used. Organizations should establish appropriate processes or mechanisms so that inaccuracies in material individually identifiable information, such as account or contact information, may be corrected. These processes and mechanisms should be simple and easy to use, and provide assurance that inaccuracies have been corrected. Other procedures to assure data quality may include use of reliable sources and collection methods, reasonable and appropriate access and correction, and protections against accidental or unauthorized alteration. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Intrusion Detection; Liberty Alliance Project, Privacy and Security Best Practices Version 2.0 true true true true true true false 1 false false false false
11-8-8736 Critical Identity Information Access Control: Service Providers should ensure that identity information is only be accessible to authorized entities subject to applicable regulation and policy. Specifically,
(a) an entity (e.g., relying party or requesting party) requesting identity data should be authenticated, and its authorization to obtain the requested information verified before access to the information is provided or the requesting identity data is exchanged.
(b) policy and rules for requesting and exchanging identity data among multiple parties involved (e.g., users, relying party and identity provider) should be clearly defined and enforced. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; ITU-T Y.2720, NGN Identity Management Framework
ITU-T Y.2721, NGN Identity Management Requirements and Use Cases
ATIS-1000035, NGN Identity Management Framework true true true true true true false 3 false false false false
11-8-8737 Important SAML Privacy: Service Providers should analyze each of the steps in the interaction (and any subsequent uses of data obtained from the transactions) of a Security Assertion Markup Language (SAML) transaction to ensure that information that should be kept confidential is actually being kept so. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; OASIS, Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0 true true true true true true false 1 false false false false
11-8-8738 Highly Important Password Management Policy: Service Providers and Network Operators should define, implement, and maintain password management policies as well as the documented process to reduce the risk of compromise of password-based systems. Cable; Internet/Data; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; NIST SP800-118 Guide to Enterprise Password Management
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118 true true false true true true false 2 false false false false
11-8-8739 Highly Important Recovery from Password Management System Compromise: When a password management system or other source of passwords has been compromised, the Service Provider should act swiftly to mitigate the weaknesses that allowed the compromise, restore the compromised system to a secure state, and require all users to change their passwords immediately. Procedures should be in place to notify all affected users that their passwords have been reset or need to be changed immediately. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; NIST SP800-118 Guide to Enterprise Password Management
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118 true true true true true true false 2 false false false false
11-8-8740 Critical Protect Sensitive Data in Transit for Externally Accessible Applications: Service Providers and Network Operators should encrypt sensitive data from web servers, and other externally accessible applications, while it is in transit over any networks they do not physically control. Cable; Wireless; Wireline; Network Operator; Cyber Security; Encryption; Information Protection; Related to NRIC BP 8006, 8112 true false false true true false true 3 false false false false
11-8-8741 Important Protection of Devices Beyond Scope of Control: Equipment Suppliers should implement techniques such as tamper-proof crypto-chips/authentication credentials and (remote) authentication for (service provider) configuration controls, in customer premises equipment. Additionally, capabilities to remotely access or delete sensitive information on these devices is encouraged. Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Cyber Security; Encryption; Information Protection; Intrusion Detection; PacketCableTM Security Specification PKT-SP-SEC-I11-040730, IETF RFC 3261, Related to BP 8134 false true true true true false false 1 true false false false
11-8-8742 Important General: Service Providers should use encryption to separate data in rest from data in motion. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Cloud Security Alliance (CSA) true true true true true true false 1 false false false false
11-8-8743 Important Key Management: Service providers should segregate key management from the cloud provider hosting the data, creating a chain of separation. This protects both the cloud provider and customer from conflicts when compelled to provide data due to a legal mandate. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; Cloud Security Alliance (CSA) true true true true true true false 1 false false false false
11-8-8744 Important Management: Service providers should provide documentation and enforce role management and separation of duties. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; Cloud Security Alliance (CSA) true true true true true true false 1 false false false false
11-8-8745 Critical Key Management: In cases where the cloud provider must perform key management, service providers should define processes for key management lifecycle: how keys are generated, used, stored, backed up, recovered, rotated, and deleted. Further, understand whether the same key is used for every customer or if each customer has its own key set. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; Cloud Security Alliance (CSA) true true true true true true false 3 false false false false
11-8-8746 Important Public Key Infrastructure (PKI): For environments where traditional PKI infrastructures are problematic, service providers should use an alternate approach such as a “web of trust” for public key validation / authenticaton. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; Reference: http://en.wikipedia.org/wiki/Public_key_infrastructure
Reference: SP800-45 (NIST) http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2 Guidelines on Electronic Mail Security true true true true true true false 1 false false false false
11-8-8747 Important Layered Encryption: Where possible, service providers should use layered VPN and encryption strategies to mitigate device vulnerabilities. Traditionally a single layer of cryptography has stood between the data being protected and that of the attacker. While the cryptography itself is rarely the weak link, many times implementation or other originating or terminating cryptographic device vulnerabilities places that information in jeopardy. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Network Operations; true true true true true true false 1 false false false false
11-8-8749 Important Risk Assessment Process: Service providers and network operators should have documented processes in place for reviewing new vulnerabilities as they are announced. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Sans Institute, “Vulnerability Management: Tools, Challenges and Best Practices.” 2003. Pg. 8 -10. true true true true true true true 1 false false false false
11-8-8750 Important Risk Assessments: Service providers and network operators should have assigned risk ratings for vulnerabilities and definitions of those risk ratings (i.e. What does a High risk vulnerability mean to the general user public?, etc.) Finally the security team should have access to an accurate and readily available asset inventory (See Step 1: Asset Inventory) (including the asset owners, and patch levels) and network diagrams. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Sans Institute, “Vulnerability Management: Tools, Challenges and Best Practices.” 2003. Pg. 8 – 10. true true false true true true true 1 false false false false
11-8-8751 Highly Important Vulnerability Assessment Scans: Service Providers and Network Operators should test new tools in a lab to identify any false positives and false negatives and use a change control system in case there is a network disruption. They should use a tool that causes minimal disruptions to the network Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Sans Institute, “Vulnerability Management: Tools, Challenges and Best Practices.” 2003. Pg. 11, 12. true true true true true true true 2 false false false false
11-8-8752 Critical Vulnerability Assessment Policies: Service providers, network operators, and equipment vendors should use custom policies created by OS, device, or by industry standard (SANS Top 20, Windows Top 10 Vulnerabilities, OWASP Top 10) and specific to your environment. Organizations should identify what scanning methods and operating procedures are best for their company, and document how they would proceed in a standard operating procedure. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Policy; Sans Institute, “Vulnerability Management: Tools, Challenges and Best Practices.” 2003. Pg. 11, 12. true true true true true true true 3 true false false false
11-8-8753 Important Reporting and Remediation Tracking Tools: Service Providers and Network Operators should ensure the tools they use are capable of notifying the asset owners that they have vulnerabilities to be fixed. They should be able to provide high-level dashboard type reports to senior management and detailed host reports to system administrators. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Encryption; Intrusion Detection; Sans Institute, “Vulnerability Management: Tools, Challenges and Best Practices.” 2003. Pg. 12 – 13. true true true true true true true 1 false false false false
11-8-8754 Critical Vulnerability Reporting and Remediation: Service providers, network operators, and equipment vendors should focus on the highest risk vulnerabilities by ranking them by the vulnerability risk rating. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Sans Institute, “Vulnerability Management: Tools, Challenges and Best Practices.” 2003. Pg. 12, 14. true true true true true true true 3 true false false false
11-8-8758 Important Post DoS Practice: Network Operators and Service Providers should establish policies, and procedures to support early recognition and isolation of potential bad actors to minimize impact to the network. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; IETF RFC2350, CMU/SEI-98-HB-001. true true true true true true true 1 false false false false
11-8-8760 Critical Recover from Voice over IP (VoIP) Compromise: If a Voice over IP (VoIP) server has been compromised, Service Provider and Network Operators should remove the device from the network until remediated. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; PacketCable Security specification. true true true true true true true 3 false false false false
11-8-8761 Critical Recover from Voice over IP (VoIP) Device Masquerades or Voice over IP (VoIP) Server Compromise: If a VoIP masquerading event is occurring the service provider or network operator should attempt to collect data via log files or other means to aid law enforcement investigations. If VoIP device masquerading is causing significant harm, the portion of the network where the attack is originating can be isolated. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; PacketCable Security specification. true true true true true true true 3 false false false false
11-8-8763 Critical Recovery from Password Management System Compromise: When a password management system or other source of passwords has been compromised, the Network Operator should act swiftly to mitigate the weaknesses that allowed the compromise, restore the compromised system to a secure state, and require all users to change their passwords immediately. Procedures should be in place to notify all affected users that their passwords have been reset or need to be changed immediately. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Encryption; Intrusion Detection; Network Operations; “NIST SP800-118 Guide to Enterprise Password Management
http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118 ” true true true true true false true 3 false false false false
11-8-8764 Important Identity Lifecycle Management: Service Providers should clearly define and enforce policies for identity lifecycle management. This includes processes, procedures and policies for the proofing, enrolling, issuing and revoking of identity information (e.g., identifiers, credentials and attributes) to be used for a specific context (e.g., for specific transactions ranging from commercial to social activities). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Information Protection; Policy; ITU-T Y.2720, NGN Identity Management Framework ITU-T Y.2721, NGN Identity Management Requirements and Use Cases ATIS-1000035, NGN Identity Management Framework true true true true true true true 1 false false false false
11-8-8765 Critical Identity Enrollment and Issuance: Service Providers should only issue the identity information (e.g., identifiers, credentials and attributes) associated with an identity after successful identity proofing of the entity. An entity requesting enrollment should be verified and validated according to the requirements of the context (i.e., in which the identity will be used) before enrolling or issuing any associated identifiers, credentials or attributes. The proofing process and policies should be based on the value of the resources (e.g., services, transactions, information and privileges) allowed by the identity and the risks associated with an unauthorized entity obtaining and using the identity. Specifically, measures to ensure the following is recommended:
(a) An entity (e.g., person, organization or legal entity) with the claimed attributes exists, and those attributes are suitable to distinguish the entity sufficiently according to the needs of the context.
(b) An applicant whose identity is recorded is in fact the entity to which the identity is bound;
(c) It is difficult for an entity which has used the recorded identity and credentials to later repudiate the registration/enrolment and dispute an authentication. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; ITU-T Y.2720, NGN Identity Management Framework
ITU-T Y.2721, NGN Identity Management Requirements and Use Cases
ATIS-1000035, NGN Identity Management Framework. true true true true true true false 3 false false false false
11-8-8766 Critical Identity Maintenance and Updates: Service Providers should ensure secure management and maintenance of the identity data and the status of data (e.g., identifiers, credentials, attributes) by logging updates or changes to an identity, provide notifications about the updates or changes to an identity(s) or any of the data associated with the identity(s) to the systems and network elements that needs to be aware of the updates or changes, and by periodically validating the status of an identity. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; ITU-T Y.2720, NGN Identity Management Framework
ITU-T Y.2721, NGN Identity Management Requirements and Use Cases
ATIS-1000035, NGN Identity Management Framework. true true true true true true false 3 false false false false
11-8-8767 Critical Identity Revocation: Service Providers should have applicable policies and enforcement for revoking an identity. Specifically,
(a) Enforce policies and terminate or destroy the credentials associated (e.g., digital certificates or tokens) with an identity when it is no longer valid or has a security breach.
(b) Provide notifications about the revocation or termination of an identity(s) or any of the data associated with the identity to the entity and to the systems and network elements that needs to be aware (i.e., All systems and processes with which the identity can be used for access have to be notified that the identity is no longer valid). Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Information Protection; Intrusion Detection; ITU-T Y.2720, NGN Identity Management Framework
ITU-T Y.2721, NGN Identity Management Requirements and Use Cases
ATIS-1000035, NGN Identity Management Framework. true true true true true true false 3 false false false false
11-8-8768 Highly Important Multi-factor Authentication: Service Providers and Network Operators should support multi-factor authentication to increase confidence in the identity of an entity. Multi-factor authentication involves validating the authenticity of the identity of a entity by verifying multiple identifiers and attributes associated with the entity. The data for multi-factor authentication capabilities should be organized based something you are (e.g., physical of behavioral characteristics of a end user or customer’s characteristic or attribute that is being compared such as typing patterns, voice recognition), something you have (e.g., a driver’s license, or a security token) and something you know (e.g., a password, pin number, security image). Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; ITU-T Y.2702, Authentication and authorization requirements
for NGN release 1
ATIS-1000030, Authentication and Authorization Requirements for Next Generation Network (NGN)
NIST SP 800-63, Electronic Authentication Guideline. true true true true true true false 2 false false false false
11-8-8769 Highly Important Protection of Personally Identifiable Information (PII): Service Providers should protect Personally Identifiable Information by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
Policies for PII protection should be clearly identified and enforced. Specifically,
(a) Organizations should identify all PII residing in their environment.
(b) Organizations should minimize the use, collection, and retention of PII to what is strictly necessary to reduce the likelihood of harm caused by a breach involving PII. Also, an organization should regularly review its holdings of previously collected PII to determine whether the PII is still relevant and necessary for meeting the organization�s business purpose and mission. For example, organizations could have an annual PII purging awareness day.
(c) Organizations should categorize their PII based on confidentiality impact levels. For example, PII confidentiality impact level�low, moderate, or high should be used to indicate the potential harm that could result to the subject individuals and/or the organization if PII were inappropriately accessed, used, or disclosed.
(d) Organizations should apply the appropriate safeguards for PII based on the PII confidentiality impact level. Specifically, operational safeguards, privacy-specific safeguards, and security controls should be used.
(e) Organizations should develop an incident response plan to handle breaches involving PII. The plan should include elements such as determining when and how individuals should be notified, how a breach should be reported.
(f) Organizations should establish processes for coordination and addressing issues related to PII when multiple parties are involved (e.g., users, relying parties and identity providers or members of a federation). Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; NIST Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). true true true true true true false 2 false false false false
11-8-8770 Important SAML Communications: Service Providers should use secure network protocols such as TLS or IPsec should be used to provide integrity and confidentiality protection of SAML communications. In addition, the following measures should be implemented to counter replay, denial of service and other forms of attacks:
(a) Clients should be required to authenticate at some level below the SAML protocol level (for example, using the SOAP over HTTP binding, with HTTP over TLS/SSL, and with a requirement for client-side certificates that have a trusted Certificate Authority at their root) to provide traceability and counter DOS attacks.
(b) Use of the XML Signature element [ds:SignatureProperties] containing a timestamp should be required to determine if a signature is recent to counter replay attacks.
(c) Maintaining state information concerning active sessions, and validate correspondence.
