11-10-5064"Retired" - Network Operators, Service Providers, Property Managers, and Public Safety should alarm and monitor critical electronic equipment areas to detect parameters that are outside operating specifications (e.g., temperature, humidity).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Fire; Network Operations;TRUEReference: GR63 NEBS Requirements: Physical Protection, Telcordia, http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=homeTRUETRUETRUETRUETRUETRUETRUEFALSETRUEFALSETRUE11-10-5164"Retired" - Network Operators, Service Providers, Equipment Suppliers, and Public Safety should establish and enforce a policy to immediately report stolen or missing company vehicles and trailers to the appropriate authorities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Physical Security Management; Policy; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUE11-11-3249"Retired" - Public Safety should in regards to PSAPs, transfer calls to the primary PSAP for that jurisdiction and not directly to the secondary PSAP when a call should be transferred to another jurisdiction.  While transferring directly to the secondary PSAP seems a time saver, it bypasses local protocols, causing confusion and disjointed responses.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSEFALSETRUE11-7-8548"Retired" - Network Operators and Service Providers should follow processes similar to Appendix X when a service outage or security incident occurs.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery;FALSEIETF RFC2350, US-CERT NRIC BP 8074, 8075, 0561, 0599, 5092, 5239, 1001, 1002, 1004, 1006, 1009, 1010, 1016TRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE11-8-8051"Retired" - Network Operators should ensure that SS7 signaling interface points that connect to the IP Private and Corporate networks interfaces are well hardened, protected with packet filtering firewalls; and enforce strong authentication. Similar safeguards should be implemented for e-commerce applications to the SS7 network. Network Operators should implement rigorous screening on both internal and interconnecting signaling links and should investigate new, and more thorough screening capabilities. Operators of products built on general purpose computing products should proactively monitor all security issues associated with those products and promptly apply security fixes, as necessary. Operators should be particularly vigilant with respect to signaling traffic delivered or carried over Internet Protocol networks. Network Operators that do employ the Public Internet for signaling, transport, or maintenance communications and any maintenance access to Network Elements should employ authentication, authorization, accountability, integrity, and confidentiality mechanisms (e.g., digital signature and encrypted VPN tunneling).Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Encryption; Network Elements; Network Operations; Policy;FALSEITU SS7 Standards, “Securing SS7 Telecommunications Networks”, Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 5-6 June 2001.FALSEFALSEFALSEFALSETRUETRUETRUETRUEFALSEFALSEFALSE11-8-8052"Retired" - Network Operators should mitigate limited SS7 authentication by enabling logging for SS7 element security related alarms on SCPs and STPs, such as: unauthorized dial up access, unauthorized logins, logging of changes and administrative access logging. Network operators should implement rigorous screening on both internal and interconnecting signaling links and should investigate new and more thorough screening capabilities. Operators of products built on general purpose computing products should proactively monitor all security issues associated with those products and promptly apply security fixes, as necessary. Operators should establish login and access controls that establish accountability for changes to node translations and configuration. Operators should be particularly vigilant with respect to signaling traffic delivered or carried over Internet Protocol networks. Network operators that do employ the Public Internet for signaling, transport or maintenance communications and any maintenance access to Network Elements shall employ authentication, authorization, accountability, integrity and confidentiality mechanisms (e.g. digital signature and encrypted VPN tunneling). Operators making use of dial-up connections for maintenance access to Network Elements should employ dial-back modems with screening lists. One-time tokens and encrypted payload VPNs should be the minimum.Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations;FALSENIIF Guidelines for SS7 Security.FALSEFALSEFALSEFALSETRUEFALSETRUEFALSEFALSEFALSEFALSE11-9-3235"Retired" - Network Operators, Service Providers, and Public Safety should design Emergency Services IP Networks (ESInets) with redundant interconnectivity to Online Service Providers (OSPs) and Public Safety Answering Points (PSAP) to maintain connectivity in the face of extensive disaster damage using the characteristics of IP routing to provide assistance in ensuring 9-1-1 calls will reach a PSAP if there is any path possible.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;TRUETRUETRUEFALSEFALSETRUETRUETRUEFALSEFALSEFALSETRUE11-9-3241"Retired" - Network Operators, Service Providers should ensure when using IP-based connection arrangements for routing to a 9-1-1 system Service Provider (SSP) or Public Safety agency, that those transport facilities are diverse private facilities or their functional equivalent (e.g., generic routing encapsulation (GRE) tunneling, virtual private network (VPN), or equally secure industry protocols) and where appropriate and necessary supported by service level agreements.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-10-0404ImportantService Providers, Network Operators, Equipment Suppliers, and Public Safety should incorporate methodologies that continually improve network or equipment performance.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Hardware; Network Elements; Network Operations; Policy; Software;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-0436Highly ImportantNetwork Operators, Service Providers, and Public Safety should have a process to ensure smooth handling and clear ownership of problems that transition work shifts or organizational boundaries.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0407Highly ImportantNetwork Operators and Service Providers should establish processes for NOC-to-NOC (Network Operations Center) peer communications for critical network activities (e.g., scheduled maintenance, upgrades and outages).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Facilities - Transport; Industry Cooperation; Network Interoperability; Network Operations; Network Provisioning; Procedures; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0409Highly ImportantService Providers should use virtual interfaces (i.e. a router loopback address) for routing protocols and network management to maintain connectivity to the network element in the presence of physical interface outages.Internet/Data;Service Provider;Network Elements; Public Safety and Disaster;FALSEFALSETRUEFALSEFALSEFALSETRUEFALSE2FALSEFALSEFALSEFALSE13-10-0411Highly ImportantNetwork Operators, Service Providers, and Public Safety should consider developing and implementing cable labeling standards.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Facilities - Transport; Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0418Highly ImportantNetwork Operators, Service Providers and Public Safety should should where appropriate, have a documented back-out plan as part of a Method of Procedure (MOP) for scheduled and unscheduled maintenance activities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Procedures;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0419Highly ImportantNetwork Operators and Service Providers should design and capacity-manage EMSs (Element Management Systems) and OSSs (Operational Support Systems) to accommodate changes in network element capacity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Network Elements; Network Operations; Network Provisioning;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0420Highly ImportantNetwork Operators and Service Providers should periodically measure EMS (Element Management System), NMS (Network Management System) and OSS (Operational Support System) performance using a benchmark or applicable requirements to verify that internal or vendor performance objectives are being met.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0421Highly ImportantEquipment Suppliers should design network elements intended for critical hardware and software with recovery mechanisms to minimize restoration times.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier; Public Safety;Hardware; Network Elements; Software;TRUECommon recovery mechanisms could include the fail-over to: a) the redundant hardware components (modules, FRUs), b) redundant and/or backup software processes, c) switch to alternate paths, circuits or virtual circuits, and, d) switch to redundant or backup storage of system data.TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSETRUE13-10-0424ImportantNetwork Operators and Public Safety should whenever possible require specific applicable safety standards for network elements that they plan to purchase, procure or implement.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Hardware; Network Elements; Network Provisioning;TRUERecognized standards may include UL, NEC, ANSI, NFPA, ASTM. Specific requirements such as "UL-498/NEC-250.146(A)-Receptacle Grounding-Surface-Mounted Box."TRUETRUETRUETRUETRUEFALSETRUE1FALSEFALSEFALSETRUE13-10-0427Highly ImportantEquipment Suppliers should maintain software documentation including revision change history and associated release notes.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Network Elements; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0429Highly ImportantEquipment Suppliers should provide for appropriate storage and retrieval mechanisms of system operational data to support analysis after a hardware or software crash.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Software;FALSEInformation useful for diagnostics might include core dumps and register contents.TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0430Highly ImportantEquipment Suppliers should be able to recreate supported software from source including, where feasible, software obtained from third parties.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0431Highly ImportantEquipment Suppliers should provide capacity and performance data for network elements.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Network Elements;FALSEUse commonly agreed upon terminologies and methodologies such as those developed by IETF Benchmarking Methodology Working Group (e.g., RFC 2544).TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0432Highly ImportantEquipment Suppliers should support standardized MIBs (Management Information Bases) and maintain documentation of private and enterprise MIBs.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Network Elements; Software;FALSEEnterprise MIBs are those written by vendors for their particular object. The managed object can furnish both standard MIB and enterprise MIB information. The standard MIBs are those that have been approved by the IAB (Internet Architecture Board, http://www.iab.org) Equipment and software vendors define the private MIBs unilaterally.TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0435CriticalNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should assess the functions of their organization and identify those critical to ensure network reliability.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Business Continuity; Emergency Preparedness;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUETRUEFALSETRUE13-10-0437Highly ImportantNetwork Operators and Service Providers should aggregate routes where appropriate (e.g., singly-homed downstream networks) in order to minimize the size of the global routing table taking care to not disrupt engineered circuit diversity.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Operations; Network Provisioning;FALSEFALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-10-0438ImportantNetwork Operators and Service Providers should enable CIDR (Classless Inter-Domain Routing) by implementing classless route prefixes on routing elements.Internet/Data;Service Provider; Network Operator;Network Operations;FALSEFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-10-0440Highly ImportantNetwork Operators and Service Providers should set and periodically review situation-specific limits on numbers of routes imported from peers and customers in order to lessen the impact of misconfigurations.Internet/Data;Service Provider; Network Operator;Industry Cooperation; Network Operations;FALSEFALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-10-0447ImportantNetwork Operators and Service Providers should consider establishing a customer advocacy function to take part in the development and scheduling of network change activity in order to minimize impact.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Liaison; Network Operations;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0448Highly ImportantEquipment Suppliers should where feasible, provide a memory management capability to reconfigure or expand memory without impacting stable calls or other critical processes (e.g., billing).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Network Provisioning; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0449CriticalNetwork Operators, Service Providers and Public Safety should where feasible, deploy fraudulent traffic (e.g., SPAM) controls in relevant nodes (e.g., message centers, email gateways) in order to protect critical network elements and services.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Network Operations;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-10-0450Highly ImportantProperty Managers should maintain current documentation that ensures that the tower loading is consistent with the engineering design (e.g., antenna loading, feedline loading, ice or wind loading).Cable; Wireless; Wireline;Property Manager;Documentation; Network Provisioning;FALSETRUEFALSEFALSETRUETRUEFALSEFALSE2FALSETRUEFALSEFALSE13-10-0451Highly ImportantProperty Managers should conduct a periodic physical site audit to update and maintain accurate antenna and tower engineering documentation in order to positively identify every item on the tower structure (e.g., identifying rogue antennas).Cable; Wireless; Wireline;Property Manager;Buildings; Documentation;FALSETRUEFALSEFALSETRUETRUEFALSEFALSE2FALSETRUEFALSEFALSE13-10-0452Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should post emergency contact number(s) and unique site identification in an externally visible location at unmanned communication facilities (e.g., towers, cell sites, Controlled Environment Vault (CEV), satellite earth stations), but should not reveal additional information about the facility, except when necessary.Cable; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Emergency Preparedness; Network Operations; Physical Security Management;TRUEExamples of site identification may include: Latitude/Longitude, Real Estate ID, FAA number, FCC registration number, ASR (Antenna Structure Registration) data base, cell ID, address, location. See Best Practice 5120.TRUEFALSETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-0453ImportantNetwork Operators, Service Providers, and Public Safety should prepare for HVAC or cabinet fan failures by ensuring that conventional fans are available to cool heat- sensitive equipment, as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Buildings; Emergency Preparedness; Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-10-0454Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider establishing technical and managerial escalation policies and procedures based on the service impact, restoration progress and duration of the issue.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Network Operations; Policy; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-0455Highly ImportantEquipment Suppliers and Network Operators should consider a program to remove cards or modules from circulation that have a history of failure even if tests indicate “No Trouble Found”.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier;Hardware; Network Elements; Procedures;FALSETRUETRUETRUETRUETRUEFALSETRUE2TRUEFALSEFALSEFALSE13-10-0456CriticalNetwork Operators, Service Providers, and Public Safety should maintain records of pertinent information related to a cell site for its prioritization in disaster recovery and key coverage areas (e.g., emergency services, government agencies, proximity to hospitals).Wireless;Service Provider; Network Operator; Public Safety;Documentation; Emergency Preparedness; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations.FALSEFALSEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSETRUE13-10-0457Highly ImportantNetwork Operators and Service Providers should develop a process to identify Radio Frequency (RF) dead spots and, where feasible, provide a solution to fill the dead spot with RF coverage.Wireless;Service Provider; Network Operator;Procedures;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-10-0458Highly ImportantNetwork Operators should verify that calls handoff between cells when a new cell site is added to the network.Wireless;Network Operator;Network Provisioning; Procedures;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSEFALSEFALSEFALSE13-10-0459Highly ImportantEquipment Suppliers and Property Managers should design outdoor equipment to operate in expected environmental conditions (e.g., weather, earthquakes).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier; Property Manager;Hardware;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUETRUEFALSEFALSE13-10-0461Highly ImportantEquipment Suppliers should provide the capability to test failover routines of redundant network elements.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0462ImportantNetwork Operators should work in conjunction with Government to anticipate Radio Frequency (RF) capacity needs driven by changes in vehicle traffic patterns or other demographics.Wireless;Network Operator; Government;Liaison; Network Provisioning;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSETRUEFALSE13-10-0463ImportantNetwork Operators and Service Providers should consider establishing agreements so that mobile customers can roam on other providers' networks.Wireless;Service Provider; Network Operator;Emergency Preparedness; Industry Cooperation; Network Interoperability;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-10-0464ImportantNetwork Operators and Government should cooperate on zoning issues that affect reliability of communication networks serving the public good.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government;Essential Services; Liaison; Power;FALSEExamples: noise from emergency backup power generators, aesthetics of tower placement, public safety and health concerns.TRUETRUETRUETRUETRUEFALSETRUE1FALSEFALSETRUEFALSE13-10-0465ImportantNetwork Operators and Public Safety should account for the effects of environmental changes on attenuation, shadowing, and multipath (e.g., new buildings, tree growth, construction materials) during initial design and through periodic reviews of cell site coverage.Wireless;Network Operator;Network Operations;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0466Highly ImportantNetwork Operators should take into account link budget impacts due to propagation differences between various frequencies when planning network coverage.Wireless;Network Operator;Network Design;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSEFALSEFALSEFALSE13-10-0467ImportantNetwork Operators should give consideration to the degree of balance between RF (Radio Frequency) channels on uplinks and downlinks, for both control and traffic for air interface reliability.Wireless;Network Operator;Network Design;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0469ImportantNetwork Operators and Property Managers should consider the use of cable support (e.g., H-Frames, Ice Bridges) in tower and shelter designs.Cable; Internet/Data; Wireless; Wireline;Network Operator; Property Manager;Buildings;FALSETRUETRUEFALSETRUETRUEFALSETRUE1FALSETRUEFALSEFALSE13-10-0470ImportantNetwork Operators and Property Managers should consider tower and antenna designs that do not attract bird and animal nesting (e.g., no platforms, flush mounted panels, smooth radome).Cable; Internet/Data; Wireless; Wireline;Network Operator; Property Manager;Buildings;FALSETRUETRUEFALSETRUETRUEFALSETRUE1FALSETRUEFALSEFALSE13-10-0471ImportantNetwork Operators, Property Managers, and Public Safety should consider remote, electronic antenna aiming and utilize tower-mounted equipment that minimizes the need for tower top maintenance where conditions prevent climbs (e.g., osprey nest, weather conditions).Wireless;Network Operator; Public Safety; Property Manager;Network Operations;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSETRUEFALSETRUE13-10-0472ImportantNetwork Operators, Public Safety, and Equipment Suppliers should consider connector choices and color coding to prevent inappropriate combinations of cables.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Hardware; Network Elements;TRUETRUETRUETRUETRUETRUEFALSETRUE1TRUEFALSEFALSETRUE13-10-0473Highly ImportantNetwork Operators, Property Managers, and Public Safety should consider maintaining a list of authorized climbers and a log of authorized tower climbs.Wireless;Network Operator; Public Safety; Property Manager;Access Control; Human Resources; Physical Security Management;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSETRUEFALSETRUE13-10-0474ImportantNetwork Operators, Property Managers, and Public Safety should periodically perform grounds maintenance at cell site facilities (e.g., pest control, mow grass, fence maintenance, snow removal).Wireless;Network Operator; Public Safety; Property Manager;Buildings;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSETRUEFALSETRUE13-10-0475Highly ImportantNetwork Operators, Property Managers, and Public Safety should have agreements in place to ensure necessary and timely access to cell sites.Wireless;Network Operator; Public Safety; Property Manager;Access Control; Industry Cooperation; Physical Security Management;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSETRUEFALSETRUE13-10-0477Highly ImportantNetwork Operators and Public Safety should consider the potential of electromagnetic coupling when designing cell sites with high voltage FAA beacons and, if present, take appropriate steps to mitigate the interference (e.g., squelch, physical separation, shielding).Wireless;Network Operator; Public Safety;Network Design;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSEFALSEFALSETRUE13-10-0478ImportantNetwork Operators and Public Safety should allow for deviation in elevation angle and azimuth resulting from deflection of the supporting structure (e.g., sun, load distribution, wind) during the design of a cell site.Wireless;Network Operator; Public Safety;Network Design;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSETRUE13-10-0501ImportantNetwork Operators, Service Providers, and Public Safety should report problems discovered from their operation of network equipment to the Equipment Supplier whose equipment was found to be the cause of problem.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Hardware; Network Elements; Network Operations; Policy; Procedures; Software; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-10-0480Highly ImportantNetwork Operators, Property Managers, and Public Safety should periodically inspect antennas, waveguide, and ancillary hardware to insure physical integrity and the absence of physical movement which can create intermittent and localized intermodulation interference generators (e.g., rusty joints) and/or alter predicted antenna radiation patterns (e.g., antennas swinging around in the wind) potentially creating interference.Wireless;Network Operator; Public Safety; Property Manager;Hardware; Policy;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSETRUEFALSETRUE13-10-0481ImportantNetwork Operators, Property Managers, and Public Safety should ensure appropriate spacing between all antennas at a cell site in order to avoid interference, intermodulation, or other detrimental effects.Wireless;Network Operator; Public Safety; Property Manager;Network Design;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSETRUEFALSETRUE13-10-0482Highly ImportantNetwork Operators and Public Safety should utilize RF propagation and other modeling tools to analyze and optimize designs to avoid interference and improve network performance.Wireless;Network Operator; Public Safety;Network Operations;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSEFALSEFALSETRUE13-10-0483Highly ImportantNetwork Operators and Public Safety should have a master cell site database with configuration parameters, connectivity, and performance statistics that can be used to analyze and audit cell site performance.Wireless;Network Operator; Public Safety;Documentation; Network Operations;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSEFALSEFALSETRUE13-10-0484Highly ImportantNetwork Operators and Public Safety should have a program (e.g., automated drive test equipment, network probes) to monitor and detect network performance anomalies.Wireless;Network Operator; Public Safety;Network Operations; Procedures;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSEFALSEFALSETRUE13-10-0486ImportantNetwork Operators should have an ongoing RF (Radio Frequency) performance improvement process to reduce air interface issues related to blocks, drops, and access failures.Wireless;Network Operator;Network Operations; Procedures;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0487Highly ImportantNetwork Operators and Property Managers should have procedures in place to identify and correct degradations in cell site performance resulting from defects in feedlines and antennas (e.g., moisture, vandalism, kinking).Wireless;Network Operator; Property Manager;Industry Cooperation; Network Operations; Procedures;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSETRUEFALSEFALSE13-10-0488ImportantNetwork Operators, Service Providers, and Public Safety should consider registering critical circuits with Telecom Service Priority (TSP).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Essential Services; Liaison; Public Safety and Disaster;TRUEhttp://www.dhs.gov/telecommunications- service-priority-tsp http://transition.fcc.gov/pshs/services/priority- services/tsp.htmlTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-10-0489ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider provisions in labor contracts to provide for cooperation between union and non-union personnel during disaster recovery situations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Emergency Preparedness; Human Resources;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-0490ImportantNetwork Operators, Service Providers, and Public Safety should consult NFPA (National Fire Prevention Association) Standards for guidance in the design of fire suppression systems, and, when building code regulations require sprinkler systems, should seek an exemption for the use of non-destructive systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Buildings; Fire;TRUENFPA 75 and 76. When zoning regulations require sprinkler systems, an exemption should be sought for the use of non- destructive systems.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-10-0492CriticalNetwork Operators, Property Managers, and Public Safety should provide back-up power (e.g., some combination of batteries, generator, fuel cells) at cell sites and remote equipment locations, consistent with the site specific constraints, criticality of the site, the expected load and reliability of primary power.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Buildings; Emergency Preparedness; Power; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUE3FALSETRUEFALSETRUE13-10-0493CriticalNetwork Operators, Property Managers, and Public Safety should consider placing fixed power generators at cell sites, where feasible.Wireless;Network Operator; Public Safety; Property Manager;Power;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE3FALSETRUEFALSETRUE13-10-0495CriticalNetwork Operators, Property Managers, and Public Safety should consider pre-arranging contact information and access to restoral information with local power companies.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Emergency Preparedness; Industry Cooperation; Network Operations; Power; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUE3FALSETRUEFALSETRUE13-10-0496Highly ImportantNetwork Operators, Property Managers, and Public Safety should consider storing their portable generators at critical sites that are not otherwise equipped with stationary generators.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Emergency Preparedness; Power;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSETRUEFALSETRUE13-10-0498Highly ImportantNetwork Operators, Property Managers, and Public Safety should consider alternative measures for cooling network equipment facilities (e.g., powering HVAC on generator, deploying mobile HVAC units) in the event of a power outage.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Buildings; Disaster Recovery; Emergency Preparedness; Power;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSETRUEFALSETRUE13-10-0511Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should ensure that appropriate operations personnel involved in the direct operation, maintenance, provisioning, security, troubleshooting, repair, and support of network elements are provided periodic training.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Emergency Preparedness; Essential Services; Network Elements; Network Operations; Procedures; Technical Support; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-0512ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should perform periodic inspections of fire and water stops where cable ways pass through floors and walls (e.g., sealing compounds).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Fire; Network Operations; Physical Security Management; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0514Highly ImportantNetwork Operators, Service Providers should when available, utilize a device management architecture that provides a single interface with access to alarms and monitoring information from all critical network elements.Cable; Internet/Data; Satellite; Wireless;Service Provider; Network Operator;Human Resources; Intrusion Detection; Network Elements; Security Systems;FALSEExamples of device management architectures that support multiple platforms are Common Object Request Broker Architecture (CORBA) and Simple Network Management Protocol (SNMP).TRUETRUETRUETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-10-0517Highly ImportantEquipment Suppliers should design network elements and associated network management elements with the combined capability to dynamically handle peak load and overload conditions gracefully and queue or shed traffic as necessary (e.g., flow control).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Network Elements; Network Interoperability; Pandemic; Software;FALSEThe management of peak load and overload conditions can apply to bearer traffic, signaling traffic, routing and control protocol traffic, network management traffic and messaging, accounting statistics, and flow reporting.TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0524Highly ImportantNetwork Operators and Service Providers should operate an information-only route database containing the routing advertisement source and cannot be changed by peers, customers, and other users, should be highly secure, and should not affect or impact the actual routing table.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Industry Cooperation; Network Interoperability; Network Operations;FALSETRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0526Highly ImportantNetwork Operators and Service Providers should operate a route registry database of all the routes advertised by their network with the source of that advertisement, with which outside entities can communicate with.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Industry Cooperation; Network Interoperability; Network Operations; Network Provisioning;FALSEThis database might be used as the source for interface configurations as well as troubleshooting problems. These outside entities may be central, regional, or global in nature.TRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0531Highly ImportantNetwork Operators, Service Providers, and Public Safety should require staff to use grounding straps when working with equipment where appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0540ImportantEquipment Suppliers should share countermeasures resulting from analysis of an outage with Network Operators and Public Safety using the same equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier; Public Safety;Documentation; Industry Cooperation; Network Elements; Technical Support;TRUETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSETRUE13-10-0542Highly ImportantEquipment Suppliers should include steps to prevent and detect malicious code insertion from Original Equipment Manufacturers (OEMs), contractors, and disgruntled employees.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Corporate Ethics; Network Elements; Software; Supervision;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0546CriticalNetwork Operators, Service Providers, and Public Safety should consider minimizing single points of failure (SPOF) in paths linking network elements deemed critical to the operations of a network.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Facilities - Transport; Network Provisioning; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations. With this design, two or more simultaneous failures or errors need to occur at the same time to cause a service interruption.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-10-0547Highly ImportantNetwork Operators, Service Providers, and Public Safety should place critical network databases (e.g., directory server, feature server, Service Control Point (SCP)) in a secure environment across distributed locations to provide service assurance (e.g., maintainability, connectivity, security, reliability) consistent with other critical network elements.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Elements; Network Provisioning; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0548Highly ImportantNetwork Operators, Service Providers, and Public Safety should have an internal post mortem process, which engages Equipment Suppliers and other involved parties as appropriate, to complete root cause analysis of major network events with follow-up implementation of corrective and preventive actions to minimize the probability of recurrence.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Network Elements; Technical Support;TRUENRSC at http://www.atis.org. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-0552Highly ImportantEquipment Suppliers should perform software fault insertion (including simulating network faults such as massive failures) as a standard part of the development process.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Network Elements; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0553Highly ImportantEquipment Suppliers should perform hardware fault insertion testing (including simulating network faults such as massive failures) as a standard part of the development process.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0554ImportantEquipment Suppliers should converge hardware and software fault recovery design processes early in the development cycle.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0557Highly ImportantEquipment Suppliers should take steps to minimize the possibility of having a silent failure on any system component, especially critical components, throughout the life of the product.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-0559Highly ImportantNetwork Operators, Service Providers, and Public Safety should consider validating upgrades, new procedures and commands in a lab or other test environment that simulates the target network and load prior to the first application in the field.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Hardware; Network Elements; Procedures; Software;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0561ImportantEquipment Providers should provide timely documentation that is complete and easy-to-use.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Network Elements; Procedures;FALSEThe operations and maintenance manual should give an overview of the system and identify procedures for regularly scheduled operations, including security administration (ref. GR-815, GR-1332) and should cover methods to recover from total and partial network element outages. In addition, the documentation should be clear on how to manage emergency and unforeseen situations, and include a technical support escalation process.TRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0564ImportantEquipment Suppliers should develop and update training for their products with a clear understanding of customer needs and human factors.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Network Elements; Procedures; Training and Awareness;FALSEAdvanced training should be developed for personnel responsible for the technical support of various products, including operations supervisors, maintenance engineers, operational support personnel, communications technicians, and security administrators.TRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0565ImportantEquipment Suppliers should identify key areas and establish and use metrics to measure progress in improving quality, reliability, and security during product development and field life cycle.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Network Elements;FALSEThis can be done as follows: request and use customer feedback, jointly perform detailed Root Cause Analysis for reported hardware failures, software faults and procedural errors, working together to establish reliability and performance field objectives.TRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0582Highly ImportantPublic Safety and Government should use 911 as the standard access code for emergency services (e.g., PSAP, law enforcement, fire, EMS, hazardous materials).Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Essential Services;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSETRUETRUE13-10-0584ImportantNetwork Operators, Service Providers, Equipment Suppliers and Government should work together to support appropriate industry and international organizations to develop and implement NS/EP standards in networks.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government;Business Continuity; Emergency Preparedness; Essential Services; Industry Cooperation; Liaison;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSETRUEFALSE13-10-0587ImportantNetwork Operators, Service Providers and Government should be familiar with the Telecommunications Service Priority (TSP) program and support / promote it as applicable if they are providers of critical services to National Security and Emergency Preparedness (NS/EP) users.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government;Business Continuity; Disaster Recovery; Emergency Preparedness; Essential Services; Network Operations; Network Provisioning; Pandemic; Policy; Public Safety and Disaster;FALSEThe TSP Program is an FCC program used to identify and prioritize telecommunication services that support NSEP missions. The TSP Program also provides a legal means for the telecommunications industry to provide preferential treatment to services enrolled in the program. More information on the TSP Program can be obtained from the National Communications System (NCS) Office of Priority Telecommunications, Manager National Communications System, Attn: OPT/N3, 701 South Courthouse Road, Arlington, Virginia 22204-2198, on telephone 703-607-4932 or at http://www.dhs.gov/telecommunications-service- priority-tsp. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSETRUEFALSE13-10-0589Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should establish a minimum set of work experience and training courses which must be completed before personnel may be assigned to perform maintenance activities on production network elements, especially when new technology is introduced in the network.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Supervision; Training and Awareness;TRUEThis training should reinforce the importance of following procedures at all times and emphasize the steps required to successfully detect problems and to isolate the problem systematically and quickly without causing further system degradation. Lack of troubleshooting experience and proper training in trouble detection and isolation usually prolongs the trouble detection and isolation process.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-0594Highly ImportantNetwork Operators and Service Providers should follow industry guidelines for validating SS7 link diversity, which should be performed at a minimum of twice a year, and at least one of those validations should include a physical validation of equipment compared to the recorded documentation of diversity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Facilities - Transport; Network Operations; Procedures; Public Safety and Disaster;FALSEATIS-0300018, Next Generation Interconnection Interoperability (NGIIF) Reference Document: Part III, Installation, Testing and Maintenance Responsibilities for SS7 Links and Trunks Attachment G Link Diversity Validation Guidelines, found at http://www.atis.org/docstore. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0595Highly ImportantNetwork Operators, Service Providers, and Public Safety should be aware of the dynamic nature of peak traffic periods and should consider scheduling potentially service- affecting procedures (e.g., maintenance, high risk procedures, growth activities) so as to minimize the impact on end-user services.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Network Provisioning; Pandemic; Policy; Procedures; Supervision; Training and Awareness;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0600Highly ImportantNetwork Operators and Service Providers should establish and document a process to plan, test, evaluate and implement major change activities in their network.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Documentation; Network Operations; Network Provisioning; Procedures; Supervision;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0601ImportantNetwork Operators and Service Providers should restrict commands available to technicians to ensure authorized access and use, and maintain, manage and protect an audit trail.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Corporate Ethics; Network Operations; Network Provisioning; Procedures; Supervision;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0605Highly ImportantNetwork Operators and Service Providers should assess the synchronization needs of the network elements and interfaces that comprise their networks to develop and maintain a detailed synchronization plan.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Industry Cooperation; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Procedures;FALSEThe synchronization plan should include interfaces, customers (both retail and wholesale) and network peers. The plan should encompass all services provided by and used by the Network Operators and Service Providers. The plan should include: synchronization hierarchy, failure avoidance, redundancy and backup for resilience, FMECA and SPOFA. Synchronization performance expectations (24hr slip rate) should be determined in both primary and backup operation scenarios. Timing loop analysis must be performed in the primary arrangement and in all potential failure scenarios. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0607Highly ImportantNetwork Operators and Service Providers should ensure that bilateral technical agreements between interconnecting networks address the issue of inter-provider fault isolation.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Facilities - Transport; Industry Cooperation; Network Interoperability; Network Operations; Policy; Procedures;FALSEAt a minimum, these agreements should address the escalation procedures to be used when a problem occurs in one network. The agreement should also address what information will be shared between the interconnected companies.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0611ImportantService Providers and Equipment Suppliers should provide secure electronic distribution of documentation and software, where feasible.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Equipment Supplier;Documentation; Information Protection; Procedures; Software;FALSEElectronic access to documentation will allow better version control and ease of access for field personnel. Additionally, electronic access allows implementation and delivery of future enhancements such as interactive methods and information. Local back-up copies should be readily available.TRUETRUETRUETRUETRUETRUEFALSE1TRUEFALSEFALSEFALSE13-10-0614ImportantNetwork Operators, Service Providers, and Equipment Suppliers should position the equipment designation information (e.g., location, labels, RFID tags) so that they are securely affixed and not on removable parts.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Hardware; Network Elements;FALSEThe equipment designation should not be placed on removable parts such as covers, panels, doors, or vents that can be removed and mistakenly installed on a different network element.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-0615Highly ImportantNetwork Operators, Service Providers, and Public Safety should verify complex configuration changes before committing them and test after the change to ensure the appropriate and expected results.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Network Provisioning; Procedures;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0617Highly ImportantNetwork Operators and Service Providers should ensure that routing controls are implemented and managed to prevent adverse routing conditions.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability; Network Operations; Network Provisioning; Procedures;FALSEAdverse routing conditions may include such things as infinite looping and flooding of datagrams across data networks. Controls should be implemented across network boundaries to limit the frequency of route advertisements and prevent routing of reserved or private address space. Controls should also prevent unauthorized advertisements of other operators' address space that is not legitimately allocated or assigned to the proper entity. For example, see those addressed in RFC 1918 - http://www.rfc- editor.org/info/rfc1918. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0620ImportantEquipment Suppliers should endeavor to meet requirements outlined in Industry Standards regarding Network Equipment-Building System (NEBS) practices for Power and Communication Cables (e.g., power, fire, temperature, humidity, vibration).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Fire;FALSETelcordia GR-63 01 Network Equipment-Building System (NEBS) Requirements may be purchased at http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=homeTRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0621ImportantNetwork Operators and Service Providers should consider abandoning and / or removing existing cable that does not meet New Equipment Building System (NEBS) standards, if it is economically feasible and safe to do so.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Fire; Policy;FALSEhttp://192.4.253.70/services/testing/nebs/index.htmlTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0623ImportantNetwork Operators, Service Providers should perform annual maintenance by performing a discharge test or by using an ohmic test instrument if they are using Valve Regulated Lead Acid (VRLA) batteries.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Fire; Network Operations; Power; Procedures;FALSEThe aging properties of these batteries can lead to thermal runaway that may cause a fire. See GR-4228, VRLA Battery String Certification Levels Based on Requirements for Safety and Performance and http://telecom-info.telcordia.com/site-cgi/ido/docs.cgi?DOCUMENT=gr- 4228&KEYWORDS=&TITLE=&ID=097222093 SEARCHTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0624ImportantNetwork Operators, Service Providers and Property Managers should be encouraged to establish rectifier case history files, by equipment category to facilitate decisions to replace equipment with more efficient equipment based on failure trends.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Documentation; Fire; Network Elements; Network Operations; Network Provisioning; Power; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-10-0625ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should consider placing electric utility transformers external to buildings.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Fire; Power;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0626ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should regularly inspect building mechanical equipment (e.g., air handling fans, air compressors, pumps).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Fire; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0627ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should exercise, service, and calibrate AC circuit breakers per manufacturers' recommendations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Fire; Network Operations; Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0628ImportantNetwork Operators and Service Providers should develop and implement defined procedures for removal of unused equipment and cable (e.g., cable mining) if it is economically feasible and safe to do so.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Network Operations; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0631ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Property Managers should develop a comprehensive Site Management and/or Building Certification Program to ensure that critical equipment locations have carefully documented procedures to ensure fire safety.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Buildings; Fire; Physical Security Management; Procedures; Training and Awareness;FALSEThese procedures should include, among other things, guidance for the safe operation of all electrical appliances at this facility, including space heaters which are a frequent source of fires.TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSEFALSE13-10-0634CriticalNetwork Operators, Service Providers, Property Managers and Public Safety should verify together with the Power Company that aerial power lines are not in conflict with hazards that could produce a loss of service during high winds or icy conditions.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Emergency Preparedness; Liaison; Network Operations; Network Provisioning; Power;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-10-0640ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should ensure proper air filtration.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Network Operations; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0645ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should inspect and maintain heating, venting, air conditioning (HVAC) areas.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Buildings; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-10-0648ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should ensure certified inspection of boilers & fuel storage units.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Buildings; Power; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-10-0649Highly ImportantNetwork Operators, Service Providers, Public Safety, and Property Managers should ensure critical network facilities have appropriate fire detection and alarm systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Fire;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-0650CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should place strong emphasis on activities related to the operation of power systems (e.g., maintenance procedures, alarm system operation, response procedures, and training).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Network Operations; Power; Procedures; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-10-0651CriticalNetwork Operators, Service Providers, Public Safety, and Property Managers should consider providing diversity within power supply and distribution systems so that a single point of failure (SPOF) is not catastrophic in critical network locations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Network Operations; Power; Public Safety and Disaster;TRUEFor large battery plants in critical offices, dual AC feeds should be considered.TRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-10-0652Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Property Managers should adhere to applicable power engineering design standards.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Network Operations; Network Provisioning; Power;FALSEhttp://telecom-info.telcordia.com/site- cgi/ido/docs2.pl?ID=170086171&page=home , http://www.atis.org/docstore , and Telcordia GR-513-CORE (Power - LSSGR section 13), Telcordia GR-63-CORE (NEBS), Telcordia GR-295-CORE (Isolated Ground Planes), Telcordia GR-1089-CORE (Electromagnetic Compatibility), and ATIS-0600311.2007 (DC Power Systems - Telecommunications Environment Protection).TRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSEFALSE13-10-0653Highly ImportantNetwork Operators, Service Providers, Public Safety, and Property Managers should retain complete control concerning when to transfer from the electric utility and operate standby generators.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Policy; Power;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-0654ImportantNetwork Operators, Service Providers, and Property Managers should generally avoid entering into power curtailment or load shedding contracts with electric utilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Policy; Power;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-10-0656Highly ImportantNetwork Operators, Service Providers, and Public Safety should establish a requirement for power conditioning, monitoring and protection for sensitive equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Power; Procedures;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-0663ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should coordinate scheduled power generator tests with all building occupants to avoid interruptions.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Documentation; Network Operations; Power;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0665Highly ImportantNetwork Operators, Service Providers, and Property Managers should provide and maintain accurate single line drawings of AC switch equipment on-site.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Documentation; Power; Procedures;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSEFALSE13-10-0667Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should keep circuit breaker racking/ratchet tools, spare fuses, fuse pullers, etc. readily available.