Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-5-1

Cybersecurity Requirements For Network Security Management Must Be Defined, Documented And Approved.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-5-2

The Cybersecurity Requirements For Network Security Management Must Be Implemented.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-5-3

  1. The cybersecurity requirements for network security management must include at least the following:
    1. Logical or physical segregation and segmentation of network segments using firewalls and defense-in-depth principles.
    2. Network segregation between production, test and development environments.
    3. Secure browsing and Internet connectivity including restrictions on the use of file storage/sharing and remote access websites, and protection against suspicious websites
    4. Wireless network protection using strong authentication and encryption techniques. A comprehensive risk assessment and management exercise must be conducted to assess and manage the cyber risks prior to connecting any wireless networks to the organization’s internal network.
    5. Management and restrictions on network services, protocols and ports.
    6. Intrusion Prevention Systems (IPS).
    7. Security of Domain Name Service (DNS) through Haseen platform
    8. Secure management and protection of Internet browsing channel against Advanced Persistent Threats (APT), which normally utilize zero-day viruses and malware.
    9. Protecting against Distributed Denial of Service (DDoS) attacks to limit risks arising from these attacks.
View Requirement

Essential Cybersecurity Controls (ECC – 2 : 2024) - 2-5-4

The Cybersecurity Requirements For Network Security Management Must Be Reviewed Periodically.
View Requirement