(d) Correlation of request and response messages. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; OASIS, Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0. true true true true true true false 1 false false false false
11-8-8900 Highly Important Stay Informed about Botnet/Malware Techniques: ISPs should stay informed about the latest botnet/malware techniques so as to be prepared to detect and prevent them. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; Training Awareness; See the following document for more information:
http://www.maawg.org/sites/maawg/files/news/MAAWG_Bot_Mitigation_BP_2009-07
More information can also be found at:
http://isc.sans.edu/index.html
http://www.us-cert.gov/
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.html
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 2 false false false false
11-8-8901 Highly Important ISP Provision of Educational Resources for Computer Hygiene / Safe Computing:
ISPs should provide or support third-party tutorial, educational, and self-help resources for their
customers to educate them on the importance of and help them practice safe computing. ISPs�
users should know to protect end user devices and networks from unauthorized access through
various methods, including, but not limited to:
� Use legitimate security software that protects against viruses and spywares;
� Ensure that any software downloads or purchases are from a legitimate source;
� Use firewalls;
� Configure computer to download critical updates to both the operating system and
installed applications automatically;
� Scan computer regularly for spyware and other potentially unwanted software;
� Keep all applications, application plug-ins, and operating system software current and
updated and use their security features;
� Exercise caution when opening e-mail attachments;
� Be careful when downloading programs and viewing Web pages;
� Use instant messaging wisely;
� Use social networking sites safely;
� Use strong passwords;
� Never share passwords. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; Training Awareness; More information can be found at:
National Cyber Security Alliance – http://www.staysafeonline.org/
OnGuard Online – http://www.onguardonline.gov/default.aspx
Department of Homeland Security –
StopBadware � http://www.stopbadware.org/home/badware_prevent
Comcast.net Security – http://security.comcast.net/
Verizon Safety & Security –
http://www.verizon.net/central/vzc.portal?_nfpb=true&_pageLabel=vzc_help_safety
Qwest Incredible Internet Security site: http://www.incredibleinternet.com/
Microsoft- http://www.microsoft.com/security/pypc.aspx
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 2 false false false false
11-8-8902 Critical Prevention 3 – ISP Provision of Anti-Virus/Security Software:
ISPs should make available anti-virus/security software and/or services for its end-users. If the
ISP does not provide the software/service directly, it should provide links to other
software/services through its safe computing educational resources. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; Software; Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8903 Critical Protect DNS Servers:
ISPs should protect their DNS servers from DNS spoofing attacks and take steps to ensure that
compromised customer systems cannot emit spoofed traffic (and thereby participate in DNS
amplification attacks). Defensive measures include:
(a) managing DNS traffic consistent with industry accepted procedures;
(b) where feasible, limiting access to recursive DNS resolvers to authorized users;
(c) blocking spoofed DNS query traffic at the border of their networks, and
(d) routinely validating the technical configuration of DNS servers by, for example,
utilizing available testing tools that verify proper DNS server technical configuration. Internet/Data; Service Provider; Cyber Security; Encryption; Intrusion Detection; Widely accepted DNS traffic management procedures are discussed in the following document:
http://www.maawg.org/sites/maawg/files/news/MAAWG_DNS%20Port%2053V1.0_2010-
06
Security issues on recursive resolvers are discussed in IETF BCP 140/ RFC 5358. Responses to
spoofed traffic, including spoofed DNS traffic, are discussed in IETF BCP 38/RFC 2827.
Some tools examining different aspects of DNS server security include:
http://dnscheck.iis.se/, http://recursive.iana.org/, and https://www.dnsoarc.
net/oarc/services/dnsentropy. More information on DNS security issues can also be found
at: http://www.iana.org/reports/2008/cross-pollination-faq.html
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and
networks as well. false true false false false true false 3 false false false false
11-8-8904 Critical Utilize DNSSEC:
ISPs should use Domain Name System (DNS) Security Extensions (DNSSEC) to protect the
DNS. ISPs should consider, at a minimum, the following:
� sign and regularly test the validity of their own DNS zones,
� routinely validate the DNSSEC signatures of other zones;
� employ automated methods to routinely test DNSSEC-signed zones for
DNSSEC signature validity. Internet/Data; Service Provider; Cyber Security; Encryption; Intrusion Detection; More information can be found at:
http://dnssec.net
https://www.dnssec-deployment.org
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and
networks as well. false true false false false true false 3 false false false false
11-8-8905 Critical Encourage Use of Authenticated SMTP/Restrict Outbound Connections to Port 25:
ISPs should encourage users to submit email via authenticated SMTP on port 587, requiring
Transport Layer Security (TLS) or other appropriate methods to protect the username and
password. In addition, ISPs should restrict or otherwise control inbound and outbound
connections from the network to port 25 (SMTP) of any other network, either uniformly or on a
case by case basis, e.g., to authorized email servers. Internet/Data; Service Provider; Cyber Security; Information Protection; Intrusion Detection; See the following document for more information:
http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and
networks as well. false true false false false true false 3 false false false false
11-8-8906 Critical Authentication of Email:
ISPs should authenticate all outbound email using DomainKeys Identified Mail (DKIM) and
Sender Policy Framework (SPF). Authentication should be checked on inbound emails; DKIM
signatures should be validated and SPF policies verified. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; See the following document for more information:
http://www.maawg.org/sites/maawg/files/news/MAAWG_Email_Authentication_Paper_2008-
07
More information can also be found at:
http://www.dkim.org/
http://openspf.org
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and
networks as well. false true false false false true false 3 false false false false
11-8-8907 Critical Immediately Reject Undeliverable Email:
ISPs should configure their gateway mail servers to immediately reject undeliverable email,
rather than accepting it and generating non-delivery notices (NDNs) later, in order to avoid
sending NDNs to forged addresses. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; Network Design; By rejecting undeliverable email, the gateway mail will inform the sending mail server, which
can apply local policy regarding whether or not to notify the message sender of the non-delivery
of the original message.
See the following document for more information:
http://www.maawg.org/sites/maawg/files/news/MAAWG-BIAC_Expansion0707
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and
networks as well. false true false false false true false 3 false false false false
11-8-8908 Critical Share Dynamic Address Space Information:
ISPs should share lists of their dynamic IP addresses with operators of DNS Block Lists
(DNSBLs) and other similar tools. Further, such lists should be made generally available, such
as via a public website. Internet/Data; Service Provider; Cyber Security; Encryption; Intrusion Detection; Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and
networks as well. false true false false false true false 3 false false false false
11-8-8909 Critical Share Dynamic Address Space Information:
ISPs should share lists of their dynamic IP addresses with operators of DNS Block Lists
(DNSBLs) and other similar tools. Further, such lists should be made generally available, such
as via a public website. Internet/Data; Service Provider; Cyber Security; Encryption; Industry Cooperation; Intrusion Detection; More information can be found at:
http://www.maawg.org/sites/maawg/files/news/MAAWG_Dynamic_Space_2008-06
http://www.spamhaus.org/pbl/
http://www.mail-abuse.com/nominats_dul.html
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and
networks as well. false true false false false true false 3 false false false false
11-8-8910 Critical Make Dynamic IPv4 Space Easily Identifiable by Reverse DNS Pattern:
ISPs should make IPv4 dynamic address space under their control easily identifiable by reverse
DNS pattern, preferably by a right-anchor string with a suffix pattern chosen so that one may say
that all reverse DNS records ending in *.some.text.example.com are those that identify dynamic
space. Internet/Data; Service Provider; Cyber Security; Encryption; Intrusion Detection; Refer to related Best Practice 8-8-X005. false true false false false true false 3 false false false false
11-8-8911 Critical Make Dynamic Address Space Easily Identifiable by WHOIS:
ISPs should make all dynamic address space under their control easily identifiable by WHOIS or
RWHOIS lookup. Internet/Data; Service Provider; Cyber Security; Encryption; Intrusion Detection; See the following document for more information:
http://www.maawg.org/sites/maawg/files/news/MAAWG_Dynamic_Space_2008-06
Refer to related Best Practice 8-8-X004.
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8912 Highly Important Communicate Implementation of Situational Awareness and Protective Measures with
Other ISPs:
ISPs should make reasonable efforts to communicate with other operators and security software
providers, by sending and/or receiving abuse reports via manual or automated methods. These
efforts could include information such as implementation of “protective measures” such as
reporting abuse (e.g., spam) via feedback loops (FBLs) using standard message formats such as
Abuse Reporting Format (ARF). Where feasible, ISPs should engage in efforts with other
industry participants and other members of the internet ecosystem toward the goal of
implementing more robust, standardized information sharing in the area of botnet detection
between private sector providers. Internet/Data; Service Provider; Cyber Security; Industry Cooperation; Intrusion Detection; See the following document for more information:
http://www.maawg.org/sites/maawg/files/news/CodeofConduct
Vulnerabilities can be reported in a standardized fashion using information provided at
http://nvd.nist.gov/
http://puck.nether.net/mailman/listinfo/nsp-security
https://ops-trust.net/
https://www2.icsalabs.com/veris/
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 2 false false false false
11-8-8913 Critical Maintain Methods to Detect Bot/Malware Infection:
ISPs should maintain methods to detect likely malware infection of customer equipment.
Detection methods will vary widely due to a range of factors. Detection methods, tools, and
processes may include but are not limited to: external feedback, observation of network
conditions and traffic such as bandwidth and/or traffic pattern analysis, signatures, behavior
techniques, and forensic monitoring of customers on a more detailed level. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; More information can be found at:
http://teamcymru.org
http://shadowserver.org
http://abuse.ch
http://cbl.abuseat.org
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8914 Highly Important Use Tiered Bot Detection Approach:ISPs should use a tiered approach to botnet detection that first applies behavioral characteristics of user traffic (cast a wide net), and then applies more granular techniques (e.g., signature detection) to traffic flagged as a potential problem. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; This technique should help minimize the exposure of customer information in detecting bots by
not collecting detailed information until it is reasonable to believe the customer is infected.
Looking at user traffic using a �wide net� approach can include external feedback as well as
other internal approaches.
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 2 false false false false
11-8-8915 Critical Do Not Block Legitimate Traffic: ISPs should ensure that detection methods do not block legitimate traffic in the course of conducting botnet detection, and should instead employ detection methods which seek to be non-disruptive and transparent to their customers and their customers� applications. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8916 Critical Bot Detection and the Corresponding Notification Should Be Timely: ISPs should ensure that bot detection and the corresponding notification to end users be timely, since such security problems are time-sensitive. If complex analysis is required and multiple confirmations are needed to confirm a bot is indeed present, then it is possible that the malware may cause some damage, to either the infected host or remotely targeted system (beyond the damage of the initial infection) before it can be stopped. Thus, an ISP must balance a desire to definitively confirm a malware infection, which may take an extended period of time, with the ability to predict the strong likelihood of a malware infection in a very short period of time. This ‘definitive-vs.-likely’ challenge is difficult and, when in doubt, ISPs should err on the side of caution by communicating a likely malware infection while taking reasonable steps to avoid false notifications. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8917 Critical Notification to End Users:
ISPs should develop and maintain critical notification methods to communicate with their
customers that their computer and/or network has likely been infected with malware. This
should include a range of options in order to accommodate a diverse group of customers and
network technologies. Once an ISP has detected a likely end user security problem, steps should
be undertaken to inform the Internet user that they may have a security problem. An ISP should
decide the most appropriate method or methods for providing notification to their customers or
internet users, and should use additional methods if the chosen method is not effective. The
range of notification options may vary by the severity and/or criticality of the problem.
Examples of different notification methods may include but are not limited to: email, telephone
call, postal mail, instant messaging (IM), short messaging service (SMS), and web browser
notification. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; An ISP decision on the most appropriate method or methods for providing notification to one or
more of their customers or Internet users depends upon a range of factors, from the technical
capabilities of the ISP, to the technical attributes of the ISP’s network, cost considerations,
available server resources, available organizational resources, the number of likely infected
hosts detected at any given time, and the severity of any possible threats, among many other
factors. The use of multiple simultaneous notification methods is reasonable for an ISP but may
be difficult for a fake anti-virus purveyor.
Best Practice 8-8-X022 provides information on how to address the malware infection.
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide services to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8918 Important Notification Information to End Users:
ISPs should ensure that botnet notifications to subscribers convey critical service information
rather than convey advertising of new services or other offers. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; This best practice is to help ensure that the notification message is not confused with other
communications the customer may receive from the provider and help underscore the
seriousness of the situation.
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide services to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 1 false false false false
11-8-8919 Critical Mitigation 1 – Industry Cooperation During Significant Cyber Incidents:
ISPs should maintain an awareness of cyber security threat levels and, when feasible, cooperate
with other organizations during significant cyber incidents, helping to gather and analyze
information to characterize the attack, offer mitigation techniques, and take action to deter or
defend against cyber attacks as authorized by applicable law and policy. Internet/Data; Service Provider; Cyber Security; Industry Cooperation; Intrusion Detection; false true false false false true false 3 false false false false
11-8-8920 Critical Temporarily Quarantine Bot Infected Devices:
ISPs may temporarily quarantine a subscriber account or device if a compromised device is
detected on the subscribers� network and the network device is actively transmitting malicious
traffic. Such quarantining should normally occur only after multiple attempts to notify the
customer of the problem (using varied methods) have not yielded resolution. In the event of a
severe attack or where an infected host poses a significant present danger to the healthy
operation of the network, then immediate quarantine may be appropriate. In any quarantine
situation and depending on the severity of the attack or danger, the ISP should seek to be
responsive to the needs of the customer to regain access to the network. Where feasible, the ISP
may quarantine the attack or malicious traffic and leave the rest unaffected. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; The temporary delay of web pages for the purpose of providing web browser notification, as
suggested in Best Practice 8-8-X018, does not constitute
a ‘quarantine’ as used in this Best Practice.