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Hardware; Network Provisioning; Power;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-0672CriticalNetwork Operators and Service Providers should provide a minimum of 3 hours battery reserve for central offices equipped with fully automatic standby systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Emergency Preparedness; Power; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-10-0673ImportantNetwork Operators and Service Providers should provide some method to detect/prevent thermal runaway on rectifiers when valve regulated batteries are used.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Fire; Power; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0675ImportantNetwork Operators, Service Providers and Property Managers should for new installations, consider using multiple small battery plants in place of single very large plants, and consider using multiple battery strings in each plant.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Hardware; Power; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-10-0679Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should provide diverse power feeds for all redundant links (e.g., SS7, BITS clocks) and any components identified as critical single points of failure (SPOF) in the network.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Facilities - Transport; Network Elements; Power; Public Safety and Disaster;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-10-0680ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should provide protective covers on vulnerable circuit breakers which power critical equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Hardware; Power;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-0681ImportantNetwork Operators, Service Provider, Equipment Suppliers, and Property Managers should ensure that fuses and breakers meet quality reliability standards.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Hardware; Network Provisioning; Power;FALSERefer to Technical Reference (SR-332), Reliability Prediction Procedure for Electronic Equipment, and http://telecom- info.telcordia.com/site- cgi/ido/docs.cgi?ID=SEARCH&DOCUMENT=S R-332&TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSEFALSE13-10-0682ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure that power wire, cable, and signaling cables used in communications locations meet Network Equipment Building Systems (NEBS) compliance.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Network Elements; Network Provisioning; Power;TRUEhttp://192.4.253.70/services/testing/nebs/index.htmlTRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-0683ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should not mix Direct Current (DC) power cables, Alternating Current (AC) power cables and telecommunications cables wherever possible.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Fire; Power;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-0684ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Property Managers should verify DC fusing levels throughout the power supply and distribution system, especially at the main primary distribution board, to ensure that fuses and breakers are not loaded at more than 80% of their rated ampacity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Fire; Hardware; Network Operations; Power;FALSEDiode OR'ed arrangements require additional special overcurrent protection considerationsTRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSEFALSE13-10-0685ImportantNetwork Operators and Service Providers should have detailed methods and procedures to identify the protection required for energized DC buses.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Network Operations; Power; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0696ImportantNetwork Operators and Service Providers should use infrared thermography to check power connections and cabling in central offices when trouble shooting, during installation test and acceptance, and as otherwise appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Fire; Network Operations; Power; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0700Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider the use of power expertise/power teams.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Human Resources; Network Operations; Power;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-0702ImportantNetwork Operators and Service Providers should minimize dependence on equipment requiring AC power feeds in favor of DC-powered components.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Hardware; Network Elements; Network Operations; Power;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0703ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should secure remote power maintenance systems to prevent unauthorized use.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Access Control; Cyber Security; Physical Security Management; Power;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0705ImportantNetwork Operators should place warning tape 12 inches above buried cable facilities.Cable; Internet/Data; Satellite; Wireline;Network Operator;Facilities - Transport; Procedures;FALSETRUETRUETRUEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0706ImportantNetwork Operators should use visible cable markings on buried facilities and outside plant cables (unless prone to vandalism).Cable; Internet/Data; Satellite; Wireline;Network Operator;Facilities - Transport;FALSETRUETRUETRUEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0707ImportantNetwork Operators should ensure timely response once they receive notification from the One Call Center for all locate requests.Cable; Internet/Data; Wireline;Network Operator;Facilities - Transport; Industry Cooperation; Network Operations; Procedures;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0708ImportantNetwork Operators should use appropriate technologies for locating buried facilities and consider upgrading as technologies evolve.Cable; Internet/Data; Wireline;Network Operator;Facilities - Transport; Network Operations; Procedures;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0709Highly ImportantNetwork Operators should compare outside plant drawings relative to marking cable route maps when locating buried facilities and resolve any discrepancies.Cable; Internet/Data; Wireline;Network Operator;Documentation; Facilities - Transport; Network Operations; Procedures;FALSETRUETRUEFALSEFALSETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-10-0710Highly ImportantNetwork Operators should use 'dig carefully' concepts and utilize guidance from industry sources for the protection of underground facilities when excavation is to take place within the specified tolerance zone.Cable; Internet/Data; Wireline;Network Operator;Facilities - Transport; Network Operations; Procedures;FALSEIndustry source example is the Common Ground Alliance. (http://www.commongroundalliance.com). Methods to consider, based on certain climate and geographical conditions include: hand-digging when practical (potholing), soft digging, vacuum excavation methods, pneumatic hand tools, other mechanical methods with the approval of the facility owner/operator, or other technical methods that may be developed and assign trained technical personnel to monitor activities at work sites where digging is underway.TRUETRUEFALSEFALSETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-10-0719ImportantNetwork Operators should use 'dig carefully' concepts and utilize guidance from industry sources when installing underground facilities.Cable; Internet/Data; Wireless; Wireline;Network Operator;Facilities - Transport; Network Operations; Procedures;FALSEIndustry source example is the Common Ground Alliance. (http://www.commongroundalliance.com). Methods to consider, based on certain climate and geographical conditions include: hand-digging when practical (potholing), soft digging, vacuum excavation methods, pneumatic hand tools, other mechanical methods with the approval of the facility owner/operator, or other technical methods that may be developed and assign trained technical personnel to monitor activities at work sites where digging is underway.TRUETRUEFALSETRUETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0722ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should consider pest control measures to protect cables where appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Facilities - Transport; Procedures;TRUECables can be protected using armored cable or type "C" conduit in pest-infested areas.TRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0725ImportantNetwork Operators and Government should increase stakeholder coordination and cooperation to improve the effectiveness of state one-call (811) legislation efforts.Cable; Internet/Data; Wireline;Network Operator; Government;Facilities - Transport; Industry Cooperation; Liaison;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSETRUEFALSE13-10-0726ImportantNetwork Operators should consider partnering with excavators, locators, and municipalities in a cable damage prevention program (811).Cable; Internet/Data; Wireline;Network Operator;Facilities - Transport; Industry Cooperation; Liaison; Policy; Training and Awareness;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0729ImportantNetwork Operators should establish training, qualification and performance standards for internal utility locators and establish performance standards with external utility locators.Cable; Internet/Data; Wireline;Network Operator;Facilities - Transport; Human Resources; Industry Cooperation; Training and Awareness;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0733ImportantNetwork Operators should coordinate activities with other right-of-way occupants to minimize the potential for damage when they are relocating buried facilities in a common right-of-way area.Cable; Internet/Data; Wireless; Wireline;Network Operator;Facilities - Transport; Industry Cooperation; Liaison;FALSETRUETRUEFALSETRUETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0735ImportantNetwork Operators should evaluate the performance of their contracted excavators and internal excavators to foster improved network reliability.Cable; Internet/Data; Wireless; Wireline;Network Operator;Facilities - Transport; Supervision;FALSETRUETRUEFALSETRUETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-0736Highly ImportantNetwork Operators should develop and implement a rapid restoration program for cables and facilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Disaster Recovery; Emergency Preparedness; Facilities - Transport; Network Operations; Policy;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-10-0741ImportantNetwork Operators and Service Providers should review, and adopt as appropriate, Best Practices aimed at reducing damage to underground facilities that are maintained by the Common Ground Alliance.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Documentation; Facilities - Transport; Policy; Procedures; Training and Awareness;FALSEThe Common Ground Alliance Best Practices document (www.commongroundalliance.com) provides comprehensive guidance in the areas of Planning & Design, One-Call Centers, Locating & Marking, Excavation, Mapping, Compliance, Public Education, Reporting & Evaluation, and Homeland Security. Many of the Best Practice are applicable to the activities of Service Providers and Network Operators.TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0745ImportantEquipment Suppliers should design equipment so that changes and upgrades are non-service impacting.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Software; Technical Support;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0746ImportantEquipment Suppliers should emphasize human factors during design and development to reduce human errors and the impact of these errors. Automated systems should be considered to reduce operating errors.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Software; Technical Support;FALSESee GR 2914 at http://telecom-info.telcordia.com/site- cgi/ido/docs.cgi?ID=287618448SEARCH&DOCU MENT=GR-2914TRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0748ImportantEquipment Suppliers should provide troubleshooting job aids, with updates as appropriate, to assist operations support personnel during fault isolation and recovery.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Disaster Recovery; Documentation; Network Elements; Procedures; Technical Support; Training and Awareness;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0749CriticalEquipment Suppliers should prevent critical systems from accepting or allowing service affecting activity without appropriate confirmation.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Procedures; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE3TRUEFALSEFALSEFALSE13-10-0751ImportantEquipment Suppliers should provide clear and specific engineering guidelines, ordering procedures, and installation documentation in support of their products.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Hardware; Network Elements; Procedures; Software; Technical Support;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0752ImportantNetwork Operators, Service Providers, and Public Safety should evaluate support documentation as an integral part of the equipment selection process.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Documentation; Network Elements; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-10-0753ImportantNetwork Operators, Service Providers, and Public Safety should be familiar with support documentation provided with the equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Documentation; Network Elements; Network Operations; Procedures; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-10-0754ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should have documented installation guidelines for equipment deployment in their network or buildings.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Documentation; Hardware; Network Elements; Network Operations; Network Provisioning; Procedures; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0755ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should document and communicate their installation and maintenance guidelines (e.g., MOP) and the expectation of compliance by all involved parties.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Documentation; Network Operations; Procedures; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-0756ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should consider including a quality review based on the installation guidelines as part of the on-site installation acceptance.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Network Operations; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-0757ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should have procedures for pre- qualification or certification of installation vendors.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Network Operations; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-0759ImportantNetwork Operators and Service Providers should ensure that engineering, design, and installation processes address how new network elements are integrated into the office and network synchronization plan(s).Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Facilities - Transport; Network Elements; Network Operations; Network Provisioning; Procedures;FALSEThis Best practice could impact 9-1-1 operations.TRUETRUEFALSETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-0761ImportantNetwork Operators, Service Providers, and Public Safety should conduct periodic verification of the office synchronization plan and the diversity of timing links, power feeds and alarms.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Facilities - Transport; Network Elements; Network Operations; Power; Procedures;TRUEBest Practice recommended by the NRSC Timing Outage Task Force Report - March 6, 2002. See http://www.atis.org/docstoreTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-10-0763Highly ImportantService Providers should provision servers for operation of DNS name servers implementing DNS (Domain Name System) servers in support of VoIP (Voice over Internet Protocol) telephone number mapping applications such as ENUM per Industry Standards.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Network Interoperability; Network Provisioning; Software;FALSEReference IETF Best Current Practices for operation of DNS nameservers: BCP 40 (RFC 2182) and BCP 16 (RFC 2870).TRUETRUETRUETRUETRUETRUEFALSE2FALSEFALSEFALSEFALSE13-10-0765Highly ImportantNetwork Operators should configure their TCP algorithm parameters in order to optimize the performance of TCP/IP data transport for VoIP over wireless networks.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Cyber Security; Network Interoperability; Software;FALSETRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-10-0766Highly ImportantService Providers should consider using a minimum interoperable subset for VoIP coding standards in a VoIP- to-PSTN gateway configuration in order to achieve interoperability and support all types of voice band communication (e.g., DTMF tones, facsimile, TTY/TDD).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Network Interoperability; Software;FALSENote: This Best practice could impact 9-1-1 operations. For example, TI 811 mandates the use of G.711TRUETRUETRUETRUETRUETRUEFALSE2FALSEFALSEFALSEFALSE13-10-0767Highly ImportantNetwork Operators and Service Providers should consider using media gateway controllers to achieve interoperability with SS7/ISUP-signaled TDM voice networks.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability; Software;FALSESee IETF RFC 3372, BCP 63 for examples.TRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0768Highly ImportantNetwork Operators, Service Providers should consider using media gateway controllers that map ISUP-to-SIP and SIP-to-ISUP messages, when implementing a SIP-signaled VoIP network, in order to achieve a consistent interpretation of ISUP-to-SIP messaging industrywide.Cable; Internet/Data; Satellite; Wireless;Service Provider; Network Operator;Cyber Security;FALSESee IETF RFC 3398, Integrated Services Digital Network (ISDN) User Part (ISUP) to Session Initiation Protocol (SIP) Mapping.TRUETRUETRUETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-10-0769Highly ImportantNetwork Operators, Service Providers should implement industry standards when implementing a Bearer Independent Call Control (BICC)-signaled network to achieve interoperability between an SS7/ISUP signaled TDM voice network and a SIP-signaled VoIP network.Cable; Internet/Data; Satellite; Wireless;Service Provider; Network Operator;Cyber Security;FALSESee ITU-T Recommendation Q.1912.5, “Interworking between Session Initiation Protocol (SIP) and Bearer Independent Call Control Protocol or ISDN User Part,” or 3GPP TS 29.163, “Interworking between the IP Multimedia (IM) Core Network (CN) subsystem and Circuit Switched (CS) networks”.TRUETRUETRUETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-10-0770Highly ImportantNetwork Operators, Service Providers should consider implementing and using the network management controls of SS7 within their networks if they have deployed IS-41 or GSM Mobility Application Part (MAP) signaling networks.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability; Software;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0775Highly ImportantNetwork Operators and Service Providers should consult and update the synchronization plan whenever facility (e.g., intra-/inter-office or inter-provider interconnect circuits) rearrangements, additions, deletions, or consolidations are planned, and then verify the completed changes against the synchronization plan.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Documentation; Facilities - Transport; Network Operations; Network Provisioning; Procedures;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0776Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should conduct and periodically re- validate physical security assessments on critical network facilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Physical Security Management; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-0777ImportantEquipment Suppliers should optimize equipment initializations to minimize service impact.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-0778ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure that handling installation/interconnection of circuit and signal paths continues to be performed by qualified communications technicians.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Facilities - Transport; Network Operations; Network Provisioning; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-0781ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should evaluate the use of automatic notification mechanisms to the local fire department at critical facilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Emergency Preparedness; Fire; Procedures; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0784ImportantNetwork Operators, Service Providers, and Public Safety should utilize appropriate fiber/cable management equipment or racking systems to provide cable strain relief and ensure that bend radius is maintained to avoid micro- bends (e.g., pinched fibers).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Documentation; Facilities - Transport; Hardware; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-10-0790ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider providing personal protective equipment (PPE) for infection control (e.g., masks, disposable gloves, and sanitizers) in locations where multiple employees are located.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety; Property Manager;Disaster Recovery; Emergency Preparedness; Pandemic; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUETRUETRUE13-10-0791ImportantNetwork Operators, Service Providers, Equipment Suppliers, Government, and Public Safety should consider providing personnel training in the use of personal protective equipment (PPE) specific to a pandemic or other crisis situations and the employee's particular job.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety; Property Manager;Disaster Recovery; Emergency Preparedness; Pandemic; Policy; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUETRUETRUE13-10-0792ImportantNetwork Operators, Service Providers, Public Safety, and Equipment Suppliers should consider modifying attendance guidelines during a pandemic, or other crisis situations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Business Continuity; Essential Services; Human Resources; Pandemic; Policy; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-0798ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider, as part of business continuity/disaster recovery, alternate transportation and delivery methods for equipment, spares, and personal protective equipment to prepare for situations where transportation and delivery may be delayed (e.g., pandemic, other crisis situations).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Hardware; Liaison; Material Movement; Network Elements; Pandemic; Policy; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-0799ImportantService Providers, Network Operators, and Property Managers should periodically evaluate the need for and feasibility of providing back up power at cell sites and broadband network equipment, at remote locations where economically and technically practical taking into consideration the criticality of the site or location, as well as local zoning laws, statutes, and contractual obligations.Cable; Internet/Data; Satellite; Wireless;Service Provider; Network Operator; Property Manager;Business Continuity; Documentation; Emergency Preparedness; Essential Services; Policy; Power; Procedures; Public Safety and Disaster;FALSETRUETRUETRUETRUEFALSETRUETRUE1FALSETRUEFALSEFALSE13-10-0804ImportantService Providers should consider appropriate means for providing their customers with information about their traffic policies so that users may be informed when planning and utilizing their applications.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Documentation; Pandemic; Policy;FALSETRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-10-0815ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should deploy hardware in accordance with equipment suppliers’ stated environmental specifications.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Hardware; Network Elements; Network Provisioning;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-0816ImportantService Providers should design Broadband systems that provide appropriate privacy and access restriction to the data packet information if they deploy Internet Access Service in a shared media environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security;FALSETRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-10-0818Highly ImportantNetwork Operators, Service Providers should deploy network equipment that report alarms if they deploy Internet Access Service.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Network Elements;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-0819ImportantNetwork Operators, Service Providers, and Property Managers should periodically evaluate the need for and feasibility of providing back up power at cell sites and broadband network equipment, at remote locations where economically and technically practical taking into consideration the criticality of the site or location, as well as local zoning laws, statutes, and contractual obligations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Power;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSEFALSE13-10-1002ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider establishing a business continuity executive steering committee (composed of executive managers and business process owners) to ensure executive support and oversight.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Business Continuity; Disaster Recovery; Emergency Preparedness; Policy;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-1006Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider establishing a designated Emergency Operations Center. This center should contain tools for coordination of service restoral including UPS, alternate means of communications, maps, and documented procedures to manage business interruptions and/or disasters.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Business Continuity; Disaster Recovery; Emergency Preparedness; Network Operations; Procedures; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-10-1013ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Property Managers should review their insurance requirements in order to maintain business continuity in the event of massive property damage or loss, incapacitation of senior officers, and other interruptive situations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Business Continuity; Emergency Preparedness;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSEFALSE13-10-1016CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Government should develop processes or plans to quickly account for all employees (e.g. field techs) in or near the impact area of a disaster.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government;Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSETRUEFALSE13-10-1033CriticalNetwork Operators should develop a strategy for deployment of emergency mobile assets such as Cell on Wheels (COWs), cellular repeaters, Switch on Wheels (SOWs), transportable satellite terminals, microwave equipment, power generators, HVAC units, etc. for emergency use or service augmentation for planned events (e.g., National Special Security Event (NSSE)).Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Business Continuity; Disaster Recovery; Emergency Preparedness; Network Elements; Network Operations; Power; Public Safety and Disaster;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUEFALSETRUE3FALSEFALSEFALSEFALSE13-10-1036ImportantNetwork Operators should determine in advance if they will use wireless alternate backhaul systems (microwave radio, free space optics, and satellite communications systems) to re-establish communications and if these technologies are to be deployed it is recommended that path designs be developed for each critical area in advance of deployment with personnel trained to install and optimize the systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Business Continuity; Disaster Recovery; Emergency Preparedness; Network Elements;FALSETRUETRUETRUETRUETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-10-1039Highly ImportantEquipment Suppliers should develop support processes that include interfaces with those internal organizations (e.g., sales, logistics, and manufacturing) that have a potential role in assisting Network Operators and Service Providers in disaster response efforts.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Business Continuity; Disaster Recovery; Emergency Preparedness; Material Movement; Procedures;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-1043ImportantEquipment Suppliers should during major disasters, make it easy for customers to contact them by providing an Interactive Voice Response (IVR) option or dedicated contact information.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Business Continuity; Disaster Recovery; Industry Cooperation; Technical Support;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-1044ImportantEquipment Suppliers should consider providing a "Disaster Recovery Services Checklist" to all of the Service Providers they support to assist the Service Provider in identifying equipment needs and professional services during an event.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Business Continuity; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Material Movement; Technical Support;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-1045ImportantNetwork Operators and Service Providers should use their escalation process, as needed, to address resource issues identified through damage and resource assessments.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Industry Cooperation;FALSEEscalation process should consider using employees from separate regions, working with equipment vendors, mutual aid partners, etc.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-1047Highly ImportantNetwork Operators, Service Providers, and Public Safety should develop a process to routinely archive critical system backups and provide for storage in a secure off-site facility which would provide geographical diversity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Emergency Preparedness; Network Operations; Procedures; Software;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-1048Highly ImportantNetwork Operators and Service Providers should consider supplementing media backup storage with full system restoral media and documented restoration procedures that can be utilized at an alternate hot site, in case of total failure of the primary service site.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Emergency Preparedness; Network Operations; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-1049Highly ImportantService Providers should consider utilizing multiple network carriers for internet backbone connectivity if required to prevent isolation of service nodes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Business Continuity; Emergency Preparedness; Facilities - Transport;FALSETRUETRUETRUETRUETRUETRUEFALSE2FALSEFALSEFALSEFALSE13-10-1050CriticalNetwork Operators and Service Providers should consider alternative carrier/transport methods such as satellite, microwave or wireless to further reduce point of failures or as hot transport backup facilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Emergency Preparedness; Facilities - Transport; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-10-1051ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Government should work together to identify criteria for developing procedures to handle network elements affected by nuclear attack or nuclear accidents (e.g., shock wave, Electro-magnetic Pulse (EMP), Thermal, Fallout, fiber darkening of phosphorous based fiber cable).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government;Business Continuity; Disaster Recovery; Emergency Preparedness; Liaison;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSETRUEFALSE13-10-1052Highly ImportantNetwork Operators, Service Providers, and Public Safety should assess the functionality of network critical systems during disaster exercises.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Emergency Preparedness; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-1054Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should install fire detection systems and consider the use of suppression systems or devices at buildings supporting network functionality.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Business Continuity; Emergency Preparedness; Fire;TRUEFunction, size and occupancy need to considered. This is not intended to include CEVs, tower sites, huts, regens, temporary or mobile facilities.TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-1061ImportantService Provider, Network Operators, Equipment Suppliers, and Public Safety should ensure that Telecommunication Service Priority (TSP) records and data bases are reconciled annually.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Documentation; Emergency Preparedness; Essential Services; Network Operations; Public Safety and Disaster;TRUEhttp://www.dhs.gov/telecommunications-service- priority-tspTRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-1065ImportantNetwork Operators and Service Providers should identify and manage critical network elements and architecture that are essential for network connectivity and subscriber services considering security, functional redundancy and geographical diversity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Disaster Recovery; Emergency Preparedness; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-1070Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should utilize a UL standard for Transfer Switch Equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Network Operations; Power; Procedures;TRUEhttp://www.ul.com/global/eng/pages/solutions/stan dards/accessstandards/TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-1071Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should mechanically and electrically interlock transfer breaker systems when they are utilized.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Network Operations; Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-1072Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should verify that protector size does not exceed cable rated current capacity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Fire; Hardware; Network Operations; Power;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-5167ImportantNetwork Operators, Service Providers, and Equipment Suppliers should provide secured methods, both physical and electronic, for the internal distribution of software development and production materials.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Information Protection; Material Movement; Software;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-5002ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should develop and implement periodic physical inspections and maintenance as required for all critical security systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Physical Security Management; Procedures; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5003ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should periodically audit compliance with physical security policies and procedures.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Guard Services; Physical Security Management; Procedures; Security Systems;TRUEExamples of policies and procedures for review may include access control, key control, property control, video surveillance, ID administration, sign-in procedures, guard compliance.TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5005Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should conduct electronic surveillance (e.g., CCTV, access control logs, alarm monitoring) at critical access points and preserve the data for investigation.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Buildings; Physical Security Management; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5009ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure that access control records are retained in conjunction with company standards.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Documentation; Physical Security Management; Procedures; Security Systems; Visitors;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5010Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should deploy security measures in proportion to the criticality of the facility or area being served.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Buildings; Physical Security Management; Policy; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5011Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should alarm and monitor critical facility access points to detect intrusion or unsecured access (e.g., doors being propped open).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Physical Security Management; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5013ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should consider establishing hierarchical key control system(s) (e.g., Master Key Control systems) with record keeping databases in facilities where master key systems are used. Master Key Control system should be implemented so that keys are distributed only to those with need for access into the locked space (e.g., perimeter doors, offices, restricted areas).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Documentation; Physical Security Management; Procedures; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5014ImportantNetwork Operators, Service Providers, Public Safety, Equipment Suppliers and Property Managers should establish and maintain inventory control measures to protect all media associated with Master Key Control (MKC) systems and access control systems (e.g. master keys, key blanks, cards, tokens, fobs).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Information Protection; Physical Security Management; Procedures; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5019ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider establishing an employee awareness training program to inform employees who create, receive or transfer proprietary information of their responsibilities for compliance with proprietary information protection policies and procedures.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Human Resources; Information Protection; Policy; Procedures; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5021Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should establish procedures for access control, exception access, and identification for all individuals (including visitors, contractors, and vendors) that provide for the issuing of ID badges, sign-in and escorting where appropriate, with challenging of non-badged personnel.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Guard Services; Human Resources; Physical Security Management; Policy; Procedures; Training and Awareness; Visitors;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5022Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should internally identify locations of critical infrastructure for emergency planning and security, and protect it as highly sensitive proprietary information.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Business Continuity; Documentation; Emergency Preparedness; Information Protection; Physical Security Management; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5221ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider limiting the dissemination of information relating to future locations of key leadership.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Business Continuity; Human Resources; Physical Security Management; Policy;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-5024Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should include physical security as an integral part of the strategic business planning and decision making process to ensure that security risks are properly identified and appropriately mitigated.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Emergency Preparedness; Physical Security Management; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5025ImportantNetwork Operators, Service Providers, and Equipment Suppliers should include physical security as an integral part of the merger, acquisition and divestiture process to ensure that security risks are proactively identified and appropriate plans are developed to facilitate the integration and migration of organizational functions (e.g., Due Diligence investigations, integration of policy and procedures).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Corporate Ethics; Physical Security Management; Policy;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-5026Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should include security as an integral part of the facility construction process to ensure that security risks are proactively identified and appropriate solutions are included in the design of the facility.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Material Movement; Physical Security Management; Policy; Security Systems;TRUESee http://www.gsa.gov/graphics/ogp/2003springsecurityinsert_R2NX1-u_0Z5RDZ-i34K-pR.pdf . Where appropriate, this review may include elements such as facility location selection, security system design, configuration of the lobby, limitation of outside access points (both doors and windows), location of mailroom, compartmentalization of loading docks, design of parking setbacks, placement and protection of air handling systems and air intakes, structural enhancements, and ramming protection. Consider sign off authority for security and safety on all construction projects.TRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5027Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Property Managers should collaborate during major events (e.g., hiring, downsizing, outsourcing, labor disputes, civil disorder).to ensure that security risks are identified and plans are developed to protect the company's personnel and assets.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Access Control; Buildings; Corporate Ethics; Disaster Recovery; Emergency Preparedness; Human Resources; Industry Cooperation; Physical Security Management; Policy;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSEFALSE13-10-5030Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should provide a level of security protection over critical inventory (i.e., spares) that is proportionate to the criticality of the equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Emergency Preparedness; Hardware; Material Movement; Network Elements; Network Operations; Physical Security Management; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5031Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should establish a role for the security function (i.e., physical and cyber) in business continuity planning, including emergency response plans and periodic tests of such plans.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Cyber Security; Emergency Preparedness; Physical Security Management; Policy; Procedures; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5032ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should establish a procedure governing the assignment of facility access levels.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Disaster Recovery; Emergency Preparedness; Guard Services; Information Protection; Physical Security Management; Procedures; Security Systems;TRUEThis could include, but is not limited to buildings, equipment rooms, and access points.TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5033ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should consider establishing and implementing background investigation policies that include criminal background checks of employees.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Corporate Ethics; Human Resources; Liaison; Policy;TRUEThe policy should detail elements of the background investigation as well as disqualification criteria.TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5034Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should consider establishing contractual obligations requiring contractors, subcontractors and vendors to conduct background investigations of all personnel who require unescorted access to areas of critical infrastructure or who require access to sensitive information related to critical infrastructure.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Corporate Ethics; Guard Services; Human Resources; Physical Security Management; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5041Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should establish and implement policies and procedures to secure and restrict access to power, environmental, security, and fire protection systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Fire; Physical Security Management; Policy; Power; Procedures;TRUEExamples of power, environmental systems security and fire protection systems: HVAC, standby emergency power, generators, UPS, access security, building automation, elevators, and fire alarm systems.TRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5042ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should establish and implement policies and procedures to secure and restrict access to fuel supplies.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Access Control; Buildings; Emergency Preparedness; Fire; Physical Security Management; Policy; Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-5043ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should comply with security standards for perimeter lighting.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Physical Security Management;TRUEFor example; SLB, IESNA (Illuminating Engineering Society of N. America) at http://www.iesna.orgTRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5044ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should plan and maintain landscaping at facilities to enhance the overall level of building security wherever possible.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Fire; Physical Security Management;TRUELandscaping at critical facilities should not obstruct necessary security lighting or camera views of ingress and egress areas, and landscaping should also avoid creating fire hazards or hiding places.TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5046Highly ImportantNetwork Operators, Property Managers, and Public Safety should ensure critical infrastructure utility vaults are secured from unauthorized access.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Access Control; Buildings; Facilities - Transport; Physical Security Management;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSETRUEFALSETRUE13-10-5057Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider an enhanced level of emergency response for locations supporting critical functions.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Buildings; Disaster Recovery; Emergency Preparedness; Essential Services; Network Operations; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5058CriticalNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure that all critical infrastructure facilities, including the security equipment, devices and appliances protecting it, are supported by backup power systems (e.g., batteries, generators, fuel cells).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Emergency Preparedness; Network Operations; Physical Security Management; Power; Public Safety and Disaster; Security Systems;TRUESome local regulations and building codes may influence the options available.TRUETRUETRUETRUETRUETRUETRUE3TRUETRUEFALSETRUE13-10-5061ImportantEquipment Suppliers should consider ergonomics and human-centric factors when designing user interfaces (e.g., hardware labeling, software, documentation).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Hardware; Network Elements; Software;FALSESee GR-2914 , Human Factors Requirements for Equipment to Improve Network Integrity, Telcordia and GR454 Requirements for Supplier-Provided Documentation, Telcordia at http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=home. See NRSC 105 Procedural Outage Reduction: Addressing the Human Part at http://www.atis.org/docstoreTRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-5062Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should staff critical functions at appropriate levels, considering human factors such as workload and fatigue.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Emergency Preparedness; Human Resources; Network Operations; Pandemic; Physical Security Management; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5066Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure that sensitive information pertaining to critical infrastructure is considered proprietary and access is restricted appropriately, both internally and externally.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Corporate Ethics; Cyber Security; Documentation; Information Protection; Policy;TRUEAppropriate markings are required to qualify for exemption from disclosure under FOIA.TRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5067ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should make security an ongoing priority and implement an annual compliance requirement for the completion of a security awareness program.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Policy; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5069ImportantProperty Managers should require all tenants to adhere to the security standards set for colocation sites.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Access Control; Buildings; Corporate Ethics; Industry Cooperation; Physical Security Management; Policy;FALSEIn order to prevent/mitigate security compromise/loss/downtime.TRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-10-5070Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider establishment of a senior management function for a chief security officer (CSO) or functional equivalent to direct and manage both physical and cyber security.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Cyber Security; Physical Security Management; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5072Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should perform risk assessments on key network facilities and control areas on a regular basis, taking into account natural disasters and unintentional or intentional acts of people impacting the facility or nearby structures.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Buildings; Emergency Preparedness; Facilities - Transport; Network Operations; Pandemic; Physical Security Management;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5074CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should document in a Disaster Recovery Plan the process for restoring physical security control points for critical infrastructure facilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Disaster Recovery; Emergency Preparedness; Physical Security Management; Procedures; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-10-5075Highly ImportantNetwork Operators, Service Providers, and Public Safety should ensure that networks built with redundancy are also built with geographic separation where feasible (e.g., avoid placing mated pairs in the same location and redundant logical facilities in the same physical path).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Facilities - Transport; Network Elements; Network Operations; Network Provisioning; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-5078Highly ImportantNetwork Operators, Service Providers, and Public Safety should be automatically notified upon the loss of alarm data and react accordingly.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Facilities - Transport; Network Operations; Physical Security Management; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-5080Highly ImportantNetwork Operators, Service Providers, and Public Safety should identify and track critical network equipment, location of spares, and sources of spares to ensure the long term continuity and availability of communication service.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Hardware; Network Elements; Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-5083Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should maintain the availability of spares for critical network systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Hardware; Network Elements; Network Operations; Pandemic;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5084CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider ensuring that outsourcing of hardware and software includes a quality assessment, functional testing and security testing by an independent entity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Hardware; Network Elements; Policy; Software;TRUEIndependent entities do not include the source supplier. Quality and security testing may include the following: GR929 (RQMS), GR815, TL9000.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-10-5089ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should establish, implement and enforce appropriate procedures for the storage and movement of equipment and material, including trash removal, to deter theft.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Corporate Ethics; Fire; Hardware; Information Protection; Material Movement; Physical Security Management; Procedures;TRUEThis will help minimize potential theft, tampering, introduction of harmful materials, inadvertent exposure of critical information, and reduce the risk of fire.TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5091ImportantNetwork Operators, Service Providers, and Equipment Suppliers should develop and implement, as appropriate, travel security awareness training and briefings before traveling internationally.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Business Continuity; Human Resources; Policy; Training and Awareness;FALSEThe US Department of State offers information on international travel at http://www.state.gov/travel/TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-5092ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should establish an incident reporting mechanism and investigations program so that security or safety related events are recorded, analyzed, and investigated as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Physical Security Management; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5095Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should implement a security response plan for communications facilities that recognizes the threats identified in the National Terrorism Advisory System.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Business Continuity; Emergency Preparedness; Human Resources; Liaison; Physical Security Management; Policy; Procedures;TRUEIn order to prevent terrorist/criminal access and activity.TRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5099ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should consider keeping centralized trash storage outside the building and dumpsters located away from the building to reduce the potential for fire and access to the building.