9.2.2 Physical and/or logical controls are implemented to restrict use of publicly accessible network jacks within the facility.

Defined Approach Requirements

9.2.2 Physical and/or logical controls are implemented to restrict use of publicly accessible network jacks within the facility.

Customized Approach Objective

Unauthorized devices cannot connect to the entity's network from public areas within the facility.

Defined Approach Testing Procedures

9.2.2 Interview responsible personnel and observe locations of publicly accessible network jacks to verify that physical and/or logical controls are in place to restrict access to publicly accessible network jacks within the facility.

Purpose

Restricting access to network jacks (or network ports) will prevent malicious individuals from plugging into readily available network jacks and gaining access to the CDE or systems connected to the CDE.

Good Practice

Whether logical or physical controls, or a combination of both, are used, they should prevent an individual or device that is not explicitly authorized from being able to connect to the network.

Examples

Methods to meet this requirement include network jacks located in public areas and areas accessible to visitors could be disabled and only enabled when network access is explicitly authorized. Alternatively, processes could be implemented to ensure that visitors are escorted at all times in areas with active network jacks.