Some information regarding quarantine technology can be found at:
http://www.trustedcomputinggroup.org/developers/trusted_network_connect
Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8921 Highly Important Provide a Web Site to Assist with Malware Remediation:
ISPs should, either directly or indirectly, provide a web site to assist customers with malware
remediation. Remediation of malware on a host means to remove, disable, or otherwise render a
malicious bot harmless. For example, this may include but is not limited to providing a special
web site with security-oriented content that is dedicated for this purpose, or suggesting a
relevant and trusted third-party web site. This should be a security-oriented web site to which a
user with a bot infection can be directed to for remediation. This security web site should clearly
explain what malware is and the threats that it may pose. Where feasible, there should be a clear
explanation of the steps that the user should take in order to attempt to clean their host, and there
should be information on how users can strive to keep the host free of future infections. The
security web site may also have a guided process that takes non technical users through the
remediation process, on an easily understood, step-by-step basis. The site may also provide
recommendations concerning free as well as for-fee remediation services so that the user
understands that they have a range of options, some of which can be followed at no cost. Internet/Data; Service Provider; Cyber Security; Intrusion Detection; Training Awareness; Note that the Best Practices in this grouping are primarily aimed at ISPs that provide services to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 2 false false false false
11-8-8922 Critical Privacy Considerations in Botnet Detection, Notification, and Remediation:
Because technical measures to (a) detect compromised end-user devices, (b) notify end-users of
the security issue, and (c) assist in addressing the security issue, may result in the collection of
customer information (including possibly �personally identifiable information� and other
sensitive information, as well as the content of customer communications), ISPs should ensure
that all such technical measures address customers� privacy, and comply and be consistent with
all applicable laws and corporate privacy policies. Internet/Data; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8923 Critical Measures to Protect Privacy in Botnet Response:
In designing technical measures for identification, notification, or other response to
compromised end-user devices (�technical measures�), ISPs should pursue a multi-prong
strategy to protect the privacy of customers� information, including but not limited to the
following:
a) ISPs should design technical measures to minimize the collection of customer
information;
b) In the event that customer information is determined to not be needed for the
purpose of responding to security issues, the information should promptly be
discarded;
c) Any access to customer information collected as a result of technical measures
should at all times be limited to those persons reasonably necessary to implement
the botnet-response security program of the ISP, and such individuals� access
should only be permitted as needed to implement the security program;
d) In the event that temporary retention of customer information is necessary to
identify the source of a malware infection, to demonstrate to the user that
malicious packets are originating from their broadband connection, or for other
purposes directly related to the botnet-response security program, such
information should not be retained longer than reasonably necessary to
implement the security program (except to the extent that law enforcement
investigating or prosecuting a security situation, using appropriate procedures,
has requested that the information be retained); and
e) The ISP�s privacy compliance officer, or another person not involved in the
execution of the security program, should verify compliance by the security
program with appropriate privacy practices. Internet/Data; Service Provider; Cyber Security; Encryption; Information Protection; Intrusion Detection; Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to
consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. false true false false false true false 3 false false false false
11-8-8925 Network Operators and Service Providers should ensure that SS7 signaling interface points that connect to the IP Private and Corporate networks interfaces are well hardened and protected with packet filtering firewalls and strong authentication. Similar safeguards should be implemented for e-commerce applications to the SS7 network. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Access Control; Cyber Security; Essential Services; Facilities – Transport; Hardware; Information Protection; Liaison; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Pandemic; Security Systems; Supervision; true true false true true true true false false false false
11-8-8926 Service Providers and Public Safety should ensure that signaling interfaces to Legacy Network Gateways and Legacy Selective Router Gateways (in transitional NG9-1-1 architectures) are well-hardened and protected with packet filtering firewalls and strong authentication. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Access Control; Cyber Security; Essential Services; Facilities – Transport; Hardware; Information Protection; Liaison; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Pandemic; Security Systems; Supervision; true true false true true true true false false false true
11-8-8927 Network Operators and Service Providers should implement rigorous screening on both internal and interconnecting signaling links. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Essential Services; Facilities – Transport; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Pandemic; true true true true true true true false false false false
11-8-8928 Network Operators, Service Providers, Equipment Suppliers, Government and Public Safety should proactively monitor all security issues associated with computing workstations and promptly apply security fixes, as necessary. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Access Control; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Information Protection; Intrusion Detection; Network Interoperability; Network Operations; Network Provisioning; Pandemic; Supervision; true true true true true false true true false false false
11-8-8929 Network Operators, Service Providers, and Public Safety should employ authentication, authorization, accountability, integrity, and confidentiality mechanisms (e.g., digital signature and encrypted VPN tunneling), when they employ the Public Internet for signaling, transport, or maintenance communications and any maintenance access to Network Elements. Internet/Data; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Information Protection; Intrusion Detection; Network Design; Network Elements; Network Operations; Pandemic; Power; Supervision; Visitors; false true false false false true true false false false true
11-8-8930 Network Operators and Service Providers should employ limited SS7 authentication by enabling logging for SS7 element security related alarms on SCPs and STPs, such as: unauthorized dial up access, unauthorized logins, logging of changes and administrative access logging. Cable; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Information Protection; Liaison; true false false true true true true false false false false
11-8-8931 Public Safety should enable logging for SS7 element security-related alarms on Legacy Network Gateways and Legacy Selective Routing Gateways for transitional NG9-1-1 architectures. Internet/Data; Wireless; Wireline; Public Safety; false true false true true false false false false false true
11-8-8932 Network Operators should mitigate limited SS7 authentication by enabling logging for SS7 element security related alarms on SCPs and STPs, such as: unauthorized dial up access, unauthorized logins, logging of changes and administrative access logging. Cable; Wireless; Wireline; Network Operator; Access Control; Business Continuity; Contractors and Vendors; Cyber Security; Disaster Recovery; Documentation; Emergency Preparedness; Essential Services; Industry Cooperation; Information Protection; Intrusion Detection; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Public Safety Service; Security Systems; Training Awareness; true false false true true false true false false false false
11-8-8933 Network Operators and Public Safety should establish login and access controls that establish accountability for changes to node translations and configuration. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Access Control; Business Continuity; Contractors and Vendors; Cyber Security; Disaster Recovery; Documentation; Emergency Preparedness; Essential Services; Industry Cooperation; Information Protection; Intrusion Detection; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Public Safety Service; Security Systems; Training Awareness; true true true true true false true false false false true
11-8-8934 Network Operators and Public Safety should, when making use of dial-up connections for maintenance access to Network Elements, employ dial-back modems with screening lists. One-time tokens and encrypted payload VPNs should be the minimum. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; true true true true true false true false false false true
11-8-8935 Network Operators, Service Providers, Public Safety, and Equipment Suppliers should
conduct regular review of their alarming thresholds and selection.
11-9-0400 Highly Important Network Operators, Service Providers, and Public Safety should establish measurements to monitor their network performance. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Reference industry guidelines such as applicable ITU, Telcordia, TL9000 standards for assistance in setting measurements on availability and reliability for criteria to measure quality of service (e.g., delay, loss, port availability, jitter). true true true true true true true 2 false false false true
11-9-0401 Critical Network Operators, Service Providers, and Public Safety should monitor their network to enable quick response to network issues. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; Network Operations; true true true true true true true 3 false false false true
11-9-0402 Critical Network Operators, Service Providers, and Public Safety should, where appropriate, design networks (e.g., Time Division Multiplexing (TDM) or Internet Protocol (IP)) to minimize the impact of a single point of failure (SPOF). Public Safety; false false false false false false false 3 false false false true
11-9-0403 Important Network Operators, Service Providers, and Public Safety should communicate maintenance windows to appropriate entities so proper methods of procedures can be invoked. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; true true true true true true true 1 false false false true
11-9-0405 Highly Important Network Operators, Service Providers, and Public Safety should periodically examine and review their networks to ensure that they meet the current design specifications. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Design; Network Operations; true true true true true true true 2 false false false true
11-9-0406 Highly Important Network Operators, Service Providers, and Public Safety should, where appropriate, establish a process to ensure that spares inventory is kept current to at least a minimum acceptable release (e.g., hardware, firmware or software version). Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Hardware; Network Elements; Network Operations; Procedures; Software; true true true true true true true 2 false false false true
11-9-0412 Important Network Operators, Services Providers, and Public Safety to enhance security, should, by default, disable ICMP (Internet Control Message Protocol) redirect messages and IP source routing. Internet/Data; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; Network Operations; false true false false false true true 1 false false false true
11-9-0414 Highly Important Network Operators, Service Providers, and Public Safety should establish plans for internal communications regarding maintenance activities and events that impact customers. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Procedures; true true true true true true true 2 false false false true
11-9-0415 Highly Important Network Operators, Service Providers, and Public Safety should test the restoral process associated with critical data back-up, as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Network Operations; Procedures; The goal is to demonstrate that data restoration is complete and works as expected true true true true true true true 2 false false false true
11-9-0416 Highly Important Network Operators, Service Providers, and Public Safety should design and implement procedures for traffic monitoring, trending and forecasting so that capacity management issues may be addressed. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Network Design; Network Operations; Pandemic; Procedures; true true true true true false true 2 false false false true
11-9-0417 Critical Network Operators, Service Providers, and Public Safety should design and implement procedures to evaluate failure and emergency conditions affecting network capacity. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Emergency Preparedness; Network Operations; Procedures; true true true true true false false 3 false false false true
11-9-0422 Highly Important Network Operators, Service Providers, and Public Safety should collect failure-related data to perform cause analysis, impact and criticality analysis and failure trending. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Public Safety; Network Elements; Network Operations; true true true true true false true 2 true false false true
11-9-0423 Highly Important Equipment Suppliers should provide cable management features and installation instructions for network elements that maintain cable bend radius, provide strain relief to prevent cable damage, ensure adequate cable connector spacing for maintenance activities, and provide clear access for cable rearrangement (i.e. moves/add/deletes) and FRU (Field Replaceable Unit) swaps. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Design; Network Elements; Note: This Best practice could impact 9-1-1 operations true true true true true false false 2 true false false false
11-9-0425 Highly Important Network Operators, Service Providers, and Public Safety should maintain software version deployment records, as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Documentation; Network Elements; Network Operations; Software; true true true true true true true 2 false false false true
11-9-0428 Highly Important Service Providers, Network Operators, and Public Safety should monitor software and hardware vulnerability reports and take the recommended action(s) to address problems, where appropriate. Reports and recommendations are typically provided by equipment suppliers and Computer Emergency Response Teams (CERTs). Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Public Safety; Cyber Security; Hardware; Network Operations; Software; true true true true true true false 2 false false false true
11-9-0442 Highly Important Service Providers and Public Safety should consider measuring end-to-end path performance and path validity for both active and alternate routes. Internet/Data; Service Provider; Public Safety; Cyber Security; Network Operations; false true false false false true false 2 false false false true
11-9-0476 Critical Network Operators, Public Safety, and Property Managers should consider conducting physical site audits after a major event (e.g., weather, earthquake, auto wreck) to ensure the physical integrity and orientation of hardware has not been compromised. Wireless; Property Manager; Network Operator; Public Safety; Disaster Recovery; Pandemic; false false false true false false true 3 false true false true
11-9-0504 Highly Important Network Operators, Service Providers, and Public Safety, in order to facilitate asset management and increase the likelihood of having usable spares in emergency restorations, should consider maintaining “hot spares” (e.g., circuit packs electronically plugged in and interfacing with any element management system) as opposed to being stored in a cabinet for mission critical elements. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Hardware; Network Elements; Network Operations; Network Provisioning; Software; To determine appropriateness of this Best Practice, certain factors should be considered, including redundancy, single points of failures (SPOF) for critical subscribers, etc true true true true true true true 2 false false false true
11-9-0505 Highly Important Network Operators, Service Providers, and Public Safety should have procedures in place to process court orders and subpoenas for wire taps or other information. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Corporate Ethics; Liaison; Network Design; Network Operations; Procedures; true true false true true true true 2 false false false true
11-9-0510 Critical Network Operators, Service Providers, Public Safety and Equipment Suppliers should, by design and practice, manage critical Network Elements (e.g., Domain Name Servers, Signaling Servers, Gateway Servers) that are essential for network connectivity and subscriber service as critical systems (e.g., secure, redundant, alternative routing). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Hardware; Network Design; Network Elements; Network Operations; Network Provisioning; Policy; Procedures; true true true true true true true 3 true false false true
11-9-0513 Highly Important Network Operators and Service Providers should maintain a 24x7x365 contact list of other providers and operators for service restoration of inter-connected networks and as appropriate share with Public Safety and Support providers. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Documentation; Emergency Preparedness; Industry Cooperation; Liaison; Network Interoperability; Network Operations; Policy; Procedures; Public Safety Service; For example, provider contacts are listed in the NENA company ID registration website: http://www.nena.org/?CompanyID. true true true true true true true 2 false false false true
11-9-0519 Highly Important Capacity Monitoring: Network Operators and Service Providers should engineer and monitor networks to ensure that operating parameters are within capacity limits of their network design (e.g., respect limitations of deployed packet switches, routers and interconnects, including “managed networks” and “managed CPE”). These resource requirements should be re-evaluated as services change or grow. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-9-0530 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should participate in interoperability testing (including services), as appropriate, to maintain reliability across connected networks. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Industry Cooperation; Network Interoperability; Policy; true true true true true true true 2 true false false true
11-9-0532 Highly Important Network Operators and Public Safety should periodically audit the physical and logical diversity called for by network design of their network segment(s) and take appropriate measures as needed. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Business Continuity; Emergency Preparedness; Network Provisioning; Procedures; Facilities – Transport; true true true true true false true 2 false false false true
11-9-0536 Highly Important As appropriate, Network Operators and Service Providers should deploy security and reliability related software updates (e.g., patches, maintenance releases, dot releases) when available between major software releases. Prior to deployment, appropriate testing should be conducted to ensure that such software updates are ready for deployment in live networks. Equipment Suppliers should include such software updates in the next generic release and relevant previous generic releases. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Network Elements; Network Operations; Procedures; Software; Technical Support; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 true false false false
11-9-0541 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should store multiple software versions for critical network elements and be able to fallback to earlier versions. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Elements; Network Operations; Software; true true true true true true true 2 true false false true
11-9-0550 Highly Important Network Operators, Public Safety, and Equipment Suppliers should implement procedures to ensure synchronization and security of databases. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Public Safety; Information Protection; Network Operations; Network Provisioning; Procedures; Software; Supervision; Training Awareness; true true true true true false true 2 true false false true