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Fire; Material Movement; Physical Security Management;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5105ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider the security implications of equipment movement both domestically and internationally, including movement across borders and through ports of entry.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Hardware; Liaison; Material Movement; Physical Security Management;FALSEUS Custom's and Trade Partnership Against Terrorism (C-TPAT) initiative to strengthen overall supply chain and border security). See http://www.cbp.gov/xp/cgov/trade/cargo_security/ctpat/TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-5106ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider participating in and complying with industry organizations that develops standards for security, logistics and transportation practices.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Industry Cooperation; Material Movement; Physical Security Management; Policy;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-5110Highly ImportantNetwork Operators and Public Safety should not share information pertaining to the criticality of individual communication facilities or the traffic they carry, except with trusted entities for justified specific purposes with appropriate protections against further disclosure.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Corporate Ethics; Documentation; Facilities - Transport; Industry Cooperation; Information Protection; Liaison; Policy;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSETRUE13-10-5111Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Public Safety, and Government should not share information regarding the location, configuration or composition of the telecommunication infrastructure without proper information protection measures.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety;Corporate Ethics; Documentation; Facilities - Transport; Industry Cooperation; Information Protection; Liaison; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSETRUETRUE13-10-5114ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Property Managers should establish, implement and enforce mailroom and delivery screening procedures that recognize changes in threat conditions and increase attention to security as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Disaster Recovery; Emergency Preparedness; Material Movement; Physical Security Management; Procedures; Supervision; Training and Awareness;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSEFALSE13-10-5116Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should provide periodic briefings on guidance to personnel (employees or contractors) involved in shipping, receiving or mailroom activities for identifying suspicious letters or parcels and protocols for handling any suspicious items.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Emergency Preparedness; Guard Services; Human Resources; Liaison; Material Movement; Physical Security Management; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5117Highly ImportantEquipment Suppliers should consider designing electronic hardware to industry requirements to minimize susceptibility to electromagnetic energy, shock, vibration, voltage spikes, and temperature if they are supplying critical network elements.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements;FALSESee GR-1089, Electromagnetic Compatibility and Electrical Safety - Generic Criteria for Network Telecommunications Equipment, Telcordia at http://telecom-info.telcordia.com/site- cgi/ido/docs.cgi?DOCUMENT=1089&KEYWOR DS=&TITLE=&ID=298454680SEARCHTRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-5118Highly ImportantEquipment Suppliers should test electronic hardware to ensure its compliance with design criteria for tolerance to electromagnetic energy, shock, vibration, voltage spikes, and temperature if they are supplying critical network elements.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements;FALSEGR-1089, Electromagnetic Compatibility and Electrical Safety - Generic Criteria for Network Telecommunications Equipment, Telcordia at http://telecom-info.telcordia.com/site- cgi/ido/docs.cgi?DOCUMENT=1089&KEYWOR DS=&TITLE=&ID=298454680SEARCH or See EN 300 386-2 Electromagnetic Compatibility and Radio Spectrum Matters (ERM); Telecommunication Network Equipment; Electromagnetic Compatibility (EMC) Requirements; Part 2: Product Family Standard, ETSI, http://webapp.etsi.org/WorkProgramTRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-5119Highly ImportantEquipment Suppliers should document the technical specifications of critical network elements of their electronic hardware, including characteristics such as tolerance limitations to electromagnetic energy, vibration, voltage spikes and temperature ranges.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Hardware; Information Protection; Network Elements;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-5120ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should evaluate the potential benefits and security implications when making decisions about building and facility signage, both internally and externally.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Physical Security Management;TRUECompanies should weigh the marketing benefits of external signage versus identifying potential targets. For example, some believe posting restricted access signs in internal areas deters inadvertent access. Others believe restricted access signs identify potential targets.TRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5121ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should develop and consistently implement software delivery procedures that protect the integrity of the delivered software in order to prevent software loads from being compromised during the delivery process.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Material Movement; Network Elements; Network Operations; Physical Security Management; Procedures; Software;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5129ImportantNetwork Operators, Service Providers should if they are required by the government to file outage reports for major network outages, ensure that such reports do not unnecessarily contain information that discloses specific network vulnerabilities, in order to prevent such information from being unnecessarily available in public access.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Corporate Ethics; Documentation; Information Protection; Liaison; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-5134ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider establishing a policy to manage the risks associated with key personnel traveling together.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Human Resources; Pandemic; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5135ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should participate in the Communications Security, Reliability and Interoperability Council (CSRIC) and its working groups in order to develop industry Best Practices for addressing and mitigating public communications infrastructure vulnerabilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Industry Cooperation; Liaison; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5141ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider restricting, supervising, and/or prohibiting tours of critical network facilities, systems and operations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Buildings; Disaster Recovery; Pandemic; Physical Security Management; Policy; Visitors;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5142Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should work together to deploy safeguards to protect the software (i.e. generic or upgrade releases) being loaded to network elements in order to prevent sabotage.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Industry Cooperation; Network Elements; Network Operations; Network Provisioning; Software;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-10-5143CriticalNetwork Operators should maintain access, if they are responsible for satellite operations, to a back-up or secondary uplink site to provide tracking, telemetry and control (T.T.&C.) support for all operational communications spacecraft. The back-up or secondary site must be geographically diverse from the primary uplink facility, active and tested on a regular schedule to insure readiness and timely response.Satellite;Network Operator;Emergency Preparedness; Facilities - Transport; Network Operations; Public Safety and Disaster;FALSEFALSEFALSETRUEFALSEFALSEFALSETRUE3FALSEFALSEFALSEFALSE13-10-5144ImportantNetwork Operators should maintain a current database of all satellite transmit and receive sites (i.e. uplink and downlink facilities) that are operational and/or support their services and networks.Satellite;Network Operator;Emergency Preparedness; Facilities - Transport; Information Protection; Network Operations;FALSEThe database information should list location (i.e. street address, latitude and longitude), service provider/phone number, site manager contact/phone number, control point if remotely controlled, and equipment type used at the site.FALSEFALSETRUEFALSEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-10-5145ImportantNetwork Operators and Public Safety should establish plans to perform interference analysis and mitigation to ensure timely resolution of all cases of interference (e.g., caused by equipment failure, intentional act/sabotage or frequency overlap), and, where feasible, identify the type and general location of the interference source.Satellite; Wireless;Network Operator; Public Safety;Facilities - Transport; Network Operations;TRUEFALSEFALSETRUETRUEFALSEFALSETRUE1FALSEFALSEFALSETRUE13-10-5146Highly ImportantNetwork Operators and Service Providers should develop and manage Satellite service recovery plans to ensure the timely restoration of services in the event of transponder loss, payload failure, and satellite failure.Satellite;Service Provider; Network Operator;Emergency Preparedness; Facilities - Transport; Network Operations; Technical Support;FALSEFALSEFALSETRUEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-10-5152ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider performing targeted sweeps of critical infrastructures and network operations centers for listening devices when suspicion warrants.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Buildings; Information Protection; Physical Security Management;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5163ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should consider establishing procedures for security video equipment and recording, (e.g., storage, accurate time/date stamping, privacy protection, and regular operational performance checks).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Guard Services; Physical Security Management; Procedures; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5165Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should ensure that teleworkers have the equipment and support necessary to secure their computing platforms and systems at an equivalent level of those within company office facilities (e.g., Security software, firewalls and secure documents storage).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Corporate Ethics; Cyber Security; Human Resources; Information Protection; Pandemic; Physical Security Management; Policy; Software; Supervision;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-10-5166ImportantEquipment Suppliers should wherever feasible, isolate R&D and software manufacturing of Network Elements from general office systems to prevent unauthorized access.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Cyber Security; Information Protection; Policy; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-10-5169ImportantNetwork Operators, Service Providers, and Equipment Suppliers should establish and implement an information protection process to control and manage the distribution of critical R&D documentation and the revisions thereto (e.g., serialize physical and electronic documentation to maintain audit trails).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Documentation; Information Protection; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-5171Highly ImportantEquipment Suppliers should design network equipment to reduce the likelihood of malfunction due to failure of the connected devices (i.e. in order to reduce the potential for cascade failures; software or system damage).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Network Interoperability;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-5174Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should utilize a coordinated physical security methodology that incorporates diverse layers of security in direct proportion to the criticality of the site.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Physical Security Management; Policy; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5179ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should establish policies and procedures that prevent or reduce workplace violence.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Guard Services; Human Resources; Physical Security Management; Policy; Procedures; Training and Awareness; Visitors;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5185ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure the inclusion of fire stair returns in their physical security designs with consideration that there should be no uncontrolled re-entry paths into areas of critical infrastructure, where permitted by code.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Fire; Physical Security Management;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5187Highly ImportantProperty Managers should be responsible and accountable for common space, critical shared areas (e.g., cable vault, power sources) and perimeter security for the building of collocation and telecom hotel facilities in accordance with industry standards and Best Practices.Cable; Internet/Data; Satellite; Wireless; Wireline;Property Manager;Access Control; Buildings; Guard Services; Industry Cooperation; Physical Security Management; Policy; Visitors;FALSEGR-63, NEBS Requirements: Physical Protection, Telcordia at http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=homeTRUETRUETRUETRUETRUEFALSEFALSE2FALSETRUEFALSEFALSE13-10-5188ImportantNetwork Operators, Service Providers should provide or arrange security for their own space with consideration of CSRIC Best Practices and in coordination with the existing security programs for the building if they are in multi-tenant communications facilities (e.g., telecom hotels).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Access Control; Buildings; Industry Cooperation; Physical Security Management; Policy;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-5191ImportantNetwork Operators, Service Providers should plan accordingly to protect their own facilities from potential risks within the building complex (e.g., fire suppression system, plumbing, hazardous materials) if they are tenants within telecom hotels.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Buildings; Emergency Preparedness; Fire; Hardware; Network Operations; Physical Security Management;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-5192ImportantNetwork Operators, Service Providers should provide a current list of all persons authorized for access to the Property Manager, provide periodic updates to this list, and provide instructions for exceptions (e.g., emergency restoration personnel) if they are tenants of a telecom hotel.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Access Control; Buildings; Disaster Recovery; Emergency Preparedness; Guard Services; Human Resources; Industry Cooperation; Pandemic; Physical Security Management; Procedures; Security Systems;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-5194Highly ImportantEquipment Suppliers should design electronic hardware to minimize susceptibility to electrostatic discharge.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-5195Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should keep track of network product identification (e.g., circuit pack serial number), repair, modification and decommissioning records.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Hardware; Network Elements;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-10-5197CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should periodically inspect, or test as appropriate, the grounding systems in critical network facilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Network Operations; Power;TRUEGR-1089 Electromagnetic Compatibility and Electrical Safety - Generic Criteria for Network Telecommunications Equipment, Telcordia at http://telecom-info.telcordia.com/site-cgi/ido/docs.cgi?DOCUMENT=1089&KEYWORDS=&TITLE=&ID=298454680SEARCH; Nation Electric Code, NEC-AAC at http://www.nfpa.org/categoryList.asp?categoryID=124&URL=Codes%20&%20StandardsTRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-10-5279Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider site specific (e.g., location, region, country) threat information during security program development.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Physical Security Management;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5199Highly ImportantNetwork Operators, Service Providers, and Public Safety should provide appropriate protection for outside plant equipment (e.g., Controlled Environmental Vault, remote terminals) against tampering and should, where practicable, monitor locations for intrusion.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Access Control; Buildings; Facilities - Transport; Network Operations; Physical Security Management; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-10-5203CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should develop, maintain and administer a comprehensive program to sustain a reliable power infrastructure.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Business Continuity; Emergency Preparedness; Network Operations; Power; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-10-5209Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should restrict access to the AC transfer switch housing area, ensure that scheduled maintenance of the transfer switch is performed, and ensure that spare parts are available.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Access Control; Buildings; Emergency Preparedness; Network Operations; Physical Security Management; Power;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-5210ImportantNetwork Operators, Service Providers, and Property Managers should discourage use of Emergency Power Off (EPO) switches between the primary battery supplies and the main power distribution board. EPO switches are not recommended for use in traditional -48V DC battery plants.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Hardware; Network Operations; Power; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-10-5211ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should under normal conditions, disable power equipment features that allow switching off of power equipment from a remote location (i.e. dial up modem), but may consider activating such features during severe service conditions, to allow a degree of remote control.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Disaster Recovery; Emergency Preparedness; Network Operations; Power;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-5212Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should consider placing generator sets and fuel supplies for critical sites within a secured area to prevent unauthorized access, reduce the likelihood of damage and/or theft, and to provide protection from explosions and weather.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Access Control; Buildings; Network Operations; Physical Security Management; Power;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-5213Highly ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should where feasible, place fuel tanks in a secured and protected area restrict access to fill pipes, fuel lines, vents, manways, to reduce the possibility of unauthorized access.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Access Control; Buildings; Physical Security Management; Power;TRUERestricting access may be accomplished via such things as fencing, walls, or burying.TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-5214Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should consider placing all power and network equipment in a location that affords physical protection from potential vulnerabilities based on risk of the location.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Emergency Preparedness; Hardware; Power; Public Safety and Disaster;TRUEExamples include floods, broken water mains, fuel spillage. In storm surge areas, consider placing all power related equipment above the highest predicted or recorded storm surge levels.TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-5216ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should consider providing secure pre- constructed exterior wall pathways for mobile generator connections or tap box connections.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Emergency Preparedness; Power;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-10-5217Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should raise awareness of appropriate personnel regarding possible secondary events immediately after an incident, including the importance of promptly reporting any suspicious conditions.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Disaster Recovery; Guard Services; Human Resources; Physical Security Management; Training and Awareness;TRUEFor example, shipping and receiving, mailroom, emergency response and security personnel.TRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5218Highly ImportantEquipment Suppliers should implement a comprehensive security program for protecting hardware, firmware and software from malicious code insertion or tampering during development and delivery, taking into consideration that some developmental environments around the world present a higher risk level than others.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Cyber Security; Hardware; Human Resources; Information Protection; Intrusion Detection; Network Elements; Policy; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-10-5220Highly ImportantNetwork Operators, Service Providers and Equipment Suppliers should establish and implement a comprehensive physical security program for protecting corporate assets if utilizing foreign sites, including personnel, at those sites.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Access Control; Buildings; Information Protection; Physical Security Management; Policy;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-10-5222Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider providing trouble call centers with a physically diverse back-up capability that can quickly be configured to receive the incoming traffic and take appropriate action.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness; Network Operations; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5229Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should have controlled access to comprehensive facility cabling documentation (e.g., equipment installation plans, network connections, power, grounding and bonding) and keep a backup copy of this documentation at a secured off-site location.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Documentation; Emergency Preparedness; Information Protection; Network Operations; Power;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-5233ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should verify proper functioning of electronic surveillance equipment (e.g., CCTV, access control logs, alarm monitoring) at critical access points after any incident that may impact such equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Buildings; Disaster Recovery; Fire; Physical Security Management; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5235ImportantNetwork Operators and Service Providers should ensure that impacted alarms and monitors associated with critical utility vaults are operational after a disaster event.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Access Control; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Network Operations; Physical Security Management; Public Safety and Disaster; Security Systems;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-5236ImportantProperty Managers should take the lead in restoration efforts of the base building infrastructure for an incident at a multi-tenant facility, ensuring that they have points of contact for each tenant to allow for coordination, support, security, and additional resources as necessary.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Disaster Recovery; Emergency Preparedness; Industry Cooperation; Liaison; Network Operations; Physical Security Management;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-10-5239ImportantProperty Managers should maintain crisis management plan(s) of multi-tenant facilities for incident resolution and restoration.Cable; Internet/Data; Satellite; Wireless; Wireline;Property Manager;Emergency Preparedness; Industry Cooperation; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUEFALSEFALSE1FALSETRUEFALSEFALSE13-10-5242Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should reassess the criticality of associated facilities following a catastrophic incident (i.e. loss of one facility may make others more critical).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5245ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should document the use of non- standard equipment or cable during restoration to review and/or replace those devices or cable as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Documentation; Facilities - Transport; Hardware; Network Elements; Network Provisioning;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5248Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should perform risk assessment on significant network changes (e.g., technology upgrades, temporary or permanent changes due to restoration efforts).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Emergency Preparedness; Facilities - Transport; Network Elements; Network Operations; Network Provisioning;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5250Highly ImportantNetwork Operators and Service Providers should develop an engineering design for critical network elements and inter-office facilities that addresses diversity, and utilize management systems to provision, track, and maintain and restore that inter-office and intra-office diversity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Buildings; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Network Operations; Network Provisioning; Policy; Power;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-10-5252Highly ImportantNetwork Operators and Public Safety should evaluate the priority on re-establishing diversity of facility entry points (e.g., copper or fiber conduit, network interfaces for entrance facilities) during the restoration process.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Buildings; Disaster Recovery; Facilities - Transport;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSETRUE13-10-5255ImportantNetwork Operators, Service Providers, and Equipment Suppliers should ensure that temporary wireless networks (e.g., terrestrial microwave, free-space optical, satellite, point-to-point, multi-point, mesh) used during an incident are subsequently disabled or secured.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Disaster Recovery; Facilities - Transport; Information Protection; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-10-5256ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should monitor temporary connections of network test equipment that are established for restoration to prevent access by unauthorized personnel.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Network Operations; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5261Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should identify carrier interconnection points and coordinate restoral plans, as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Industry Cooperation; Network Interoperability; Network Operations; Network Provisioning;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-10-5263ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should use cables with adequate reliability and cable signal integrity, (e.g., flammability, strain reliefs, signal loss) and should mark as temporary and replace with standard cables as soon as practical any non- standard cables used because of an emergency restoration.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Facilities - Transport; Network Operations; Network Provisioning;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-10-5264Highly ImportantNetwork Operators and Service Providers should maintain an alternate recovery facility that would duplicate operations and Tracking, Telemetry, Control and Monitoring (TTC&M). The alternate recovery facility should be geographically diverse from the primary facility, maintained and tested on a regular schedule to ensure readiness and timely response. This applies specifically to satellite operators.Satellite;Network Operator;Business Continuity; Emergency Preparedness; Facilities - Transport; Network Operations; Public Safety and Disaster;FALSEFALSEFALSETRUEFALSEFALSEFALSETRUE2FALSEFALSEFALSEFALSE13-10-5265ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should if they are senior management, actively support compliance with established corporate security policies and procedures.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Corporate Ethics; Human Resources; Physical Security Management; Policy; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-10-5267Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure that operating procedures are clearly defined and followed by personnel during emergency situations in order to avoid degradation of cyber and physical security due to a diversion.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Cyber Security; Disaster Recovery; Emergency Preparedness; Guard Services; Network Operations; Physical Security Management; Procedures; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5270Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should authenticate and cross-verify information, knowing that terrorists or malicious groups may use false information to divert attention and resources away from their intended physical or cyber target.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Physical Security Management; Training and Awareness;TRUECross Reference BP 8567 "News Disinformation"TRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5271ImportantNetwork Operators, Service Providers, and Public Safety should consider physical and cyber security issues in Mutual Aid Agreements (e.g., authorization, access control, badging).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Access Control; Business Continuity; Cyber Security; Emergency Preparedness; Industry Cooperation; Physical Security Management;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-10-5272Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should include security considerations in disaster recovery plans for critical infrastructure sites.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Disaster Recovery; Emergency Preparedness; Physical Security Management; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-10-5274Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should in facilities using automated access control systems, install one mechanical lock to permit key override access to the space(s) secured by the access control system in the event the system fails in the locked mode. An appropriate procedure should be followed to track and control the keys.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Physical Security Management; Procedures; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-10-5275CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider backup power capabilities for Command and Control (Crisis Teams) so that communications and access to critical systems can be maintained in the event of a significant disruption to commercial power.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Network Operations; Power; Public Safety and Disaster;TRUEThis could include, but is not limited to, moving crisis team personnel to locations where there exists long-term power backup, installing generator backup at certain critical sites, etc.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-10-5277Highly ImportantNetwork Operators, Service Providers and Equipment Suppliers should if developing hardware, software or firmware, ensure that appropriate security programs are in place for protecting the product from theft or industrial espionage, taking into consideration that some developmental environments around the world present a higher risk level than others.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Corporate Ethics; Hardware; Human Resources; Information Protection; Physical Security Management; Software;FALSESee Best Practice 5218TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-10-5280ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should instruct security personnel to confirm the authenticity of directions to supersede existing security processes or procedures before implementing changes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Corporate Ethics; Disaster Recovery; Emergency Preparedness; Guard Services; Physical Security Management; Policy; Procedures; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-11-3240Highly ImportantNetwork Operators, Service Providers, and Public Safety should establish a provisioning accuracy process to ensure pseudo Automatic Number Identification (pANI) shell records are built correctly during original pANI provisioning to reduce negative impact and mis-routing of 9-1-1 calls.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Provisioning;TRUETRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-11-3244Highly ImportantPublic Safety should develop relationships and agreements with PSAPs outside of their normal service jurisdiction in an effort to improve their ability to handle calls in an overflow, backup, or disaster situation. Features within NG9-1-1 will help foster the capabilities available to PSAP administrators to meet these enhanced operational needs.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Essential Services; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSEFALSETRUE13-11-3250Highly ImportantPublic Safety should use one year of 9-1-1 call data to determine the best PSAP to designate as the pre-selected PSAP under current routing sheet methods for each cell and sector. This may require coordination with adjacent PSAPs to make joint decisions on the most effective routing plans with wireless carriers. If there is a state level data group and/or use of wide ranging data across many PSAPs for call handling analysis, this can assist the overall analysis of routing.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Essential Services; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSEFALSETRUE13-11-3251Highly ImportantPublic Safety should avoid the use of cold transfers (non-handshake transfer) of 9-1-1 calls. The initial PSAP should transfer and stay on the line to coordinate already gathered info from the caller, rather than force the caller to repeat from scratch. This allows verification that the transfer was accurately performed, to avoid reprocessing of the call.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Essential Services; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSEFALSETRUE13-11-3252Highly ImportantPublic Safety should review 9-1-1 call routing decisions for a given area at least every 3 years.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Essential Services; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSEFALSETRUE13-11-3253Highly ImportantPublic Safety should review routing on new cell towers six months after deployment using call data captured at the PSAP to determine if routing should be adjusted. The review period could be extended to a year in areas with low call volumes.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Essential Services; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSEFALSETRUE13-11-3254Highly ImportantPublic Safety should keep call transfers for mobile 9-1-1 callers that move across public safety jurisdictions, at a minimum due to the potential increase to response time from the transfer coordination between the two jurisdictions. It is estimated that every transfer adds 45 seconds to response time.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Essential Services; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSEFALSETRUE13-12-0491CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should where programs exist, coordinate with local, state and/or federal emergency management and law enforcement agencies for pre-credentialing to help facilitate access by technicians to restricted areas during an event.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Emergency Preparedness; Liaison; Pandemic; Physical Security Management; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-0494Highly ImportantNetwork Operators, Property Managers should consider including a provision in cell-site contracts for back-up power.Wireless;Network Operator; Property Manager;Buildings; Industry Cooperation; Network Design; Power; Public Safety; Public Safety and Disaster;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSETRUEFALSEFALSE13-12-0497Highly ImportantNetwork Operators, Property Managers and Public Safety should consider connecting the power load to portable generators stored at critical sites, and configuring them for auto-engage in the event of a failover.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Emergency Preparedness; Power; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSETRUEFALSETRUE13-12-0499CriticalNetwork Operators, Service Providers should consider ensuring that the back-haul facility equipment located at the cell site is provided with backup power duration equal to that provided for the other equipment at the cell site.Wireless;Service Provider; Network Operator;Facilities - Transport; Network Design; Power; Public Safety; Public Safety and Disaster;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-12-0618Highly ImportantNetwork Operators, Service Providers and Public Safety should establish mutually agreed upon reliability thresholds with Equipment Suppliers for new hardware (e.g., routers, switches, call servers, signaling servers) brought into service on the network.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Hardware; Industry Cooperation; Network Design; Network Elements; Network Provisioning; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0507Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should have the processes and/or capabilities to analyze and determine the source of malicious traffic, and then to trace-back and drop the packets at, or closer to, the source. The references provide several different possible techniques. (Malicious traffic is that traffic such as Distributed Denial of Service (DDoS) attacks, smurf and fraggle attacks, designed and transmitted for the purpose of consuming resources of a destination of network to block service or consume resources to overflow state that might cause system crashes). This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Operations; Public Safety; Public Safety and Disaster; Security Systems;TRUE\"Practical Network Support for IP Trace back\"\" by Stefan Savage et.al., Dept. of Computer Science and Engineering, Univ of Washington, Tech Report UW-CSE-2000-02-01 with a version published in the Proceedings of the 2000 ACM SIBCOMM pp256-306 Stockholm, Sweden, August 2000 Hash based as described in \"\"Hash Based IP Traceback\"\" by Alex C Snoeren et.al of BBN published in Proceedings of the 2001 ACM SIBCOMM, San Diego, CA August 2001 A physical network arrangement as described in \"\"CENTERTRACK, An IP Overlay Network\"\" by Robert Stone of UUNET presented at NANOG #17 October 5, 1999. John Ioannidis and Steven M. Bellovin, \"\"Implementing Pushback: Router-Based Defense Against DDoS Attacks\"\", NDSS, February 2002. http://www.ietf.org/rfc/rfc3882.txt.FALSETRUEFALSEFALSEFALSETRUETRUE2TRUEFALSEFALSETRUE13-12-0508ImportantNetwork Operators, Service Providers and Public Safety should establish company-specific interconnection agreements, and where appropriate, utilize existing interconnection templates and existing data connection trust agreement.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Facilities - Transport; Industry Cooperation; Network Design; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUEFor interconnection templates, see NRIC III Section 8.4, Internet Interconnection Template. For existing data connection trust agreements, see NRIC III, Section 6.7. Also see NRIC V Focus Group 4\\\'s Service Provider Interconnection for Internet. See http://www.nric.org/fg/fg4/ISP_Interconnection.doc and http://www.nric.org/pubs/nric3/reportj9.doc FCC URL(s) needs added to this reference when available to provide user’s access to older NRIC Final Reports and supporting documents.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-0518ImportantNetwork Operators, Public Safety should design and implement procedures for traffic monitoring, trending and forecasting so that capacity management issues may be understood. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Network Design; Network Elements; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUESee BP 0616 for \\\'Failure Effects Analysis\\\'TRUETRUETRUETRUETRUEFALSETRUE1FALSEFALSEFALSETRUE13-12-0519Highly ImportantNetwork Operators, Service Providers and Public Safety should engineer and monitor networks to ensure that operating parameters are within capacity limits of their network design (e.g., respect limitations of deployed packet switches, routers and interconnects, including \"managed networks\" and \"managed CPE\"). These resource requirements should be re-evaluated as services change or grow. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0521Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should work toward implementing industry standards for interconnection points.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Industry Cooperation; Network Design; Network Elements; Network Interoperability; Policy; Public Safety; Public Safety and Disaster;TRUEFor example, IETF standards and applicable ANSI T-1 Standards.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-0522Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should participate in standards development organizations and industry forums.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Industry Cooperation; Liaison; Policy; Public Safety; Public Safety and Disaster;TRUEThe current environment of numerous Network Operators, Service Providers and Equipment Suppliers elevates the importance of industry dialogue and standards (e.g., IETF, ITU-T, NANOG, CSRIC).TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-0529Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should support sharing of appropriate information pertaining to outages as an effort to decrease the potential of further propagation.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Documentation; Industry Cooperation; Liaison; Network Interoperability; Network Operations; Policy; Public Safety; Public Safety and Disaster;TRUESee ATIS-0300028, Next Generation Interconnection Interoperability (NGIIF) Reference Document: Part VII, Information Sharing, at http://www.atis.org/docstore. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-0543CriticalNetwork Operators, Service Providers, Property Managers and Public Safety should establish agreements with Property Managers for both regular and emergency power.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Business Continuity; Emergency Preparedness; Network Design; Power; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-12-0782Highly ImportantNetwork Operators, Service Providers and Public Safety should detect transport simplex events and restore the duplex protective path expeditiously by executing appropriate incident response and escalation processes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Contractors and Vendors; Disaster Recovery; Facilities - Transport; Hardware; Network Operations; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0551ImportantNetwork Operators should design their SS7 network components and interfaces consistent with industry base security guidelines to reduce the risk of potentially service affecting security compromises of the signaling networks supporting the public telephone network. This also applies to Public Safety in the context of transitional NG9-1-1 architectures involving Legacy Network Gateways and Legacy Selective Router Gateways.Wireless; Wireline;Network Operator;Cyber Security; Network Elements; Network Interoperability; Network Operations; Public Safety; Public Safety and Disaster;FALSEwww.atis.org/niif/index.asp Network Interconnection Interoperability Forum (NIIF) Reference Document NIIF 5001 The NIIF Interconnection Template (Network Interconnection Bilateral Agreement Template), Issue 3.0 ATIS0300004. See NIIF Reference document Part 3, Appendix I. This document provides guidance for desirable security features for any network element (call agent, feature server, soft switch, cross connect, gateway, database). It identifies security functionality, which should be in place by design, device or procedure. It includes an assessment framework series of checklists.FALSEFALSEFALSETRUETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-12-0588Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should provide awareness training that stresses the services impact of network failure, the risks of various levels of threatening conditions and the roles components play in the overall architecture.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Contractors and Vendors; Network Operations; Pandemic; Public Safety; Public Safety and Disaster; Supervision; Training and Awareness;TRUETraining should be provided for personnel involved in the direct operation, maintenance, provisioning, security and support of network elements. A successful program should educate its target audience on the technology, its benefits and risks, and the magnitude of traffic carried. The training might include the functionality and the network impact of failure of active and standby (protect) equipment in processors, interfaces, peripheral power supplies, and other related components, and the identification of active and standby (protect) units. Special emphasis should focus on the systematic processes for trouble isolation and repair.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-0592Highly ImportantNetwork Operators, Service Providers and Public Safety should provide duplicated, non-co-located maintenance administration, surveillance and support for network elements. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Emergency Preparedness; Network Elements; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUEMonitoring and administration locations should be minimized to provide consistency of operations and overall management. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0596Highly ImportantNetwork Operators, Service Providers and Public Safety should carefully review all re-home procedures, undertake pre-planning before execution, and ensure that re-home procedures (e.g. support interconnection to ESInets during transition), are carefully followed.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0602ImportantNetwork Operators, Service Providers and Public Safety should establish procedures to reactivate alarms after provisioning or maintenance activities (when alarms are typically deactivated).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Facilities - Transport; Network Operations; Network Provisioning; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUEThe volume of alarms during provisioning creates a potential for alarm saturation and makes it very difficult to differentiate between a real alarm and those caused by other activities. A common practice is to simply inhibit these alarms or set their thresholds so high they do not report. The danger here is that there must be a fail-safe measure to turn these alarms back on when the facility is carrying traffic. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-0608Highly ImportantNetwork Operators, Service Providers and Public Safety should utilize network surveillance and monitoring to keep overflow traffic conditions from adversely affecting networks (this includes OSPs and E9-1-1/NG9-1-1 SSPs).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Facilities - Transport; Industry Cooperation; Network Design; Network Interoperability; Network Operations; Network Provisioning; Pandemic; Procedures; Public Safety; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0609Highly ImportantNetwork Operators, Service Providers and Public Safety should provide and maintain the contact information for mutual aid coordination for inclusion in mutual aid processes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Network Interoperability; Pandemic; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUESee BP 1031 for additional mutual aid information.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0612CriticalNetwork Operators, Service Providers and Public Safety should verify both local and remote alarms and remote network element maintenance access on all new critical equipment installed in the network, before it is placed into service.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Elements; Network Operations; Network Provisioning; Procedures; Public Safety; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-0616Highly ImportantNetwork Operators, Service Providers and Public Safety should design and implement procedures to evaluate failure and emergency conditions affecting network capacity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Pandemic; Procedures; Public Safety; Public Safety and Disaster;TRUENote: This Best Practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0629Highly ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should ensure that a training program is implemented for contractors working in critical equipment locations to ensure they understand the need to protect the continuity of service and all fire safety requirements applicable to the facility.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Contractors and Vendors; Fire; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-12-0630Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should develop and execute standard Methods of Procedure (MOP) for all vendor work in or external to equipment locations with emphasis on service continuity and safety precautions.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Contractors and Vendors; Fire; Network Operations; Network Provisioning; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-12-0692ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should consider using fail-safe alarm points with back up power for critical alarms.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Hardware; Network Design; Power; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-0693ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should emphasize the use of Methods Of Procedures (MOPs), vendor monitoring, and performing work on in-service equipment during low traffic periods (i.e., maintenance window).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Contractors and Vendors; Fire; Network Operations; Network Provisioning; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-12-0731Highly ImportantNetwork Operators, Service Providers and Public Safety should provide physical diversity on critical inter-office and wireless backhaul routes when justified by a risk or value analysis.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Emergency Preparedness; Facilities - Transport; Network Design; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0744ImportantNetwork Operators, Equipment Suppliers and Public Safety should periodically review the results of root cause analysis to ensure that the least impacting methods for fault recovery are being used.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Network Elements; Public Safety; Public Safety and Disaster; Technical Support;TRUETRUETRUETRUETRUETRUEFALSETRUE1TRUEFALSEFALSETRUE13-12-0747ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should work together to establish reliability and performance objectives.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Network Elements; Policy; Public Safety; Public Safety and Disaster; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-0762Highly ImportantNetwork Operators should engineer networks supporting VoIP applications including access to NG9-1-1 Next Generation Core Services (NGCS) to provide redundant and highly available application layer services.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Cyber Security; Network Interoperability; Public Safety; Public Safety and Disaster; Software;FALSEExamples of such services include DNS and other directory services, SIP, H.323, and other application-level gateways. To ensure interoperability, all implementations of such IP-based application protocols should conform to the applicable IETF standards for those protocols.TRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-12-0764Highly ImportantNetwork Operators, Service Providers and Public Safety should implement congestion control mechanisms.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Network Interoperability; Pandemic; Public Safety; Public Safety and Disaster; Software;TRUESee RFC 2309, RFC 2914, and RFC 3155 for examples.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0771Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should have a procedure for pre-notification of visits to critical facilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster; Visitors;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-0772Highly ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should where applicable, coordinate with colocated entities on equipment moves, adds or changes which could impact other occupants.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Industry Cooperation; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-12-0779ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish a means to allow for coordination between cyber and physical security teams supporting preparedness, response, investigation and analysis.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Physical Security Management; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-8-8611ImportantNetwork Operators should require authentication on both devices. Configure Bluetooth products so that users must accept incoming connection requests.Wireless;Network Operator;Cyber Security; Hardware; Intrusion Detection; Network Interoperability;FALSEhttp://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-12-0785CriticalNetwork Operators, Service Providers and Public Safety should consider secured remote access to critical network management systems for network management personnel working from distributed locations (e.g., back-up facility, home) in the event of a situation where the NOC cannot be staffed (e.g., pandemic).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Cyber Security; Emergency Preparedness; Information Protection; Network Operations; Pandemic; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-0787ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should consider the use of fixed alternate fuel generators (e.g., natural gas) connected to public utility supplies to reduce the strain on refueling.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Disaster Recovery; Emergency Preparedness; Pandemic; Power; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-12-0789ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should consider modifying travel guidelines/policies for use during a pandemic or other crisis situations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Pandemic; Policy; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-0793ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should as part of business continuity planning, identify employees that can perform their tasks from alternate locations and consider provisions for enabling them to do so.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Essential Services; Human Resources; Pandemic; Policy; Public Safety; Public Safety and Disaster; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-0794ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should as part of business continuity planning, provide for elevated /increased utilization of remote access capabilities for telecommuting purposes by employees during a pandemic, or other crisis situations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness; Network Operations; Pandemic; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-0795ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should as part of business continuity planning, plan for elevated/increased utilization of virtual collaboration and remote meetings capabilities during pandemics or other crisis situations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-0796ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should as part of business continuity planning, consider developing guidelines for the deferral of specific maintenance or provisioning activities during certain situations (e.g., pandemic, holiday, National Special SecurityCable; Internet/Data; Satellite; Wireless;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; Public Safety and Disaster;TRUETRUETRUETRUETRUEFALSETRUETRUE1TRUEFALSEFALSETRUE13-12-0805ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should work to establish operational standards and practices that support broadband capabilities and interoperability (e.g., video, voice, data, wireless).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Documentation; Industry Cooperation; Network Interoperability; Policy; Public Safety; Public Safety and Disaster;TRUEOrganizations that are working on operational standards and practices supporting broadband services and interoperability: ITU-T, particularly Study Groups 2, Study Group 12 and Study Group 13. Also the IETF, ANSI T1A1, DSL Forum, CableLabs, and the TeleManagement Forum. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-0806CriticalService Providers, Public Safety should establish policies and develop internal controls to ensure that the infrastructure supporting high speed broadband is protected from external threats, insider threats and threats from customers. These policies should cover protocol and port filtering as well as general security best practices. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireline;Service Provider; Public Safety;Cyber Security; Intrusion Detection; Network Operations; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSEFALSETRUETRUEFALSE3FALSEFALSEFALSETRUE13-12-0814Highly ImportantNetwork Operators, Service Providers and Public Safety should design broadband networks with the ability to take active measures to detect and restrict or inhibit any network activity that adversely impacts performance or security. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Facilities - Transport; Network Design; Network Operations; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0820ImportantNetwork Operators, Service Providers and Public Safety should deploy networks and services in a manner that mitigates the effects of harmful interference from other sources, and mitigates harmful interference into other services. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Design; Network Elements; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-0821Highly ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should coordinate to ensure that network deployment and equipment installation, including equipment moves, adds or changes (MACs), do not physically impair the operation of other collocated communications networks/equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Industry Cooperation; Network Elements; Network Provisioning; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-12-0822Highly ImportantNetwork Operators, Service Providers and Public Safety should incorporate multilevel security schemes for network data integrity in the network design, as applicable, to prevent user traffic from interfering with network operations, administration, and management.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Network Design; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-0900Highly ImportantNetwork Operators, Service Providers should if operating a VoIP Positioning Center (VPC), Mobile Positioning Center (MPC), or Gateway Mobile Location Center (GMLC), strive to reduce missing or malformed shell record data routing errors for 9-1-1 pseudo Automatic Number Identification (pANI) due to incorrect Master Street Address Guide (MSAG) to Emergency Service Number (ESN) to Public Safety Answering Point (PSAP) relationship (MSAG-ESN-PSAP) by following National Emergency Number Association (NENA) 56-504 “NENA VoIP 9-1-1 Deployment and Operational Guidelines” to fully test routing for every pANI placed in service.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Network Provisioning; Public Safety; Public Safety and Disaster;FALSESee Testing in Section 5.1.4 of NENA 56-504 “NENA VoIP 9-1-1 Deployment and Operational Guidelines”.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-12-0901ImportantNetwork Operators, Service Providers and Public Safety should conduct extensive 9-1-1 call-through testing for environments that have a high user capacity (e.g., university campuses, large commercial enterprise campuses, and densely populated multi-tenant buildings/complexes) to immediately reduce the risk of misrouting a block of callers at a particular facility.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Public Safety; Public Safety and Disaster;TRUEBecause the \"originating end user\" customers are also stakeholders in the success of a 9-1-1 call, they should also participate in testing with the VSP. This best practice is also applicable to legacy private branch exchange (PBX) environments; the PBX service provider should perform the extensive call-through testing steps. Edited before upload.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-0902Highly ImportantNetwork Operators, Service Providers should assess the impact on the routing of 9-1-1 calls when reconfiguring their networks. Such reconfiguration may include: making changes to VoIP Positioning Centers (VPCs), Mobile Position Centers (MPCs), Gateway Mobile Location Centers (GMLCs), and Emergency Services Gateways (ESGWs); rehoming trunking to Legacy Network Gateway(s) (LNGs); and/or establishing IP connections to Border Control Functions (BCFs).Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Network Provisioning; Public Safety; Public Safety and Disaster;FALSETRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-12-1008ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should use the Incident Command System for incident coordination and control in the emergency operations center and at the incident site.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Network Operations; Pandemic; Procedures; Public Safety; Public Safety and Disaster;TRUESee the National Incident Management System (NIMS) http://www.fema.gov/national-incident-management-system. See also National Fire Protection Association Standard 1600. http://www.nfpa.org/codes-and-standards/document-information-pages?mode=code&code=1600 (Free but requires registration).TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-1063CriticalNetwork Operators, Service Providers should set Initial Address Messages (IAMs) to congestion priority in accordance with applicable ANSI standards. This will ensure government emergency calls (e.g., 9-1-1, GETS) receive proper priority during national emergency situations. Implementation in all networks should be in accordance with ANSI T1.111.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Emergency Preparedness; Network Design; Pandemic; Public Safety; Public Safety and Disaster;FALSESee ATIS-1000111.2005(R2010), Signalling System Number 7 (SS7) – Message Transfer Part (MTP) at http://www.atis.org/docstore.TRUETRUEFALSETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-12-1064Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should implement minimum network management controls in order to promote reliability of the interconnected network. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Emergency Preparedness; Network Interoperability; Network Operations; Public Safety; Public Safety and Disaster;TRUESee ATIS-0300026, Next Generation Interconnection Interoperability (NGIIF) Reference Document: Part VI, Network Management Guidelines, at http://www.atis.org/docstoreTRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-1068Highly ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should utilize Transfer Switch Equipment that conforms to industry standards.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Network Design; Network Operations; Power; Procedures; Public Safety; Public Safety and Disaster;TRUEhttp://www.ul.com/global/eng/pages/solutions/standards/accessstandards/TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-12-3256Network Operators, Service Providers should ensure that location information is made available to Public Safety as soon as is feasible after the 9-1-1 call commences.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Disaster Recovery; Essential Services; Network Design; Network Operations; Network Provisioning; Policy; Procedures; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-1069Highly ImportantNetwork Operators, Equipment Suppliers, Property Managers and Public Safety should consider marking or modifying copper bars and cable to deter theft, to make them easier to identify at scrap yards, and/or to reduce their value.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety; Property Manager;Facilities - Transport; Hardware; Physical Security Management; Power; Public Safety; Public Safety and Disaster;TRUEThis may include stamping copper ground bars with “Registered Property” and “Recycling Prohibited”, tinning copper ground bars or coating them with cold galvanizing spray, and marking cable with identifying markings.TRUETRUETRUETRUETRUEFALSETRUE2TRUETRUEFALSETRUE13-12-3203ImportantNetwork Operators, Service Providers and Public Safety should consider developing options that allow for call delivery from Emergency Notification Services to subscribers with call blocking/screening services in order to assist in the effectiveness of Emergency Notification Systems (Public Safety Mass Calling) and return calls from PSAPs.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Emergency Preparedness; Industry Cooperation; Liaison; Network Design; Pandemic; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-3205ImportantNetwork Operators, Service Providers and Public Safety should consider participating in standards bodies and other forums contributing to Emergency Telecommunications Services (ETS) and NG9-1-1 related standards development.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-3214ImportantPublic Safety should support automated location query capability including rebids, but avoid the sending of overlapping location queries that would negatively impact current location determination capabilities.Wireless;Public Safety;Essential Services; Public Safety; Public Safety and Disaster;TRUEFALSEFALSEFALSETRUEFALSEFALSEFALSE1FALSEFALSEFALSETRUE13-12-3215ImportantNetwork Operators, Service Providers should in the absence of better routing information, route 9-1-1 calls based on cell sector/tower location toward the designated serving Public Safety Answering Point (PSAP) via the Emergency Service Network when necessary and where feasible.Wireless;Service Provider; Network Operator;Essential Services; Network Design; Public Safety; Public Safety and Disaster;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-12-3218ImportantPublic Safety should provide training to educate PSAP personnel as to the process to obtain 9-1-1 Phase II data.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Essential Services; Human Resources; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUEFALSEFALSE1FALSEFALSEFALSETRUE13-12-3219ImportantPublic Safety should provide training to educate PSAP personnel as to the proper meaning and interpretation of the 9-1-1 Phase II display parameters.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Essential Services; Human Resources; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUEFALSEFALSE1FALSEFALSEFALSETRUE13-12-3223Highly ImportantNetwork Operators, Service Providers and Public Safety should implement dedicated and as diverse trunk groups as feasible and commercially reasonable as possible between the Mobile Switching Center (MSC) end office or similar source and the E9-1-1 Selective Router (SR) or Legacy network Gateway (for NG9-1-1), based on the geography served by the default Public Safety Answering Points (PSAPs).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Design; Public Safety; Public Safety and Disaster;TRUEThis should be done rather than aggregating traffic from centralized switching architectures serving wide spread geographic areas onto a single trunk group to the E9-1-1 Selective Router. This should be done in conjunction with the local PSAP jurisdictional authorities to ensure that correct choices are made.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-3224Highly ImportantNetwork Operators, Service Providers and Public Safety should use dedicated and diverse Signaling System 7 (SS7) or Multi-Frequency (MF) controlled trunk groups as feasible and commercially reasonable as possible for the normal routing of 9-1-1 calls from originating switching entities to 9-1-1 Selective Routers (SRs) or Legacy network Gateway (for NG9-1-1) rather than using shared Public Switched Telephone Network (PSTN) trunk arrangements and where appropriate and necessary supported by service level agreements. Network Operators, Service Providers, and NG9-1-1 PSAPs should use dedicated, geo-diverse and redundant IP connection points when feasible & commercially available.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Design; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-3225Highly ImportantNetwork Operators, Service Providers and Public Safety should ensure that the utilization on either node is less than half of each node\\\'s capacity so that if one node fails the other node will absorb the load. This applies to those that deploy geographically diverse 9-1-1 location servers with dual load sharing nodes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Design; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-3226CriticalNetwork Operators, Service Providers and Public Safety should provide 24x7 network operations support.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-3227Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should deploy location solutions such that the 9-1-1 related data traffic between the Network Operator\\\'s location server and the mobile device should not degrade voice quality.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Network Design; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-3229ImportantNetwork Operators, Service Providers and Public Safety should maintain all 9-1-1 call data according to all applicable governmental data retention requirements. In the absence of governmental data retention requirements, the call datashould be retained in accordance with FCC guidelines.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Documentation; Network Operations; Public Safety; Public Safety and Disaster;TRUESee the FCC Wireless E911 Location Accuracy Requirements PS Docket No. 07-114 Fourth R&O for guidelines & expectations for retention periods. State and local 9-1-1 retention guidelines can differ from state to state, please refer to either \"state level 911 program offices or the Public Utility Commission for guidance.\"TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-3230ImportantNetwork Operators, Service Providers and Public Safety should maintain location event records that include time-stamped call detail transactions according to all applicable governmental data retention requirements. In the absence of governmental data retention requirements, the call data should be retained in accordance with FCC guidelines.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Documentation; Network Operations; Public Safety; Public Safety and Disaster;TRUESee the FCC Wireless E911 Location Accuracy Requirements PS Docket No. 07-114 Fourth R&O for guidelines & expectations for retention periods. State and local 9-1-1 retention guidelines can differ from state to state, please refer to either” state level 911 program offices or the Public Utility Commission for guidance.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-3231Highly ImportantNetwork Operators, Service Providers should ensure that the GPS satellite location identification information (e.g., GPS ephemeris, almanac, etc.) is transmitted to the Phase II Mobile Subscriber or Position Determining Entities (PDE) as soon as is feasible after the 9-1-1 call commences in order to reduce the number of database query rebids. This applies to those that use Global Positioning System (GPS) enabled Phase II location solutions.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Liaison; Network Design; Network Operations; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-12-3232ImportantEquipment Suppliers should ensure that the Phase II handsets commence Global Positioning System (GPS) acquisition before the GPS satellite location identification information is received so that GPS acquisition time is minimized and to reduce the number of database query rebids.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-12-3234CriticalNetwork Operators, Service Providers and Public Safety should use Policy-based Routing and/or other tactical routing functionality defined for Next Generation 9-1-1 (NG9-1-1) to handle call congestion and outages through diversion of calls to alternate Public Safety Answering Points (PSAP) that have the capabilities to effectively answer and provide assistance during periods of extreme overload or network failure scenarios.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Network Operations; Pandemic; Procedures; Public Safety; Public Safety and Disaster; Supervision;TRUESee NENA-STA-010.3-201x, NENA i3 Standard for Next Generation 9-1-1 (to be issued) for details about Policy-based Routing as used in this context.TRUETRUEFALSEFALSETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-3245Highly ImportantNetwork Operators, Service Providers and Public Safety should develop policy routing procedures that consider the full capability of NG9-1-1, including the rerouting of calls from other PSAPs as a result of overflow, backup, and disaster situations. Inter-agency agreements should be updated to reflect the updated procedures.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Essential Services; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-3246Highly ImportantNetwork Operators should where MSC capabilities exist, route calls based on the location of the cell tower, to the MSC-SR trunks designated for that cell site to the serving PSAP. Switch level defaulted calls shall be routed to a \"fast busy\" tone or, where that option is not available, to an appropriate recorded announcement.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Emergency Preparedness; Essential Services; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-12-3247Highly ImportantPublic Safety should conduct on-going meetings with several bordering or nearby PSAPs to clarify the wireless 9-1-1 call routing determination process. For example, it may be appropriate to route a cell site/sector based on the area covered or where the highest density population exists.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Essential Services; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSEFALSETRUE13-12-3248Highly ImportantPublic Safety should obtain GIS data from bordering PSAP jurisdictions and expand and test their transfer list to bordering PSAPs. This is necessary as the routing of wireless 9-1-1 calls may require a PSAP to receive and transfer calls for an area larger than the wireline coverage area.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Essential Services; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE2FALSEFALSEFALSETRUE13-12-3255Network Operators, Service Providers and Public Safety should use secure network protocols such as TLS or IPsec for HTTP network interconnection for data acquisition of location and additional data provided by reference. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Essential Services; Facilities - Transport; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster; Software;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-8-8627ImportantEquipment Suppliers should ensure enterprise Femtocell hardware shall be tamper-proof.Wireless;Equipment Supplier;Cyber Security; Hardware; Network Interoperability;FALSEFALSEFALSEFALSETRUEFALSEFALSEFALSE1TRUEFALSEFALSEFALSE13-12-3257Service Providers should route calls to the appropriate NG9-1-1 Next Generation Core Services (NGCS) based on the most accurate location information available. When location information is unavailable, OSPs should default route calls according to their internal policy, such as to an alternate call center.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Disaster Recovery; Essential Services; Network Design; Network Operations; Network Provisioning; Policy; Procedures; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSEFALSE13-12-3258Network Operators, Service Providers and Public Safety should design Emergency Services IP Networks (ESInets), where technically and financially viable, with redundant interconnectivity to PSAPs using the characteristics of IP routing to maintain connectivity in the face of extensive disaster damage. Public Safety ESInets may use diverse private facilities or their functional equivalent (e.g., MPLS, generic routing encapsulation (GRE) tunneling, virtual private network (VPN), or equally secure industry protocols) and where appropriate and supported by service level agreements.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Network Interoperability; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3259Network Operators, Service Providers should design networks with redundant interconnectivity to Public Safety Emergency Services IP Networks (ESInets) using the characteristics of IP routing to maintain connectivity in the face of extensive disaster damage. OSPs may use diverse private facilities or their functional equivalent (e.g., MPLS, generic routing encapsulation (GRE) tunneling, virtual private network (VPN), or equally secure industry protocols) and where appropriate and supported by service level agreements.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Disaster Recovery; Network Interoperability; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-3260Network Operators, Service Providers and Public Safety should ensure that the NG 9-1-1 system elements and the network elements between the OSP and the ESInet support the most accurate location information available to route 9-1-1 calls.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Essential Services; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3261Network Operators, Service Providers and Public Safety should implement applicable industry standards to achieve interoperability between Real Time Text and TTY Baudot in support of emergency calling during the transition to end-state NG9-1-1. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Essential Services; Network Interoperability; Network Provisioning; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3262Public Safety should provide training to educate PSAP personnel as to the process to acquire/de-reference initial/updated/supplemental location information, as well as how to interpret location information received in an NG9-1-1 environment.Cable; Internet/Data; Wireless; Wireline;Public Safety;Disaster Recovery; Documentation; Policy; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUEFALSETRUETRUEFALSEFALSEFALSEFALSEFALSETRUE13-12-3263Network Operators, Service Providers and Public Safety should establish SIP Resource-Priority header value "esnet.1" to ensure that NG9-1-1 SIP packets are prioritized throughout the ESinet.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3264Network Operators, Service Providers and Public Safety should ensure that policy-based routing controls for NG9-1-1 are implemented and managed to prevent adverse routing conditions.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Documentation; Network Design; Network Provisioning; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3265Network Operators, Service Providers and Public Safety should establish and enforce policies that ensure Next Gen 9-1-1 services are in compliance with established Next Gen 9-1-1 standards and where possible should utilize an independent validation and verification process to validate Next Gen 9-1-1 standards compliance.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Documentation; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3266Public Safety should establish and document a process to plan, test, evaluate and implement major change activities in an NG9-1-1 environment. To include NG9-1-1 implementations and other changes, new IP infrastructure, and NGCS.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Contractors and Vendors; Disaster Recovery; Documentation; Emergency Preparedness; Essential Services; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Public Safety; Public Safety and Disaster; Software;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSEFALSETRUE13-12-3267Network Operators, Service Providers and Public Safety should support redundant local DNS servers/resolvers for any element connected to an NG9-1-1 Emergency Services IP Network to support the translation of hostnames to IP addresses. Authoritative DNS servers should be protected by Domain Name System (DNS) Security Extensions (DNSSEC).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Hardware; Network Design; Network Elements; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster; Software;TRUENENA-STA-010, IETF RFC 4035TRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3268Network Operators, Service Providers, Equipment Suppliers and Public Safety should consider the use of the Department of Homeland Security (DHS) Protected Critical Infrastructure Information (PCII) program as a means of aggregating, sharing and protecting Vulnerability Assessment, Reporting & Remediation information related to private sector infrastructure.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Buildings; Business Continuity; Emergency Preparedness; Guard Services; Human Resources; Physical Security Management; Public Safety; Public Safety and Disaster; Security Systems;TRUEProgram information can be found at https://www.dhs.gov/pcii-program.TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUE13-12-3269Network Operators, Service Providers and Public Safety should establish policies governing data, metadata, and other media that hold information that could be used to compromise the security in an NG9-1-1 system.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Access Control; Contractors and Vendors; Corporate Ethics; Cyber Security; Disaster Recovery; Information Protection; Intrusion Detection; Network Provisioning; Physical Security Management; Policy; Public Safety; Public Safety and Disaster; Security Systems; Software; Visitors;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3270Network Operators, Service Providers and Public Safety should establish and enforce policies for log in requirements, password protection, screenlock upon activity timeout, and other physical security measures to prevent visitors and outside contractors from accessing NG 9-1-1 systems.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Access Control; Contractors and Vendors; Cyber Security; Disaster Recovery; Guard Services; Information Protection; Intrusion Detection; Network Provisioning; Physical Security Management; Policy; Public Safety; Public Safety and Disaster; Security Systems; Software; Visitors;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3271Network Operators, Service Providers and Public Safety should support HTTPS transport of dereference requests associated with the acquisition of location information and other additional data associated with an emergency call.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Public Safety; Public Safety and Disaster;TRUENENA-STA-010, IETF RFC 7852, IETF RFC 6753TRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3272Network Operators, Service Providers and Public Safety should provide integrity protection with TLS using SHA-256 or stronger for all protocol operations.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Network Interoperability; Public Safety; Public Safety and Disaster;TRUEFIPS 180-4, Secure Hash Standard (SHS), NIST, August 2015TRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3273Network Operators, Service Providers and Public Safety should establish and enforce policies that ensure cloud based Next Gen 9-1-1 services provide resilience, performance and security that meet established best practices for public safety and 9-1-1 and that leverage the scalable and enhanced information technology capacities of cloud based Next Gen 9-1-1 services.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Access Control; Corporate Ethics; Cyber Security; Disaster Recovery; Essential Services; Information Protection; Intrusion Detection; Network Provisioning; Policy; Public Safety; Public Safety and Disaster; Security Systems; Software;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3274Network Operators, Service Providers should use strong certificate-based authentication ensuring network access, digital content and software services can be secured from unauthorized access. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Access Control; Cyber Security; Disaster Recovery; Essential Services; Information Protection; Intrusion Detection; Network Provisioning; Public Safety; Public Safety and Disaster; Security Systems; Software;FALSESee NENA-STA-010.3-201x, NENA i3 Standard for Next Generation 9-1-1 (to be issued)TRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-3275Network Operators, Service Providers, Equipment Suppliers and Public Safety should support Border Control Functions (BCFs) that provide border firewall functionality including application and network layer protection and scanning, resource and admission control, and Denial of Service (DoS) detection and protection, as well as Session Border Control (SBC) functionality including: identification of emergency call/session and priority handling for the IP flows of emergency call/session traffic; conformance checking and mapping (if applicable) of priority marking based on policy for emergency calls/sessions; SIP protocol normalization; Network Address Translation (NAT) and Network Address and Port Translation (NAPT) Traversal; IPv4/IPv6 Interworking; Signaling Transport Protocol Support; and QoS/Priority Packet Marking.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Contractors and Vendors; Cyber Security; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Hardware; Network Design; Network Elements; Network Interoperability; Network Provisioning; Public Safety; Public Safety and Disaster; Security Systems; Software;TRUETRUETRUEFALSETRUETRUETRUETRUETRUEFALSEFALSETRUE13-12-3276Network Operators, Service Providers and Public Safety should where feasible, provide both physical and logical diversity of critical facilities links.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3277Network Operators, Service Providers and Public Safety should identify and manage critical network elements and architecture that are essential for network connectivity and subscriber services considering security, functional redundancy and geographical diversity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Buildings; Business Continuity; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3278Network Operators, Service Providers, Property Managers and Public Safety should protect their building facilities against external breaches (e.g., vehicles inadvertently or purposefully ramming into the data center, NOC, operations center, etc.).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Access Control; Buildings; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Guard Services; Intrusion Detection; Physical Security Management; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUEFALSETRUEFALSETRUE13-12-3279Network Operators, Service Providers and Public Safety should use secure network protocols such as TLS for network interconnection for their SIP traffic. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Disaster Recovery; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUEFALSEFALSEFALSETRUE13-12-3280Network Operators, Service Providers and Public Safety should implement policy routing rules for NG9-1-1 that allow 911 calls to be alternate routed to another PSAP due to an abnormal condition at the original PSAP, e.g., PSAP shutdown, abandonment, etc. The PSAP should be responsible for defining these conditions and have access to invoke them.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUE71-502, An Overview of Policy Rules for Call Routing and Handling in NG9-1-1 Information Document, 2010/08/24. NENA-INF-011.1-2014 , NENA NG9-1-1 Policy Routing Rules Operations Guide, 2014/10/06.TRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3281Network Operators, Service Providers and Public Safety should if supporting transitional NG9-1-1 architectures and responsible for operating Legacy Network Gateways, Legacy PSAP Gateways, and/or Legacy Selective Router Gateways, ensure that these gateway elements log the beginning (i.e., start time) and end of processing (i.e., end time) of a call, as well as the actual SIP message processed by the gateway element via its IP interface and data related to its legacy interface (e.g., the port or trunk group over which the call was received/sent, the 10-digit pANI received or generated by the gateway system, the legacy protocol used [SS7 or MF]), in accordance with NENA requirements.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3282Network Operators, Service Providers and Public Safety should support access to a logging service (also referred to as a “logger”) by all Next Generation Core Services (NGCS) elements and NG PSAPs that are served by an i3 NG9-1-1 Emergency Services IP Network (ESInet) via a standard interface. All significant steps in processing a call should logged, including external events, internal events, media, and messages. Access to at least two loggers must be supported for redundancy purposes, unless jurisdictional requirements differ.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Facilities - Transport; Public Safety; Public Safety and Disaster;TRUESee NENA-STA-010.3-201x, NENA i3 Standard for Next Generation 9-1-1 (to be issued)TRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3283Network Operators, Service Providers and Public Safety should assess the impact on the routing and delivery of 9-1-1 calls and associated data to legacy and NG PSAPs associated with configuring their networks. This may include IP connections from NG9-1-1 Emergency Services Networks to NG PSAPs, Legacy Selective Router Gateways, and Legacy PSAP Gateways; SS7-supported trunk connections between Legacy Selective Router Gateways and legacy Selective Routers; and MF trunks from Legacy PSAP Gateways and legacy Selective Routers to legacy PSAPs.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Facilities - Transport; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3284Network Operators, Service Providers and Public Safety should enforce authentication of NGCS functional elements and PSAP agents/agencies prior to granting access to NG9-1-1/ESInet services and data.Internet/Data;Service Provider; Network Operator; Public Safety;Disaster Recovery; Facilities - Transport; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUEFALSEFALSEFALSETRUE13-12-3285Network Operators, Service Providers should when routing 911 calls to legacy PSAPs via an NG9-1-1 Emergency Services Network, consider using Legacy PSAP Gateways that support standards-based mappings of SIP messaging to MF signaling, or Legacy Selective Router Gateways that support standards-based mappings of SIP messaging to SS7 signaling in order to achieve consistent interworking industry-wide.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Disaster Recovery; Essential Services; Facilities - Transport; Network Design; Network Interoperability; Network Provisioning; Public Safety; Public Safety and Disaster;FALSETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-3286Network Operators, Service Providers should when routing 911 calls via an NG9-1-1 Emergency Services Networks from conventional TDM-based originating networks, consider using Legacy Network Gateways that support standards-based mappings of MF/SS7 signaling to SIP messages should also support (at a minimum) G.711 codecs, in order to achieve consistent signaling interworking and to support voice band communication industry-wide.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Disaster Recovery; Facilities - Transport; Network Interoperability; Public Safety; Public Safety and Disaster;FALSETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-3287Network Operators, Service Providers and Public Safety should be able to access logging data via a standard interface, with proper authorization.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3288Network Operators, Service Providers and Public Safety should assess the impact on the routing and delivery of 9-1-1 calls and associated data to legacy and NG PSAPs associated with configuring their networks to support IP connections to NG PSAPs, Legacy Selective Router Gateways, and Legacy PSAP Gateways, as well as SS7-supported trunk connections between Legacy Selective Router Gateways and legacy Selective Routers, and MF trunks from Legacy PSAP Gateways and legacy Selective Routers to legacy PSAPs.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Essential Services; Facilities - Transport; Network Design; Network Interoperability; Network Provisioning; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3289Network Operators, Service Providers and Public Safety should ensure that locations associated with 9-1-1 calls are validated in the OSP network (if in civic format), successfully conveyed to support the routing of emergency calls and delivered to Public Safety Answering Points. This applies to NG9-1-1 emergency services calls.Internet/Data;Service Provider; Network Operator; Public Safety;Disaster Recovery; Facilities - Transport; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUEFALSEFALSEFALSETRUE13-12-3291Network Operators, Service Providers and Public Safety should coordinate DOS and TDOS detection, verification and recovery efforts with local law enforcement, cybersecurity task forces, State Threat Assessment centers and other law enforcement agencies. The PSAP should have procedures in place that minimize the impact of DOS and TDOS while preserving the evidence needed to support the investigation.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Disaster Recovery; Documentation; Emergency Preparedness; Essential Services; Facilities - Transport; Industry Cooperation; Liaison; Network Provisioning; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSETRUE13-12-3292Network Operators, Service Providers should address the control of overflow conditions in their bilateral agreements with their interconnection partners.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Essential Services; Facilities - Transport; Industry Cooperation; Network Design; Network Interoperability; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-3293Network Operators should have their physical POIs for NG9-1-1 dereferencing functions documented in an Interconnection Agreement. Specifically for NG9-1-1, unless local requirements differ, those POI should be at the ingress Firewall of the ESInet or NG9-1-1 PSAP.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Network Interoperability; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSEFALSEFALSE13-12-3294Network Operators should have their physical POIs for signaling and media documented in an Interconnection Agreement. Specifically for NG9-1-1, unless local requirements differ, those POI should be at the ingress Border Control Function (BCF) of the ESInet.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Network Interoperability; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSEFALSEFALSE13-12-5001Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should establish additional access control measures that provide two factor identification (e.g., cameras, PIN, biometrics) in conjunction with basic physical access control procedures at areas of critical infrastructure, as appropriate, to adequately protect the assets.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Human Resources; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-12-5006ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should have policies and procedures that address tailgating (i.e. following an authorized user through a doorway or vehicle gateway). At critical sites, consider designing access points to minimize tailgating.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-12-5015Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish separation policies and procedures that require the return of all corporate/agency property and invalidate access to all resources (physical and logical) to coincide with the separation of employees, contractors and vendors.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Contractors and Vendors; Corporate Ethics; Human Resources; Information Protection; Physical Security Management; Policy; Procedures; Public Safety; Public Safety and Disaster; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-5018ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should periodically conduct reviews to ensure that proprietary information is protected in accordance with established policies and procedures.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Cyber Security; Human Resources; Information Protection; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5029Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should consider marking or modifying copper bars and cable to deter theft, to make them easier to identify at scrap yards, and/or to reduce their value.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Emergency Preparedness; Physical Security Management; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-12-5040Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should install environmental emergency response equipment (e.g., fire extinguishers, high rate automatically activated pumps) where appropriate, and periodically inspect the equipment in accordance with local codes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Emergency Preparedness; Fire; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-12-5048ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should implement a policy that requires approval by senior member(s) of the organization for security related goods and services contracts.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Buildings; Contractors and Vendors; Guard Services; Physical Security Management; Policy; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5049ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should consider a strategy of using technology (e.g., access control, CCTV, sensor technology, person traps, turnstiles) to supplement the guard services.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Guard Services; Physical Security Management; Public Safety; Public Safety and Disaster; Security Systems; Visitors;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-12-5050ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should when utilizing guard services, have a supervision plan that requires supervisory checks for all posts.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Guard Services; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-12-5051ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should when utilizing guard services, consider establishing incentives and recognition programs to increase morale and reduce turnover.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Guard Services; Human Resources; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5052ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should when using guard services, ensure that each post has written detailed post orders including site specific instructions, up-to-date emergency contact information and ensure that on the job training occurs.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Contractors and Vendors; Emergency Preparedness; Guard Services; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-12-5053ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should periodically audit guard services to ensure satisfactory performance, and compliance with organizational contractual requirements.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Contractors and Vendors; Guard Services; Human Resources; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-12-5054ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should when utilizing guard services, develop a process to quickly disseminate information to all guard posts. This processshould be documented andshould clearly establish specific roles and responsibilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Contractors and Vendors; Documentation; Emergency Preparedness; Guard Services; Physical Security Management; Procedures; Public Safety; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-12-5055CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish and maintain (or contract for) a 24/7 emergency call center for internal communications. Ensure staff at this center has access to all documentation pertinent to emergency response and up to date call lists to notify appropriate personnel. The number to this call center should be appropriately published so personnel know where to report information.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Contractors and Vendors; Documentation; Emergency Preparedness; Network Operations; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-5068ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should establish standards, policies and procedures that, where feasible, restrict equipment access to authorized personnel where colocation exists.Cable; Internet/Data; Satellite; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Access Control; Buildings; Facilities - Transport; Industry Cooperation; Material Movement; Network Operations; Physical Security Management; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUEFALSETRUETRUETRUE1FALSETRUEFALSETRUE13-12-5071CriticalNetwork Operators, Service Providers, Property Managers and Public Safety should maintain liaison with Public Safety, local law enforcement, fire department and other security and emergency agencies to exchange critical information related to threats, warnings and mutual concerns.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Emergency Preparedness; Fire; Liaison; Physical Security Management; Policy; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-12-5096Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should require compliance with corporate/agency security standards and programs for contractors (and their subcontractors), vendors and others as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Contractors and Vendors; Guard Services; Human Resources; Information Protection; Physical Security Management; Policy; Procedures; Public Safety; Public Safety and Disaster;TRUEIn order to prevent contamination of vendor provided equipment at vendor locations. (References: Protection of Assets Manual - http://www.asisonline.org).TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-5097Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish and implement standards for physical and system security requirements in consideration of the Best Practices of the communications industry.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Physical Security Management; Policy; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-5098ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should ensure that all network infrastructure equipment meets the minimum industry standards for fire resistance.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Facilities - Transport; Fire; Hardware; Network Design; Network Elements; Public Safety; Public Safety and Disaster;TRUEIn order to prevent fire. GR63 NEBS Requirements: Physical Protection, Telcordia at http://telecom-info.telcordia.com/site-cgi/ido/docs2.pl?ID=170086171&page=home; ATIS- 0600319.2014, Equipment Assemblies--Fire Propogation Risk Assessment Criteria at http://www.atis.org/docstoreTRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5100ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should interact with federal, state, and local agencies to identify and address potential adverse security and service impacts of new laws and regulations (e.g., exposing vulnerability information, required security measures, fire codes).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Fire; Industry Cooperation; Information Protection; Liaison; Public Safety; Public Safety and Disaster;TRUEIn order to prevent government from enacting policy that compromises security.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5107CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should evaluate and manage risks (e.g., alternate routing, rapid response to emergencies) associated with a concentration of infrastructure components. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness; Facilities - Transport; Network Design; Network Operations; Network Provisioning; Public Safety; Public Safety and Disaster;TRUETo mitigate single points of failure (SPOF).TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-5112CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should at the time of the abnormal event, coordinate with the appropriate local, state, or federal agencies to facilitate timely access by their personnel to establish, restore or maintain communications, through any governmental security perimeters (e.g., civil disorder, crime scene, disaster area).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Business Continuity; Contractors and Vendors; Disaster Recovery; Industry Cooperation; Liaison; Public Safety; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-5132ImportantNetwork Operators, Public Safety should identify primary and alternate transportation (e.g., air, rail, highway, boat) for emergency mobile units and other equipment and personnel.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Disaster Recovery; Emergency Preparedness; Material Movement; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUE1FALSEFALSEFALSETRUE13-12-5138Highly ImportantNetwork Operators, Public Safety should plan for the possibility that impacted network nodes cannot be accessed by company personnel for an extended period of time and define the corporate/agency response for restoration of service.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Disaster Recovery; Emergency Preparedness; Network Design; Network Operations; Pandemic; Public Safety; Public Safety and Disaster;TRUEFor example; wide scale destruction, radiological, chemical or biological contamination.TRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSETRUE13-12-5151ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should coordinate security matters and include all tenants in the overall security and safety notification procedures, as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Emergency Preparedness; Industry Cooperation; Physical Security Management; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-12-5153ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should ensure that critical information being provided to outside entities as part of bid processes is covered under non-disclosure agreements and limited to a need to know basis.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Contractors and Vendors; Documentation; Information Protection; Policy; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5158ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should consider unannounced internal security audits at random intervals to enforce compliance with company/agency security policies.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Guard Services; Physical Security Management; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5168ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should review personnel background information prior to assignment to sensitive roles, to ensure there are no security risks, or risk of compromising processes as they evolve.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Contractors and Vendors; Corporate Ethics; Human Resources; Information Protection; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5172Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should not permit unsecured wireless access points for the distribution of data or operating system upgrades during normal operations or system restoration efforts.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Information Protection; Network Operations; Policy; Procedures; Public Safety; Public Safety and Disaster; Software;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-5175ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish a proprietary information protection policy to protect proprietary information in their possession belonging to the company/agency, business partners and customers from inadvertent, improper or unlawful disclosure. The policy should establish procedures for the classification and marking of information; storage, handling, transfer and transmission of information, retention guidelines and disposal/deletion of information.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Documentation; Human Resources; Information Protection; Physical Security Management; Policy; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5226Highly ImportantNetwork Operators, Service Providers and Property Managers should maintain liaison with Public Safety and local law enforcement, fire department, other utilities and other security and emergency agencies to ensure effective coordination for emergency response and restoration.