11-9-0566 Critical Network Operators, Service Providers and Public Safety should consider placing and maintaining 9-1-1 TDM or IP based networks over diverse interoffice transport facilities (e.g., geographically diverse facility routes, automatically invoked standby routing, diverse digital cross-connect system services, self-healing fiber ring topologies, or any combination thereof). Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Design; Public Safety Service; Facilities – Transport; true true false true true true true 3 false false false true
11-9-0567 Important Network Operators, Service Providers, and Public Safety should spread 9-1-1 and Next Generation 9-1-1 access connections across similar equipment to avoid single points of failure and clearly mark plug-in level components and termination points as critical essential services that are to be treated with a high level of care. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Design; Network Operations; Procedures; Public Safety Service; Facilities – Transport; This service provider equipment identification applies to E9-1-1 and may apply to some elements of NG9-1-1. true true false true true true true 1 false false false true
11-9-0568 Critical Network Operators, Service Providers and Public Safety should establish a routing plan so that in the case of lost connectivity or disaster impact affecting a Public Safety Answering Point (PSAP), 9-1-1 calls are routed to an alternate PSAP answering point. Cable; Internet/Data; Wireline; Network Operator; Public Safety; Emergency Preparedness; Essential Services; Industry Cooperation; Network Design; Network Operations; Procedures; Public Safety Service; true true false false true false true 3 false false false true
11-9-0569 Highly Important Network Operators, Service Providers, and Public Safety should consider using the Public Switch Telephone Network (PSTN) as a backup to dedicated trunks for the 9-1-1 network during periods of network failure. In cases where the ability to deliver 9-1-1 calls to the Public Safety Answering Point (PSAP) through normal routing is interrupted by a failure (not all trunks busy conditions) consider forwarding the call over the PSTN to a telephone number specified and answered by Public Safety authorities. It is desirable for that specified telephone number to be a type that can provide the original Caller ID/Automatic Number Identification (ANI). Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Design; Network Interoperability; Network Operations; Procedures; Public Safety Service; Facilities – Transport; This best practice does not propose that any 9-1-1 call delivery stakeholder bypass acceptable congestion control techniques commonly applied within the industry for 9-1-1 calls. true true false false true true true 2 false false false true
11-9-0570 Important Network Operators, Service Providers, and Public Safety should implement procedures that allow for 9-1-1 traffic to be rerouted to an alternate 9-1-1 answering location such as a fixed, mobile, or temporary PSAP (automatically, based on policy rules or with minimal manual intervention). For example situations where a network condition causes 9-1-1 call delivery to be disrupted or PSAP personnel must be evacuated for safety reasons. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Design; Network Operations; Network Provisioning; Procedures; Public Safety Service; true true false false true true true 1 false false false true
11-9-0571 Critical Network Operators and Public Safety should consider deploying dual active 9-1-1 selective routing architectures to enable circuits from the serving end office to be split between two selective routers or Emergency Service Routing Proxies (ESRP) in order to eliminate single points of failure (SPOF) taking diversity between Selective Routers (SR) or ESRP and PSAP into consideration. Cable; Internet/Data; Wireless; Wireline; Network Operator; Public Safety; Essential Services; Network Design; Public Safety Service; true true false true true false true 3 false false false true
11-9-0574 Critical Network Operators, Service Providers, and Public Safety should actively monitor and manage the 9-1-1 network components using network management controls, where available, to quickly restore 9-1-1 service and provide priority repair during network failure events. When multiple interconnecting providers and vendors are involved, they will need to cooperate to provide end-to-end analysis of complex call-handling problems. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Operations; Pandemic; Procedures; Public Safety Service; Supervision; Superceded by 7-7-0574 developed under NRIC. true true false false true true true 3 false false false true
11-9-0575 Critical Network Operators, Service providers, and Public Safety should deploy location identification systems used by Public Safety in a redundant, geographically diverse manner (i.e., two identical ALI/Mobile Positioning Center (MPC) Gateway Mobile Location Center (GMLC)/VPC/LIS database systems with mirrored data located in geographically diverse locations). Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Network Design; Network Provisioning; Public Safety Service; These include, but are not limited to, ALI, MPC/GMLC, VPC systems, and LIS. true true false true true true true 3 false false false true
11-9-0576 Highly Important Network Operators and Service Providers should minimize impact from pre-planned high volume call events by invoking network management and congestion controls for affected end offices to maximize 9-1-1 call throughput. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Design; Network Operations; Network Provisioning; Procedures; Public Safety Service; true true false false true true true 2 false false false true
11-9-0577 Critical Network Operators, Service Providers and Public Safety responsible for Public Safety Answering Point (PSAP) operations should jointly and periodically test and verify that critical components (e.g., automatic re-routes, PSAP Make Busy keys) included in contingency plans work as designed. Cable; Internet/Data; Wireless; Wireline; Government; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Liaison; Network Operations; Procedures; Public Safety Service; true true false true true true true 3 false false true true
11-9-0578 Highly Important Network Operators, Service Providers and Public Safety should actively engage in public education efforts aimed at informing the public of the capabilities and proper use of 9-1-1. Cable; Internet/Data; Wireless; Wireline; Government; Network Operator; Service Provider; Public Safety; Essential Services; Liaison; Policy; Public Safety Service; Training Awareness; true true false true true true true 2 false false true true
11-9-0579 Critical Network Operators, Service Providers and Public Safety should routinely team to develop, implement, test, evaluate and update, as needed, plans for managing 9-1-1 disruptions (e.g., share information about network and system security and reliability where appropriate). Cable; Internet/Data; Wireless; Wireline; Government; Network Operator; Service Provider; Public Safety; Essential Services; Liaison; Network Interoperability; Network Operations; Procedures; Public Safety Service; Training Awareness; true true false true true true true 3 false false true true
11-9-0580 Critical Network Operators and Public Safety Authorities should apply redundancy and diversity where feasible, to all network links considered vital to a community’s ability to respond to emergencies. Cable; Internet/Data; Wireline; Government; Network Operator; Service Provider; Public Safety; Essential Services; Industry Cooperation; Liaison; Network Design; Public Safety Service; Facilities – Transport; Security practices and concepts should be applied to the critical systems supporting Link Redundancy and Diversity. true true false false true true true 3 false false true true
11-9-0581 Critical Network Operators and Service Providers should include Automatic Location Identification (ALI) data for both traditional and alternate providers (e.g., Private Switch, Competitive Local Exchange Carrier (CLEC), Voice over Internet Protocol (VoIP)) in the ALI systems, where required. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Industry Cooperation; Public Safety Service; true true false true true true true 3 false false false true
11-9-0599 Highly Important Network Operators, Service Providers, and Public Safety should conduct exercises periodically to test a network’s operational readiness for various types of events (e.g., hurricane, flood, nuclear, biological, and chemical), through planned, simulated exercises being as authentic as practical including scripts prepared in advance with team members playing their roles as realistically as possible. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Documentation; Emergency Preparedness; Network Operations; Pandemic; Procedures; Public Safety Service; Supervision; Training Awareness; true true true true true true true 2 true false false true
11-9-0603 Highly Important Network Operators, Service Providers and Public Safety should establish policies and procedures that outline how critical network element databases will be backed up onto a storage medium (e.g., tapes, optical diskettes) on a scheduled basis. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Policy; Procedures; Examples of network databases include router configurations, digital cross connect system databases, switching system images, base station controller images. These policies and procedures should address, at a minimum, the following: Database backup schedule and verification procedures; Storage medium standards; Storage medium labeling; On site and off site storage; Maintenance and certification; Handling and disposal. true true true true true true true 2 false false false true
11-9-0616 Highly Important Network Operators and Service Providers should design and implement procedures to evaluate failure and emergency conditions affecting network capacity. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Network Operations; Pandemic; Procedures; Note: This Best Practice could impact 9-1-1 operations. true true true true true false true 2 false false false true
11-9-0619 Highly Important Network Operators, Service Providers, Property Managers and Public Safety Providers should coordinate with fire agencies in emergency response preplanning efforts for communications equipment locations. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Government; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Fire; Industry Cooperation; Public Safety Service; true true true true true true true 2 false true true true
11-9-0622 Highly Important Network Operators, Service Providers, Property Managers and Public Safety should use approved industry standards for Telecommunications Environmental Protection, DC Power Systems for key equipment locations (e.g., routers, central office switches, and other critical network elements) to reduce fires associated with DC power equipment. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Fire; Hardware; Network Design; Network Elements; Power; Example ANSI T1.311-1998 true true true true true true true 2 false true false true
11-9-0635 Important Network Operators, Service Providers, Property Managers and Public Safety should ensure that AC surge protection is provided at the power service entrance to minimize the effects caused by lightning or extremely high voltages. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Fire; Liaison; Power; TR-NWT-001011 “Generic Requirements for Surge Protection Devices”. true true true true true true true 1 false true false true
11-9-0644 Critical Network Operators, Service Providers, Property Managers and Public Safety should use over-current protection devices and fusing. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Fire; Power; true true true true true true true 3 false false false true
11-9-0655 Critical Network Operators, Service Providers, Property Managers and Public Safety should coordinate hurricane and other disaster restoration work with electrical and other utilities as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Liaison; Network Operations; Power; Public Safety Service; true true true true true true true 3 false true false true
11-9-0657 Critical Network Operators, Service Providers, Property Managers and Public Safety should design standby generator systems for fully automatic operation and for ease of manual operation, when required. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Business Continuity; Emergency Preparedness; Network Design; Power; true true true true true true true 3 false true false true
11-9-0658 Critical Network Operators, Service Providers, Property Managers and Public Safety should ensure generator life support systems (e.g., radiator fan, oil cooler fan, water transfer pumps, fuel pumps, engine start battery chargers) are on the essential Alternating Current (AC) buss of the generator they serve. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Business Continuity; Emergency Preparedness; Pandemic; Power; Procedures; true true true true true true true 3 false true false true
11-9-0660 Highly Important Network Operators, Service Providers, Property Managers and Public Safety should have a plan that is periodically verified for providing portable generators to offices with and without stationary engines. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Operations; Power; Procedures; true true true true true true true 2 false true false true
11-9-0662 Critical Network Operators, Service Providers, Property Managers and Public Safety should exercise power generators on a routine schedule in accordance with manufacturer’s specifications. For example, a monthly 1 hour engine run on load, and a 5 hour annual run. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Network Operations; Power; Procedures; true true true true true true true 3 false true false true
11-9-0664 Important Network Operators, Service Providers and Equipment Suppliers should provide indicating type control fuses on the front of the power panels, including smaller distribution panels. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Hardware; Power; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 true false false false
11-9-0668 Important Network Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should clearly label the equipment served by each circuit breaker and fuse. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Elements; Power; true true true true true true true 1 true true false true
11-9-0669 Highly Important Network Operators, Service Providers, Property Managers and Public Safety should develop and/or provide appropriate emergency procedures for Alternating Current (AC) transfer. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Power; Procedures; true true true true true true true 2 false true false true
11-9-0671 Highly Important Network Operators, Service Providers, Property Managers and Public Safety should design and implement a preventive maintenance and inspection program for electrical systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Network Operations; Power; Procedures; true true true true true true true 2 false true false true
11-9-0674 Important Network Operators, Service Providers, Property Managers, and Public Safety should initiate or continue a modernization program to ensure that outdated power equipment is phased out of plant considering capabilities of smart controllers, local and remote monitoring and control, alarm systems when updating power equipment, and being integrated into engineering and operational strategies. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Public Safety; Pandemic; Policy; Power; true true true true true false true 1 false true false true
11-9-0689 Important Network Operators, Service Providers and Public Safety should provide a separate “battery discharge” alarm for all critical infrastructure facilities, and where feasible, periodically (e.g., every 15 minutes) repeat the alarm as long as the condition exists. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Power; Procedures; true true true true true true true 1 false false false true
11-9-0690 Important Network Operators, Property Managers and Public Safety should consider providing power alarm redundancy so that no single point alarm system failure will lead to a network power outage. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Public Safety; Network Design; Network Operations; Power; true true true true true false true 1 false true false true
11-9-0694 Important Network Operators and Service Providers should check for current flow in cables with AC/DC clamp-on ammeters before removing the associated fuses or opening the circuits during removal projects. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Network Operations; Power; Procedures; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false false false false
11-9-0695 Highly Important Network Operators, Service Providers, Property Managers and Public Safety should develop and test plans to address situations where normal power backup does not work (e.g., commercial AC power fails, the standby generator fails to start, automatic transfer switch fails). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Operations; Power; Procedures; true true true true true true true 2 false true false true
11-9-0697 Important Network Operators, Service Providers, Equipment Suppliers and Public Safety should employ an “Ask Yourself” program as part of core training and daily operations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Human Resources; Network Operations; Power; Procedures; Supervision; Training Awareness; This initiative is intended to reinforce the responsibility every employee has to ensure flawless network service. true true true true true true true 1 true false false true
11-9-0699 Highly Important Network Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should design standby systems (e.g., power) to withstand harsh environmental conditions. Cable; Internet/Data; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Buildings; Emergency Preparedness; Hardware; Power; true true false true true true true 2 true true false true
11-9-0701 Highly Important Network Operators, Service Providers, Property Managers, and Public Safety should provide security for portable generators. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Corporate Ethics; Emergency Preparedness; Power; true true true true true true true 2 false true false true
11-9-0750 Highly Important Equipment Suppliers should provide a mechanism for
feature activation or deactivation that is not service impacting to end-users (e.g., avoid re-boot, re-start or re- initialization). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Hardware; Network Elements; Procedures; Software; Note: This Best practice could impact 9-1-1 operations. true true true true true false false 2 true false false false
11-9-0758 Critical Network Operators, Service Providers and Public Safety should, upon restoration of service in the case of an outage where 9-1-1 call completion is affected, make/request multiple test calls to the affected PSAP(s) to ensure proper completion. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Disaster Recovery; Essential Services; Liaison; Network Operations; Procedures; Public Safety Service; true true true true true true true 3 false false false true
11-9-0760 Important Network Operators, Service Providers and Public Safety should maintain records that accurately track the diversity of internal wiring for office synchronization, including timing leads and power. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Documentation; Network Design; Network Elements; Network Operations; Network Provisioning; Power; Procedures; Facilities – Transport; Best Practice recommended by the NRSC Timing Outage Task Force Report – March 6, 2002. true true true true true true true 1 false false false true
11-9-0762 Highly Important Network Operators should engineer networks supporting VoIP applications to provide redundant and highly available application layer services. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Cyber Security; Network Interoperability; Software; Examples of such services include DNS and other directory services, SIP, H.323, and other application-level gateways. To ensure interoperability, all implementations of such IP-based application protocols should conform to the applicable IETF standards for those protocols. true true true true true false true 2 false false false true
11-9-0773 Highly Important Network Operators, Service Providers, Property Managers, and Public Safety should perform annual capacity evaluation of power equipment, and perform periodic scheduled maintenance, including power alarm testing. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Network Operations; Power; true true true true true true true 2 false true false true
11-9-0774 Important Network Operators, Service Providers , Equipment Suppliers, and Public Safety should provide warning signs to indicate precautions to be taken when powering on circuits that require special procedures Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Operations; Power; Procedures; true true true true true true true 1 true false false true
11-9-0780 Critical Network Operators, Service Providers, and Public Safety should consider including coordination information of each other when developing disaster restoration and prioritization plans. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Liaison; Public Safety Service; true true true true true true true 3 false false false true