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Emergency Preparedness; Fire; Industry Cooperation; Liaison; Pandemic; Physical Security Management; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSEFALSE13-12-5241Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should consider placing access and facility alarm points to critical or sensitive areas on backup power to ensure access and functionality during periods of power outages.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Buildings; Disaster Recovery; Emergency Preparedness; Network Design; Physical Security Management; Power; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-5243ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should consider restricting, supervising, and/or prohibiting tours of critical network facilities, restoration sites and operations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Disaster Recovery; Liaison; Physical Security Management; Public Safety; Public Safety and Disaster; Visitors;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5244ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should make all employees, contractors, and others with access to critical infrastructure during restoration, aware of changes to security posture resulting from the incident, and the need for increased vigilance.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Contractors and Vendors; Disaster Recovery; Guard Services; Human Resources; Physical Security Management; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-5249Highly ImportantNetwork Operators, Service Providers and Public Safety should consider geographic separation of network redundancy during restoration, and address losses of redundancy and geographic separation following restoration.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Emergency Preparedness; Facilities - Transport; Hardware; Network Design; Network Elements; Network Operations; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-5260ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should provide personnel involved in a restoration any significant changes to access control procedures.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Disaster Recovery; Guard Services; Physical Security Management; Procedures; Public Safety; Public Safety and Disaster; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-12-5269ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers and Public Safety should incorporate various types of diversionary tactics into exercises to assess the security response.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Emergency Preparedness; Guard Services; Physical Security Management; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-12-5282ImportantNetwork Operators, Service Providers and Property Managers should coordinate with Property Managers to ensure adequate growth space.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Buildings; Industry Cooperation; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-8-8662ImportantNetwork Operators and Service Providers should filter internal-use IPv6 addresses at provider edge and network perimeter.Internet/Data; Wireless;Service Provider;Cyber Security; Intrusion Detection; Network Interoperability; Network Operations;FALSEIETF RFC 4942 2.1.3FALSETRUEFALSETRUEFALSETRUEFALSE1FALSEFALSEFALSEFALSE13-12-5284Network Operators, Service Providers, Equipment Suppliers and Public Safety should develop a communication plan for informing customers (both internal and external) on expected impacts and possible mitigation of impact.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Public Safety and Disaster;TRUENRSC developed w/Emergency Preparedness ChecklistTRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUE13-12-5285Network Operators, Service Providers, Equipment Suppliers and Public Safety should establish and implement a policy that calls for the storing of emergency supplies; this could include but is not limited to food, water, sleeping supplies, power equipment to include batteries and other supplies needed to survive an event.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Material Movement; Pandemic; Physical Security Management; Policy; Power; Procedures; Public Safety and Disaster;TRUENRSC developed w/Emergency Preparedness ChecklistTRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUE13-12-5286Network Operators, Service Providers, Equipment Suppliers and Public Safety should establish and implement a policy which establishes a means to verify the status of employees and their families and to provide support as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Buildings; Business Continuity; Disaster Recovery; Emergency Preparedness; Facilities - Transport; Fire; Guard Services; Human Resources; Industry Cooperation; Pandemic; Policy; Procedures; Public Safety and Disaster;TRUENRSC developed w/Emergency Preparedness ChecklistTRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUE13-12-5287Network Operators, Service Providers, Equipment Suppliers and Public Safety should establish a procedure governing the accounting of finances needed during events.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Buildings; Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Facilities - Transport; Material Movement; Policy; Procedures; Public Safety and Disaster;TRUENRSC developed w/Emergency Preparedness ChecklistTRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUE13-12-5288Network Operators, Service Providers, Equipment Suppliers and Public Safety should establish and implement a policy which works with local, regional, state and federal agencies to provide access or letters of access to personnel during emergency events.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Buildings; Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Essential Services; Facilities - Transport; Fire; Guard Services; Industry Cooperation; Liaison; Material Movement; Network Operations; Pandemic; Physical Security Management; Policy; Power; Public Safety; Public Safety and Disaster; Training and Awareness;TRUENRSC developed w/Emergency Preparedness ChecklistTRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUE13-12-5289Network Operators, Service Providers, Equipment Suppliers and Public Safety should verify availability of generators, power technicians, and all tools necessary for generator deployment prior to a disaster.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Buildings; Business Continuity; Contractors and Vendors; Disaster Recovery; Emergency Preparedness; Essential Services; Facilities - Transport; Fire; Guard Services; Hardware; Material Movement; Network Operations; Power; Public Safety and Disaster; Training and Awareness;TRUENRSC developed w/Emergency Preparedness ChecklistTRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUE13-12-8001ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should use industry-accepted algorithms and key lengths for all uses of encryption, such as 3DES or AES. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8005ImportantNetwork Operators, Service Providers and Public Safety should implement a continuous engineering process to identify and record single points of failure and any components that are critical to the continuity of the infrastructure. The process should then pursue architectural solutions to mitigate the identified risks as appropriate.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Network Design; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUEISF SB52. Note: This Best practice could impact 9-1-1 operations.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8007ImportantNetwork Operators, Service Providers and Public Safety should develop formal written Security Architecture(s) and make the architecture(s) readily accessible to systems administrators and security staff for use during threat response. The Security Architecture(s) should anticipate and be conducive to business continuity plans.Internet/Data;Service Provider; Network Operator; Public Safety;Business Continuity; Cyber Security; Network Design; Network Operations; Policy; Public Safety and Disaster;TRUENIST Special Publication 800-53, Revision 3, Control Number PM-7 Recommended Security Controls for Federal Information Systems http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf NIST Special Pub 800-12, NIST Special Pub 800-14.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8011ImportantNetwork Operators, Service Providers and Public Safety should request products from vendors that meet current industry baseline requirements for Operations, Administration, Management, and Provisioning (OAM&P) security.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Network Design; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8012ImportantNetwork Operators, Service Providers and Public Safety should in order to prevent unauthorized users from accessing Operations, Administration, Management, and Provisioning (OAM&P) systems, use strong authentication for all users. To protect against tampering, spoofing, eavesdropping, and session hijacking, Service Providers and Network Operators should use a trusted path for all important OAM&P communications between network elements, management systems, and OAM&P staff. Examples of trusted paths that might adequately protect the OAM&P communications include separate private-line networks, VPNs or encrypted tunnels. Any sensitive OAM&P traffic that is mixed with customer traffic should be encrypted. OAM&P communication via TFTP and Telnet is acceptable if the communication path is secured by the carrier. OAM&P traffic to customer premises equipment should also be via a trusted path.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Encryption; Network Operations; Public Safety; Public Safety and Disaster;TRUE\"http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008 ITU - CCITT Rec. X.700 (X.720) Series ITU - CCITT Rec. X.800 Series ITU-T Rec. X.805 ITU-T Rec. X.812\".FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8013ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should authenticate, authorize, attribute, and log all management actions on critical infrastructure elements and management systems. This especially applies to management actions involving security resources such as passwords, encryption keys, access control lists, time-out values, etc.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUEDepartment of Defense Telecommunications and Defense Switched Network Secuirty Technical Implementation Guide (Version 2, Release 3). \\\'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8014Highly ImportantNetwork Operators, Service Providers and Public Safety should use element and system features that provide \"least-privilege\" for each OAM&P user to accomplish required tasks using role-based access controls where possible.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Information Protection; Public Safety; Public Safety and Disaster;TRUEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-8015CriticalNetwork Operators, Service Providers and Public Safety should segment administrative domains with devices such as firewalls that have restrictive rules for traffic in both directions and that require authentication for traversal. In particular, segment OAM&P networks from the Network Operator\\\'s or Service Provider\\\'s intranet and the Internet. Treat each domain as hostile to all other domains. Follow industry recommended firewall policies for protecting critical internal assets. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Network Design; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUE\"http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008 ITU-T X.805\".FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSETRUE13-12-8016ImportantNetwork Operators, Service Providers and Public Safety should design and deploy an Operations, Administration, Management, and Provisioning (OAM&P) security architecture based on industry recommendations.Internet/Data;Service Provider; Network Operator; Public Safety;Business Continuity; Cyber Security; Network Design; Network Operations; Policy; Public Safety; Public Safety and Disaster;TRUEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8017ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should use Operations, Administration, Management and, Provisioning (OAM&P) protocols and their security features according to industry recommendations. Examples of protocols include SNMP, SOAP, XML, and CORBA. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Design; Network Elements; Network Provisioning; Public Safety; Public Safety and Disaster;TRUEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.FALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSETRUE13-12-8022CriticalNetwork Operators, Service Providers and Public Safety should have a process by which there is a risk assessment and formal approval for all external connections. All such connections should be individually identified and restricted by controls such as strong authentication, firewalls, limited methods of connection, and fine-grained access controls (e.g., granting access to only specified parts of an application). The remote party\\\'s access should be governed by contractual controls that ensure the provider\\\'s right to monitor access, defines appropriate use of the access, and calls for adherence to best practices by the remote party. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Information Protection; Network Operations; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSETRUE13-6-5173Highly ImportantNetwork Operators and Equipment Suppliers should design wireless networks (e.g., terrestrial microwave, free-space optical, satellite, point-to-point, multi-point, mesh) to minimize the potential for interception.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier;Facilities - Transport; Information Protection;FALSETRUETRUETRUETRUETRUEFALSETRUE2TRUEFALSEFALSEFALSE13-12-8026CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should use an encryption technology in the securing of network equipment and transmission facilities; cryptographic keys must be distributed using a secure protocol that: a) ensures the authenticity of the sender and recipient, b) does not depend upon secure transmission facilities, and c) Cannot be emulated by a non-trusted source.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUENIST SP800-57 Recommendation for key management http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf. Note: This Best practice could impact 9-1-1 operationsTRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-8029CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should carefully control and monitor the networked availability of sensitive security information for critical infrastructure by: periodic review of public and internal websites, file storage sites HTTP and FTP sites contents for strategic network information including but not limited to critical site locations, access codes. Documenting sanitizing processes and procedures required before uploading onto public internet or FTP site. Ensuring that all information pertaining to critical infrastructure is restricted to need-to-know and that all transmission of that information is encrypted. Screening, limiting and tracking remote access to internal information resources about critical infrastructure.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-8040ImportantNetwork Operators, Service Providers and Public Safety should implement architectural designs to mitigate the fundamental vulnerabilities of many control plane protocols (eBGP, DHCP, SS7, DNS, SIP, etc): 1) Know and validate who you are accepting information from, either by link layer controls or higher layer authentication, if the protocol lacks authentication, 2) Filter to only accept/propagate information that is reasonable/expected from that network element/peer. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Network Operations; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8046CriticalNetwork Operators, Service Providers and Public Safety should protect against DNS server compromise by implementing protection such as physical security, removing all unnecessary platform services, monitoring industry alert channels for vulnerability exposures, scanning DNS platforms for known vulnerabilities and security breaches, implementing intrusion detection on DNS home segments, not running the name server as root user/minimizing privileges where possible, and blocking the file system from being compromised by protecting the named directory. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUERFC-2870 ISO/IED 15408 ISO 17799 US-CERT \"\"Securing an Internet Name Server\"\" NIST SP 800-81 & SP 800-81 R1 Secure Domain Name System(DNS) Deployment Guide.FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSETRUE13-12-8047Highly ImportantNetwork Operators, Service Providers and Public Safety should provide DNS DoS protection by implementing protection techniques such as: 1) increase DNS resiliency through redundancy and robust network connections, 2) Have separate name servers for internal and external traffic as well as critical infrastructure, such as OAM&P and signaling/control networks, 3) Where feasible, separate proxy servers from authoritative name servers, 4) Protect DNS information by protecting master name servers with appropriately configured firewall/filtering rules, implement secondary masters for all name resolution, and using Bind ACLs to filter zone transfer requests. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUERFC-2870, ISO/IEC 15408, ISO 17799, US-CERT \"Securing an Internet Name Server\" (http://www.cert.org/archive/pdf/dns.pdf).FALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSETRUE13-12-8048Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should mitigate the possibility of DNS cache poisoning by using techniques such as 1) Preventing recursive queries, 2) Configure short (2 day) Time-To-Live for cached data, 3) Periodically refresh or verify DNS name server configuration data and parent pointer records. Service Providers, Network Operators, and Equipment Suppliers should participate in forums to define an operational implementation of DNSSec. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Design; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUERFC-1034, RFC-1035, RFC-2065, RFC-2181, RFC-2535, ISC BIND 9.2.1 US-CERT \"Securing an Internet Name Server\" (http://www.cert.org/archive/pdf/dns.pdf).FALSETRUEFALSEFALSEFALSETRUETRUE2TRUEFALSEFALSETRUE13-12-8050CriticalNetwork Operators, Service Providers and Public Safety should protect the MPLS router configuration by 1) Securing machines that control login, monitoring, authentication and logging to/from routing and monitoring devices, 2) Monitoring the integrity of customer specific router configuration provisioning, 3) Implementing (e)BGP filtering to protect against labeled-path poisoning from customers/peers. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Design; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUEIETF RFC 2547, RFC 3813 & draft-ietf-l3vpn-security-framework-02.txt NIST SP 800-54 Border Gateway Protocol Security ITU - CCITT Rec. X.800 Series (X.811 & X.812).FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSETRUE13-12-8703ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish and enforce policy to lock up paperwork and magnetic media containing confidential information and destroy it when it is no longer needed.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Public Safety; Public Safety and Disaster; Training and Awareness;TRUESource:http://www.windowsecurity.com/articles/Social_Engineers.htmlTRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8067Highly ImportantNetwork Operators, Service Providers, Public Safety and Public Safety should develop a set of processes detailing evidence collection and preservation guidelines. Procedures should be approved by management/legal counsel. Those responsible for conducting investigations should test the procedures and be trained according to their content. Organizations unable to develop a forensic computing capability should establish a relationship with a trusted third party that possesses a computer forensics capability. Network Administrators and System Administrators should be trained on basic evidence recognition and preservation and should understand the protocol for requesting forensic services.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Procedures; Public Safety; Public Safety and Disaster; Training and Awareness;TRUEIETF RFC3227, http://www.cybercrime.govTRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-8071CriticalNetwork Operators, Service Providers and Public Safety should subscribe to vendor patch/security notifications and services to remain current with new vulnerabilities, viruses, and other security flaws relevant to systems deployed on the network.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Public Safety; Public Safety and Disaster;TRUENIST SP 800-40 v2.0 Creating a Patch and Vulnerability Management Program Dependency on NRIC BP 8034 and 8035. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-8075ImportantNetwork Operators, Service Providers and Public Safety should have procedures for verifying identity of users to IT department and IT personnel to users (secret PINs, callback procedures, etc.).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Information Protection; Policy; Public Safety; Public Safety and Disaster; Training and Awareness;TRUESource:http://www.windowsecurity.com/articles/Social_Engineers.htmlTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8079Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should create an enforceable policy that considers different types of users and requires the use of passwords or stronger authentication methods. Where passwords can be used to enhance needed access controls, ensure they are sufficiently long and complex to defy brute force guessing and deter password cracking. To assure compliance, perform regular audits of passwords on at least a sampling of the systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUEGarfinkel, Simson, and Gene Spafford. “Users and Passwords”. Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O’Reilly and Associates, Inc. 1996. 49-69 US Government and National Security Telecommunications Advisory Committee (NSTAC) ISP Network Operations Working Group. ?Short Term Recommendations?. Report of the ISP Working Group for Network Operations/Administration. May 1, 2002. \\\\\'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-8080Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should change passwords on a periodic basis implementing a policy which considers different types of users and how often passwords should be changed. Perform regular audits on passwords, including privileged passwords, on system and network devices. If available, activate features across the user base which force password changes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUEGarfinkel, Simson, and Gene Spafford. “Users and Passwords”. Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O’Reilly and Associates, Inc. 1996. 49-69 US Government and National Security Telecommunications Advisory Committee (NSTAC) ISP Network Operations Working Group. ?Short Term Recommendations?. Report of the ISP Working Group for Network Operations/Administration. May 1, 2002. \\\'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-8081Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should develop an enforceable password policy, which considers different types of users, requiring users to protect, as applicable, either (a) the passwords they are given/create or (b) their credentials for two-factor authentication.Cable; Internet/Data; Satellite; Wireless;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUE\"Garfinkel, Simson, and Gene Spafford. “Users and Passwords”. Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O’Reilly and Associates, Inc. 1996. 49-69 US Government and National Security Telecommunications Advisory Committee (NSTAC) Network Security Information Exchange (NSIE). ?Administration of Static Passwords and User Ids?. Operations, Administration, Maintenance, & Provisioning (OAM&P) Security Requirements for Public Telecommunications Network. Draft 2.0, August 2002. \\\'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.. Note: This Best practice could impact 9-1-1 operations.\"TRUETRUETRUETRUEFALSETRUETRUE2TRUEFALSEFALSETRUE13-12-8112Highly ImportantNetwork Operators, Service Providers and Public Safety should protect the systems configuration information and management interfaces for Web servers and other externally accessible applications, so that it is not inadvertently made available to 3rd parties. Techniques, at a minimum, should include least privilege for external access, strong authentication, application platform hardening, and system auditing. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Encryption; Network Operations; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSETRUE13-12-8084Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should when using digital certificates, create a valid, trusted PKI infrastructure, using a root certificate from a recognized Certificate Authority or Registration Authority. Assure your devices and applications only accept certificates that were created from a valid PKI infrastructure. Configure your Certificate Authority or Registration Authority to protect it from denial of service attacks. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Public Safety; Public Safety and Disaster;TRUENichols, Randall K., Daniel J. Ryan, Julie J. C. H. Ryan. \"Digital Signatures and Certification Authorities - Technology, Policy, and Legal Issues\". Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves. New York, NY. The McGraw-Hill Companies. 2000. 263-294.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-8085ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should ensure certificates have a limited period of validity, dependent upon the risk to the system, and the value of the asset. If there are existing certificates with unlimited validity periods, and it is impractical to replace certificates, consider the addition of passwords that are required to be changed on a periodic basis. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUEMcClure, Stuart, Joel Scambray, George Kurtz. \"Dial-Up, PBX, Voicemail, and VPN Hacking\". Hacking Exposed, Network Security Secrets and Solutions, 4th Edition. Berkley, CA. The McGraw-Hill Companies. 2003. 341-389.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8087ImportantNetwork Operators, Service Providers and Public Safety should restrict access to specific time periods for high risk users (e.g., vendors, contractors, etc.) for critical assets (e.g., systems that cannot be accessed outside of specified maintenance windows due to the impact on the business). Assure that all system clocks are synchronized.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Operations; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8088ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should charter an independent group (outside of the administrators of the devices) to perform regular audits of access and privileges to systems, networks, and applications. The frequency of these audits should depend on the criticality or sensitivity of the associated assets.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Design; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUEInformation Security Forum. “Security Audit/Review”. The Forum’s Standard of Good Practice, The Standard for Information Security. November 2000.FALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSETRUE13-12-8089CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should perform a risk assessment of all systems and classify them by the value they have to the company/agency, and the impact to the company/agency if they are compromised or lost. Based on the risk assessment, develop a security policy which recommends and assigns the appropriate controls to protect the system.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Cyber Security; Public Safety; Public Safety and Disaster;TRUENichols, Randall K., Daniel J. Ryan, Julie J. C. H. Ryan. \"Access Controls - Two Views\". Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves. New York, NY. The McGraw-Hill Companies. 2000. 242-261TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-8091Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should evaluate cache expiration and timeouts of security material (such as cryptographic keys and passwords) to minimize exposure in case of compromise. Cached security material should be immediately deleted from the cache when the cached security material expires.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-8097ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should create an enforceable policy clearly defining who can disseminate information, and what controlsshould be in place for the dissemination of such information. The policyshould differentiate according to the sensitivity or criticality of the information.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Policy; Public Safety; Public Safety and Disaster;TRUEOctave Catalog of Practices, Version 2.0,CMU/SEI-2001-TR-20 (http://www.cert.org/archive/pdf/01tr020.pdf) Practice OP3.1.1& OP3.2.1; NIST Special Pub 800-12. King, Christopher M., Curtis E. Dalton, and T. Ertem Osmanoglu. “Validation and Maturity”. Security Architecture, Design, Deployment & Operations. Berkley, CA: The McGraw-Hill Companies. 2001. 443-470 McClure, Stuart, Joel Scambray, George Kurtz. \"\"Advanced Techniques\"\". Hacking Exposed, Network Security Secrets and Solutions, 4th Edition. Berkley, CA. The McGraw-Hill Companies. 2003. 555-592 Nichols, Randall K., Daniel J. Ryan, Julie J. C. H. Ryan. \"\"Risk Management and Architecture of Information Security (INFOSEC)\"\". Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves. New York, NY. The McGraw-Hill Companies. 2000. 69-90.FALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSETRUE13-12-8117ImportantNetwork Operators, Service Providers and Public Safety should prepare a disaster recovery plan to implement upon DNS server compromise. This applies to Public Safety only in an NG9-1-1 environment.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Disaster Recovery; Network Operations; Public Safety; Public Safety and Disaster;TRUEDisaster recovery plan may need to address backup DNS strategy (addressed by 7-7-8527).FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-8-8663ImportantNetwork Operators and Service Providers should use dedicated VoIP servers for the VOIP service, if possible.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Network Operations;FALSEDISA - VoIP0270TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-12-8098CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should have policies on changes to and removal of access privileges upon staff members status changes such as terminations, exits, transfers, and those related to discipline or marginal performance.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Intrusion Detection; Network Operations; Public Safety; Public Safety and Disaster;TRUEOctave Catalog of Practices, Version 2.0,CMU/SEI-2001-TR-20 (http://www.cert.org/archive/pdf/01tr020.pdf) Practice OP1.3.1-OP1.3.2, OP3.2.1-OP3.3 and OP3.1.1-Op3.1.3; NIST Special Pub 800-26; OMB Circular A-130 Appendix III. US Government and National Security Telecommunications Advisory Committee (NSTAC) Network Security Information Exchange (NSIE). “Administration of Static Passwords and User Ids”. Operations, Administration, Maintenance, & Provisioning (OAM&P) Security Requirements for Public Telecommunications Network. Draft 2.0, August 2002.FALSETRUEFALSEFALSEFALSETRUETRUE3TRUEFALSEFALSETRUE13-12-8099ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should perform background checks that are consistent with the sensitivity of the position\\\'s responsibilities and that align with HR policy. These checks could include those that verify employment history, education, experience, certification, and criminal history.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Human Resources; Policy; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8100ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish security training programs and requirements for ensuring security staff knowledge and compliance. This training could include professional certifications in cyber security.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Intrusion Detection; Policy; Public Safety; Public Safety and Disaster; Training and Awareness;TRUENIST Special Publication 800-53, Revision 3, Control Number AT-3 Recommended Security Controls for Federal Information Systems http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final_updated-errata_05-01-2010.pdf.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8101ImportantNetwork Operators, Service Providers and Public Safety should ensure that all security operational procedures, system processes, and security controls are documented, and that documentation is up to date and accessible by appropriate staff. Perform gap analysis/audit of security operational procedures as often as security policy requires relative to the asset being protected. Using results of analysis or audit, determine which procedures, processes, or controls need to be updated and documented.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Documentation; Network Design; Network Operations; Public Safety; Public Safety and Disaster;TRUENIST SP800-14 Generally accepted principles and practices for securing IT systems. http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf. Note: This Best practice could impact 9-1-1 operations.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8102ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should provide adequate security and control regarding the use of Personal Equipment for corporate activities, telecommuting, virtual office, remote administration, etc.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Human Resources; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8108CriticalNetwork Operators, Service Providers and Public Safety should determine how the system requiring support of the authentication system responds (i.e., determine what specific effect(s) the failure caused) in the event of an authentication system failure. The system can either be set to open or closed in the event of a failure. This will depend on the needs of the organization. For instance, an authentication system supporting physical access may be required to fail OPEN in the event of a failure so people will not be trapped in the event of an emergency. However, an authentication system that supports electronic access to core routers may be required to fail CLOSED to prevent general access to the routers in the event of authentication system failure. In addition, it is important to have a means of alternate authenticated access to a system in the event of a failure. In the case of core routers failing CLOSED, there should be a secondary means of authentication (e.g., use of a one-time password) reserved for use only in such an event; this password should be protected and only accessible to a small key-contingent of personnel.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Encryption; Network Elements; Network Operations; Public Safety; Public Safety and Disaster; Security Systems;TRUEITU-T Rec. X.1051.FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSETRUE13-12-8110ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should ensure news sources are authenticated and cross-verified to ensure accuracy of information, especially when not from a trusted source. Information from news sources may be spoofed, faked, or manipulated by potential attackers.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Public Safety; Public Safety and Disaster;TRUEAlso, see NRIC BP 8567.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8111ImportantNetwork Operators, Service Providers and Public Safety should encrypt sensitive data from web servers, and other externally accessible applications, while it is in transit over any networks they do not physically control. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUENote: This Best practice could impact 9-1-1 operations. See NENA-STA-010.3-201x, NENA i3 Standard for Next Generation 9-1-1 (to be issued).TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-6-8021ImportantNetwork Operators, Service Providers, and Equipment Suppliers should use switched network hubs in critical networks for Operations, Administration, Management, and Provisioning (OAM&P), so that devices in promiscuous mode are less likely to be able to see/spoof all of the traffic on that network segment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-12-8119CriticalNetwork Operators, Service Providers and Public Safety should correlate data from various sources, including non-security related sources, (i.e., syslogs, firewall logs, IDS alerts, remote access logs, asset management databases, human resources information, physical access logs, etc.) to identify security risks and issues across the enterprise. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-8123ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should handle violations of policy in a manner that is consistent , and, depending on the nature of the violation, sufficient to either deter or prevent a recurrence. There should be mechanisms for ensuring this consistency.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Policy; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8124ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should ensure staff is given awareness training on security policies, standards, procedures, and general best practices. Awareness training should also cover the threats to the confidentiality, integrity, and availability of data including social engineering. Training as part of new employee orientation should be supplemented with regular \"refreshers\" to all staff.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Public Safety; Public Safety and Disaster; Training and Awareness;TRUENIST: www.nist.gov. Document is SP 800-50 Building an Information Technology Security Awareness and Training Program, October 2003. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8125CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should ensure that employees formally acknowledge their obligation to comply with their corporate/agency Information Security policies.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Policy; Public Safety; Public Safety and Disaster; Training and Awareness;TRUEISO 27002 Information Security Standards - 8.1.3 Terms and conditions of employment. Cross reference with 7-7-8125 developed under NRIC.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-8126Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should employ authentication methods commensurate with the business risk of unauthorized access to the given network, application, or system. For example, these methods would range from single-factor authentication (e.g., passwords) to two-factor authentication (e.g., token and PIN) depending on the estimated criticality or sensitivity of the protected assets. When two-factor authentication generates one-time passwords, the valid time-duration should be determined based on an assessment of risk to the protected asset(s).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-8127ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should validate any regular auditing activity through spot-checking to validate the competency, thoroughness, and credibility of those regular audits.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Design; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSETRUE13-12-8128ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should promptly verify and address audit findings assigning an urgency and priority commensurate with their implied risk to the business. The findings as well as regular updates to those findings should be reported to management responsible for the affected area.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Elements; Network Operations; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSETRUE13-12-8129CriticalNetwork Operators, Service Providers and Public Safety should ensure that technical staff participate in ongoing training and remain up-to-date on their certifications for those technologies to remain current with the various security controls employed by different technologies.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Public Safety; Public Safety and Disaster; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-8130Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should provide procedures and training to staff on the reporting of security incidents, weaknesses, and suspicious events.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Public Safety; Public Safety and Disaster;TRUEISO 27002 Information Security Standards - 13.1.1 Reporting information security events.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-8138Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish a procedure to track the expiration date for digital certificates used in services and critical applications, and start the process to renew such certificates in sufficient time to prevent disruption of service. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-12-8500CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should in the event the key in a digital certificate becomes compromised, should immediately revoke the certificate, and issue a new one to the users and/or devices requiring it. Perform Forensics and Post-mortem, as prescribed in NRIC BP 8061, to review for additional compromise as soon as business processes allow. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Public Safety; Public Safety and Disaster;TRUENIST SP800-57 Recommendation for key management http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-8501CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should secure a new root key, and rebuild the PKI (Public Key Infrastructure) trust model, in the event the root key in a digital certificate becomes compromised. Perform Forensics and Post-mortem, as prescribed in NRIC BP 8061, to review for additional compromise as soon as business processes allow. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Public Safety; Public Safety and Disaster;TRUENIST SP800-57 Recommendation for key management http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-8503CriticalNetwork Operators, Service Providers and Public Safety should when improper use of keys or encryption algorithms is discovered, or a breach has occurred, conduct a forensic analysis to assess the possibility of having potentially compromised data and identify what may have been compromised and for how long it has been in a compromised state; implement new key (and revoke old key if applicable), or encryption algorithm, and ensure they are standards-based and implemented in accordance with prescribed procedures of that standard, where possible. When using wireless systems, ensure vulnerabilities are mitigated with proper and current security measures. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Information Protection; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUEhttp://www.atis.org/ - T1 276-2003 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: July, 2003 802.11i & 802.16 Related to NRIC BP 8001.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-8517CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should review audit trails if information has been leaked or the release policy has not been followed. Change passwords, review permissions, and perform forensics as needed. Inform others at potential risk for similar exposure, and include security responsibilities in performance improvement programs that may include security awareness refresher training.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-12-8521ImportantNetwork Operators, Service Providers and Public Safety should terminate the VPN (Virtual Private Network) connection and issue a warning in accordance with the employee code of conduct, in the event of misuse or unauthorized use in a remote access situation. If repeated, revoke employee VPN remote access privileges.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Human Resources; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8528CriticalNetwork Operators, Service Providers and Public Safety should consider one or more of the following steps if the DNS server is under attack, 1) Implement reactive filtering to discard identified attack traffic, if possible, 2) Rate-limiting traffic to the DNS server complex, 3) Deploy suitable Intrusion Prevention System in front of DNS servers, 4) Deploy additional DNS server capacity in a round-robin architecture, 5) Utilize DoS/DDoS tracking methods to identify the source(s) of the attack, or 6) Move name resolution service to a 3rd party provider. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Public Safety; Public Safety and Disaster;TRUERFC-2870, ISO/IEC 15408, ISO 17799 US-CERT \"Securing an Internet Name Server\".TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-8540CriticalNetwork Operators, Service Providers and Public Safety should consider terminating all current remote access, limiting access to the system console, or other tightened security access methods, when an unauthorized remote access to an OAM&P system occurs. Continue recovery by re-establishing new passwords, reloading software, running change detection software, or other methods, continuing quarantine until recovery is validated, as practical.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUEISF CB53. Cross reference with 7-7-8540 developed under NRIC. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-12-8567ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should ensure that actions taken due to a spoofed, faked or distorted news item should be cross-correlated against other sources. Any actions taken should be \\\'backed out\\\' and corrective measures taken to restore the previous state. News source authentication methods should be implemented to ensure future accuracy.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Public Safety; Public Safety and Disaster;TRUECross-reference BP 5270TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-7-3209ImportantService Providers should receive signals from local broadcasters as the primary source with automatic fail over to the off-air signal as the secondary source, to support public notification in disasters or emergencies. This applies specifically to CATV providers.Cable;Service Provider;Emergency Preparedness;FALSETRUEFALSEFALSEFALSEFALSETRUEFALSE1FALSEFALSEFALSEFALSE13-12-8633ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should design passwords used for an application login to be consistent with applicable industry security guidelines and policies. Whether between the client and the server or among servers, passwords must not be transmitted “in the clear.” SSL should be used for any transaction involving authentication. The transmission of session IDs should be similarly protected with SSL.Wireless;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Hardware; Information Protection; Public Safety; Public Safety and Disaster;TRUEFALSEFALSEFALSETRUEFALSETRUETRUE1TRUEFALSEFALSETRUE13-12-8642ImportantNetwork Operators, Service Providers and Public Safety should consider integration of open standardized protocols to meet communication-level performance and security goals.Satellite;Service Provider; Network Operator; Public Safety;Cyber Security; Public Safety; Public Safety and Disaster;TRUESpace Communications Protocol Standards (SCPS) Including ISO Standards 15891:2000 through 15894:2000 and related documents http://www.scps.org/FALSEFALSETRUEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8652Highly ImportantNetwork Operators, Service Providers and Public Safety should implement access controls (firewalls, access control lists, etc.) to administrative interfaces as well as those normally carrying customer traffic.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Design; Network Interoperability; Network Operations; Public Safety; Public Safety and Disaster;TRUEIETF RFC 4942TRUETRUEFALSEFALSETRUETRUETRUE2FALSEFALSEFALSETRUE13-12-8653Highly ImportantNetwork Operators, Service Providers and Public Safety should test current equipment for IPv4/IPv6 compatibility for the specific network deployment. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireless;Service Provider; Network Operator; Public Safety;Cyber Security; Network Design; Network Interoperability; Network Operations; Public Safety; Public Safety and Disaster;TRUENIST SP 800-119 (Draft) 2.4TRUETRUEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSETRUE13-12-8670ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should consider establishing information exchange policies and procedures, establish information and software exchange agreements, safeguard transportation of physical media.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Design; Network Operations; Policy; Public Safety; Public Safety and Disaster;TRUEISO 27002 Information Security StandardsFALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSETRUE13-12-8671ImportantNetwork Operators, Service Providers and Public Safety should have policies and enforce that unattended workstations should be protected from unauthorized access 1) Individual Username/Password authentication must be required to access resources. 2) Physical access must be restricted to workstations. 3) Where possible idle workstations must default to password protected screensaver after an established time lapse (e.g. 15 minutes).Internet/Data;Service Provider; Network Operator; Public Safety;Access Control; Cyber Security; Hardware; Intrusion Detection; Network Operations; Policy; Public Safety; Public Safety and Disaster;TRUEhttp://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf Octave Catalog of Practices, Version 2.0, CMU/SEI-2001- TR-20 (http://www.cert.org/archive/pdf/01tr020.pdf) Practice OP1.2.4FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-12-8691ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should develop or adopt employee education programs that emphasize the need to comply with security policies.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Intrusion Detection; Policy; Public Safety; Public Safety and Disaster; Training and Awareness;TRUEhttp://www.alertboot.com/blog/blogs/endpoint_security/archive/2010/06/15/laptop-encryption-software-for-social-security-administration-telecommuters.aspxTRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8693ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should create a security awareness strategy that includes communicating to everyone from new hires to human resources to senior management. Utilize multiple channels and target each audience specifically.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Intrusion Detection; Public Safety; Public Safety and Disaster; Training and Awareness;TRUEhttp://www.securityinnovation.com/pdf/security-awareness-best-practices.pdfTRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8694ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should keep their programs flexible. What is considered a security best practice today might be obsolete tomorrow. Changing factors include new technologies, changing business models, emerging threats and growth of the network and the user base.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Intrusion Detection; Public Safety; Public Safety and Disaster; Training and Awareness;TRUEhttp://ezinearticles.com/?Employee-Security-Awareness&id=4084497TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8695ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should obtain senior management approval and support for a corporate wide People/Awareness/Security Awareness program. This will help to lead to behavior and policy changes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Public Safety; Public Safety and Disaster; Training and Awareness;TRUEhttp://www.securityinnovation.com/pdf/security-awareness-best-practices.pdfTRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8701ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should measure the effectiveness of their Security programs.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Intrusion Detection; Public Safety; Public Safety and Disaster; Training and Awareness;TRUEhttp://ezinearticles.com/?Employee-Security-Awareness&id=4084497TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8704ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should establish and enforce policy to physically secure the computers and network devices.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Intrusion Detection; Physical Security Management; Policy; Public Safety; Public Safety and Disaster; Training and Awareness;TRUESource:http://www.windowsecurity.com/articles/Social_Engineers.htmlTRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-12-8705ImportantNetwork Operators, Service Providers and Public Safety should have procedures for verifying identity of users to IT department and IT personnel to users (secret PINs, callback procedures, etc.).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Information Protection; Intrusion Detection; Public Safety; Public Safety and Disaster; Training and Awareness;TRUESource:http://www.windowsecurity.com/articles/Social_Engineers.htmlTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8706ImportantNetwork Operators, Service Providers and Public Safety should establish and enforce policy to prohibit disclosing passwords, to whom (if anyone) passwords can be disclosed and under what circumstances, procedure to follow if someone requests disclosure of passwords.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Information Protection; Intrusion Detection; Policy; Public Safety; Public Safety and Disaster;TRUESource:http://www.windowsecurity.com/articles/Social_Engineers.htmlTRUETRUEFALSETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8711ImportantNetwork Operators, Service Providers and Public Safety should engineer networks to provide redundant and highly available application layer services. (e.g., DNS and other directory services, SIP, H.323). This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Network Design; Network Interoperability; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8712ImportantNetwork Operators, Service Providers and Public Safety should implement applicable industry standards governing protocol (e.g., IP Protocols from the IETF) and established policies and procedures to maintain currency within these publications to ensure interoperability. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Network Design; Network Interoperability; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8722ImportantNetwork Operators, Public Safety should be particularly vigilant with respect to signaling traffic delivered by or carried over Internet Protocol networks. Network Operators that utilize the Public Internet for signaling, transport, or maintenance communications should employ authentication, authorization, accountability, integrity, and confidentiality mechanisms (e.g., digital signature and encrypted VPN tunneling). This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireline;Network Operator; Public Safety;Cyber Security; Encryption; Hardware; Intrusion Detection; Network Elements; Public Safety; Public Safety and Disaster; Security Systems;TRUETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSETRUE13-12-8728ImportantNetwork Operators, Public Safety should consider industry guidelines for logical diversity (e.g. multi-homing), and perform network diversification validation on a scheduled basis (e.g., twice a year). Processes and procedures should exist for tracking discrepancies and maintaining a historical record. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Wireline;Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Elements; Network Interoperability; Network Operations; Public Safety; Public Safety and Disaster;TRUETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSETRUE13-12-8732ImportantService Providers, Public Safety should classify identity management services against the service architecture and deployment model being utilized to determine the general “security” posture of the identity services, how it relates to asset’s assurance and security protection requirements, and define the needed security architecture to mitigate security risks. Specifically, if identity related functions are distributed among multiple parties, all parties involved should be clearly identified (e.g., relying parties such as users and service providers, credential providers, verification or authentication providers, or federation members) with clearly defined roles, responsibilities, and accountability for the security of the identity service and all associated assets. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Public Safety;Cyber Security; Information Protection; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUEITU-T X.1250, Baseline capabilities for enhanced global identity management and interoperability NIST SP 800-63, Electronic Authentication GuidelineTRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSETRUE13-12-8734ImportantService Providers, Public Safety should when creating, maintaining, using or disseminating individually identifiable information, take appropriate measures to assure its reliability and should take reasonable precautions to protect it from loss, misuse or alteration. Organizations/Agencies should take reasonable steps to assure that third parties to which they transfer such information are aware of these security practices, and that the third parties also take reasonable precautions to protect any transferred information. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless;Service Provider; Public Safety;Cyber Security; Information Protection; Public Safety; Public Safety and Disaster;TRUELiberty Alliance Project, Privacy and Security Best Practices Version 2.0TRUETRUETRUETRUEFALSETRUEFALSE1FALSEFALSEFALSETRUE13-12-8928Network Operators, Service Providers, Equipment Suppliers, Public Safety and Government should proactively monitor all security issues associated with computing workstations and promptly apply security fixes, as necessary.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety;Access Control; Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Information Protection; Intrusion Detection; Network Interoperability; Network Operations; Network Provisioning; Pandemic; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUETRUEFALSETRUETRUE13-12-8736CriticalService Providers, Public Safety should ensure that identity information is only accessible to authorized entities subject to applicable regulation and policy. Specifically, (a) an entity (e.g., relying party or requesting party) requesting identity data should be authenticated, and its authorization to obtain the requested information verified before access to the information is provided or the requesting identity data is exchanged. (b) policy and rules for requesting and exchanging identity data among multiple parties involved (e.g., users, relying party and identity provider) should be clearly defined and enforced.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Public Safety;Cyber Security; Encryption; Information Protection; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUEITU-T Y.2720, NGN Identity Management Framework ITU-T Y.2721, NGN Identity Management Requirements and Use Cases ATIS-1000035, NGN Identity Management FrameworkTRUETRUETRUETRUETRUETRUEFALSE3FALSEFALSEFALSETRUE13-12-8737ImportantService Providers, Public Safety should analyze each of the steps in the interaction (and any subsequent uses of data obtained from the transactions) of a Security Assertion Markup Language (SAML) transaction to ensure that information that should be kept confidential is actually being kept confidential. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Public Safety;Cyber Security; Encryption; Information Protection; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUEOASIS, Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0TRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSETRUE13-12-8742ImportantService Providers, Public Safety should use encryption for data at rest. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Public Safety;Cyber Security; Encryption; Information Protection; Public Safety; Public Safety and Disaster;TRUECloud Security Alliance (CSA)TRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSETRUE13-12-8749ImportantNetwork Operators, Service Providers and Public Safety should have documented processes in place for reviewing new vulnerabilities as they are announced.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUESans Institute, \"Vulnerability Management: Tools, Challenges and Best Practices.\" 2003. Pg. 8 -10.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8758ImportantNetwork Operators, Service Providers and Public Safety should establish policies, and procedures to support early recognition and isolation of potential bad actors to minimize impact to the network. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUEIETF RFC2350, CMU/SEI-98-HB-001.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8770ImportantService Providers, Public Safety should use secure network protocols such as TLS or IPsec to provide integrity and confidentiality protection of SAML communications. In addition, the following measures should be implemented to counter replay, denial of service and other forms of attacks: (a) Clients should be required to authenticate at some level below the SAML protocol level (for example, using the SOAP over HTTP binding, with HTTP over TLS/SSL, and with a requirement for client-side certificates that have a trusted Certificate Authority at their root) to provide traceability and counter DOS attacks. (b) Use of the XML Signature element [ds:SignatureProperties] containing a timestamp should be required to determine if a signature is recent to counter replay attacks. (c) Maintaining state information concerning active sessions, and validate correspondence. (d) Correlation of request and response messages. This applies to Public Safety only in an NG9-1-1 environment.(a) Clients should be required to authenticate at some level below the SAML protocol level (for example, using the SOAP over HTTP binding, with HTTP over TLS/SSL, and with a requirement for client-side certificates that have a trusted Certificate Authority at their root) to provide traceability and counter DOS attacks. (b) Use of the XML Signature element [ds:SignatureProperties] containing a time stamp should be required to determine if a signature is recent to counter replay attacks. (c) Maintaining state information concerning active sessions, and validate correspondence. (d) Correlation of request and response messages.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Public Safety;Cyber Security; Encryption; Information Protection; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUEOASIS, Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0.TRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSETRUE13-12-8771ImportantNetwork Operators, Service Providers and Public Safety should implement media gateway controllers according to appropriate industry standards (i.e. Internet Engineering Task Force (IETF), Alliance for Telecommunications Industry Solutions (ATIS)) in order to achieve interoperability between the IP Multimedia (IM) Core Network (CN) subsystem and Legacy Emergency Services networks.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Encryption; Network Design; Network Interoperability; Public Safety; Public Safety and Disaster;TRUEATIS-0700015.v004, ATIS Standard for Implementation of 3GPP Common IMS Emergency Procedures for IMS Origination and ESInet/Legacy Selective Router TerminationTRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSETRUE13-12-8925Network Operators, Service Providers should ensure that SS7 signaling interface points that connect to the IP Private and Corporate networks interfaces are well hardened and protected with packet filtering firewalls and strong authentication. Similar safeguards should be implemented for e-commerce applications to the SS7 network.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Access Control; Cyber Security; Essential Services; Facilities - Transport; Hardware; Information Protection; Liaison; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Pandemic; Security Systems; Supervision;FALSETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-8926Service Providers, Public Safety should ensure that signaling interfaces to Legacy Network Gateways and Legacy Selective Router Gateways (in transitional NG9-1-1 architectures) are well-hardened and protected with packet filtering firewalls and strong authentication.Cable; Internet/Data; Wireless; Wireline;Service Provider; Public Safety;Access Control; Cyber Security; Essential Services; Facilities - Transport; Hardware; Information Protection; Liaison; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Pandemic; Public Safety and Disaster; Security Systems; Supervision;TRUETRUETRUEFALSETRUETRUETRUEFALSEFALSEFALSEFALSETRUE13-12-8927Network Operators, Service Providers should implement rigorous screening on both internal and interconnecting signaling links.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Essential Services; Facilities - Transport; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Pandemic;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-8929Network Operators, Service Providers and Public Safety should employ authentication, authorization, accountability, integrity, and confidentiality mechanisms (e.g., digital signature and encrypted VPN tunneling), when they employ the Public Internet for signaling, transport, or maintenance communications and any maintenance access to Network Elements.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Information Protection; Intrusion Detection; Network Design; Network Elements; Network Operations; Pandemic; Power; Public Safety and Disaster; Supervision; Visitors;TRUEFALSETRUEFALSEFALSEFALSETRUETRUEFALSEFALSEFALSETRUE13-12-8930Network Operators, Service Providers should employ limited SS7 authentication by enabling logging for SS7 element security related alarms on SCPs and STPs, such as: unauthorized dial up access, unauthorized logins, logging of changes and administrative access logging.Cable; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Information Protection; Liaison;FALSETRUEFALSEFALSETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-12-8931Public Safety should enable logging for SS7 element security-related alarms on Legacy Network Gateways and Legacy Selective Routing Gateways for transitional NG9-1-1 architectures.Internet/Data; Wireless; Wireline;Public Safety;Disaster Recovery; Emergency Preparedness; Information Protection; Public Safety; Public Safety and Disaster;TRUEFALSETRUEFALSETRUETRUEFALSEFALSEFALSEFALSEFALSETRUE13-12-8932Network Operators should mitigate limited SS7 authentication by enabling logging for SS7 element security related alarms on SCPs and STPs, such as: unauthorized dial up access, unauthorized logins, logging of changes and administrative access logging.Cable; Wireless; Wireline;Network Operator;Access Control; Business Continuity; Contractors and Vendors; Cyber Security; Disaster Recovery; Documentation; Emergency Preparedness; Essential Services; Industry Cooperation; Information Protection; Intrusion Detection; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Public Safety; Security Systems; Training and Awareness;FALSETRUEFALSEFALSETRUETRUEFALSETRUEFALSEFALSEFALSEFALSE13-12-8933Network Operators, Public Safety should establish login and access controls that establish accountability for changes to node translations and configuration.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Access Control; Business Continuity; Contractors and Vendors; Cyber Security; Disaster Recovery; Documentation; Emergency Preparedness; Essential Services; Industry Cooperation; Information Protection; Intrusion Detection; Network Design; Network Elements; Network Interoperability; Network Operations; Network Provisioning; Policy; Procedures; Public Safety; Public Safety and Disaster; Security Systems; Training and Awareness;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSEFALSETRUE13-12-8934Network Operators, Public Safety should when making use of dial-up connections for maintenance access to Network Elements, employ dial-back modems with screening lists. One-time tokens and encrypted payload VPNs should be the minimum.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Network Elements; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSEFALSETRUE13-12-8935Network Operators, Service Providers, Equipment Suppliers and Property Managers should conduct regular review of their alarming thresholds and selection.Cable; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Access Control; Buildings; Business Continuity; Contractors and Vendors; Disaster Recovery; Documentation; Emergency Preparedness; Fire; Physical Security Management; Policy; Power; Procedures; Public Safety; Security Systems; Training and Awareness;FALSENRSC developed w/Silent Alarms BulletinTRUEFALSEFALSETRUETRUETRUETRUETRUETRUEFALSEFALSE13-6-1007Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider establishing a geographically diverse back-up Emergency Operations Center.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Business Continuity; Emergency Preparedness; Network Operations; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-6-5081Highly ImportantEquipment Suppliers should provide serial numbers on critical network components (e.g., circuit packs, field replaceable units).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements;FALSEIn order to mitigate theft, tamperingTRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-6-5086ImportantEquipment Suppliers should consider electronically encoding a unique identifier into non-volatile memory of critical elements (e.g., Field Replaceable Units, FRUs) for integrity and tracking.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements;FALSEIn order to prevent theft of supply. For example, a HECI code (Human Equipment Catalog Item Code) is a 10 character (alfa-numeric) code that identifies a piece of equipment down to the circuit pack level.TRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-6-5149ImportantNetwork Operators, Service Providers, and Equipment Suppliers should, where feasible, ensure that intentional emissions (e.g., RF and optical) from network equipment and transmission facilities are secured sufficiently to ensure that monitoring from outside the intended transmission path or beyond facility physical security boundaries cannot lead to the obtaining of critical network operations information.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Facilities - Transport; Hardware; Information Protection; Network Elements; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-6-5170CriticalNetwork Operators, Service Providers, and Equipment Suppliers should control or disable all administrative access ports (e.g., manufacturer) into R&D or production systems (e.g., remap access ports, require callback verification, add second level access gateway).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Information Protection; Network Elements; Network Operations; Technical Support;FALSETo eliminate the use of default and undocumented ports to penetrate into software and distribution systems.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-6-8023CriticalNetwork Operators and Service Providers should regularly scan infrastructure for vulnerabilities/exploitable conditions. Operators should understand the operating systems and applications deployed on their network and keep abreast of vulnerabilities, exploits, and patches.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-6-8028CriticalNetwork Operators, Service Providers, and Equipment Suppliers should consider, when using an encryption technology in the securing of network equipment and transmission facilities, cryptographic keys must be distributed using a secure protocol that: a) Ensures the authenticity of the recipient, b) Does not depend upon secure transmission facilities, and c) Cannot be emulated by a non-trusted source.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Encryption;FALSETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-6-8059Highly ImportantNetwork Operators and Service Providers should encourage the use of IPsec VPN, wireless TLS, or other end-to-end encryption services over the cellular/wireless network. Also, Network Operators should incorporate standards-based data encryption services and ensure that such encryption services are enabled for end users. (Data encryption services are cellular/wireless technology specific).Wireless;Service Provider; Network Operator;Cyber Security; Encryption;FALSECellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc.FALSEFALSEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-6-8078Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should not send user IDs and passwords in the clear, or send passwords and user IDs in the same message/packet.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-6-8093CriticalService Providers should validate the source address of all traffic sent from the customer for which they provide Internet access service and block any traffic that does not comply with expected source addresses. Service Providers typically assign customers addresses from their own address space, or if the customer has their own address space, the service provider can ask for these address ranges at provisioning. (Network Operators may not be able to comply with this practice on links to upstream/downstream providers or peering links, since the valid source address space is not known).Cable; Internet/Data; Wireless; Wireline;Service Provider;Cyber Security; Intrusion Detection; Network Provisioning;FALSEIETF rfc3013 sections 4.3 and 4.4 and NANOF ISP Resources. www.IETF.netTRUETRUEFALSETRUETRUETRUEFALSE3FALSEFALSEFALSEFALSE13-7-0408Highly ImportantNetwork Operators, Service Providers should where feasible, implement RFC 3704 (IETF BCP84) ingress filtering.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESee http://www.IETF.orgFALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-7-0410Highly ImportantNetwork Operators, Service Providers should as appropriate, review, understand, and implement "Internet Service Provider Security Services and Procedures" (RFC3013/BCP46).Internet/Data;Service Provider; Network Operator;Cyber Security; Encryption; Intrusion Detection; Procedures;FALSESee http://www.IETF.orgFALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-7-0426Highly ImportantEquipment Suppliers should use software change control to manage changes to source material used in the production of their products.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Network Elements; Software;FALSEAs such, the software change control system used by equipment suppliers should be able to manage both ASCII and binary (source object code) files.TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-7-0433Highly ImportantEquipment Suppliers should support, clearly define and document environmental variables in Management Information Bases (MIB).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Network Elements; Software;FALSEMIB Environmental variables include the location of hosts, servers, terminals and other nodes as well as the traffic for the object.TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-7-0439CriticalNetwork Operators and Service Providers should authenticate BGP sessions (e.g., using TCP MD5) with their own customers and other providers.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Operations;FALSEFALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-7-0441Highly ImportantNetwork Operators, Service Providers should where feasible, implement Unicast RPF (Reverse Path Forwarding) to help minimize DOS attacks that use source address spoofing.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSEFALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-7-0485ImportantNetwork Operators should optimize cell sites, including relationships between neighboring cells, using a combination of drive testing and network statistics.Wireless;Network Operator;Network Operations;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-7-0515ImportantNetwork Operators, Service Providers should for easy communication with subscribers and other operators and providers, use specific role-based accounts (e.g., abuse@provider.net, ip-request@provider.net) versus general accounts (e.g., noc@provider.net) which will help improve organizational response time and also reduce the impact of Spam.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Emergency Preparedness; Industry Cooperation; Network Operations; Policy; Procedures; Technical Support;FALSESee http://www.ietf.org/rfc/rfc2142.txtTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-7-0516Highly ImportantNetwork Operators and Service Providers should manage the volatility of route advertisements in order to maintain stable IP service and transport. Procedures and systems to manage and control route flapping at the network edge should be implemented.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Elements; Network Interoperability; Network Operations; Procedures;FALSEhttp://www.ietf.org, RFC 2439, "BGP Route Flap Damping"TRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-7-0520Highly ImportantNetwork Operators and Service Providers should have a route policy that is available, as appropriate. A consistent route policy facilitates network stability and inter-network troubleshooting.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Industry Cooperation; Network Interoperability; Network Operations; Network Provisioning; Procedures;FALSEA route policy or routing policy is the description of what routes a Service Provider will accept and readvertise. Some will only take full blocks and only from the registered owner (registered in ARIN or RIPE). Some will allow customers to multihome (ie advertise the same routes via two different providers) some will allow customers to advertise specific routes as well as blocks.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-7-0538Highly ImportantEquipment Suppliers should ensure their network element (including OSS) software is backward compatible.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Network Elements; Software;FALSETRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-7-0539ImportantEquipment Suppliers should share trend information (availability, etc.) with their Network Operators and Service Providers.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Industry Cooperation; Network Elements; Technical Support;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-7-0549Highly ImportantNetwork Operators should develop an engineering design for critical network elements and inter-office facilities that addresses diversity, and utilize management systems to provision, track and maintain that inter-office and intra- office diversity.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Buildings; Facilities - Transport; Network Operations; Network Provisioning; Policy; Power; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-7-0555ImportantEquipment Suppliers should continually enhance their software development methodology to ensure effectiveness by employing modern processes of assessment.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Network Elements; Software;FALSEFormal design and code inspections may be performed as a part of the software development cycle. Test environments may be enhanced to provide more realistic network settings. Fault tolerance levels and failure probabilities should be shared with Network Operators and Service Providers.TRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-7-0562ImportantEquipment Suppliers should use a change control and release planning process to keep track of the changes to the product and the corresponding documentation.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Network Elements; Procedures;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-7-0604Highly ImportantNetwork Operators and Service Providers should establish synchronization coordinator(s) who has responsibility for the network synchronization. The synchronization coordinator(s) should be accessible to their Network Operations Centers.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Industry Cooperation; Network Operations; Procedures;FALSETelcordia SR-2275; for NIIF, see http://www.atis.org/docstoreTRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-7-0676ImportantNetwork Operators and Service Providers should not use low voltage disconnects or battery disconnects at central office battery plants.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Buildings; Power;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-7-0677ImportantNetwork Operators, Service Providers, and Property Managers should only use rectifier sequence controllers where necessary to limit load on the backup power generator.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Property Manager;Power;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSEFALSE13-7-0686ImportantNetwork Operators, Service Providers, and Equipment Suppliers should verify front and rear stenciling on equipment during installation for accurate identification.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Hardware; Procedures;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-7-0715ImportantNetwork Operators should proactively communicate with land owners regarding rights-of-way or easements near critical buried facilities to prevent accidental service interruption.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Facilities - Transport; Liaison;FALSETRUETRUETRUETRUETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-7-0716ImportantNetwork Operators should encourage employees to become proactive in preventing buried facilities damages.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Facilities - Transport; Human Resources; Training and Awareness;FALSETRUETRUETRUETRUETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-7-0738ImportantNetwork Operators and Service Providers should track and analyze facility outages taking action if any substantial negative trend arises or persists.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Facilities - Transport; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-7-1040ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider using lab, demonstration or training equipment if replacement equipment is unavailable in disaster situations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Business Continuity; Disaster Recovery; Emergency Preparedness; Technical Support;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-7-3201Highly ImportantService Providers, Public Safety should jointly develop a response plan to notify the public, through the broadcast media, of alternate means of contacting emergency services during a 911 outage.Cable; Internet/Data; Wireless; Wireline;Service Provider; Public Safety;Disaster Recovery; Emergency Preparedness; Essential Services; Industry Cooperation; Liaison; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUEFALSE2FALSEFALSEFALSETRUE13-7-3210ImportantPublic Safety should consider obtaining connections to provide video (for viewing local weather and news information and monitoring distribution of information over EAS), and utilize that connection to provide diverse access to the Internet and telecommunications. This applies specifically to Emergency Operations Centers and PSAPs.Cable; Internet/Data;Service Provider; Network Operator;Business Continuity; Emergency Preparedness; Network Operations; Pandemic; Public Safety and Disaster;FALSETRUETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-7-5020ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider establishing corporate standards and practices to drive enterprise-wide access control to a single card and single system architecture to mitigate the security risks associated with administering and servicing multiple platforms.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Access Control; Buildings; Physical Security Management; Policy; Security Systems;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-7-5076Highly ImportantNetwork Operators and Service Providers should ensure and periodically review intra-office diversity of critical resources including power, timing source and signaling leads (e.g., SS7).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Essential Services; Facilities - Transport; Network Operations; Policy; Power; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-7-5079Highly ImportantNetwork Operators, Service Providers should where feasible, provide both physical and logical diversity of critical facilities links (e.g., nodal, network element). Particular attention should be paid to telecom hotels and other concentration points.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Facilities - Transport; Network Operations; Network Provisioning; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-7-5088ImportantEquipment Suppliers should ensure appropriate physical security controls are designed and tested into new products and product upgrades (e.g., tamper resistant enclosures).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Physical Security Management;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-7-5198ImportantEquipment Suppliers should design their products to take into consideration protection against the effects of corrosion and contamination.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-7-5283ImportantEquipment Suppliers should provide network element thermal specifications or other special requirements in order to properly size Heating, Ventilation, and Air Conditioning (HVAC) systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Documentation; Hardware; Network Elements;FALSETRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-7-8027ImportantNetwork Operators and Service Providers should use software change management systems that control, monitor, and record access to master source of software. Ensure network equipment and network management code consistency through checks such as digital signatures, secure hash algorithms, and periodic audits.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSEhttp://www.atis.org/ - T1 276-2003 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: July, 2003TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-7-8062Highly ImportantNetwork Operators and Service Providers should identify and train a Computer Security Incident Response (CSIRT) Team. This team should have access to the CSO (or functional equivalent) and should be empowered by senior management. The team should include security, networking, and system administration specialists but have the ability to augment itself with expertise from any division of the organization. Organizations that establish part-time CSIRTs should ensure representatives are detailed to the team for a suitable period of time bearing in mind both the costs and benefits of rotating staff through a specialized team.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Emergency Preparedness; Public Safety and Disaster; Training and Awareness;FALSEIETF RFC2350, CMU/SEI-98-HB-001. Also, NRIC BP 0598.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-7-8076Highly ImportantEquipment Suppliers should develop effective DoS/DDoS survivability features for their product lines.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Cyber Security; Intrusion Detection; Network Elements;FALSEe.g., SYN Flood attack defense, CERT/CC® Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks - http://www.cert.org/advisories/CA-1996-21.html. Related to NRIC BP 8563.TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-7-8077Highly ImportantNetwork Operators, Service Providers should use access control lists (ACLs) to restrict which machines can access the device and/or application if they do not have adequate access control capabilities.  This applies to legacy systems.  In order to provide granular authentication, a bastion host that logs user activities should be used to centralize access to such devices and applications, where feasible.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection;FALSEIn the long term, the vendor should be engaged to correct the issue, either by allowing the built in method to be changed periodically, or by allowing the user to add complementary authentication means that they control, hence creating a two-factor authentication. Where authentication methods must be shared, create an enforceable authentication method policy that addresses the periodic changing of the characteristics of the authentication method, and the dissemination of the method based on the principle of least privilege. If the authentication methods are shared, policy to implement least privilege access and periodic authentication characteristic change should be developed and implemented. Consider replacement of device at end of life, especially if the device is protecting key equipment. Implement a periodic audit program to verify policy compliance.Garfinkel, Simson, and Gene Spafford. Users and Passwords. Practical Unix & Internet Security, 2nd ed. Sebastopol, CA: O'Reilly and Associates, Inc. 1996. 49-69 King, Christopher M., Curtis E. Dalton, and T. Ertem Osmanoglu. Applying Policies to Derive the Requirements. Security Architecture, Design, Deployment & Operations. Berkley, CA: The McGraw-Hill Companies. 2001. 66-110 National Institute of Standards and Technology. User Account Management. Generally Accepted Principles and Practices for Securing Information Technology Systems. September 1996. Dependency on NRIC BP 8007.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-7-8104ImportantNetwork Operators and Service Providers should secure Wireless WAN/LAN networks sufficiently to ensure that a) monitoring of RF signals cannot lead to the obtaining of proprietary network operations information or customer traffic and that b) Network access is credibly authenticated.Internet/Data; Wireless;Service Provider; Network Operator;Cyber Security; Encryption; Intrusion Detection;FALSEFALSETRUEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-7-8109CriticalNetwork Operators, Service Providers, and Equipment Suppliers should ensure that patching distribution hosts properly sign all patches. Critical systems must only use Operating Systems and applications which employ automated patching mechanisms, rejecting unsigned patches.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security;FALSETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-7-8137ImportantEquipment Suppliers should support diverse notification methods, such as using both e-mail, websites, and tech support in order to properly notify users of newly discovered (hardware and software) relevant vulnerabilities, viruses, or other threats.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Cyber Security; Intrusion Detection; Technical Support;FALSEThis could mitigate , for example, the communication blockage that could be caused when a virus blocks e-mail distribution channels.TRUETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-7-8526Highly ImportantNetwork Operators, Service Providers should if the interior routing has been corrupted, implement policies that filters routes imported into the routing table.  The same filtering methods used in NRIC 8045 can be applied more aggressively. The malicious routes will expire from the table, be replaced by legitimate updates, or in emergencies, can be manually deleted from the tables.  If needed, the authentication mechanism/crypto keys between IGP neighbors should also be changed.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Encryption; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-7-8565Highly ImportantNetwork Operators, Service Providers and Equipment Suppliers should in the event an authentication system fails, make sure the system being supported by the authentication system is in a state best suited for this failure condition.  If the authentication system is supporting physical access, the most appropriate state may be for all doors that lead to outside access be unlocked.  If the authentication system supporting electronic access to core routers fails, the most appropriate state may be for all access to core routers be prohibited.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Access Control; Cyber Security; Physical Security Management; Security Systems;FALSETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-8-0590ImportantNetwork Operators, Service Providers, and Equipment Suppliers should develop Methods of Procedure (MOP) for core infrastructure hardware and software growth and change activities and periodically review and update as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Documentation; Hardware; Network Elements; Network Operations; Network Provisioning; Procedures; Software; Supervision;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-8-0807CriticalService Providers should establish policies and develop internal controls to ensure that individual users have availability, integrity, and confidentiality and are protected from external threats, insider threats and threats from other customers. These policies should cover protocol and port filtering as well as general security best practices.Cable; Internet/Data; Wireline;Service Provider;Cyber Security; Intrusion Detection; Network Operations;FALSETRUETRUEFALSEFALSETRUETRUEFALSE3FALSEFALSEFALSEFALSE13-8-0808ImportantNetwork Operators and Service Providers should make information available to customers about traffic filtering (both static and dynamic), where required by law.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Operations;FALSEEconomic Espionage Act 1996 Telecommunications Act 1996 Electronic Communications Privacy Act 1986 Graham-Leach-Bliley Act 2002 Sarbannes-Oxley 2003 USA PATRIOT Act 2002 Health Insurance Portability and Accountability Act (HIPAA) 2001.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-0813CriticalService Providers should encourage users to take steps to maintain the availability, integrity and confidentiality of their systems and to protect their systems from unauthorized access. Service Providers should enable customers to get the tools and expertise to secure their systems.Cable; Internet/Data; Wireline;Service Provider;Cyber Security; Network Operations;FALSETRUETRUEFALSEFALSETRUETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8000ImportantNetwork Operators and Service Providers should establish a process, during design/implementation of any network/service element or management system, to identify potentially vulnerable, network-accessible services (such as Network Time Protocol (NTP), Remote Procedure Calls (RPC), Finger, Rsh-type commands, etc.) and either disable, if unneeded, or provided additional compensating controls, such as proxy servers, firewalls, or router filter lists, if such services are required for a business purpose.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSEConfiguration guides for security from NIST (800-53 Rev. 3), NSA (Security Configuration Guides), and Center For Internet Security (CIS Benchmarks).FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8003ImportantNetwork Operators and Service Providers should minimize single points of failure in the control plane architecture (e.g., Directory Resolution and Authentications services). Critical applications should not be combined on a single host platform. All security and reliability aspects afforded to the User plane (bearer) network should also be applied to the Control plane network architecture.Internet/Data;Service Provider; Equipment Supplier;Cyber Security; Network Elements; Network Operations;FALSEFALSETRUEFALSEFALSEFALSETRUEFALSE1TRUEFALSEFALSEFALSE13-8-8004ImportantEquipment Suppliers should work closely and regularly with customers to provide recommendations concerning existing default settings and to identify future default settings which may introduce vulnerabilities. Equipment Suppliers should proactively collaborate with network operators to identify and provide recommendations on configurable default parameters and provide guidelines on system deployment and integration such that initial configurations are as secure as allowed by the technology.Internet/Data;Equipment Supplier;Cyber Security; Network Elements;FALSECross reference with 7-7-8004 developed under NRIC.FALSETRUEFALSEFALSEFALSEFALSEFALSE1TRUEFALSEFALSEFALSE13-8-8006Highly ImportantNetwork Operators and Service Providers should protect servers supporting externally accessible network applications by preventing the applications from running with high-level privileges and securing interfaces between externally accessible servers and back-office systems through restricted services and mutual authentication.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Operations;FALSEISF CB63.FALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8010ImportantEquipment Suppliers should implement current industry baseline requirements for Operations, Administration, Management, and Provisioning (OAM&P) security in products -- software, network elements, and management systems.Internet/Data;Equipment Supplier;Cyber Security; Network Elements; Network Operations;FALSEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.FALSETRUEFALSEFALSEFALSEFALSEFALSE1TRUEFALSEFALSEFALSE13-8-8020CriticalNetwork Operators, Service Providers, and Equipment Suppliers should have special processes and tools in place to quickly patch critical infrastructure systems when important security patches are made available. Such processes should include determination of when expedited patching is appropriate and identifying the organizational authority to proceed with expedited patching. This should include expedited lab testing of the patches and their affect on network and component devices.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Network Operations;FALSEConfiguration guide for security from NIST (800-53 Rev. 3).TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-8-8024ImportantNetwork Operators, Service Providers, and Equipment Suppliers should not permit users to log on locally to the Operation Support Systems or network elements. System administrator console logon should require as strong authentication as practical.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Operations;FALSESome systems differentiate a local account database and network account database. Users should be authenticated onto the network using a network accounts database, not a local accounts database. 'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8025CriticalNetwork Operators and Service Providers should be isolated from other OAM&P networks, e.g., SCADA networks, such as for power, water, industrial plants, pipelines, etc. · Isolate the SCADA network from the OAM&P network (segmentation) · Put a highly restrictive device, such as a firewall, as a front-end interface on the SCADA network for management access. · Use an encrypted or a trusted path for the OAM&P network to communicate with the SCADA "front-end."Internet/Data;Service Provider; Network Operator;Cyber Security; Encryption; Network Elements; Network Operations;FALSENote: Service providers MAY provide an offer of 'managed' SCADA services or connectivity to other utilities. This should be separate from the provider's OAM&P network. ITU-T Rec. X.1051.FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8031CriticalNetwork Operators, Service Providers, and Equipment Providers should develop and communicate Lawfully Authorized Electronic Surveillance (LAES) policy. They should: · Limit the distribution of information about LAES interfaces · Periodically conduct risk assessments of LAES procedures · Audit LAES events for policy compliance · Limit access to those who are authorized for LAES administrative functions or for captured or intercepted LAES content · Promote awareness of all LAES policies among authorized individualsCable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Disaster Recovery; Emergency Preparedness;FALSEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-8-8033ImportantNetwork Operators, Service Providers, and Equipment Suppliers should adopt internationally accepted standard methodologies, such as ISO 15408 (Common Criteria) or ISO 17799, to develop documented Information Security Programs that include application security development lifecycles that include reviews of specification and requirements designs, code reviews, threat modeling, risk assessments, and training of developers and engineers.Internet/Data;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Policy; Software;FALSEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008 Common Criteria: http://www.iso.org, http://csrc.nist.gov/cc/; Carnegie-Mellon Software Engineering Institute secure software development: http://www.sei.cmu.edu/engineering/engineering.html; Secure Programming Educational Material at http://www.cerias.purdue.edu/homes/pmeunier/secprog/sanitized/; http://www.atstake.com/services/smartrisk/application.html.FALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSEFALSE13-8-8036CriticalNetwork Operators, Service Providers should note that systems that are not compliant with the patching policy and these particular elements should be monitored on a regular basis.  These exceptions should factor heavily into the organization's monitoring strategy.  Vulnerability mitigation plans should be developed and implemented in lieu of the patches. If no acceptable mitigation exists, the risks should be communicated to management.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Operations; Policy; Software;FALSEConfiguration guide for security from NIST (800-53 Rev. 3).TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8041ImportantEquipment Suppliers should provide filters and access lists on the header fields, for layer 3 switches/routers, with interfaces that mix user and control plane data, to protect the control plane from resource saturation by filtering out untrusted packets destined to for control plane. Measures may include: 1) Allowing the desired traffic type from the trusted sources to reach the control-data processor and discard the rest, 2) separately rate-limiting each type of traffic that is allowed to reach the control-data processor, to protect the processor from resource saturation.Internet/Data;Equipment Supplier;Cyber Security; Network Elements; Network Operations;FALSEFALSETRUEFALSEFALSEFALSEFALSEFALSE1TRUEFALSEFALSEFALSE13-8-8609ImportantService Providers and Government should promote education for the safe use of all Bluetooth-capable devices and define security policies that impact business.Wireless;Service Provider; Government;Cyber Security; Hardware; Network Interoperability;FALSEhttp://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.htmlFALSEFALSEFALSETRUEFALSETRUEFALSE1FALSEFALSETRUEFALSE13-8-8042CriticalNetwork Operators and Service Providers should validate routing information to protect against global routing table disruptions. Avoid BGP peer spoofing or session hijacking by applying techniques such as: 1) eBGP hop-count (TTL) limit to end of physical peering link, 2) MD5 session signature to mitigate route update spoofing threats (keys should be changed periodically where feasible).Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSENSTAC ISP Working Group - BGP/DNS, Scalable key distribution mechanisms, NRIC V FG 4: Interoperability. NIST SP 800-54 Border Gateway Protocol Security .FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8043CriticalNetwork Operators and Service Providers should use existing BGP filters to avoid propagating incorrect data. Options include: 1) Avoid route flapping DoS by implementing RIPE-229 to minimize the dampening risk to critical resources, 2) Stop malicious routing table growth due to de-aggregation by implementing Max-Prefix Limit on peering connections, 3) Employ ISP filters to permit customers to only advertise IP address blocks assigned to them, 4) Avoid disruption to networks that use documented special use addresses by ingress and egress filtering for "Martian" routes, 5) Avoid DoS caused by unauthorized route injection (particularly from compromised customers) by egress filtering (to peers) and ingress filtering (from customers) prefixes set to other ISPs, 6) Stop DoS from un-allocated route injection (via BGP table expansion or latent backscatter) by filtering "bogons" (packets with unauthorized routes), not running default route or creating sink holes to advertise "bogons", and 7) Employ "Murphy filter" (guarded trust and mutual suspicion) to reinforce filtering your peer should have done.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSE"http://www.cymru.com/Bogons/index.html, NSTAC ISP Working Group - BGP/DNS, RIPE-181, ""A Route-Filtering Model for Improving Global Internet Routing Robustness"" 222.iops.org/Documents/routing.html NIST SP 800-54 Border Gateway Protocol Security".FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8044ImportantNetwork Operators and Service Providers should conduct configuration interoperability testing during peering link set-up; Encourage Equipment Suppliers participation in interoperability testing forums and funded test-beds to discover BGP implementation bugs.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSENSTAC ISP Working Group - BGP/DNS, also NANOG (http://www.nanog.org) and MPLS Forum interoperability testing (http://www.mplsforum.org).FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8045CriticalNetwork Operators and Service Providers should protect their interior routing tables with techniques such as 1) Not allowing outsider access to internal routing protocol and filter routes imported into the interior tables 2) Implementing MD5 between IGP neighbors.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSEhttp://www.ietf.org/rfc/rfc1321.txt.FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8049Highly ImportantNetwork Operators and Service Providers should employ techniques to make it difficult to send unauthorized DHCP information to customers and the DHCP servers themselves. Methods can include OS Hardening, router filters, VLAN configuration, or encrypted, authenticated tunnels. The DHCP servers themselves must be hardened, as well. Mission critical applications should be assigned static addresses to protect against DHCP-based denial of service attacks.Internet/Data;Service Provider; Network Operator;Cyber Security; Encryption; Network Elements; Network Operations;FALSEdraft-ietf-dhc-csr-07.txt, RFC 3397, RFC2132, RFC1536, RFC3118.FALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8053ImportantNetwork Operators should establish thresholds for various SS7 message types to ensure that DoS conditions are not created. Also, alarming should be configured to monitor these types of messages to alert when DoS conditions are noted. Rigorous screening procedures can increase the difficulty of launching DDoS attacks. Care must be taken to distinguish DDoS attacks from high volumes of legitimate signaling messages. Maintain backups of signaling element data.Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations;FALSEFALSEFALSEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8054Highly ImportantNetwork Operators should have defined policies and process for addition and configuration of SS7 elements to the various tables. Process should include the following: personal verification of the request (e.g., one should not simply go forward on a faxed or emailed request without verifying that it was submitted legitimately), approval process for additions and changes to SS7 configuration tables (screening tables, call tables, trusted hosts, calling card tables, etc.) to ensure unauthorized elements are not introduced into the network. Companies should also avoid global, non-specific rules that would allow unauthorized elements to connect to the network. Screening rules should be provisioned with the greatest practical depth and finest practical granularity in order to minimize the possibility of receiving inappropriate messages. Network operators should log translation changes made to network elements and record the user login associated with each change. These practices do not mitigate against the second threat mentioned below, the insertion of inappropriate data within otherwise legitimate signaling messages. To do so requires the development of new capabilities, not available in today's network elements.Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations;FALSEFALSEFALSEFALSEFALSETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-8-8055ImportantNetwork Operators and Equipment Suppliers should support authentication service and integrity services as standards based solutions become available for VoIP CPE devices. Network Operators need to turn-on and use these services in their architectures.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Encryption; Network Operations;FALSEPacketCable Security specifications.TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8056ImportantNetwork Operators should ensure that Operational Voice over IP (VoIP) Server Hardening of network servers have authentication, integrity, and authorization controls in place in order to prevent inappropriate use of the servers. Enable logging to detect inappropriate use.Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSENSA (VOIP and IP Telephony Security Configuration Guides), and PacketCable Security 2.0 Technical Report (PKT-TR-SEC-V05-080425).TRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8057ImportantEquipment Suppliers should for Voice over IP (VoIP) Server Product Hardening, provide authentication, integrity, and authorization mechanisms to prevent inappropriate use of the network servers. These capabilities must apply to all levels of user, general, control, and management.Cable; Internet/Data; Wireline;Equipment Supplier;Cyber Security; Intrusion Detection; Network Operations;FALSENSA (VOIP and IP Telephony Security Configuration Guides), and PacketCable Security 2.0 Technical Report (PKT-TR-SEC-V05-080425).TRUETRUEFALSEFALSETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-8-8058ImportantNetwork Operators and Service Providers should prevent theft of service and anonymous use by enabling strong user authentication as per cellular/wireless standards. Employ fraud detection systems to detect subscriber calling anomalies (e.g. two subscribers using same ID or system access from a single user from widely dispersed geographic areas). In cloning situation remove the ESN to disable user thus forcing support contact with service provider. Migrate customers away from analog service if possible due to cloning risk.Wireless;Service Provider; Network Operator;Cyber Security; Intrusion Detection;FALSETelcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc.FALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8060ImportantNetwork Operators and Service Providers should ensure strong separation of data traffic from management/signaling/control traffic, via firewalls. Network operators should ensure strong cellular network backbone security by employing operator authentication, encrypted network management traffic and logging of security events. Network operators should also ensure operating system hardening and up-to-date security patches are applied for all network elements, element management system and management systems.Wireless;Service Provider; Network Operator;Cyber Security; Intrusion Detection;FALSETelcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc.FALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8063Highly ImportantNetwork Operators and Service Providers should install and actively monitor IDS/IPS tools. Sensor placement should focus on resources critical to the delivery of service.