11-9-0786 Critical Network Operators, Service Providers, and Public Safety should consider allowing Equipment Suppliers or third party Service Providers remote secured access to vital hardware components. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Contractors and Vendors; Disaster Recovery; Hardware; Technical Support; true true true true true true true 3 false false false true
11-9-0797 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider creating a workforce augmentation plan prior to a pandemic or other crisis situation. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Contractors and Vendors; Disaster Recovery; Documentation; Emergency Preparedness; Human Resources; Network Design; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; Supervision; true true true true true true true 1 true false false true
11-9-0803 Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers are encouraged to continue to participate in the development and expansion of industry standards for traffic management that promote interoperability and assist in meeting end user quality of service needs. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Industry Cooperation; Network Interoperability; Policy; true true true true true true true 1 true false false true
11-9-0900 Highly Important Network Operators and Service Providers operating a Virtual Private Cloud (VPC), Mobile Positioning Center (MPC), or Gateway Mobile Location Center (GMLC) should strive to reduce bad shell record data routing errors for 9-1-1 pseudo Automatic Number Identification (pANI) due to incorrect Master Street Address Guide (MSAG) to Emergency Service Number (ESN) to Public Safety Answering Point (PSAP) relationship (MSAG-ESN-PSAP) by following National Emergency Number Association (NENA) 56-504 �NENA VoIP 9-1-1 Deployment and Operational Guidelines� to fully test routing for every pANI placed in service. Network Operator; Public Safety; Network Provisioning; Public Safety Service; See Testing in Section 5.1.4 of NENA 56-504 �NENA VoIP 9-1-1 Deployment and Operational Guidelines�. false false false false false false true 2 false false false true
11-9-1001 Critical Network Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should formally document their business continuity processes in a business continuity plan covering critical business functions and business partnerships. Key areas for consideration include: Plan Scope, Responsibility, Risk Assessment, Business Impact Analysis, Plan Testing, Training and Plan Maintenance. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Documentation; Emergency Preparedness; true true true true true true true 3 true true false true
11-9-1004 Highly Important Network Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should review their Business Continuity Plan(s) on an annual basis to ensure that plans are up-to-date, relevant to current objectives of the business and can be executed as written. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; true true true true true true true 2 true true false true
11-9-1005 Critical Network Operators, Service Providers, Equipment Suppliers, and Public Safety should perform a Business Impact Analysis (BIA) to assess the impact of the loss of critical operations, support systems and applications. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Business Continuity; Emergency Preparedness; Related BP is 5072. true true true true true false false 3 false false false true
11-9-1009 Highly Important Network Operators, Service Providers, Equipment Suppliers, and Public Safety should regularly conduct exercises that test their Disaster Recovery Plans. Exercise scenarios should include natural and man-made disasters (e.g., hurricane, flood, nuclear, biological, and chemical). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Operations; Training Awareness; The exercise should be as authentic as practical. Scripts should be prepared in advance and team members should play their roles as realistically as possible. While the staff must be well prepared, the actual exercise should be conducted unannounced in order to test the responsiveness of the team members and effectiveness of the emergency processes. Also, callout rosters and emergency phone lists should be verified. Early in the exercise, make sure everyone understands that this is a disaster simulation, not the real thing! This will avoid unnecessary confusion and misunderstandings that could adversely affect service. It is particularly important to coordinate disaster exercises with other Service Provider, Public Safety Providers and vendors. It is very important immediately following the drill to critique the entire procedure and identify lessons learned. These should be documented and shared with the entire team. See http://www.DRII.org. true true true true true true true 2 true false false true
11-9-1010 Critical Network Operators, Service Providers, Equipment Suppliers, and Public Safety should designate personnel responsible for maintaining Business Continuity and Disaster Recovery Plans. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; true true true true true true true 3 true false false true
11-9-1011 Critical Network Operators, Service Providers, Equipment Suppliers, and Public Safety should establish alternative methods of communication for critical personnel. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Public Safety Service; true true true true true true true 3 true false false true
11-9-1015 Important Network Operators, Service Providers, and Public Safety should make available to the disaster recovery team “as-built” drawings of network sites. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Documentation; Emergency Preparedness; Network Design; true true true true true true true 1 false false false true
11-9-1017 Critical Network Operators, Service Providers, and Public Safety should have documented plans or processes to assess damage to network elements, outside plant, facility infrastructure, etc. for implementation immediately following a disaster. Cable; Internet/Data; Satellite; Wireless; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Procedures; true true true true false true true 3 false false false true
11-9-1018 Highly Important Network Operators, Service Providers ,Equipment Suppliers and Public Safety should emphasize employee and public safety during a disaster and all phases of disaster recovery Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Policy; true true true true true true true 2 true false false true
11-9-1020 Highly Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should assess the need for Chemical, Biological, Radiological and Nuclear (CBRN) response program to safely restore or maintain service in the aftermath of fuel/chemical contamination or a Weapons of Mass Destruction (WMD) attack. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; This can be accomplished through internal teams or contracting with an external HazMat response and remediation vendor. true true true true true true true 2 true false false true
11-9-1022 Critical Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider the development of a vital records program to protect vital records that may be critical to restoration efforts. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Documentation; Emergency Preparedness; true true true true true true true 3 true false false true
11-9-1023 Critical Network Operators, Service Providers, Public Safety and Equipment Suppliers should identify essential staff within their organizations that are critical to disaster recovery efforts. Planning should address the availability of these individuals and provide for backup staff. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Pandemic; true true true true true true true 3 true false false true
11-9-1024 Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should plan for the possibility of a disaster occurring during a work stoppage. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Human Resources; true true true true true true true 1 true false false true
11-9-1026 Important Network Operators, Public Safety and Service Providers should consider creating a policy statement that defines a remote system access strategy, which may include a special process for disaster recovery. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Business Continuity; Cyber Security; Emergency Preparedness; Pandemic; Policy; true true true true true false true 1 false false false true
11-9-1028 Critical Network Operators, Service Providers, Public Safety and Property Managers should engage in preventative maintenance programs for network site support systems including emergency power generators, UPS, DC plant (including batteries), HVAC units, and fire suppression systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Public Safety; Buildings; Business Continuity; Emergency Preparedness; Fire; Network Operations; Power; true true true true true false true 3 false true false true
11-9-1029 Important Network Operators, Public Safety and Service Providers should periodically review their portable power generator needs to address changes to the business. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Operations; Power; true true true true true true true 1 false false false true
11-9-1031 Highly Important Network Operators, Public Safety and Service Providers should consider entering into Mutual Aid agreements with partners best able to assist them in a disaster situation using the templates provided on the NRIC and NCS websites. These efforts could include provisions to share spectrum, fiber facilities, switching, and/or technician resources. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; Industry Cooperation; See http://www.ncs.gov/ncc/nccmaa/nccmaa_toc.html and http://www.nric.org/meetings/meeting20020913.html. true true true true true true true 2 false false false true
11-9-1032 Highly Important Network Operators, Public Safety and Service Providers should document their critical equipment suppliers, vendors, contractors and business partners in their Business Continuity Plans along with an assessment of the services, support, and capabilities available in the event of a disaster. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Industry Cooperation; true true true true true true true 2 false false false true
11-9-1034 Critical Network Operators and Public Safety should ensure that the emergency mobile assets are maintained at a hardware and software level compatible with the existing network infrastructure so that the emergency mobile assets will be immediately available for deployment. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Business Continuity; Emergency Preparedness; Hardware; Network Elements; Network Operations; Experience has shown that hardware and software maintenance of emergency mobile assets should be assigned to designated technicians. true true true true true false false 3 false false false true
11-9-1035 Important Network Operators, Public Safety and Service Providers should include trial deployment of emergency mobile assets in disaster response exercises to evaluate level of personnel readiness. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Operations; Training Awareness; true true true true true true true 1 false false false true
11-9-1037 Highly Important Network Operators, Public Safety, Service Providers, Equipment Suppliers and Public Safety Authorities should use a disaster recovery support model that provides a clear escalation path to executive levels, both internally and to business partners. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; Public Safety Service; true true true true true false true 2 true false false true
11-9-1038 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should consider during all hazard and preplanned events, communicating the response status frequently and consistently to all appropriate employees detailing what processes have been put in place to support customers and what priorities have been established in the response. Cable; Internet/Data; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Pandemic; Supervision; true true false true true true true 2 true false false true
11-9-1058 Highly Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should work collectively with local, state, and federal governments to develop relationships fostering efficient communications, coordination and support for emergency response and restoration. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Government; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; Liaison; true true true true true true true 2 true false true true
11-9-1063 Critical Network Operators, Public Safety and Service Providers should set Initial Address Messages (IAMs) to congestion priority in accordance with applicable ANSI standards. This will ensure government emergency calls (e.g., 9-1-1, GETS) receive proper priority during national emergency situations. Implementation in all networks should be in accordance with ANSI T1.111. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Design; Pandemic; See ATIS-1000111.2005(R2010), Signalling System Number 7 (SS7) � Message Transfer Part (MTP) at http://www.atis.org/docstore. true true false true true true true 3 false false false true
11-9-1067 Highly Important Network Operators, Public Safety, Service Providers and Property Managers should consider, in preparation for predicted natural events, placing standby generators on line and verifying proper operation of all subsystems (e.g., ice, snow, flood, hurricanes). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Network Operations; Power; true true true true true true true 2 false true false true
11-9-3202 Important The Service Provider and the Public Safety Agency or its agent that utilize Public Safety mass calling systems for emergency notification should have a pre-established procedure to notify all impacted network operators, prior to launching an alert event. Cable; Internet/Data; Wireless; Wireline; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Industry Cooperation; Liaison; Public Safety Service; true true false true true true false 1 false false false true
11-9-3204 Highly Important Public Safety and Government should work with Service Providers to educate the public on the proper use of N11 Access codes (e.g., 211, 311, 411 or 511 services) where available, such that it enables the 9-1-1 network and personnel to be exclusively focused on emergencies. Cable; Internet/Data; Wireless; Wireline; Service Provider; Public Safety; Emergency Preparedness; Industry Cooperation; Liaison; Public Safety Service; Proper use of all N11 codes, including 9-1-1, prevents exhaustion of resources of emergency personnel on non-emergency situations. true true false true true true false 2 false false false true
11-9-3205 Important Network Operators, Service Providers and Public Safety organizations should consider participating in standards bodies and other forums contributing to Emergency Telecommunications Services (ETS). Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Public Safety Service; true true false true true true true 1 false false false true
11-9-3211 Highly Important Network Operators, Public Safety and Service Providers should develop and maintain operations plans that address network reliability issues. Network Operators and Service Providers should proactively include Public Safety authorities when developing network reliability plans in support of 9-1-1 services. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Liaison; Network Operations; Public Safety Service; true true true true true true true 2 false false false true
11-9-3212 Important Network Operators and Service Providers should consider including notification of Public Safety Authorities, as appropriate, in their trouble notification plans. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Liaison; Network Operations; Public Safety Service; true true true true true true true 1 false false false true
11-9-3214 Important Public Safety Answering Points should avoid deploying an automatic ALI rebid function for wireless E9-1-1 calls. However, where deemed necessary, an automatic ALI rebid function should only be deployed for the initial bid to retrieve the Phase II location. Wireless; Network Operator; Service Provider; Public Safety; Essential Services; Public Safety Service; false false false true false true true 1 false false false true
11-9-3216 Important “Technically Retired” – For Network Operators that cannot default route 9-1-1 calls based on cell sector/tower location, switch level defaulted calls should be routed to a �fast busy� tone or to an appropriate recorded announcement. Wireless; Network Operator; Public Safety; Essential Services; Network Design; Public Safety Service; false false false true false false true 1 false false false true
11-9-3217 Highly Important Network Operators and Service Providers should provide and maintain current 24/7/365 contact information accessible to Public Safety Answering Points (PSAPs) so that PSAPs may obtain additional subscriber information as appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Essential Services; Public Safety Service; true true true true true true true 2 false false false true
11-9-3218 Important Public Safety should provide Training to educate PSAP personnel as to the process to obtain E9-1-1 Phase II data. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Essential Services; Human Resources; Public Safety Service; Training Awareness; true true true true true false false 1 false false false true
11-9-3219 Important Public Safety should provide training to educate PSAP personnel as to the proper meaning and interpretation of the E9-1-1 Phase II display parameters. Cable; Internet/Data; Satellite; Wireless; Wireline; Public Safety; Essential Services; Human Resources; Public Safety Service; Training Awareness; true true true true true false false 1 false false false true
11-9-3225 Highly Important Network Operators, Public Safety and Service Providers that deploy geographically diverse 9-1-1 Mobile Positioning Centers (MPC) with dual load sharing nodes should ensure that the utilization on either node is less than half of each node’s capacity so that if one node fails the other node will absorb the load. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Design; Public Safety Service; true true true true true true true 2 false false false true
11-9-3226 Critical Network Operators, Public Safety and Service Providers operating Mobile Positioning Centers (MPC) should provide 24×7 network operations support. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Public Safety Service; true true true true true true true 3 false false false true
11-9-3227 Highly Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should deploy location solutions such that the E9-1-1 related data traffic between the Position Determining Entity (PDE) and the mobile subscriber associated with location determination should not interfere with the voice traffic, when feasible. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Design; Public Safety Service; true true true true true true true 2 true false false true
11-9-3228 Highly Important Network Operators, Service Providers, Public Safety and Equipment Suppliers that use Global Positioning System (GPS) enabled Phase II location solutions should ensure that the GPS satellite location information (e.g., GPS ephemeris, almanac, etc.) is as current as is feasible to assist the handset in providing improved accuracy of the GPS fix, aiding in the reduction of the time of database responses and reduction of the number of database query rebids. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Design; Public Safety Service; true true true true true true true 2 true false false true
11-9-3229 Important Network Operators, Public Safety and Service Providers that operate Mobile Positioning Centers (MPC)/ Gateway Mobile Location Centers (GMLC) should maintain local storage of record logs for a minimum of 7 days showing incoming successful requests from Emergency Services Message Entity (ESME) and outgoing responses to ESME. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Documentation; Network Operations; Public Safety Service; true true true true true true true 1 false false false true
11-9-3230 Important Network Operators, Public Safety and Service Providers that produce location event records that include time-stamped call detail transactions should store these records for a minimum of 3 days. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Documentation; Network Operations; Public Safety Service; true true true true true true true 1 false false false true
11-9-3231 Highly Important Network Operators, Public Safety and Service Providers that use Global Positioning System (GPS) enabled Phase II location solutions should ensure that the GPS satellite location identification information (e.g., GPS ephemeris, almanac, etc.) is transmitted to the Phase II Mobile Subscriber or Position Determining Entities (PDE) as soon as is feasible after the E9-1-1 call commences in order to reduce the number of database query rebids. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Liaison; Network Design; Network Operations; Public Safety Service; true true true true true true true 2 false false false true