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations;FALSENIST SP800-94 Guide to Intrusion Detection and Prevention Systems (IDPS) http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf.FALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8066ImportantNetwork Operators, Service Providers, and Equipment Suppliers should participate in regional and national information sharing groups such as the National Coordinating Center for Telecommunications (NCC), Telecom-ISAC, and the ISP-ISAC (when chartered). Formal membership and participation will enhance the receipt of timely threat information and will provide a forum for response and coordination. Membership will also afford access to proprietary threat and vulnerability information (under NDA) that may precede public release of similar data.Internet/Data;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Industry Cooperation;FALSEFALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSEFALSE13-8-8069ImportantNetwork Operators and Service Providers should identify a Point of Contact (POC) for handling requests for the installation of lawfully approved intercept devices. Once a request is reviewed and validated, the primary POC should serve to coordinate the installation of any monitoring device with the appropriate legal and technical staffs.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSEFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8070ImportantNetwork Operators and Service Providers should have Abuse Policies and processes posted for customers (and others), instructing them where and how to report instances of service abuse. Service Providers, Network Operators, and Equipment Suppliers should support the email IDs listed in rfc 2142 “MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS.”Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations;FALSEReference with 7-7-8070TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8072CriticalNetwork Operators and Service Providers should maintain and update IDS/IPS tools regularly to detect current threats, exploits, and vulnerabilities.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations; Security Systems;FALSE"NIST SP800-94 Guide to Intrusion Detection and Prevention Systems (IDPS) http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf".FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8090Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should restrict dynamic port allocation protocols such as Remote Procedure Calls (RPC) and some classes of Voice-over-IP protocols (among others) from usage, especially on mission critical assets, to prevent host vulnerabilities to code execution. Dynamic port allocation protocols should not be exposed to the internet. If used, such protocols should be protected via a dynamic port knowledgeable filtering firewall or other similar network protection methodology.Internet/Data;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Intrusion Detection; Network Elements; Network Operations;FALSEITU-T Rec. X.815 (?? ISO/IEC 8073 ) Rec. ITU-T X.1031.FALSETRUEFALSEFALSEFALSETRUETRUE2TRUEFALSEFALSEFALSE13-8-8092ImportantNetwork Operators and Service Providers should adopt a customer-directed policy whereby misuse of the network would lead to measured enforcement actions up to and including termination of services.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Human Resources; Policy; Training and Awareness;FALSEIETF rfc3013 section 3 and NANOG ISP Resources (http://www.nanog.org/isp.html).TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8094ImportantService Providers should implement customer client software that uses the strongest permissible encryption appropriate to the asset being protected.Cable; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection;FALSEhttp://www.securityforum.org and http://www.sans.org/resources/; Schneier, Bruce. 1996. Applied Cryptography. 2d.ed. John Wiley & Sons.TRUEFALSETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8095ImportantNetwork Operators and Service Providers should establish, where technology allows, limiters to prevent undue consumption of system resources (e.g., system memory, disk space, CPU consumption, network bandwidth) in order to prevent degradation or disruption of performance of services.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSEAdditional resources are required to provide prioritized transport even when overloaded.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8096Highly ImportantNetwork Operators and Service Providers should educate service customers on the importance of, and the methods for, installing and using a suite of protective measures (e.g., strong passwords, anti-virus software, firewalls, IDS, encryption) and update as available.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Operations; Security Systems;FALSEhttp://www.stonybrook.edu/nyssecure, http://www.fedcirc.gov/homeusers/HomeComputerSecurity/ Industry standard tools (e.g., LC4).FALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8105CriticalNetwork Operators and Service Providers should incorporate cellular voice encryption services and ensure that such encryption services are enabled for end users. (Voice encryption services depend on the wireless technology used, and are standards based).Wireless;Service Provider; Network Operator;Cyber Security; Encryption; Information Protection;FALSECellular Standards: GSM, GPRS, PCS2000, CDMA, 1XRTT, UMTS, 3GPP, 3GPP2.FALSEFALSEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8106CriticalNetwork Operators, Service Providers, and Equipment Suppliers should employ operating system hardening and up-to-date security patches for all accessible wireless servers and wireless clients. Employ strong end user authentication for wireless IP connections. Employ logging of all wireless IP connections to ensure traceability back to end user. Employ up-to-date encryption capabilities available with the devices. In particular, vulnerable network and personal data in cellular clients must be protected if the handset is stolen.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Intrusion Detection; Network Operations;FALSEIPSec. Telcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc. Dependency on NRIC BP 5018. NIST SP 800-40 v2.0 Creating a Patch and Vulnerability Management Program.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-8-8113ImportantNetwork Operators, Service Providers, and Equipment Suppliers should not permit local logon of users other than the system administrator. Local logon of a system administrator should be used only for troubleshooting or maintenance purposes. Some systems differentiate a local account database and network-accessible, centralized account database. Users should be authenticated via a network-accessible, centralized account database, not a local accounts database.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Information Protection; Intrusion Detection;FALSEDepartment of Defense Telecommunications and Defense Switched Network Secuirty Technical Implementation Guide (Version 2, Release 3). 'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008.TRUETRUEFALSEFALSETRUETRUETRUE1TRUEFALSEFALSEFALSE13-8-8114ImportantNetwork Operators, Service Providers, and Equipment Suppliers should use difficult to guess community string names, or current SNMP version equivalent.Internet/Data;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Encryption; Network Elements; Network Operations;FALSEFALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSEFALSE13-8-8115CriticalEquipment Suppliers should provide controls to protect network elements and their control plane interfaces against compromise and corruption. Vendors should make such controls and filters easy to manage and minimal performance impacting.Internet/Data;Equipment Supplier;Cyber Security; Hardware; Intrusion Detection; Network Operations;FALSEFALSETRUEFALSEFALSEFALSEFALSEFALSE3TRUEFALSEFALSEFALSE13-8-8116ImportantNetwork Operators, Service Providers, and Equipment Suppliers should participate in industry forums to define secure, authenticated control plane protocols and operational, business processes to implement them.Internet/Data;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Network Elements; Network Operations;FALSEATIS Packet Technologies and Systems Committee (previously part of T1S1) ATIS Protocol Interworking Committee (previously part of T1S1).FALSETRUEFALSEFALSEFALSETRUETRUE1TRUEFALSEFALSEFALSE13-8-8120CriticalNetwork Operators, Service Providers, and Equipment Suppliers should use equipment and products that support a central revocation list and revoke digital certificates that are suspected of having been compromised.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Information Protection; Intrusion Detection;FALSETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-8-8133ImportantNetwork Operators, Service Providers should adhere to the same information for disaster recovery or business continuity solutions as security Best Practices as the solutions used under normal operating conditions.Internet/Data;Service Provider; Network Operator;Business Continuity; Cyber Security; Disaster Recovery;FALSECross reference with 7-7-8133 developed under NRIC.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8135ImportantEquipment Suppliers should implement techniques such as tamper-proof cryptochips/authentication credentials and authentication for (service provider) configuration controls, in customer premises equipment.Internet/Data;Equipment Supplier;Cyber Security; Encryption; Network Operations;FALSEPacketCableTM Security Specification PKT-SP-SEC-I11-040730, IETF RFC 3261.FALSETRUEFALSEFALSEFALSEFALSEFALSE1TRUEFALSEFALSEFALSE13-8-8505Highly ImportantNetwork Operators and Service Providers should work with the Equipment Supplier to resolve the inadequacies of the solution, using a pre-deployment, staging area, where hardened configurations can be tested when new default settings introduce vulnerabilities or the default configuration is found to be vulnerable.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Intrusion Detection; Network Operations; Software;FALSEConfiguration guide for security from NIST (800-53 Rev. 3).TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-8-8507Highly ImportantNetwork Operators and Service Providers should consider which systems/services the affected system could be disconnected from to minimize access and connectivity while allowing desired activities to continue when it is discovered that a system is running with a higher level of privilege than necessary; conduct a forensic analysis to assess the possibility of having potentially compromised data and identify what may have been compromised and for how long it has been in a compromised state; and reconnect system to back-office with appropriate security levels implemented.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Operations;FALSEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008 ISF CB63.FALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8513CriticalNetwork Operators and Service Providers should consult with legal counsel in the event that an Acceptable Use Policy (AUP) is not in place, or an event occurs that is not documented within the AUP. Consulting with legal counsel, develop and adapt a policy based on lessons learned in the security incident and redistribute the policy when there are changes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations;FALSEIETF rfc3013 section 3 and NANOG ISP Resources (www.nanog.org/isp.html).TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8514CriticalService Providers should upon discovering the misuse or unauthorized use of the network, shut down the port in accordance with AUP (Acceptable Use Policy) and clearance from legal counsel. Review ACL (Access Control List) and temporarily remove offending address pending legal review and reactivate the port after the threat has been mitigated.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSEIETF rfc3013 sections 4.3 and 4.4. NANOG ISP Resources. www.IATF.net.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8515CriticalNetwork Operators and Service Providers should perform forensic analysis on the system, conduct a post-mortem analysis and enforce system resource quotas if a misuse or unauthorized use of a system is detected.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSEIETF RFC2350, CMU/SEI-98-HB-001.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8519ImportantNetwork Operators, Service Providers, and Equipment Suppliers should undertake one or more of the following: 1) Provide additional employee training. 2) Reassign, dismiss, or discipline the employee when it is discovered that there has been a failure in the hiring process and the new employee does not in fact have the proper capabilities or qualifications for the job.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Human Resources; Policy; Training and Awareness;FALSETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-8-8525CriticalNetwork Operators and Service Providers should apply the same filtering methods used in NRIC BP 8043 more aggressively to stop the attack if the routing table is under attack from malicious BGP updates. When under attack, the attack vector is usually known and the performance impacts of the filter are less of an issue than when preventing an attack. The malicious routes will expire from the table, be replaced by legitimate updates, or in emergencies, can be manually deleted from the tables. Contact peering partner to coordinate response to attack.Internet/Data;Network Operator;Cyber Security; Network Elements; Network Operations;FALSERIPE-181, "A Route-Filtering Model for Improving Global Internet Routing Robustness" www.iops.org/Documents/routing.html.FALSETRUEFALSEFALSEFALSEFALSETRUE3FALSEFALSEFALSEFALSE13-8-8530CriticalNetwork Operators and Service Providers should isolate the source to contain the attack if a DHCP ((Dynamic Host Configuration Protocol) attack is underway. Plan to force all DHCP clients to renew leases in a controlled fashion at planned increments. Re-evaluate architecture to mitigate similar future incidents.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness;FALSETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8531CriticalNetwork Operators and Service Providers should 1) restore customer specific routing configuration from a trusted copy, 2) notify customer of potential security breach, 3) Conduct an investigation and forensic analysis to understand the source, impact and possible preventative measures for the security breach if a customer MPLS-enabled trusted VPN (Virtual Private Network) has been compromised by mis-configuration of the router configuration.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSEIETF RFC 2547.FALSETRUEFALSEFALSEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8532CriticalNetwork Operators and Service Providers should consider in a severe case, disconnecting the Signal Control Point (SCP), if compromised, to force a traffic reroute, then revert to known good, back-up tape/disk and cold boot. It will depend on the situation and the compromise mechanism. No prescribed standard procedures currently exist for this scenario.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness;FALSETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8533CriticalNetwork Operators, Service Providers should if an SS7 Denial of Service (DoS) attack is detected, more aggressively apply the same thresholding and filtering mechanism used to prevent an attack (NRIC BP 8053).  The alert/alarm will specify the target of the attack. Isolate, contain, and, if possible, physically disconnect the attacker.  If necessary, isolate the targeted network element and disconnect to force a traffic reroute.Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Public Safety and Disaster;FALSEFALSEFALSEFALSEFALSETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8664ImportantNetwork Operators and Service Providers should block protocols meant for internal VoIP call control use at the VoIP perimeter.Cable; Internet/Data; Wireless;Service Provider; Network Operator;Cyber Security; Network Operations;FALSEDISA-VoIP0220; DISA-VoIP0230TRUETRUEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8534ImportantNetwork Operators and Service Providers should remove invalid records if logs or alarms determine an SS7 table has been modified without proper authorization, or in the event of a modification, rollback to last valid version of record. Investigate the attack to identify required security changes.Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations;FALSECross reference with 7-7-8534 developed under NRIC.FALSEFALSEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8535CriticalNetwork Operators and Service Providers should disconnect the server if a Voice over IP (VoIP) server has been compromised; the machine can be rebooted and reinitialized. Redundant servers can take over the network load and additional servers can be brought on-line if necessary. In the case of VoIP device masquerading, if the attack is causing limited harm, logging can be turned on and used for tracking down the offending device. Law enforcement can then be involved as appropriate. If VoIP device masquerading is causing significant harm, the portion of the network where the attack is originating can be isolated. Logging can then be used for tracking the offending device.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSEPacketCable Security specification. Cross reference with 7-7-8535 developed under NRIC.TRUETRUEFALSEFALSETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8537CriticalNetwork Operators, Service Providers should if anonymous use or theft of service is discovered, 1) disable service for attacker, 2) Involve law enforcement as appropriate, since anonymous use is often a platform for crime.  If possible, triangulate client to identify and disable.  If the wireless client was cloned, remove the ESN (Electronic Serial Number) to disable user thus forcing support contact with service provider.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSETelcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc. Cross reference with 7-7-8537 developed under NRIC.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8539CriticalNetwork Operators and Service Provider and should if the attack is IP based, reconfigure the Gateway General Packet Radio Service Support Node (GGSN) to temporarily drop all connection requests from the source. Another approach is to enforce priority tagging. Triangulate the source(s) to identify and disable. (It is easier to recover from a cellular network denial of service attack if the network is engineered with redundancy and spare capacity).Wireless;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSETelcordia GR-815. Cellular Standards: GSM, PCS2000, CDMA, 1XRTT, UMTS, etc. Cross reference with 7-7-8539 developed under NRIC.FALSEFALSEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8549CriticalNetwork Operators and Service Providers should bring together an ad-hoc team to address the current incident when a Business Recovery Plan (BRP) does not exist. The team should have technical, operations, legal, and public relations representation. Team should be sponsored by senior management and have a direct communication path back to management sponsor. If situation exceeds internal capabilities consider contracting response/recovery options to 3rd party security provider.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations;FALSEIETF RFC2350, CMU/SEI-98-HB-001. Cross reference with 7-7-8549 developed under NRIC.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8551CriticalNetwork Operators and Service Providers should follow processes similar to Appendix Y of the NRIC VII, Focus Group 2B Report Appendices when responding to a new or unrecognized event.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Network Operations;FALSECross reference with 7-7-8551 developed under NRIC.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8555CriticalNetwork Operators, Service Providers and Equipment Suppliers should if an incident occurs and a communications plan is not in place and depending on availability of resources and severity of the incident, assemble a team as appropriate: ·         In person ·         Conference Bridge ·         Other (Email, telephonic notification lists) Involve appropriate organizational divisions (business and technical) ·         Notify Legal and PR for all but the most basic of events ·         PR should be involved in all significant events ·         Develop corporate message(s) for all significant events – disseminate as appropriate If not already established, create contact and escalation procedures for all significant events.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-8-8556Highly ImportantNetwork Operators and Service Providers should refer all communications intercept requests to corporate counsel in the absence of a monitoring request policy.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness;FALSETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-8-8557CriticalNetwork Operators and Service Providers should if an abuse incident occurs without reporting contacts in place: 1) Ensure that the public-facing support staff is knowledgeable of how both to report incidents internally and to respond to outside inquiries. 2) Ensure public facing support staff (i.e., call/response center staff) understands the security referral and escalation procedures. 3) Disseminate security contacts to industry groups/coordination bodies where appropriate. 4) Create e-mail IDs per rfc2142 and disseminate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Disaster Recovery; Emergency Preparedness;FALSETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-8-8610ImportantNetwork Operators should pair Bluetooth devices in a private location using a long random PIN code. Avoid default PIN codes, easily guessed PIN codes ("000") and devices that do not support configurable PIN Codes.Wireless;Network Operator;Cyber Security; Hardware; Network Interoperability;FALSEhttp://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8559CriticalNetwork Operators and Service Providers should upload current IDS/IPS signatures from vendors and re-verify stored data with the updated signatures in the event of a security threat. Evaluate platform's ability to deliver service in the face of evolving threats and consider upgrade/replacement as appropriate. Review Incident Response Post-Mortem Checklist (NRIC BP 8564).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security;FALSENIST SP800-94 Guide to Intrusion Detection and Prevention Systems (IDPS) http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf.TRUETRUETRUETRUETRUETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8562CriticalNetwork Operators and Service Providers should isolate the box and check integrity of infrastructure and agent if an infected (zombie) device is detected. Adjust firewall settings, patch all systems and restart equipment. Consider making system or hostile code available for analysis to 3rd party such as US-CERT, NCC, or upstream provider's security team if hostile code does not appear to be known to the security community. Review Incident Response Post-Mortem Checklist (NRIC BP 8548).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8563CriticalEquipment Suppliers should work with clients when a denial of service vulnerability or exploit is discovered to ensure devices are optimally configured. Where possible, analyze hostile traffic for product improvement or mitigation/response options, disseminate results of analysis.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Cyber Security; Disaster Recovery; Emergency Preparedness;FALSETRUETRUETRUETRUETRUEFALSEFALSE3TRUEFALSEFALSEFALSE13-8-8566Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should assure that patching distribution hosts properly sign all patches. Critical systems must only use OSs and applications which employ automated patching mechanisms, rejecting unsigned patches. If a patch fails or is considered bad, restore OS and applications from known good backup media.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Operations; Software;FALSEConfiguration guide for security from NIST (800-53 Rev. 3).TRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-8-8600CriticalNetwork Operators and Service Providers should implement policies and practices that prohibit ad-hoc wireless networks. An ad-hoc wireless network is a peer-to-peer style network connecting multiple computers with no core infrastructure. They are not considered secure and are commonly associated with malicious activity.Wireless;Service Provider; Network Operator;Cyber Security;FALSEhttp://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdfFALSEFALSEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8601CriticalNetwork Operators and Service Providers should establish policies to ensure only authorized wireless devices approved by the network managing body or network security are allowed on the network. Unauthorized devices should be strictly forbidden.Wireless;Service Provider; Network Operator;Cyber Security;FALSEhttp://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdfFALSEFALSEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8602CriticalNetwork Operators and Service Providers should implement applicable industry standards for wireless authentication, authorization, and encryption (e.g. WPA2 should be considered a minimum over WEP which is no longer considered secure).Wireless;Service Provider; Network Operator;Cyber Security; Encryption;FALSEhttp://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdfFALSEFALSEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8603CriticalNetwork Operators and Service Providers should implement applicable industry standards to ensure all devices on the Wireless LAN (WLAN) network enforce network security policy requirements.Wireless;Service Provider; Network Operator;Cyber Security; Encryption; Policy;FALSEhttp://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdfFALSEFALSEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-8-8604Highly ImportantNetwork Operators should consider installation of a Wireless Intrusion System at all locations to detect the presence of unauthorized wireless systems. At a minimum, routine audits must be undertaken at all sites to identify unauthorized wireless systems.Wireless;Network Operator;Cyber Security; Encryption; Intrusion Detection;FALSEhttp://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf https://www.pcisecuritystandards.org/security_standards/pci_dss.shtmlFALSEFALSEFALSETRUEFALSEFALSETRUE2FALSEFALSEFALSEFALSE13-8-8605ImportantNetwork Operators and Service Providers should minimize wireless signal strength exposure outside of needed coverage area.Wireless;Service Provider; Network Operator;Cyber Security;FALSEhttp://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdfFALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8606ImportantNetwork Operators should turn off Bluetooth interfaces when not in use and disable Bluetooth's discovery feature, whereby each device announces itself to all nearby devices.Wireless;Network Operator;Cyber Security; Hardware; Network Interoperability;FALSEhttp://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8607ImportantNetwork Operators should configure Bluetooth devices to use the lowest power that meets business needs. Class 3 (encrypts all traffic) devices transmit at 1 mW and cannot communicate beyond 10 meters, while class 1 devices transmit at 100 mW to reach up to 100 meters. For best results, use mode 3 to enforce link authentication and encryption for all Bluetooth traffic, and discourage business use of devices that support only mode 1 (no encryption).Wireless;Network Operator;Cyber Security; Hardware; Network Interoperability;FALSEhttp://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8608ImportantNetwork Operators should password protect both devices to prevent use of lost/stolen units. If possible, do not permanently store the pairing PIN code on Bluetooth devices.Wireless;Network Operator;Cyber Security; Hardware; Network Interoperability;FALSEhttp://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8612ImportantNetwork Operators and Government should scan the airwaves (where possible) inside your business to locate all Bluetooth capable devices. Inventory all discovered devices with Bluetooth interfaces, including hardware model, OS, and version. Perform searches on Bluetooth vulnerability and exposure databases to determine whether the devices are impacts.Wireless;Network Operator; Government;Cyber Security; Hardware; Network Interoperability;FALSEhttp://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1223151,00.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSETRUEFALSE13-8-8613ImportantService Providers should educate their Enterprise customers on the importance of establishing a mobile device security policy to reduce threats without overly restricting usability.Wireless;Service Provider;Cyber Security; Hardware; Intrusion Detection;FALSEhttp://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-securityFALSEFALSEFALSETRUEFALSETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8614Highly ImportantNetwork Operators and Service Providers should enforce strong passwords for mobile device access and network access. Automatically lock out access to the mobile device after a predetermined number of incorrect passwords (typically five or more).Wireless;Service Provider; Network Operator;Cyber Security; Hardware;FALSEhttp://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-securityFALSEFALSEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8615Highly ImportantNetwork Operators and Service Providers should perform a remote wipe (i.e. reset the device back to factory defaults) when an employee mobile device is lost, stolen, sold, or sent to a third party for repair. Organizations need to have a procedure set for users who have lost their devices.Wireless;Service Provider; Network Operator;Cyber Security; Hardware;FALSEhttp://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-securityFALSEFALSEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8616ImportantNetwork Operators should encrypt local storage (where possible), including internal and external memory.Wireless;Network Operator;Cyber Security; Encryption; Hardware;FALSEhttp://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-securityFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8617ImportantNetwork Operators should enforce the use of virtual private network (VPN) connections between the employee mobile device and enterprise servers.Wireless;Network Operator;Cyber Security; Hardware;FALSEhttp://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-securityFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8618ImportantNetwork Operators should perform centralized configuration and software upgrades on mobile handsets "over the air" rather than relying on the user to connect the device to a laptop / PC for local synchronization.Wireless;Network Operator;Cyber Security; Hardware;FALSEhttp://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-securityFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8619ImportantNetwork Operators should ensure that mobile applications remove all enterprise information from the device.Wireless;Network Operator;Cyber Security; Hardware;FALSEhttp://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-securityFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8620ImportantNetwork Operators and Service Providers should provide a program of employee education that teaches employees about mobile device threats and enterprise mobile device management and security policies.Wireless;Service Provider; Network Operator;Cyber Security; Hardware;FALSEhttp://searchmobilecomputing.techtarget.com/tip/Best-practices-for-enterprise-mobile-device-and-smartphone-securityFALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8621ImportantNetwork Operators should limit the installation of unsigned third-party applications to prevent outside parties from requisitioning control of your devices.Wireless;Network Operator;Cyber Security; Hardware;FALSEhttp://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/FALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8622ImportantNetwork Operators should where possible, setup unique firewall policies specifically for traffic coming from smart phones.Wireless;Network Operator;Cyber Security; Hardware;FALSEhttp://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/FALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8623ImportantNetwork Operators should where possible, have intrusion prevention software examine traffic coming through mobile devices.Wireless;Network Operator;Cyber Security; Hardware; Intrusion Detection;FALSEhttp://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/FALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8624ImportantNetwork Operators should where possible, utilize anti-virus software for the mobile devices.Wireless;Network Operator;Cyber Security; Hardware;FALSEhttp://www.baselinemag.com/c/a/Mobile-and-Wireless/10-Best-Practices-for-Mobile-Device-Security/FALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8625Highly ImportantNetwork Operators and Service Providers should ensure connections between Femtocell and Femto Gateway follow industry standardized IPSec protocol. Connection between Femtocell and Femto OAM system must be based on TLS/SSL protocol while management traffic flow is outside of the IPSec tunnel. Optionally, the management traffic may also be transported through Secure Gateway over IPSec once the IPSec tunnel between Femtocell and Secure Gateway is established.Wireless;Service Provider; Network Operator;Cyber Security; Encryption; Hardware; Network Interoperability;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8626Highly ImportantService Providers should ensure that enterprise Femtocell Hardware authentication must be certificate based.Wireless;Service Provider;Cyber Security; Hardware; Network Interoperability;FALSEFALSEFALSEFALSETRUEFALSETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8628ImportantService Providers should ensure all Base Transceiver Station (BTS) security relevant events, e.g. apparent security violations, completion status of operations, invalid or unsuccessful logon attempts, userid, logon time, etc are to be recorded.Wireless;Service Provider;Cyber Security; Hardware; Intrusion Detection; Network Interoperability;FALSEEditorial changes were proposed from NRSC and approved at the 12/10/19 CSRIC VI meeting as editorial changes. No numbering changes were made.FALSEFALSEFALSETRUEFALSETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8630ImportantNetwork Operators and Service Providers should ensure Femtocell access control is flexible to be based on: individual Femtocell; or group of Femtocells; and/or entire Enterprise Femto System. The access control list administration, where feasible should be web GUI based, and userid / password authenticated.Wireless;Service Provider; Network Operator;Cyber Security; Hardware; Intrusion Detection; Network Interoperability;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8631ImportantService Providers and Equipment Suppliers should establish application support for cryptography that are based on open and widely reviewed and implemented encryption algorithms and protocols. Examples of acceptable algorithms and protocols include AES, Blowfish, RSA, RC5, IDEA, SSH2, SSLv3, TLSv1, and IPSEC. Products should not rely on proprietary or obscure cryptographic measures for security.Wireless;Service Provider; Equipment Supplier;Cyber Security; Encryption; Hardware;FALSEFALSEFALSEFALSETRUEFALSETRUEFALSE1TRUEFALSEFALSEFALSE13-8-8632ImportantEquipment Suppliers should use algorithms with strengths similar to 2,048-bit RSA or Diffie-Hillman algorithms with a prime group of 2,048 in order to secure all key exchange. applications bits be used. Anonymous Diffie-Hillman must not be supported.Wireless;Equipment Supplier;Cyber Security; Encryption; Hardware;FALSEFALSEFALSEFALSETRUEFALSEFALSEFALSE1TRUEFALSEFALSEFALSE13-8-8634ImportantNetwork Operators and Service Providers should implement for all symmetric secure data integrity applications, algorithms with strengths similar to HMAC-MD5-96 with 128-bit keys, HMAC-SHA-1-96 with 160-bit keys, or AES-based randomized message authentication code (RMAC) being the standard used.Wireless;Service Provider; Network Operator;Cyber Security; Encryption; Hardware;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8635Highly ImportantNetwork Operators and Service Providers should implement Authenticated Key Agreement (AKA) protocol to provide user and network with a session specific random shared-key that can be used for confidential communication.Wireless;Service Provider; Network Operator;Cyber Security; Encryption;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8636Highly ImportantNetwork Operators and Service Providers should take steps to protect user data from eavesdropping and/or being tampered in transit; ensure user has the correct credentials; accuracy and efficiency of accounting.Wireless;Service Provider; Network Operator;Cyber Security; Intrusion Detection;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8637Highly ImportantNetwork Operators and Service Providers should take steps to ensure all traffic on a 4G network is encrypted using Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) which uses AES for transmission security and data integrity authentication.Wireless;Service Provider; Network Operator;Cyber Security; Encryption;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8638ImportantNetwork Operators and Service Providers should enable the Mobile MiMAX system to provide secure communications by encrypting data traffic and use PKM (Privacy Key Management) Protocol that allows for the Base Station to authenticate the MS/CPE and not vice versa.Wireless;Service Provider; Network Operator;Cyber Security; Encryption;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8639ImportantNetwork Operators and Service Providers should use strong certificate-based authentication ensuring network access, digital content and software services can be secured from unauthorized access.Wireless;Service Provider; Network Operator;Cyber Security;FALSEFALSEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8640Highly ImportantNetwork Operators, Service Providers, and Equipment Suppliers should use NSA approved encryption and authentication for all Satcom command uplinks; downlink data encrypted as applicable depending on sensitivity/classification.Satellite;Service Provider; Network Operator;Cyber Security; Encryption;FALSECommittee on National Security Systems Policy (CNSSP) 12, National Information Assurance Policy for Space Systems Used to Support National Security Missions, 20 March 2007FALSEFALSETRUEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8641ImportantNetwork Operators and Service Providers should implement mitigation strategies against physical threat vectors that affect the satellite, the availability of communications, the integrity and confidentiality of satellite, and the performance of communications.Satellite;Service Provider; Network Operator;Cyber Security;FALSE“Satellite Security” Online Journal of Space Communication, number 6 (Winter 2004) http://spacejournal.ohio.edu/issue6/main.htmlFALSEFALSETRUEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8643ImportantNetwork Operators should sanitize employee mobile devices when removed from service. Mobile devices and other electronic equipment that contain or access sensitive information, or have been used to access sensitive information in the past, should be processed to ensure all data is permanently removed in a manner that prevents recovery before they are disposed of as surplus equipment or returned to the vendor.Wireless;Network Operator;Cyber Security; Hardware; Intrusion Detection;FALSESource: http://www.k-state.edu/its/security/procedures/mobile.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8644ImportantNetwork Operators should require Data Encryption for all employee mobile devices that contain sensitive data. If sensitive information must reside on a mobile device, it should be encrypted. The decryption key should be entered manually; this step should not be automated. A means should exist to recover encrypted data when the decryption key is lost. Require the use of laptop encryption and password-protection.Wireless;Network Operator;Cyber Security; Encryption; Hardware;FALSESource: http://www.k-state.edu/its/security/procedures/mobile.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8645ImportantNetwork Operators should set policy that requires any sensitive information transmitted to or from the employee mobile device be encrypted and/or transferred with a secure data transfer utility. Use of a secure connection or protocol, such as SSL, that guarantees end-to-end encryption of all data sent or received should be included in policy. Devices with wireless capability pose an additional risk of unauthorized access and tampering. These capabilities should be disabled, secured, or protected with a firewall.Wireless;Network Operator;Cyber Security; Encryption; Hardware;FALSESource: http://www.k-state.edu/its/security/procedures/mobile.htmlFALSEFALSEFALSETRUEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8646ImportantService Providers should devise a means of enforcing security over tethered connections. When tethering via a mobile device for data communication, an encryption methodology, such as IPSEC or SSL/VPN should be utilized to ensure session security.Wireless;Service Provider;Cyber Security;FALSEhttp://en.wikipedia.org/wiki/TetheringFALSEFALSEFALSETRUEFALSETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8649ImportantService Providers should classify their cloud service against one of the defined industry cloud service architecture models (e.g., software as a service [SaaS], platform as a service [PaaS] or infrastructure as a service [IaaS]) and the deployment model being utilized (e.g., private cloud, community cloud, public cloud or hybrid cloud) to determine the general “security” posture of the specific cloud service, how it relates to asset’s assurance and security protection requirements, and define the needed security architecture to mitigate security risks.Cable; Wireless;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSENIST 800-53 revision 3: Recommended Security Controls for Federal Information Systems and Organizations security control catalogue. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1TRUEFALSEFALSETRUEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8650ImportantService Providers should periodically conduct risk assessments (for their cloud) of their information security governance structure and processes, security controls, information security management processes, and operational processes.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSENIST 800-53 revision 3: Recommended Security Controls for Federal Information Systems and Organizations security control catalogue. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8651Highly ImportantService Providers should have a documented Business Continuity and Disaster Recovery Plan.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Network Operations;FALSENIST 800-53 revision 3: Recommended Security Controls for Federal Information Systems and Organizations security control catalogue. Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1.TRUETRUEFALSEFALSETRUETRUETRUE2FALSEFALSEFALSEFALSE13-8-8654ImportantNetwork Operators and Service Providers should use explicit static configuration of addresses, routing protocols and parameters at peering point interfaces rather than neighbor discovery or defaults.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability; Network Operations;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8655ImportantNetwork Operators and Service Providers should employ protocol-specific mechanisms or IPSec as applicable.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability; Network Operations;FALSENIST SP 800-119 (Draft) 3.6.2TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8656ImportantNetwork Operators and Service Providers should use static neighbor entries rather than neighbor discovery for critical systems.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability; Network Operations;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8657ImportantNetwork Operators and Service Providers should use BGP ingress and egress prefix filtering, TCP MD5 or SHA-1 authentication.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Interoperability; Network Operations;FALSENIST SP 800-54TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8658ImportantNetwork Operators and Service Providers should use IPv6 BOGON lists to filter un-assigned address blocks at Network boundaries.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Interoperability; Network Operations;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8659ImportantNetwork Operators and Service Providers should apply IPv6 and IPv4 anti-spoofing and firewall rules as applicable, wherever tunnel endpoints decapsulate packets.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Interoperability; Network Operations;FALSENIST SP 800-119 (Draft) 6.5.2TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8660ImportantNetwork Operators and Service Providers should have access control lists for IPv6 that are comparable to those for IPv4, and that also block new IPv6 multicast addresses that ought not to cross the administrative boundary.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Interoperability; Network Operations;FALSENIST SP 800-119 (Draft) 4.2.3TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8661ImportantNetwork Operators and Service Providers should block tunneling protocols (for example, IP protocol 41 and UDP port 3544) at points where they should not be used. Tunnels can bypass firewall/perimeter security. Use static tunnels where the need for tunneling is known in advance.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Interoperability; Network Operations;FALSENIST SP 800-119 (Draft) 2.4TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8665ImportantNetwork Operators and Service Providers should proxy remote HTTP access to the VoIP perimeter firewalls.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSEDISA-VoIP0245TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8666ImportantNetwork Operators and Service Providers should block VoIP firewall administrative/management traffic at the perimeter or Tunnel/encrypt this traffic using VPN technology or administer/manage this traffic out of band.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Encryption; Intrusion Detection; Network Operations;FALSEDISA-VoIP0210TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8667ImportantNetwork Operators and Service Providers should route HTTP access from the VoIP environment through the data environment and use HTTPS if at all possible.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSEDISA-VoIP0245TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8668ImportantNetwork Operators and Service Providers should establish a business continuity process for information, identify the events that can classified as business interruption, test and update the business continuity plan.Internet/Data;Service Provider; Network Operator;Business Continuity; Cyber Security; Network Operations;FALSEISO 27002 Information Security StandardsFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8669Highly ImportantNetwork Operators and Service Providers should ensure that access to shared networks, including those that cross organizational boundaries, as well as internal network and customer management infrastructures, is restricted, as per the Company's access control policy. These restrictions apply to systems, applications, and users, and is enforced via a router, firewall, or similar device allowing for rule-based traffic filtering, thereby ensuring a logical separation of networks.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations; Security Systems;FALSEISO/IEC 27002 (17799) [2005]FALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSEFALSE13-8-8672ImportantNetwork Operators should block incoming email file attachments with specific extensions know to carry infections or should filter email file attachment based on content properties.Internet/Data;Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Stopping Spam – Report of the Task Force on Spam – May 2005ISFALSETRUEFALSEFALSEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8673ImportantNetwork Operators should establish inbound connection limits on all email services.Internet/Data;Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: http://www.linuxmagic.com/opensource/anti_spam/bestpracticesFALSETRUEFALSEFALSEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8674ImportantNetwork Operators and Service Providers should stop all access attempts from IP Addresses with no reverse DNS at the connection level.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: http://www.linuxmagic.com/opensource/anti_spam/bestpracticesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8675ImportantNetwork Operators should stop all SMTP traffic that has reverse DNS, which reflects home PC connections (i.e. 0.0.127.mydialup.bigisp.com).Internet/Data;Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: http://www.linuxmagic.com/opensource/anti_spam/bestpracticesFALSETRUEFALSEFALSEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8676ImportantNetwork Operators should employ Optical Character Recognition techniques to email which allows the ability to read text even when it appears as a graphic image.Internet/Data;Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Anti-Spam Best Practices and Technical GuidelinesFALSETRUEFALSEFALSEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8677ImportantNetwork Operators should perform content analysis of In-bound e-mails.Internet/Data;Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Anti-Spam Best Practices and Technical GuidelinesFALSETRUEFALSEFALSEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8678ImportantNetwork Operators and Service Providers should apply URL detection techniques to detect the domain name of spammers.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Anti-Spam Best Practices and Technical Guidelines.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8679ImportantNetwork Operators and Service Providers should avoid acting as a backup Mail Exchange (MX) for other companies.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: http://www.linuxmagic.com/opensource/anti_spam/bestpracticesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8680ImportantNetwork Operators should avoid quarantining email as much as possible.Internet/Data;Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: http://www.linuxmagic.com/opensource/anti_spam/bestpracticesFALSETRUEFALSEFALSEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8681ImportantNetwork Operators and Service Providers should consider employing IP Reputation Services.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Combating Spam – Best PracticesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8682ImportantNetwork Operators and Service Providers should enforce SMTP authentication.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: http://www.linuxmagic.com/opensource/anti_spam/bestpracticesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8683ImportantNetwork Operators and Service Providers should not allow default catch all email addresses.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: http://www.linuxmagic.com/opensource/anti_spam/bestpracticesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8684ImportantNetwork Operators and Service Providers should not routinely bounce email wherever possible (valid user checking and virus scanning).Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: http://www.linuxmagic.com/opensource/anti_spam/bestpracticesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8685ImportantNetwork Operators should check sender authentication to mitigate spam.Internet/Data;Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Anti-Spam Best Practices and Technical GuidelinesFALSETRUEFALSEFALSEFALSEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8686ImportantNetwork Operators and Service Providers should employ DNS lookup techniques which are able to determine if the sending e-mail is legitimate and has a valid host name.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Anti-Spam Best Practices and Technical GuidelinesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8687ImportantNetwork Operators and Service Providers should establish an Internal Email Address to which Spam can be forwarded by Employees.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Anti-Spam Best Practices and Technical GuidelinesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8688ImportantNetwork Operators and Service Providers should use Anti-Relay Systems to Protect Mail servers from being hijacked.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSESource: Anti-Spam Best Practices and Technical GuidelinesFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8689CriticalNetwork Operators should ensure that signaling interface points that connect to IP Private and Corporate networks interfaces are well hardened and protected with firewalls that enforce strong authentication policies.Internet/Data;Network Operator;Cyber Security; Intrusion Detection; Network Operations; Security Systems;FALSEFALSETRUEFALSEFALSEFALSEFALSETRUE3FALSEFALSEFALSEFALSE13-8-8690ImportantNetwork Operators and Service Providers should deploy tools to detect unexpected changes to file systems on Network Elements and Management Infrastructure systems where feasible and establish procedures for reacting to changes. Use techniques such as cryptographic hashes.Internet/Data;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations; Security Systems;FALSEwww.cert.org/security-improvement/practices/p072.html, www.cert.org/security-improvement/practices/p096.html; Dependency on NRIC BP 8548. Related to BP 8103.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-8-8692ImportantNetwork Operators and Service Providers should develop an acceptable use policy for customers of their services and enforce it.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Policy;FALSETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8696ImportantNetwork Operators, Service Providers, and Equipment Suppliers should work with their HR departments to consider making acknowledgement and agreement regarding information security a condition of employment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Human Resources; Training and Awareness;FALSEhttp://ezinearticles.com/?Employee-Security-Awareness&id=4084497TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8697ImportantNetwork Operators and Service Providers should consider conducting Social Engineering Audits such as tests for vulnerabilities or unauthorized access to systems, networks and information. Systems range from computer networks to physical access to locations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Human Resources; Intrusion Detection; Security Systems; Training and Awareness;FALSE"Sources : http://social-engineer.org/wiki/archives/PenetrationTesters/Pentest-Sharon.htm http://social-engineer.org/wiki/archives/PenetrationTesters/Pentest-HackerTactics.html http://social-engineer.org/wiki/archives/PenetrationTesters/Pentest-Dolan.html http://www.amazon.com/Hacking-Exposed-5th-Stuart-McClure/dp/B0018SYWW0/ref=sr_1_1?ie=UTF8&s=books&qid=1251593453&sr=1-1 http://social-engineer.org/wiki/archives/PenetrationTesters/Pentest-Winkler.html "TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-8-8698ImportantNetwork Operators and Service Providers should utilize firewall protection on all computing devices. Whenever available for a mobile communications device, firewall software should be installed and utilized.