11-9-3233 Important Service Providers and Public Safety deploying wireless Phase II should work to ensure that Phase II accuracy is optimized and the performance trouble resolution process is followed as needed. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Public Safety; Network Operations; Public Safety Service; See �E9-1-1 PHASE II Accuracy Optimization Reporting and Resolution Process� document (Appendix E� NRIC VII 1A Final Report). true true true true true true false 1 false false false true
11-9-3234 Critical Network Operators, Service Providers, and Public Safety should establish mechanisms in Next Generation 9-1-1 (NG9-1-1) applications to handle call congestion and outages through diversion of calls to alternate Public Safety Answering Points (PSAP) that have the capabilities to effectively answer and provide assistance during periods of extreme overload or network failure scenarios. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Operations; Pandemic; Procedures; Public Safety Service; Supervision; true true false false true true true 3 false false false true
11-9-3235 Critical “Technically Retired” – Network Operators, Service Providers, and Public Safety should design Emergency Services IP Networks (ESInets) with redundant interconnectivity to Online Service Providers (OSPs) and Public Safety Answering Points (PSAP) to maintain connectivity in the face of extensive disaster damage using the characteristics of IP routing to provide assistance in ensuring 9-1-1 calls will reach a PSAP if there is any path possible. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Operations; Pandemic; Procedures; Public Safety Service; Supervision; true true false false true true true 3 false false false true
11-9-3236 Highly Important Network Operators, Public Safety, and Equipment Suppliers should have procedures in place to allow for manual configuration in the event of a failure of automatic synchronization systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Public Safety; Information Protection; Network Operations; Network Provisioning; Procedures; Software; Supervision; Training Awareness; true true true true true false true 2 true false false true
11-9-3237 Highly Important Network Operators, Public Safety, and Equipment Suppliers should consider restricting provisioning technicians from all commands except those that are needed for their work (least privileges) and avoid any “global” commands or unauthenticated, privileged access that may have the potential for significant impact. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Public Safety; Information Protection; Network Operations; Network Provisioning; Procedures; Software; Supervision; Training Awareness; true true true true true false true 2 true false false true
11-9-3238 Highly Important Network Operators, Service Providers, and Public Safety should consider using wireless public or private networks as a backup to dedicated trunks for the 9-1-1 network during periods of network failure. In cases where the ability to deliver 9-1-1 calls to the Public Safety Answering Point (PSAP) through normal routing is interrupted by a failure (not all trunks busy conditions) consider forwarding the call over wireless public, private networks, or satellite-based services to provide an additional alternate path to the PSTN, providing IP multimedia connectivity for next generation networks, or used solely as an alternate call delivery path for the voice component of 9-1-1 calls. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Essential Services; Network Design; Network Interoperability; Network Operations; Procedures; Public Safety Service; Facilities – Transport; true true false false true true true 2 false false false true
11-9-3239 Highly Important Network Operators, Service Providers, and Public Safety should implement testing and verification processes for 9-1-1 pseudo Automatic Number Identification (pANI) to prevent bad data from being entered into the wrong routing databases typically occurring at the Automatic Location Information (ALI) or Selective Router (SR) stage of the provisioning process. Cable; Internet/Data; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Provisioning; Public Safety Service; true true false true true true true 2 false false false true
11-9-3241 Highly Important “Technically Retired” – Network Operators and Service Providers using IP-based connection arrangements for routing to a 9-1-1 system Service Provider (SSP) or Public Safety agency should ensure those transport facilities are diverse private facilities or their functional equivalent (e.g., generic routing encapsulation (GRE) tunneling, virtual private network (VPN), or equally secure industry protocols) and where appropriate and necessary supported by service level agreements. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Provisioning; Public Safety Service; true true true true true true true 2 false false false true
11-9-3242 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should work together to jointly perform cause analysis, and meet periodically with the specific agenda of sharing the failure and outage information to develop corrective measures. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Public Safety; Network Elements; Network Operations; true true true true true false true 2 true false false true
11-9-3243 Highly Important Service Providers, Network Operators, and Public Safety should coordinate and perform necessary testing of all new call paths between their network and the emergency services network (e.g., Selective Routers, or the Emergency Services IP Network (ESInet)) that includes a test call using all routing elements. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Network Provisioning; Public Safety Service; true true true true true true true 2 true true false true
11-9-5012 Highly Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should limit access to areas of critical infrastructure to essential personnel. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Disaster Recovery; Pandemic; Physical Security Management; Policy; Prevent unauthorized access. true true true true true true true 2 true false false true
11-9-5073 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should perform risk assessment on significant network changes (e.g., technology upgrades). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Network Design; Network Operations; Facilities – Transport; true true true true true true true 2 true false false true
11-9-5112 Critical Network Operators, Service Providers and Equipment
Suppliers should, at the time of the event, coordinate with the appropriate local, state, or federal agencies to facilitate timely access by their personnel to establish, restore or maintain communications, through any governmental security perimeters (e.g., civil disorder, crime scene, disaster area). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Government; Network Operator; Service Provider; Access Control; Business Continuity; Contractors and Vendors; Disaster Recovery; Industry Cooperation; Liaison; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 3 true false true false
11-9-5113 Critical Network Operators, Service Providers, Public Safety and Property Managers, when feasible, should provide multiple cable entry points at critical facilities (e.g., copper or fiber conduit) avoiding single points of failure (SPOF). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Buildings; Network Design; Facilities – Transport; true true true true true true true 3 false true false true
11-9-5127 Critical Network Operators, Service Providers, Equipment Suppliers and Public Safety should provide a Government Emergency Telecommunications Service (GETS) card to essential staff critical to disaster recovery efforts and should consider utilizing Wireless Priority Service (WPS) for essential staff. Appropriate training and testing in the use of GETS & WPS should occur on a regular basis (i.e. in conjunction with testing of the corporate disaster recovery plan). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Human Resources; Liaison; Public Safety Service; Training Awareness; The GETS and WPS web sites are http://wps.ncs.gov/ and http://getes.ncs.gov. true true true true true true true 3 true false false true
11-9-5128 Critical Network Operators, Service Providers, Equipment Suppliers and Public Safety should maintain accurate records for Government Emergency Telecommunications Service (GETS) cards and Wireless Priority Service (WPS) phone assignments as staff changes occur. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Human Resources; Liaison; Public Safety Service; true true true true true true true 3 true false false true
11-9-5130 Important Network Operators, Service Providers, Public Safety, Equipment Suppliers and the Government should conduct public and media relations in such a way as to avoid disclosing specific network or equipment vulnerabilities that could be exercised by a terrorist. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Corporate Ethics; Disaster Recovery; Industry Cooperation; Information Protection; Liaison; Policy; true true true true true true true 1 true false false true
11-9-5131 Highly Important Network Operators and Public Safety should provide appropriate security for emergency mobile units (both pre- and post-deployment) in order to protect against a coordinated terrorist attack on emergency communications capabilities. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Disaster Recovery; Emergency Preparedness; Materials Movement; Physical Security Management; Power; true true true true true false true 2 false false false true
11-9-5132 Important Network Operators and Public Safety should identify primary and alternate transportation (e.g., air, rail, highway, boat) for emergency mobile units and other equipment ad personnel. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Disaster Recovery; Emergency Preparedness; Materials Movement; true true true true true false true 1 false false false true
11-9-5133 Highly Important Network Operators and Public Safety should minimize availability of information to a need to know basis regarding locations where emergency mobile units and equipment are stored. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Public Safety; Disaster Recovery; Emergency Preparedness; Information Protection; Power; true true true true true false true 2 false false false true
11-9-5139 Highly Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should consider establishing procedures for managing personnel who perform functions at disaster area sites. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Corporate Ethics; Disaster Recovery; Emergency Preparedness; Human Resources; Pandemic; Policy; Procedures; Supervision; Technical Support; true true true true true true true 2 true false false true
11-9-5160 Highly Important Public Safety, Network Operators, Service Providers, Equipment Suppliers and Property Managers should have contingency plans in place for the possible absence of critical personnel in their business continuity plan. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Human Resources; Pandemic; true true true true true true true 2 true false false true
11-9-5162 Critical Network Operators, Service Providers, Public Safety and Equipment Suppliers should ensure adequate physical protection for facilities/areas that are used to house certificates and/or encryption key management systems, information or operations. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Cyber Security; Encryption; Information Protection; Physical Security Management; true true true true true true true 3 true false false true
11-9-5175 Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should establish a proprietary information protection policy to protect proprietary information in their possession belonging to the company, business partners and customers from inadvertent, improper or unlawful disclosure. The policy should establish procedures for the classification and marking of information; storage, handling, transfer and transmission of information, retention guidelines and disposal/deletion of information. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Corporate Ethics; Documentation; Human Resources; Information Protection; Physical Security Management; Policy; Procedures; Training Awareness; true true true true true true true 1 true false false true
11-9-5196 Critical Network Operators, Public Safety and Service Providers should ensure that contractors and Equipment Supplier personnel working in critical network facilities follow the current applicable MOP (Method of Procedures), which should document the level of oversight necessary. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Network Operations; Procedures; Supervision; true true true true true true true 3 true false false true
11-9-5200 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should establish and implement procedures for the proper disposal and/or destruction of hardware (e.g., hard drives) that contain sensitive or proprietary information. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Hardware; Information Protection; Materials Movement; Network Elements; Procedures; true true true true true true true 2 true false false true
11-9-5204 Critical Service Providers, Network Operators, Public Safety and Property Managers should ensure availability of emergency/backup power (e.g., batteries, generators, fuel cells) to maintain critical communications services during times of commercial power failures, including natural and manmade occurrences (e.g., earthquakes, floods, fires, power brown/black outs, terrorism). The emergency/backup power generators should be located onsite, when appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Buildings; Disaster Recovery; Emergency Preparedness; Network Design; Network Operations; Power; true true true true true true true 3 false false false true
11-9-5206 Critical Network Operators, Service Providers, Public Safety and Property Managers should maintain sufficient fuel supplies for emergency/backup power generators running at full load and ensure contracted refueling is in place. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Network Operations; Power; See NRIC BP 0658. true true true true true true true 3 false true false true
11-9-5207 Critical Network Operators, Service Providers, Public Safety and Property Managers should take appropriate precautions to ensure that fuel, other supplies, and alternate sources of power are available for critical installations in the event of major disruptions in a geographic area (e.g., hurricane, earthquake, pipeline disruption). Consider contingency contracts in advance with clear terms and conditions (e.g., Delivery time commitments, T&Cs). Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Materials Movement; Network Operations; Pandemic; Power; See NRIC BP 0658. true true true true true true true 3 false true false true
11-9-5208 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety and Property Managers should ensure that electrical work (e.g., AC and high current DC power distribution) is performed by licensed technicians. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Contractors and Vendors; Human Resources; Network Operations; Power; Training Awareness; true true true true true true true 1 true true false true
11-9-5223 Highly Important Network Operators, Service Providers, Public Safety and Equipment Suppliers should establish a technical support plan that prevents the loss of one facility or location from disabling their ability to provide support. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Emergency Preparedness; Network Design; Network Operations; Physical Security Management; Technical Support; true true true true true true true 2 true false false true
11-9-5225 Important Network Operators, Service Providers, Equipment Suppliers, Public Safety and Property Managers should ensure that Business Continuity Plan(s) are restricted to those with a need-to-know. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Corporate Ethics; Disaster Recovery; Documentation; Emergency Preparedness; Information Protection; true true true true true true true 1 true true false true
11-9-5227 Highly Important Network Operators, Service Providers, Equipment Suppliers, Pubic Safety and Property Managers should perform after-action reviews of emergency response and restoration of major events to capture lessons learned (e.g., early warning signs) and to enhance emergency response and restoration plans accordingly. A process similar to NRIC VII, Focus Group 2B Report Appendices Appendix Z �Recovery Incident Response (IR) Post Mortem Checklist� can be used to capture and identify countermeasures to prevent or mitigate the impact of future incidents and to quickly and effectively restore service from such events in the future. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Physical Security Management; http://www.nric.org/meetings/docs/meeting_20041206/NRICVII_FG2B_December2004_BPs_Appendices true true true true true true true 2 true true false true
11-9-5228 Important Network Operators, Service Providers and Equipment Suppliers should consider including cross-subsidiary (e.g. A LEC and its Wireless Business Unit) resource sharing and communications in business continuity plans to support emergency response and restoration. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Business Continuity; Disaster Recovery; Emergency Preparedness; Policy; true true true true true true true 1 true false false true
11-9-5231 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers and Property Managers should develop documentation for the restoration of power for areas of critical infrastructure including such things as contact information, escalation procedures, restoration steps and alternate means of communication. This documentation should be maintained both on-site and at centralized control centers. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Documentation; Emergency Preparedness; Information Protection; Network Operations; Power; Technical Support; true true true true true true true 2 true true false true
11-9-5232 Critical Network Operators, Service Providers, Pubic Safety and Property Managers should test fuel reserves used for standby or backup power for contamination at least once a year or after any event (e.g., earth tremor, flood) that could compromise the integrity of the tank housing, fill pipe or supply pipe. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Disaster Recovery; Network Operations; Power; Procedures; These tests should include inspection for water, sediment, organic contaminates, and any other items that may inhibit the peak performance of the standby/backup generator. true true true true true true true 3 false true false true
11-9-5234 Important Network Operators, Service Providers, Pubic Safety and Property Managers should provide or arrange for security to protect temporary equipment placements and staging areas for critical infrastructure equipment in a disaster area. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Access Control; Disaster Recovery; Materials Movement; Network Operations; Physical Security Management; true true true true true true true 1 false true false true
11-9-5237 Highly Important Network Operators, Service Providers, Pubic Safety and Equipment Suppliers should verify the integrity of system spares and replenish spares, as appropriate, as part of a disaster response and at the conclusion of a disaster response at a facility. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Disaster Recovery; Emergency Preparedness; Hardware; Network Elements; Network Operations; Pandemic; true true true true true true true 2 true false false true
11-9-5240 Highly Important Network Operators, Service Providers, Equipment Suppliers, Pubic Safety and Property Managers should have a plan for responding to malfunctioning access control equipment to include determining restoration priorities for failed security systems after an event. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Disaster Recovery; Emergency Preparedness; Physical Security Management; Security Systems; true true true true true true true 2 true true false true
11-9-5241 Highly Important Network Operators, Service Providers, Pubic Safety and Equipment Suppliers should consider placing access and facility alarm points to critical or sensitive areas on backup power. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Buildings; Disaster Recovery; Emergency Preparedness; Network Design; Physical Security Management; Power; Security Systems; true true true true true true true 2 true false false true
11-9-5258 Important Network Operators, Service Providers, Pubic Safety and Equipment Suppliers should define and assign responsibility for retrieval of all corporate assets (e.g., access cards, equipment) and ensure temporary physical and logical access is removed after completion of a restoration effort for all temporary personnel associated with the restoration. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Contractors and Vendors; Disaster Recovery; Human Resources; Physical Security Management; Supervision; true true true true true true true 1 true false false true
11-9-5259 Highly Important Network Operators, Service Providers, Equipment Suppliers, Pubic Safety and Property Managers should establish and enforce access control and identification procedures for all individuals (including temporary contractors, and mutual aid workers) at restoration sites for which they have responsibility. Provide for issuing and proper displaying of ID badges and the sign-in and escorting procedures, where appropriate. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Public Safety; Access Control; Contractors and Vendors; Disaster Recovery; Guard Force; Human Resources; Physical Security Management; Procedures; Supervision; Visitors; true true true true true false true 2 true true false true
11-9-5260 Important Network Operators, Service Providers, Equipment Suppliers, Pubic Safety and Property Managers should provide any significant changes to access control procedures to affected personnel involved in a restoration. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Access Control; Disaster Recovery; Guard Force; Physical Security Management; Procedures; Supervision; Training Awareness; true true true true true true true 1 true true false true
11-9-5281 Highly Important Network Operators, Service Providers, Pubic Safety and Property Managers with buildings serviced by more than one emergency generator, should design, install and maintain each generator as a standalone unit that is not dependent on the operation of another generator for proper functioning, including fuel supply path. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Network Operator; Service Provider; Public Safety; Emergency Preparedness; Network Design; Power; true true true true true true true 2 false true false true
11-9-8005 Important Document Single Points of Failure: Service Providers and Network Operators should implement a continuous engineering process to identify and record single points of failure and any components that are critical to the continuity of the infrastructure. The process should then pursue architectural solutions to mitigate the identified risks as appropriate. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; ISF SB52. Note: This Best practice could impact 9-1-1 operations. false true false false false true true 1 false false false false
11-9-8008 Critical Network Operators, Service Providers, and Public Safety should implement architectures that partition or segment networks and applications using means such as firewalls, demilitarized zones (DMZ), or virtual private networks (VPN) so that contamination or damage to one asset does not disrupt or destroy other assets. In particular, where feasible, it is suggested user traffic networks, network management infrastructure networks, customer transaction system networks, and enterprise communication/business operations networks be separated and partitioned from one another. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Network Design; Network Elements; Network Operations; “ISF SB52, http://www.sans.org
ITU-T Rec. X.805
ITU-T Rec. X.812”. false true false false false true true 3 true false false true
11-9-8018 Critical Hardening OAM&P User Access Control: Service Providers, Network Operators, and Equipment Suppliers should, for OAM&P applications and interfaces, harden the access control capabilities of each network element or system before deployment to the extent possible (typical steps are to remove default accounts, change default passwords, turn on checks for password complexity, turn on password aging, turn on limits on failed password attempts, turn on session inactivity timers, etc.). A preferred approach is to connect each element or system’s access control mechanisms to a robust AAA server (e.g., a RADIUS or TACAS server) with properly hardened access control configuration settings. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Operations; http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations. false true false false false true true 3 true false false false
11-9-8019 Critical Hardening OSs for OAM&P: Service Providers, Network Operators, and Equipment Suppliers with devices equipped with operating systems used for OAM&P should have operating system hardening procedures applied. Harding procedures include (a) all unnecessary services are disabled; (b) all unnecessary communications pathways are disabled; (c) all critical security patches have been evaluated for installations on said systems/applications; and d) review and implement published hardening guidelines, as appropriate. Where critical security patches cannot be applied, compensating controls should be implemented. Internet/Data; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; Configuration guides for security from NIST (800-53 Rev. 3), NSA (Security Configuration Guides), Center For Internet Security (CIS Benchmarks), http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations. false true false false false true true 3 true false false false
11-9-8026 Critical Distribution of Encryption Keys: When Service Providers, Network Operators, and Equipment Suppliers use an encryption technology in the securing of network equipment and transmission facilities, cryptographic keys must be distributed using a secure protocol that: a) Ensures the authenticity of the sender and recipient, b) Does not depend upon secure transmission facilities, and c) Cannot be emulated by a non-trusted source. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; NIST SP800-57 Recommendation for key management
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007 . Note: This Best practice could impact 9-1-1 operations true true true true true true true 3 true false false false
11-9-8030 Important For Network Operators, Service Providers, Public Safety and Equipment Suppliers, all Operations, Administration, Maintenance, and Provisioning (OAM&P) applications, systems, and interfaces should use session timers to disconnect, terminate, or logout authenticated sessions that remain inactive past some preset (but ideally configurable by the Administrator) time limit that is appropriate for operational efficiency and security. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Network Operations; Network Provisioning; true true true true true true true 1 true false false true
11-9-8032 Important Patching Practices: Service Providers, Network Operators, and Equipment Suppliers should design and deploy a patching process based on industry recommendations, especially for critical OAM&P systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Network Operations; Software; Configuration guide for security from NIST (800-53 Rev. 3). ‘http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Cross reference with 7-6-8032. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 true false false false
11-9-8034 Highly Important Software Patching Policy: Service Providers and Network Operators should define and incorporate a formal patch/fix policy into the organization’s security policies. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Network Operations; Policy; Software; Configuration guide for security from NIST (800-53 Rev. 3). Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-9-8035 Important Network Operators, Service Providers, and Public Safety should include steps to appropriately test all patches/fixes in a test environment prior to distribution into the production environment in their patch/fix policy and process guidelines. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Network Operations; Policy; Software; Configuration guide for security from NIST (800-53 Rev. 3). Related to NRIC BP 8020. true true true true true true true 1 false false false true
11-9-8037 Important Network Operators, Service Providers, and Public Safety should maintain a complete inventory of elements to ensure that patches/fixes can be properly applied across the organization. This inventory should be updated each time a patch/fix is identified and action is taken. Cable; Internet/Data; Satellite; Wireless; Wireline; Service Provider; Public Safety; Cyber Security; Network Operations; true true true true true true false 1 false false false true
11-9-8038 Highly Important For Network Operators and Service Providers, a formal process during system or service development should exist in which a review of security controls and techniques is performed by a group independent of the development group, prior to deployment. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Procedures; This review should be based on an organization’s policies, standards, and guidelines, as well as best practices. In instances where exceptions are noted, mitigation techniques should be designed and deployed and exceptions should be properly tracked. true true true true true true true 2 false false false true
11-9-8039 Critical Service Providers, Network Operators, and Public Safety should perform a verification process to ensure that patches/fixes are actually applied as directed throughout the organization. Exceptions should be reviewed and the proper patches/fixes actually applied. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Network Operations; Policy; Software; Configuration guide for security from NIST (800-53 Rev. 3). true true true true true true true 3 false false false true
11-9-8061 Critical Service Providers, Network Operators, and Public Safety should establish a set of standards and procedures for dealing with computer security events that should be part of the overall business continuity/disaster recovery plan, exercised periodically and revised as needed, and cover likely threats to those elements of the infrastructure which are critical to service delivery/business continuity. See Appendix X and Y of the NRIC VII, Focus Group 2B Report Appendices. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Training Awareness; http://www.nric.org/meetings/docs/meeting_20041206/NRICVII_FG2B_December2004_BPs_Appendices true true true true true true true 3 false false false true
11-9-8064 Critical Service Providers, Network Operators, and Public Safety should generate and collect security-related event data for critical systems (i.e., syslogs, firewall logs, IDS alerts, remote access logs, etc.). Where practical, this data should be transmitted to secure collectors for storage and should be retained in accordance with a data retention policy. A mechanism should be enabled on these systems to ensure accurate timestamps of this data (e.g., Network Time Protocol). Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Encryption; true true true true true true true 3 true false false true
11-9-8065 Critical Network Operators, Service Providers, Public Safety and Equipment Suppliers should establish a process for releasing information to members of the law enforcement and intelligence communities and identify a single Point of Contact (POC) for coordination/referral activities. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Liaison; Procedures; true true true true true true true 3 true false false true
11-9-8068 Critical Service Providers, Network Operators, Public Safety, and Equipment Suppliers should develop and practice a communications plan as part of the broader Incident response plan identifying key players to include as many of the following items as appropriate: contact names, business telephone numbers, home telephone numbers, pager numbers, fax numbers, cell phone numbers, home addresses, internet addresses, permanent bridge numbers, etc. Notification plans should be developed prior to an event/incident happening where necessary. The plan should also include alternate communications channels (e.g., alpha pagers, internet, satellite phones, VOIP, private lines, smart phones) balancing the value of any alternate method against the security and information loss risks introduced. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Alternate broadband communication path for coordination and management. true true true true true true true 3 true false false true
11-9-8071 Critical Threat Awareness: Service providers and Network Operators should subscribe to vendor patch/security notifications and services to remain current with new vulnerabilities, viruses, and other security flaws relevant to systems deployed on the network. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; NIST SP 800-40 v2.0 Creating a Patch and Vulnerability Management Program Dependency on NRIC BP 8034 and 8035. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 3 false false false false
11-9-8073 Critical Service Providers, Network Operators, and Public Safety should deploy Intrusion Detection/Prevention Tools (IDS/IPS) with an initial policy that reflects the universe of devices and services known to exist on the monitored network. Due to the ever evolving nature of threats, IDS/IPS tools should be tested regularly and tuned to deliver optimum performance and reduce 0 positives. Internet/Data; Satellite; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; Network Operations; Security Systems; NIST SP800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94 . false true true false false true true 3 false false false true
11-9-8074 Critical Denial of Service (DoS) Attack – Target: Where possible, Service Provider and Network Operator networks and Equipment Supplier equipment should be designed to survive significant increases in both packet count and bandwidth utilization. Infrastructure supporting mission critical services should be designed for significant increases in traffic volume and must include network devices capable of filtering and/or rate limiting traffic. Network engineers must understand the capabilities of the devices and how to employ them to maximum effect. Wherever practical, mission critical systems should be deployed in clustered configuration allowing for load balancing of excess traffic and protected by a purpose built DoS/DDoS protection device. Operators of critical infrastructure should deploy DoS survivable hardware and software whenever possible. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 3 true false false false
11-9-8079 Highly Important Use Strong Passwords: Service Provider, Network Operators, and Equipment Suppliers should create an enforceable policy that considers different types of users and requires the use of passwords or stronger authentication methods. Where passwords can be used to enhance needed access controls, ensure they are sufficiently long and complex to defy brute force guessing and deter password cracking. To assure compliance, perform regular audits of passwords on at least a sampling of the systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; Garfinkel, Simson, and Gene Spafford. �Users and Passwords�. Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O�Reilly and Associates, Inc. 1996. 49-69
US Government and National Security Telecommunications Advisory Committee (NSTAC) ISP Network Operations Working Group. ?Short Term Recommendations?. Report of the ISP Working Group for Network Operations/Administration. May 1, 2002. ‘http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 true false false false
11-9-8080 Highly Important Change Passwords on a Periodic Basis: Service Providers, Network Operators, and Equipment Suppliers should change passwords on a periodic basis implementing a policy which considers different types of users and how often passwords should be changed. Perform regular audits on passwords, including privileged passwords, on system and network devices. If available, activate features across the user base which force password changes. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; Garfinkel, Simson, and Gene Spafford. �Users and Passwords�. Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O�Reilly and Associates, Inc. 1996. 49-69
US Government and National Security Telecommunications Advisory Committee (NSTAC) ISP Network Operations Working Group. ?Short Term Recommendations?. Report of the ISP Working Group for Network Operations/Administration. May 1, 2002. ‘http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 true false false false
11-9-8081 Highly Important Protect Authentication Methods: Service Providers, Network Operators, and Equipment Suppliers should develop an enforceable password policy, which considers different types of users, requiring users to protect, as applicable, either (a) the passwords they are given/create or (b) their credentials for two-factor authentication. Cable; Internet/Data; Satellite; Wireless; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; “Garfinkel, Simson, and Gene Spafford. �Users and Passwords�. Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O�Reilly and Associates, Inc. 1996. 49-69
US Government and National Security Telecommunications Advisory Committee (NSTAC) Network Security Information Exchange (NSIE). ?Administration of Static Passwords and User Ids?. Operations, Administration, Maintenance, & Provisioning (OAM&P) Security Requirements for Public Telecommunications Network. Draft 2.0, August 2002.
‘http://www.atis.org/ – ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.. Note: This Best practice could impact 9-1-1 operations.” true true true true false true true 2 true false false false
11-9-8083 Highly Important Authentication databases/files used by Network Operators, Service Providers, Public Safety, and Equipment Suppliers must be protected from unauthorized access, and must be backed-up and securely stored in case they need to be restored. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Encryption; Information Protection; Intrusion Detection; Filter access to the TCP and/or UDP ports serving the database at the network border. Use strong authentication for those requiring access. Prevent users from viewing directory and file names that they are not authorized to access. Enforce a policy of least privilege. Build a backup system in the event of loss of the primary system. Document and test procedures for backup and restoral of the directory. true true true true true true true 2 true false false true
11-9-8086 Critical Network Operators, Service Providers, Public Safety, and Equipment Suppliers based on the principles of least�privilege (the minimum access needed to perform the job) and separation of duties (certain users perform certain tasks) should develop capabilities and processes to determine which users require access to a specific device or application. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; true true true true true true true 3 true false false true
11-9-8101 Important Document and Verify All Security Operational Procedures: Service Providers and Network Operators should ensure that all security operational procedures, system processes, and security controls are documented, and that documentation is up to date and accessible by appropriate staff. Perform gap analysis/audit of security operational procedures as often as security policy requires relative to the asset being protected. Using results of analysis or audit, determine which procedures, processes, or controls need to be updated and documented. Internet/Data; Network Operator; Service Provider; Cyber Security; Documentation; Network Design; Network Operations; NIST SP800-14 Generally accepted principles and practices for securing IT systems. http://csrc.nist.gov/publications/nistpubs/800-14/800-14 . Note: This Best practice could impact 9-1-1 operations. false true false false false true true 1 false false false false
11-9-8103 Critical Service Providers, Network Operators, and Public Safety should deploy malware protection tools where feasible, establish processes to keep signatures current, and establish procedures for reacting to an infection. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; Network Operations; Software; NIST SP800-83 Guide to malware incident prevention and handling
http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83
Note: Service providers may choose to offer virus protection as a value-added service to their customers as part of a service offering, but that is not required by this Best Practice. true true true true true true true 3 false false false true
11-9-8111 Important Protect Sensitive Data in Transit for Externally Accessible Applications: Service Providers and Network Operators should encrypt sensitive data from web servers, and other externally accessible applications, while it is in transit over any networks they do not physically control. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Encryption; Information Protection; Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 false false false false
11-9-8121 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should conduct regular audits of their Information Security practices. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Information Protection; Intrusion Detection; ISO17799: http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=50297; COBIT: http://www.isaca.org/COBIT; OCTAVE: http://www.cert.org/octave/. true true true true true true true 2 true false false true
11-9-8124 Important Conduct Organization Wide Security Awareness Training: Service Providers, Network Operators, and Equipment Suppliers should ensure staff is given awareness training on security policies, standards, procedures, and general best practices. Awareness training should also cover the threats to the confidentiality, integrity, and availability of data including social engineering. Training as part of new employee orientation should be supplemented with regular “refreshers” to all staff. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Cyber Security; Information Protection; Training Awareness; NIST: www.nist.gov.
Document is SP 800-50 Building an Information Technology Security Awareness and Training Program, October 2003. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 1 true false false false
11-9-8131 Important Network Operators, Service Providers, and Public Safety Business Continuity and Recovery Plans should factor in potential Information Security threats of a plausible likelihood or significant business impact. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Business Continuity; Cyber Security; Encryption; Intrusion Detection; true true true true true true true 1 false false false true
11-9-8132 Important Leverage Business Impact Analysis for Incident Response Planning: Service Providers and Network Operators should leverage the BCP/DR Business Impact Assessment (BIA) efforts as input to prioritizing and planning Information Security Incident Response efforts. Internet/Data; Network Operator; Service Provider; Business Continuity; Cyber Security; Network Operations; Note: This Best practice could impact 9-1-1 operations. false true false false false true true 1 false false false false
11-9-8134 Important Security of Devices Beyond Scope of Control: Service Providers should carefully consider possible impacts on their networks from changes in the configuration or authentication information on devices beyond the service demarcation point, and thus beyond their physical or logical scope of control. Service Providers should consider network filters or network authentication to protect against malicious traffic or theft of service caused by such insecure devices. Internet/Data; Service Provider; Cyber Security; Encryption; Network Operations; Security Systems; Note: This Best practice could impact 9-1-1 operations. false true false false false true false 1 false false false false
11-9-8136 Important Service Providers, Network Operators and Public Safety should deploy tools to detect unexpected changes to file systems on Network Elements and Management Infrastructure systems where feasible and establish procedures for reacting to changes. Use techniques such as cryptographic hashes. Internet/Data; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; Network Design; Network Elements; Network Operations; www.cert.org/security-improvement/practices/p072.html
www.cert.org/security-improvement/practices/p096.html
ITU-T Rec. X.1051 false true false false false true true 1 false false false true
11-9-8139 Important Service Providers, Network Operators and Public Safety should review and analyze security-related event data produced by critical systems on a regular basis to identify potential security risks and issues. Automated tools and scripts can aid in this analysis process and significantly reduce the level of effort required to perform this review. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; true true true true true true true 1 false false false true
11-9-8502 Critical When a compromise occurs, or new exploits are discovered, Service Providers, Network Operators and Public Safety should perform an audit of available network services to reassess any vulnerability to attack and re-evaluate the business need to provide that service, or explore alternate means of providing the same capability. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; Configuration guides for security from NIST, US-CERT, NSA, SANS, vendors, etc.
Related to NRIC BP 8000. true true true true true true true 3 false false false true
11-9-8506 Highly Important Following a compromise and reestablishment of lost service, Service Providers, Network Operators and Public Safety should re-evaluate the architecture for single points of failure. Review the process of evaluating and documenting single points of failure and provide spares for redundancy in the architecture to ensure adequacy of the security architecture. Internet/Data; Network Operator; Service Provider; Public Safety; Cyber Security; Network Design; Network Operations; ISO 27002 Information Security Standards – 13.2.2 Learning from information security incidents
ISF SB52. false true false false false true true 2 false false false true
11-9-8508 Important Immediately following incident recovery, Service Providers, Network Operators, and Public Safety should re-evaluate the adequacy of existing security architecture and implement revisions as needed. Internet/Data; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; Network Design; Network Operations; Procedures; Ensure any changes are adequately documented to reflect the current configuration. Review existing processes for establishing and maintaining security architectures update as necessary to maintain currency. false true false false false true true 1 false false false true
11-9-8509 Important Recover from Poor Network Isolation and Partitioning: When, through audit or incident, a co-mingling of data or violation of a trust relationship is discovered, Service Providers and Network Operators should, as part of a post-mortem process, review segmentation design to evaluate adequacy of the architecture and data isolation. Internet/Data; Network Operator; Service Provider; Cyber Security; Network Design; Network Elements; Network Operations; ISF SB52, www.sans.org
ITU-T Rec. X.1051. Note: This Best practice could impact 9-1-1 operations. false true false false false true true 1 false false false false
11-9-8510 Highly Important Network Operators, Service Providers, Public Safety, and Equipment Suppliers should upon an occurrence of compromise or trust violations conduct a forensic analysis to determine the extent of compromise, revoke compromised keys, and establish new crypto keys as soon as possible, and review crypto procedures to re-establish trust. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Encryption; Intrusion Detection; FIPS 140-2, PUB 46-3, PUB 74, PUB 81, � PUB 171, PUB 180-1, PUB 197, ANSI X9.9, X9.52, X9.17. true true true true true true true 2 true false false true
11-9-8522 Important Upon discovery of an unsanctioned device on the organizational network, Service Providers, Network Operators, and Public Safety should investigate to determine ownership and purpose/use of the device. Where possible, this phase should be non-alerting (i.e., log reviews, monitoring of network traffic, review of abuse complaints for suspect IP address) to determine if the use is non-malicious or malicious/suspect. If use is determined to be non-malicious, employ available administrative tools to correct behavior and educate user. Conduct review of policies to determine: If additional staff education regarding acceptable use of network/computing resources is required if processes should be redesigned / additional assets allocated to provide a sanctioned replacement of the capability. Was the user attempting to overcome the absence of a legitimate and necessary service the organization was not currently providing so that s/he could perform their job? If the use is deemed malicious/suspect, coordinate with legal counsel: Based on counsel’s advice, consider collecting additional data for the purposes of assessing depending on the scope of the misuse, consider a referral to law enforcement. Internet/Data; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; Network Elements; Network Operations; false true false false false true true 1 false false false true
11-9-8523 Critical Recovery from Network Element Resource Saturation Attack: If the control plane is under attack, Service Providers and Network Operators should: 1) Turn on logging where appropriate to analyze the logs, 2) Implement the appropriate filter and access list to discard the attack traffic 3) Utilize DoS/DDoS tracking methods to identify the source of attack. Cable; Internet/Data; Wireless; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; IETF RFC2350, CMU/SEI-98-HB-001. Note: This Best practice could impact 9-1-1 operations. true true false true false true true 3 false false false false
11-9-8540 Critical Recover from Unauthorized Remote OAM&P Access: When an unauthorized remote access to an OAM&P system occurs, Service Providers and Network Operators should consider terminating all current remote access, limiting access to the system console, or other tightened security access methods. Continue recovery by re-establishing new passwords, reloading software, running change detection software, or other methods, continuing quarantine until recovery is validated, as practical. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; ISF CB53. Cross reference with 7-7-8540 developed under NRIC. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 3 false false false false
11-9-8553 Critical Sharing Information with Industry & Government during Recovery: During a security event, Service Providers, Network Operators, and Equipment Suppliers should release to the National Communications Service National Coordination Center (ncs@ncs.gov) or USCERT (cert@cert.org) information which may be of value in analyzing and responding to the issue, following review, edit and approval commensurate with corporate policy. Information is released to these forums with an understanding redistribution is not permitted. Information which has been approved for public release and could benefit the broader affected community should be disseminated in the more popular security and networking forums such as NANOG and the SecurityFocus Mailing Lists. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Network Operations; Cross reference with 7-7-8553 developed under NRIC. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 3 true false false false
11-9-8554 Critical Insomuch as is possible without disrupting operational recovery, Service Providers, Network Operators and Public Safety should handle and collect information as part of a computer security investigation in accordance with a set of generally accepted evidence-handling procedures. Cable; Internet/Data; Satellite; Wireless; Wireline; Property Manager; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Example evidence handling processes are provided in Appendix X, Section 2f of the NRIC VII, Focus Group 2B Report Appendices. true true true true true true true 3 true true false true
11-9-8564 Critical After responding to a security incident or service outage, Service Providers, Network Operators and Public Safety should follow processes similar to those outlined in Appendix X of the NRIC VII, Focus Group 2B Report Appendices to capture lessons learned and prevent future events. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; IETF RFC2350, CMU/SEI-98-HB-001. true true true true true false true 3 true false false true
11-9-8629 Important Equipment Suppliers, Service Providers, Network Operators, and Public Safety should have processes in place to ensure that all third party software (e.g. operating system) have been properly patched with the latest security patches and that the system works correctly with those patches installed. Wireless; Equipment Supplier; Service Provider; Public Safety; Cyber Security; Hardware; Network Interoperability; false false false true false true false 1 true false false true
11-9-8647 Important Service Standards: Service Providers should develop and implement security event logging systems and procedures to allow for collection of security related events. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Note: This Best practice could impact 9-1-1 operations. true true false false true true true 1 false false false false
11-9-8648 Important General: Service Providers and Network Operators [that provide or manage Customer Premise Equipment (CPE)] should ensure that initial configurations are secure. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; Network Operations; Note: This Best practice could impact 9-1-1 operations. true true false false true true true 1 false false false false
11-9-8725 Important Signaling DoS Protection: Network Operators should establish alarming thresholds for various message types to ensure that DoS conditions are recognized. Logs should be maintained and policies established to improve screening and alarming thresholds for differentiating legitimate traffic from DoS attacks. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Operations; Note: This Best practice could impact 9-1-1 operations. true true false false true false true 1 false false false false
11-9-8727 Important Network Operators, Service Providers and Public Safety should implement industry guidelines for validating physical diversity, and consider performing signaling link diversification validation on a scheduled basis (e.g., twice a year). Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Hardware; Network Elements; Network Operations; Policy; Processes and procedures should exist for tracking discrepancies and maintaining a historical record. Re: PBX & statewide networks – sonic ring could be influenced by this. true true false false true true true 1 false false false true
11-9-8729 Critical Signaling Services Requested Changes: Network Operators should establish policies and processes for adding and configuring network elements, that include approval for additions and changes to configuration tables (e.g., screening tables, call tables, trusted hosts, and calling card tables). Verification rules should minimize the possibility of receiving inappropriate messages. Cable; Internet/Data; Wireline; Network Operator; Cyber Security; Intrusion Detection; Network Elements; Network Operations; Policy; Note: This Best practice could impact 9-1-1 operations. true true false false true false true 3 false false false false
11-9-8748 Critical Service providers, Network Operators, Equipment Vendors and Public Safety should test new devices to identify unnecessary services, outdated software versions, missing patches, and misconfigurations, and validate compliance with or deviations from an organization�s security policy prior to being placed on a network. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Intrusion Detection; NIST SP 800-115 A Technical Guide to Information Security Testing and Assessment. true true true true true true true 3 true false false true
11-9-8755 Important Service Providers, Network Operators, Equipment Suppliers and Public Safety should utilize automated (where possible) Patch Management to quickly deploy patches for known vulnerabilities. PSAP software version control is important for backroom PSAP systems. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Network Operations; NIST Special Publication 800-40, Creating a Patch and Vulnerability Management Program – 2.1 Recommended Process. true true true true true true true 1 true false false true
11-9-8756 Critical Network Operators and Public Safety should establish and implement procedures to ensure that all security patches and updates relevant to the device or installed applications are promptly applied. The patching process should be automated whenever possible. The system should be rebooted immediately after patching if required for the patch to take effect. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Network Operations; Source: http://www.k-state.edu/its/security/procedures/mobile.html#summary. true true true true true true true 3 false false false true
11-9-8757 Important Service Providers, Network Operations and Public Safety should set policy within each corporation or agency to provide guidance when there is a security breach. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; IETF RFC2350, CMU/SEI-98-HB-001. true true true true true true true 1 true false false true
11-9-8759 Highly Important Recover from Unauthorized Use: Network Operators and Service Providers should remove invalid records whenever it is determined that a network element has been modified without proper authorization, or rollback to the last valid version of record. The attack should be investigated to identify potential security changes. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; IETF RFC2350, CMU/SEI-98-HB-001. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 2 false false false false
11-9-8762 Critical Recover from DoS Attack: Network Operators and Service Providers should work together to identify, filter, and isolate the originating points of Denial of Service (DoS) attacks when detected, and reroute legitimate traffic in order to restore normal service. Cable; Internet/Data; Satellite; Wireless; Wireline; Network Operator; Service Provider; Cyber Security; Intrusion Detection; IETF RFC2350, CMU/SEI-98-HB-001. Note: This Best practice could impact 9-1-1 operations. true true true true true true true 3 false false false false
11-9-8771 Important Service Providers, Network Operators, and Public Safety should consider implementing a control-signaled (i.e. SIP) network using media gateway controllers according to appropriate industry standards (i.e. Internet Engineering Task Force (IETF)) in order to achieve interoperability between the IP Multimedia (IM) Core Network (CN) subsystem and Circuit Switched (CS) networks. Cable; Internet/Data; Wireline; Network Operator; Service Provider; Public Safety; Cyber Security; Encryption; Network Design; Network Interoperability; true true false false true true true 1 false false false true
11-9-8772 Critical Service Providers, Network Operators, Equipment Suppliers and Public Safety should establish a process for releasing information to members of the law enforcement and intelligence communities and identify a single Point of Contact (POC) for coordination/referral activities. Cable; Internet/Data; Satellite; Wireless; Wireline; Equipment Supplier; Network Operator; Service Provider; Public Safety; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; true true true true true true true 3 true false false true
Datasets using R-Studio
Usha Rani Singh
1
Datasets for cars
Dataset is a collection of related information which is useful to analyze data and derive the outputs
The dataset contains information in various forms, and it isn’t straightforward for the analyzer to extract the data and present it to the business
2
Preparing Dataset for cars
Preparing and analyzing the dataset is very important for any threat information, which helps to provide accurate data
We have to consider the data which provide more value or relevant for the problem
Categorize the data into regression, classification, clustering, and ranking
It is difficult to establish data collection mechanism and data is scattered into various forms and departments
We have to make consistency in the data
Data sample has been reduced, and at the same time it should consist of the required information
Preparing Dataset for cars
We have to clean the data so that the processing time will be faster and accurate
Complex datasets have to be decomposed into multiple parts
Data normalization has to be performed to improve the quality of the data
R Studio for dataset
Pie Diagram for data set
ggplot_1 for dataset
ggplot_2 for data set
ggplot_3 for dataset
Dataset used
Thank you!
11
Microsoft
Excel Worksheet
Microsoft
Excel Worksheet