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Security Systems;FALSESource: http://www.k-state.edu/its/security/procedures/mobile.htmlTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8699ImportantNetwork Operators and Service Providers should develop employee education programs that emphasize the need to comply with policies and the Data Loss Prevention (DLP) program.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Training and Awareness;FALSESource: http://www.alertboot.com/blog/blogs/endpoint_security/archive/2010/06/15/laptop-encryption-software-for-social-security-administration-telecommuters.aspxTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8700ImportantNetwork Operators and Service Providers should have and enforce disciplinary programs for employees who do not follow Data Loss Prevention (DLP) Guidelines.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Training and Awareness;FALSESource:http://www.alertboot.com/blog/blogs/endpoint_security/archive/2010/06/15/laptop-encryption-software-for-social-security-administration-telecommuters.aspxTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8702ImportantNetwork Operators and Service Providers should develop a detailed security policy addressing social engineering issues and enforce it throughout the company.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Information Protection; Training and Awareness;FALSESource:http://www.windowsecurity.com/articles/Social_Engineers.htmlTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8707ImportantNetwork Operators and Service Providers should establish and enforce policy to require users to log off, to use password protected screensavers when away from the computer, enable screenlock upon activity timeout, cautionary instructions on ensuring that no one is watching when you type in logon information, etc. Physical security measures to prevent visitors and outside contractors from accessing systems to place key loggers, etc.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Access Control; Cyber Security; Information Protection; Physical Security Management; Policy; Training and Awareness;FALSESource:http://www.windowsecurity.com/articles/Social_Engineers.htmlTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8708ImportantNetwork Operators and Service Providers should establish clear guidelines and policy on the corporate use of Social Media outlets. Before utilizing social media in any capacity, stop and consider the motivation of those that you are interacting with or targeting.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Information Protection; Policy; Training and Awareness;FALSESource: Social Engineering Newsletter Volume 2, issue 7 http://www.social-engineer.org/Newsletter/SocialEngineerNewsletterVol02Is07.htmTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8709ImportantNetwork Operators and Service Providers should establish policies governing destruction (shredding, incineration, etc.) of paperwork, disks and other media that hold information a hacker could use to breach security.Cable; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Information Protection; Intrusion Detection; Policy; Training and Awareness;FALSESource: 2009 Carnegie Mellon University, Author: Mindi McDowell posted on: http://www.us-cert.gov/cas/tips/ST04-014.htmlTRUEFALSEFALSETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8710ImportantNetwork Operators, Service Providers, and Equipment Suppliers should ensure supply chain security by having security language in their contracts and periodic risk assessments on their 3rd party verifying the outside party's security practices.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Intrusion Detection; Policy; Training and Awareness;FALSE"NIST 800-53 revision 3: Recommended Security Controls for Federal Information Systems and Organizations security control catalogue. NIST IR-7622, DRAFT Piloting Supply Chain Risk Management Practices for Federal Information Systems Cloud Security Alliance: Security Guidance for Critical Areas of Focus in Cloud Computing V2.1"TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-8-8713ImportantNetwork Operators, Service Providers should consider when implementing a signaling gateway using media gateway controllers that map gateway responses to SS7 in an anticipated and predictable fashion (e.g., RFC 3398 for SIP-to-SS7 mapping).Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8714ImportantNetwork Operators and Service Providers should use a minimum interworking subset for encoding standards (e.g., a fallback to G.711) in a PSTN gateway configuration in order to achieve interoperability and support all types of voice band communication (e.g., DTMF tones, facsimile, TTY/TDD).Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8715ImportantNetwork Operators and Service Providers should establish policies and procedures to limit the distribution of CALEA information, requests, and network documents regarding CALEA interfaces to those operationally involved with CALEA activities.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability; Policy;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8716ImportantNetwork Operators and Service Providers should establish policies and procedures to periodically conduct risk assessments of CALEA procedures and policies.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Policy;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8717ImportantNetwork Operators and Service Providers should establish policies and procedures to limit access to captured or intercepted CALEA content to those who are authorized.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Policy;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8718ImportantNetwork Operators and Service Providers should establish policies and procedures to promote awareness of appropriate CALEA policies among network employees and equipment vendors.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Policy;FALSETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8719ImportantNetwork Operators, Service Providers should consider equipping their networks with network management and congestion controls of they have deployed IS-41 (ANSI-41) or GSM Mobility Application Part (MAP) signaling networks.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Interoperability;FALSETRUETRUEFALSETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8720ImportantNetwork Operators should implement rigorous screening and/or filtering on both internal and interconnecting signaling links and establish policies to review and improve screening capabilities.Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Interoperability;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8721ImportantNetwork Operators and Equipment Suppliers should proactively monitor all security issues associated with general purpose computing products and cooperatively identify and apply security fixes, as necessary.Cable; Internet/Data; Wireline;Network Operator; Equipment Supplier;Cyber Security; Hardware; Intrusion Detection; Network Elements;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1TRUEFALSEFALSEFALSE13-8-8744ImportantService Providers should provide documentation and enforce role management and separation of duties.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSECloud Security Alliance (CSA)TRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8723ImportantNetwork Operators should consider enabling logging for element security related alarms on network elements, (e.g., unauthorized access, unauthorized logins, logging of changes (i.e. configuration and translation), administrative access logging), and establish review policies for these records to mitigate network element authentication vulnerabilities.Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations; Security Systems;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8724ImportantNetwork Operators should consider implementing dial-back modems with screening lists, communication encryptions (i.e. VPN's) and token-based access control if they are utilizing dial-up connections for maintenance access to Network Elements.Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Encryption; Network Elements; Network Operations; Security Systems;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8726ImportantNetwork Operators should design their signaling network elements and interfaces consistent with applicable industry security guidelines and policies (e.g. ATIS-300011).Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Encryption; Intrusion Detection; Network Elements; Network Operations; Policy;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8730Highly ImportantNetwork Operators should log changes made to network elements and consider recording the user login, time of day, IP address, associated authentication token, and other pertinent information associated with each change. Policies should be established to audit logs on a periodic bases and update procedures as needed.Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations; Policy;FALSETRUETRUEFALSEFALSETRUEFALSETRUE2FALSEFALSEFALSEFALSE13-8-8731ImportantNetwork Operators should establish policies and procedures to ensure that actions taken on the network can be positively attributed to the person or entity that initiated the action. This may include, but is not limited to electronic logging, access control, physical records, or tickets.Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations; Policy;FALSETRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-8-8733ImportantService Providers should clearly define and enforce rules, policies and trust model for the federated identity services.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Information Protection; Intrusion Detection;FALSETRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8735ImportantService Providers should take reasonable steps to assure that the data, if creating, maintaining, using or disseminating individually identifiable information, is accurate, complete and timely for the purposes for which they are to be used. Organizations should establish appropriate processes or mechanisms so that inaccuracies in material individually identifiable information, such as account or contact information, may be corrected. These processes and mechanisms should be simple and easy to use and provide assurance that inaccuracies have been corrected. Other procedures to assure data quality may include use of reliable sources and collection methods, reasonable and appropriate access and correction, and protections against accidental or unauthorized alteration.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Intrusion Detection;FALSELiberty Alliance Project, Privacy and Security Best Practices Version 2.0TRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8738Highly ImportantNetwork Operators and Service Providers should define, implement, and maintain password management policies as well as the documented process to reduce the risk of compromise of password-based systems.Cable; Internet/Data; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSENIST SP800-118 Guide to Enterprise Password Management http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdfTRUETRUEFALSETRUETRUETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8739Highly ImportantService Providers should act swiftly when a password management system or other source of passwords has been compromised, to mitigate the weaknesses that allowed the compromise, restore the compromised system to a secure state, and require all users to change their passwords immediately. Procedures should be in place to notify all affected users that their passwords have been reset or need to be changed immediately.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSENIST SP800-118 Guide to Enterprise Password Management http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdfTRUETRUETRUETRUETRUETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8740CriticalNetwork Operators and Service Providers should encrypt sensitive data from web servers, and other externally accessible applications, while it is in transit over any networks they do not physically control.Cable; Wireless; Wireline;Network Operator;Cyber Security; Encryption; Information Protection;FALSERelated to NRIC BP 8006, 8112TRUEFALSEFALSETRUETRUEFALSETRUE3FALSEFALSEFALSEFALSE13-8-8741ImportantEquipment Suppliers should implement techniques such as tamper-proof crypto-chips/authentication credentials and (remote) authentication for (service provider) configuration controls, in customer premises equipment. Additionally, capabilities to remotely access or delete sensitive information on these devices is encouraged.Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSEPacketCableTM Security Specification PKT-SP-SEC-I11-040730, IETF RFC 3261, Related to BP 8134FALSETRUETRUETRUETRUEFALSEFALSE1TRUEFALSEFALSEFALSE13-8-8743ImportantService Providers should segregate key management from the cloud provider hosting the data, creating a chain of separation. This protects both the cloud provider and customer from conflicts when compelled to provide data due to a legal mandate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSECloud Security Alliance (CSA)TRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8745CriticalService Providers should define processes for key management lifecycle in cases where the cloud provider must perform key management: how keys are generated, used, stored, backed up, recovered, rotated, and deleted. Further, understand whether the same key is used for every customer or if each customer has its own key set.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSECloud Security Alliance (CSA)TRUETRUETRUETRUETRUETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8746ImportantService Providers should use an alternate approach such as a "web of trust" for public key validation / authentication for environments where traditional PKI infrastructures are problematic.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSEReference: http://en.wikipedia.org/wiki/Public_key_infrastructure Reference: SP800-45 (NIST) http://csrc.nist.gov/publications/nistpubs/800-45-version2/SP800-45v2.pdf Guidelines on Electronic Mail SecurityTRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8747ImportantService Providers should use layered VPN and encryption strategies to mitigate device vulnerabilities. Traditionally a single layer of cryptography has stood between the data being protected and that of the attacker. While the cryptography itself is rarely the weak link, many times implementation or other originating or terminating cryptographic device vulnerabilities places that information in jeopardy.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Network Operations;FALSETRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8750ImportantNetwork Operators and Service Providers should have assigned risk ratings for vulnerabilities and definitions of those risk ratings (i.e. What does a High risk vulnerability mean to the general user public?, etc.) Finally, the security team should have access to an accurate and readily available asset inventory (See Step 1: Asset Inventory) (including the asset owners, and patch levels) and network diagrams.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection;FALSESans Institute, "Vulnerability Management: Tools, Challenges and Best Practices." 2003. Pg. 8 - 10.TRUETRUEFALSETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8751Highly ImportantNetwork Operators and Service Providers should test new tools in a lab to identify any false positives and false negatives and use a change control system in case there is a network disruption. They should use a tool that causes minimal disruptions to the network.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection;FALSESans Institute, "Vulnerability Management: Tools, Challenges and Best Practices." 2003. Pg. 11, 12.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-8-8752CriticalNetwork Operators, Service Providers, and Equipment Suppliers should use custom policies created by OS, device, or by industry standard (SANS Top 20, Windows Top 10 Vulnerabilities, OWASP Top 10) and specific to your environment. Organizations should identify what scanning methods and operating procedures are best for their company, and document how they would proceed in a standard operating procedure.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Intrusion Detection; Policy;FALSESans Institute, "Vulnerability Management: Tools, Challenges and Best Practices." 2003. Pg. 11, 12.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-8-8753ImportantNetwork Operators and Service Providers should ensure the tools they use are capable of notifying the asset owners that they have vulnerabilities to be fixed. They should be able to provide high-level dashboard type reports to senior management and detailed host reports to system administrators.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Encryption; Intrusion Detection;FALSESans Institute, "Vulnerability Management: Tools, Challenges and Best Practices." 2003. Pg. 12 - 13.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8754CriticalNetwork Operators, Service Providers, and Equipment Suppliers should focus on the highest risk vulnerabilities by ranking them by the vulnerability risk rating.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Intrusion Detection;FALSESans Institute, "Vulnerability Management: Tools, Challenges and Best Practices." 2003. Pg. 12, 14.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-8-8760CriticalNetwork Operators and Service Providers should remove the device from the network until remediated if a Voice over IP (VoIP) server has been compromised.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSEPacketCable Security specification.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8761CriticalNetwork Operators and Service Providers should attempt to collect data via log files or other means to aid law enforcement investigations if a VoIP masquerading event is occurring. If VoIP device masquerading is causing significant harm, the portion of the network where the attack is originating can be isolated.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSEPacketCable Security specification.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-8-8763CriticalNetwork Operators should act swiftly when a password management system or other source of passwords has been compromised, to mitigate the weaknesses that allowed the compromise, restore the compromised system to a secure state, and require all users to change their passwords immediately. Procedures should be in place to notify all affected users that their passwords have been reset or need to be changed immediately.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Encryption; Intrusion Detection; Network Operations;FALSE"NIST SP800-118 Guide to Enterprise Password Management http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf"TRUETRUETRUETRUETRUEFALSETRUE3FALSEFALSEFALSEFALSE13-8-8764ImportantService Providers should clearly define and enforce policies for identity lifecycle management. This includes processes, procedures and policies for the proofing, enrolling, issuing and revoking of identity information (e.g., identifiers, credentials and attributes) to be used for a specific context (e.g., for specific transactions ranging from commercial to social activities).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Information Protection; Policy;FALSEITU-T Y.2720, NGN Identity Management Framework ITU-T Y.2721, NGN Identity Management Requirements and Use Cases ATIS-1000035, NGN Identity Management FrameworkTRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-8-8765CriticalService Providers should only issue the identity information (e.g., identifiers, credentials and attributes) associated with an identity after successful identity proofing of the entity. An entity requesting enrollment should be verified and validated according to the requirements of the context (i.e., in which the identity will be used) before enrolling or issuing any associated identifiers, credentials or attributes. The proofing process and policies should be based on the value of the resources (e.g., services, transactions, information and privileges) allowed by the identity and the risks associated with an unauthorized entity obtaining and using the identity. Specifically, measures to ensure the following is recommended: (a) An entity (e.g., person, organization or legal entity) with the claimed attributes exists, and those attributes are suitable to distinguish the entity sufficiently according to the needs of the context. (b) An applicant whose identity is recorded is in fact the entity to which the identity is bound; (c) It is difficult for an entity which has used the recorded identity and credentials to later repudiate the registration/enrolment and dispute an authentication.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSEITU-T Y.2720, NGN Identity Management Framework ITU-T Y.2721, NGN Identity Management Requirements and Use Cases ATIS-1000035, NGN Identity Management Framework.TRUETRUETRUETRUETRUETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8766CriticalService Providers should ensure secure management and maintenance of the identity data and the status of data (e.g., identifiers, credentials, attributes) by logging updates or changes to an identity, provide notifications about the updates or changes to an identity(s) or any of the data associated with the identity(s) to the systems and network elements that needs to be aware of the updates or changes, and by periodically validating the status of an identity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSEITU-T Y.2720, NGN Identity Management Framework ITU-T Y.2721, NGN Identity Management Requirements and Use Cases ATIS-1000035, NGN Identity Management Framework.TRUETRUETRUETRUETRUETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8767CriticalService Providers should have applicable policies and enforcement for revoking an identity. Specifically, (a) Enforce policies and terminate or destroy the credentials associated (e.g., digital certificates or tokens) with an identity when it is no longer valid or has a security breach. (b) Provide notifications about the revocation or termination of an identity(s) or any of the data associated with the identity to the entity and to the systems and network elements that needs to be aware (i.e., All systems and processes with which the identity can be used for access have to be notified that the identity is no longer valid).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Information Protection; Intrusion Detection;FALSEITU-T Y.2720, NGN Identity Management Framework ITU-T Y.2721, NGN Identity Management Requirements and Use Cases ATIS-1000035, NGN Identity Management Framework.TRUETRUETRUETRUETRUETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8769Highly ImportantService Providers should protect Personally Identifiable Information by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data. Policies for PII protection should be clearly identified and enforced. Specifically, (a) Organizations should identify all PII residing in their environment. (b) Organizations should minimize the use, collection, and retention of PII to what is strictly necessary to reduce the likelihood of harm caused by a breach involving PII. Also, an organization should regularly review its holdings of previously collected PII to determine whether the PII is still relevant and necessary for meeting the organization’s business purpose and mission. For example, organizations could have an annual PII purging awareness day. (c) Organizations should categorize their PII based on confidentiality impact levels. For example, PII confidentiality impact level—low, moderate, or high should be used to indicate the potential harm that could result to the subject individuals and/or the organization if PII were inappropriately accessed, used, or disclosed. (d) Organizations should apply the appropriate safeguards for PII based on the PII confidentiality impact level. Specifically, operational safeguards, privacy-specific safeguards, and security controls should be used. (e) Organizations should develop an incident response plan to handle breaches involving PII. The plan should include elements such as determining when and how individuals should be notified, how a breach should be reported. (f) Organizations should establish processes for coordination and addressing issues related to PII when multiple parties are involved (e.g., users, relying parties and identity providers or members of a federation).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSENIST Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII).TRUETRUETRUETRUETRUETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8900Highly ImportantService Providers should stay informed about the latest botnet/malware techniques so as to be prepared to detect and prevent them.Internet/Data;Service Provider;Cyber Security; Intrusion Detection; Training and Awareness;FALSESee the following document for more information: http://www.maawg.org/sites/maawg/files/news/MAAWG_Bot_Mitigation_BP_2009-07.pdf More information can also be found at: http://isc.sans.edu/index.html http://www.us-cert.gov/ http://www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.html Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8908CriticalService Providers should share lists of their dynamic IP addresses with operators of DNS Block Lists (DNSBLs) and other similar tools. Further, such lists should be made generally available, such as via a public website.Internet/Data;Service Provider;Cyber Security; Encryption; Intrusion Detection;FALSENote that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8901Highly ImportantService Providers should provide or support third-party tutorial, educational, and self-help resources for their customers to educate them on the importance of and help them practice safe computing. ISPs’ users should know to protect end user devices and networks from unauthorized access through various methods, including, but not limited to: • Use legitimate security software that protects against viruses and spywares; • Ensure that any software downloads or purchases are from a legitimate source; • Use firewalls; • Configure computer to download critical updates to both the operating system and installed applications automatically; • Scan computer regularly for spyware and other potentially unwanted software; • Keep all applications, application plug-ins, and operating system software current and updated and use their security features; • Exercise caution when opening e-mail attachments; • Be careful when downloading programs and viewing Web pages; • Use instant messaging wisely; • Use social networking sites safely; • Use strong passwords; • Never share passwords.Internet/Data;Service Provider;Cyber Security; Intrusion Detection; Training and Awareness;FALSEMore information can be found at: National Cyber Security Alliance - http://www.staysafeonline.org/ OnGuard Online - http://www.onguardonline.gov/default.aspx Department of Homeland Security - StopBadware – http://www.stopbadware.org/home/badware_prevent Comcast.net Security - http://security.comcast.net/ Verizon Safety & Security - http://www.verizon.net/central/vzc.portal?_nfpb=true&_pageLabel=vzc_help_safety Qwest Incredible Internet Security site: http://www.incredibleinternet.com/ Microsoft- http://www.microsoft.com/security/pypc.aspx Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8902CriticalService Providers should make available anti-virus/security software and/or services for its end-users. If the ISP does not provide the software/service directly, it should provide links to other software/services through its safe computing educational resources.Internet/Data;Service Provider;Cyber Security; Intrusion Detection; Software;FALSENote that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8903CriticalService Providers should protect their DNS servers from DNS spoofing attacks and take steps to ensure that compromised customer systems cannot emit spoofed traffic (and thereby participate in DNS amplification attacks). Defensive measures include: (a) managing DNS traffic consistent with industry accepted procedures; (b) where feasible, limiting access to recursive DNS resolvers to authorized users; (c) blocking spoofed DNS query traffic at the border of their networks, and (d) routinely validating the technical configuration of DNS servers by, for example, utilizing available testing tools that verify proper DNS server technical configuration.Internet/Data;Service Provider;Cyber Security; Encryption; Intrusion Detection;FALSEWidely accepted DNS traffic management procedures are discussed in the following document: http://www.maawg.org/sites/maawg/files/news/MAAWG_DNS%20Port%2053V1.0_2010- 06.pdf Security issues on recursive resolvers are discussed in IETF BCP 140/ RFC 5358. Responses to spoofed traffic, including spoofed DNS traffic, are discussed in IETF BCP 38/RFC 2827. Some tools examining different aspects of DNS server security include: http://dnscheck.iis.se/, http://recursive.iana.org/, and https://www.dnsoarc. net/oarc/services/dnsentropy. More information on DNS security issues can also be found at: http://www.iana.org/reports/2008/cross-pollination-faq.html Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8904CriticalService Providers should use Domain Name System (DNS) Security Extensions (DNSSEC) to protect the DNS. ISPs should consider, at a minimum, the following: • sign and regularly test the validity of their own DNS zones, • routinely validate the DNSSEC signatures of other zones; • employ automated methods to routinely test DNSSEC-signed zones for DNSSEC signature validity.Internet/Data;Service Provider;Cyber Security; Encryption; Intrusion Detection;FALSEMore information can be found at: http://dnssec.net https://www.dnssec-deployment.org Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8905CriticalService Providers should encourage users to submit email via authenticated SMTP on port 587, requiring Transport Layer Security (TLS) or other appropriate methods to protect the username and password. In addition, Service Providers should restrict or otherwise control inbound and outbound connections from the network to port 25 (SMTP) of any other network, either uniformly or on a case by case basis, e.g., to authorized email servers.Internet/Data;Service Provider;Cyber Security; Information Protection; Intrusion Detection;FALSESee the following document for more information: http://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8906CriticalService Providers should authenticate all outbound email using DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF). Authentication should be checked on inbound emails; DKIM signatures should be validated and SPF policies verified.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSESee the following document for more information: http://www.maawg.org/sites/maawg/files/news/MAAWG_Email_Authentication_Paper_2008- 07.pdf More information can also be found at: http://www.dkim.org/ http://openspf.org Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8907CriticalService Providers should configure their gateway mail servers to immediately reject undeliverable email, rather than accepting it and generating non-delivery notices (NDNs) later, in order to avoid sending NDNs to forged addresses.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSEBy rejecting undeliverable email, the gateway mail will inform the sending mail server, which can apply local policy regarding whether or not to notify the message sender of the non-delivery of the original message. See the following document for more information: http://www.maawg.org/sites/maawg/files/news/MAAWG-BIAC_Expansion0707.pdf Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-9-0541Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should store multiple software versions for critical network elements and be able to fallback to earlier versions.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness; Network Elements; Network Operations; Software;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-8-8909CriticalService Providers should share lists of their dynamic IP addresses with operators of DNS Block Lists (DNSBLs) and other similar tools. Further, such lists should be made generally available, such as via a public website.Internet/Data;Service Provider;Cyber Security; Encryption; Industry Cooperation; Intrusion Detection;FALSEMore information can be found at: http://www.maawg.org/sites/maawg/files/news/MAAWG_Dynamic_Space_2008-06.pdf http://www.spamhaus.org/pbl/ http://www.mail-abuse.com/nominats_dul.html Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8910CriticalService Providers should make IPv4 dynamic address space under their control easily identifiable by reverse DNS pattern, preferably by a right-anchor string with a suffix pattern chosen so that one may say that all reverse DNS records ending in *.some.text.example.com are those that identify dynamic space.Internet/Data;Service Provider;Cyber Security; Encryption; Intrusion Detection;FALSERefer to related Best Practice 8-8-X005.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8911CriticalService Providers should make all dynamic address space under their control easily identifiable by WHOIS or RWHOIS lookup.Internet/Data;Service Provider;Cyber Security; Encryption; Intrusion Detection;FALSESee the following document for more information: http://www.maawg.org/sites/maawg/files/news/MAAWG_Dynamic_Space_2008-06.pdf Refer to related Best Practice 8-8-X004. Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8912Highly ImportantService Providers should make reasonable efforts to communicate with other operators and security software providers, by sending and/or receiving abuse reports via manual or automated methods. These efforts could include information such as implementation of "protective measures" such as reporting abuse (e.g., spam) via feedback loops (FBLs) using standard message formats such as Abuse Reporting Format (ARF). Where feasible, ISPs should engage in efforts with other industry participants and other members of the internet ecosystem toward the goal of implementing more robust, standardized information sharing in the area of botnet detection between private sector providers.Internet/Data;Service Provider;Cyber Security; Industry Cooperation; Intrusion Detection;FALSESee the following document for more information: http://www.maawg.org/sites/maawg/files/news/CodeofConduct.pdf Vulnerabilities can be reported in a standardized fashion using information provided at http://nvd.nist.gov/ http://puck.nether.net/mailman/listinfo/nsp-security https://ops-trust.net/ https://www2.icsalabs.com/veris/ Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8913CriticalService Providers should maintain methods to detect likely bot/malware infection of customer equipment. Detection methods will vary widely due to a range of factors. Detection methods, tools, and processes may include but are not limited to: external feedback, observation of network conditions and traffic such as bandwidth and/or traffic pattern analysis, signatures, behavior techniques, and forensic monitoring of customers on a more detailed level.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSEMore information can be found at: http://teamcymru.org http://shadowserver.org http://abuse.ch http://cbl.abuseat.org Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8914Highly ImportantService Providers should use a tiered approach to botnet detection that first applies behavioral characteristics of user traffic (cast a wide net), and then applies more granular techniques (e.g., signature detection) to traffic flagged as a potential problem.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSEThis technique should help minimize the exposure of customer information in detecting bots by not collecting detailed information until it is reasonable to believe the customer is infected. Looking at user traffic using a “wide net” approach can include external feedback as well as other internal approaches. Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8915CriticalService Providers should ensure that detection methods do not block legitimate traffic in the course of conducting botnet detection, and should instead employ detection methods which seek to be non-disruptive and transparent to their customers and their customers’ applications.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSENote that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well. Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8916CriticalService Providers should ensure that bot detection and the corresponding notification to end users be timely, since such security problems are time-sensitive. If complex analysis is required and multiple confirmations are needed to confirm a bot is indeed present, then it is possible that the malware may cause some damage, to either the infected host or remotely targeted system (beyond the damage of the initial infection) before it can be stopped. Thus, an ISP must balance a desire to definitively confirm a malware infection, which may take an extended period of time, with the ability to predict the strong likelihood of a malware infection in a very short period of time. This 'definitive-vs.-likely' challenge is difficult and, when in doubt, ISPs should err on the side of caution by communicating a likely malware infection while taking reasonable steps to avoid false notifications.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSENote that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8917CriticalService Providers should develop and maintain critical notification methods to communicate with their customers that their computer and/or network has likely been infected with malware. This should include a range of options in order to accommodate a diverse group of customers and network technologies. Once an ISP has detected a likely end user security problem, steps should be undertaken to inform the Internet user that they may have a security problem. An ISP should decide the most appropriate method or methods for providing notification to their customers or internet users, and should use additional methods if the chosen method is not effective. The range of notification options may vary by the severity and/or criticality of the problem. Examples of different notification methods may include but are not limited to: email, telephone call, postal mail, instant messaging (IM), short messaging service (SMS), and web browser notification.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSEAn ISP decision on the most appropriate method or methods for providing notification to one or more of their customers or Internet users depends upon a range of factors, from the technical capabilities of the ISP, to the technical attributes of the ISP's network, cost considerations, available server resources, available organizational resources, the number of likely infected hosts detected at any given time, and the severity of any possible threats, among many other factors. The use of multiple simultaneous notification methods is reasonable for an ISP but may be difficult for a fake anti-virus purveyor. Best Practice 8-8-X022 provides information on how to address the malware infection. Note that the Best Practices in this grouping are primarily aimed at ISPs that provide services to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8918ImportantService Providers should ensure that botnet notifications to subscribers convey critical service information rather than convey advertising of new services or other offers.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSEThis best practice is to help ensure that the notification message is not confused with other communications the customer may receive from the provider and help underscore the seriousness of the situation. Note that the Best Practices in this grouping are primarily aimed at ISPs that provide services to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE1FALSEFALSEFALSEFALSE13-8-8919CriticalService Providers should maintain an awareness of cyber security threat levels and, when feasible, cooperate with other organizations during significant cyber incidents, helping to gather and analyze information to characterize the attack, offer mitigation techniques, and take action to deter or defend against cyber attacks as authorized by applicable law and policy.Internet/Data;Service Provider;Cyber Security; Industry Cooperation; Intrusion Detection;FALSEFALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8920CriticalService Providers should consider temporarily quarantining a subscriber account or device if a compromised device is detected on the subscribers’ network and the network device is actively transmitting malicious traffic. Such quarantining should normally occur only after multiple attempts to notify the customer of the problem (using varied methods) have not yielded resolution. In the event of a severe attack or where an infected host poses a significant present danger to the healthy operation of the network, then immediate quarantine may be appropriate. In any quarantine situation and depending on the severity of the attack or danger, the Service Provider should seek to be responsive to the needs of the customer to regain access to the network. Where feasible, the Service Provider may quarantine the attack or malicious traffic and leave the rest unaffected.Internet/Data;Service Provider;Cyber Security; Intrusion Detection;FALSEThe temporary delay of web pages for the purpose of providing web browser notification, as suggested in Best Practice 8-8-X018, does not constitute a 'quarantine' as used in this Best Practice. Some information regarding quarantine technology can be found at: http://www.trustedcomputinggroup.org/developers/trusted_network_connect Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8921Highly ImportantService Providers should either directly or indirectly, provide a web site to assist customers with malware remediation. Remediation of malware on a host means to remove, disable, or otherwise render a malicious bot harmless. For example, this may include but is not limited to providing a special web site with security-oriented content that is dedicated for this purpose, or suggesting a relevant and trusted third-party web site. This should be a security-oriented web site to which a user with a bot infection can be directed to for remediation. This security web site should clearly explain what malware is and the threats that it may pose. Where feasible, there should be a clear explanation of the steps that the user should take in order to attempt to clean their host, and there should be information on how users can strive to keep the host free of future infections. The security web site may also have a guided process that takes non-technical users through the remediation process, on an easily understood, step-by-step basis. The site may also provide recommendations concerning free as well as for-fee remediation services so that the user understands that they have a range of options, some of which can be followed at no cost.Internet/Data;Service Provider;Cyber Security; Intrusion Detection; Training and Awareness;FALSENote that the Best Practices in this grouping are primarily aimed at ISPs that provide services to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE2FALSEFALSEFALSEFALSE13-8-8922CriticalService Providers should ensure that all such technical measures address customers’ privacy, and comply and be consistent with all applicable laws and corporate privacy policies to (a) detect compromised end-user devices, (b) notify end-users of the security issue, and (c) assist in addressing the security issue, may result in the collection of customer information (including possibly “personally identifiable information” and other sensitive information, as well as the content of customer communications).Internet/Data;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSENote that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-8-8923CriticalService Providers should pursue a multi-prong strategy in designing technical measures for identification, notification, or other response to compromised end-user devices (“technical measures”), to protect the privacy of customers’ information, including but not limited to the following: a) ISPs should design technical measures to minimize the collection of customer information; b) In the event that customer information is determined to not be needed for the purpose of responding to security issues, the information should promptly be discarded; c) Any access to customer information collected as a result of technical measures should at all times be limited to those persons reasonably necessary to implement the botnet-response security program of the ISP, and such individuals’ access should only be permitted as needed to implement the security program; d) In the event that temporary retention of customer information is necessary to identify the source of a malware infection, to demonstrate to the user that malicious packets are originating from their broadband connection, or for other purposes directly related to the botnet-response security program, such information should not be retained longer than reasonably necessary to implement the security program (except to the extent that law enforcement investigating or prosecuting a security situation, using appropriate procedures, has requested that the information be retained); and e) The ISP’s privacy compliance officer, or another person not involved in the execution of the security program, should verify compliance by the security program with appropriate privacy practices.Internet/Data;Service Provider;Cyber Security; Encryption; Information Protection; Intrusion Detection;FALSENote that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.FALSETRUEFALSEFALSEFALSETRUEFALSE3FALSEFALSEFALSEFALSE13-9-0400Highly ImportantNetwork Operators, Service Providers, and Public Safety should establish measurements to monitor their network performance.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations;TRUEReference industry guidelines such as applicable ITU, Telcordia, TL9000 standards for assistance in setting measurements on availability and reliability for criteria to measure quality of service (e.g., delay, loss, port availability, jitter).TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0401CriticalNetwork Operators, Service Providers, and Public Safety should monitor their network to enable quick response to network issues.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Operations; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0402CriticalNetwork Operators, Service Providers and Public Safety should where appropriate, design networks (e.g., Time Division Multiplexing (TDM) or Internet Protocol (IP)) to minimize the impact of a single point of failure (SPOF).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Provisioning; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0403ImportantNetwork Operators, Service Providers, and Public Safety should communicate maintenance windows to appropriate entities so proper methods of procedures can be invoked.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-0405Highly ImportantNetwork Operators, Service Providers, and Public Safety should periodically examine and review their networks to ensure that they meet the current design specifications.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0406Highly ImportantNetwork Operators, Service Providers and Public Safety should where appropriate, establish a process to ensure that spares inventory is kept current to at least a minimum acceptable release (e.g., hardware, firmware or software version).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Hardware; Network Elements; Network Operations; Procedures; Software;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0412ImportantNetwork Operators, Service Providers and Public Safety should to enhance security, by default, disable ICMP (Internet Control Message Protocol) redirect messages and IP source routing.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Operations;TRUEFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-9-0414Highly ImportantNetwork Operators, Service Providers, and Public Safety should establish plans for internal communications regarding maintenance activities and events that impact customers.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0415Highly ImportantNetwork Operators, Service Providers, and Public Safety should test the restoral process associated with critical data back-up, as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Network Operations; Procedures;TRUEThe goal is to demonstrate that data restoration is complete and works as expectedTRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0416Highly ImportantNetwork Operators, Service Providers, and Public Safety should design and implement procedures for traffic monitoring, trending and forecasting so that capacity management issues may be addressed.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Network Operations; Pandemic; Procedures;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSETRUE13-9-0417CriticalNetwork Operators, Service Providers, and Public Safety should design and implement procedures to evaluate failure and emergency conditions affecting network capacity.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Emergency Preparedness; Network Operations; Procedures; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSE3FALSEFALSEFALSETRUE13-9-0422Highly ImportantNetwork Operators, Service Providers, and Public Safety should collect failure-related data to perform cause analysis, impact and criticality analysis and failure trending.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Network Elements; Network Operations;TRUETRUETRUETRUETRUETRUEFALSETRUE2TRUEFALSEFALSETRUE13-9-0701Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should provide security for portable generators.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Corporate Ethics; Emergency Preparedness; Power;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-0423Highly ImportantEquipment Suppliers should provide cable management features and installation instructions for network elements that maintain cable bend radius, provide strain relief to prevent cable damage, ensure adequate cable connector spacing for maintenance activities, and provide clear access for cable rearrangement (i.e. moves/add/deletes) and FRU (Field Replaceable Unit) swaps.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements;FALSENote: This Best practice could impact 9-1-1 operationsTRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-9-0425Highly ImportantNetwork Operators, Service Providers, and Public Safety should maintain software version deployment records, as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Documentation; Network Elements; Network Operations; Software;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0428Highly ImportantService Providers, Network Operators, and Public Safety should monitor software and hardware vulnerability reports and take the recommended action(s) to address problems, where appropriate. Reports and recommendations are typically provided by equipment suppliers and Computer Emergency Response Teams (CERTs).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Public Safety;Cyber Security; Hardware; Network Operations; Software;TRUETRUETRUETRUETRUETRUETRUEFALSE2FALSEFALSEFALSETRUE13-9-0442Highly ImportantService Providers and Public Safety should consider measuring end-to-end path performance and path validity for both active and alternate routes.Internet/Data;Service Provider; Public Safety;Cyber Security; Network Operations;TRUEFALSETRUEFALSEFALSEFALSETRUEFALSE2FALSEFALSEFALSETRUE13-9-0476CriticalNetwork Operators, Property Managers, and Public Safety should consider conducting physical site audits after a major event (e.g., weather, earthquake, auto wreck) to ensure the physical integrity and orientation of hardware has not been compromised.Wireless;Network Operator; Public Safety; Property Manager;Disaster Recovery; Pandemic;TRUEFALSEFALSEFALSETRUEFALSEFALSETRUE3FALSETRUEFALSETRUE13-9-0504Highly ImportantNetwork Operators, Service Providers and Public Safety should consider maintaining "hot spares" (e.g., circuit packs electronically plugged in and interfacing with any element management system) as opposed to being stored in a cabinet for mission critical elements in order to facilitate asset management and increase the likelihood of having usable spares in emergency restorations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Hardware; Network Elements; Network Operations; Network Provisioning; Software;TRUETo determine appropriateness of this Best Practice, certain factors should be considered, including redundancy, single points of failures (SPOF) for critical subscribers, etcTRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0505Highly ImportantNetwork Operators, Service Providers, and Public Safety should have procedures in place to process court orders and subpoenas for wire taps or other information.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Corporate Ethics; Liaison; Network Operations; Procedures;TRUETRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0510CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should by design and practice, manage critical Network Elements (e.g., Domain Name Servers, Signaling Servers, Gateway Servers) that are essential for network connectivity and subscriber service as critical systems (e.g., secure, redundant, alternative routing).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Hardware; Network Elements; Network Operations; Network Provisioning; Policy; Procedures; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-0513Highly ImportantNetwork Operators and Service Providers should maintain a 24x7x365 contact list of other providers and operators for service restoration of inter-connected networks and as appropriate share with Public Safety and Support providers.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Documentation; Emergency Preparedness; Industry Cooperation; Liaison; Network Interoperability; Network Operations; Policy; Procedures;TRUEFor example, provider contacts are listed in the NENA company ID registration website: http://www.nena.org/?CompanyID.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0530Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should participate in interoperability testing (including services), as appropriate, to maintain reliability across connected networks.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Industry Cooperation; Network Interoperability; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-0532Highly ImportantNetwork Operators and Public Safety should periodically audit the physical and logical diversity called for by network design of their network segment(s) and take appropriate measures as needed.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Business Continuity; Emergency Preparedness; Facilities - Transport; Network Provisioning; Procedures; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSETRUE13-9-0536Highly ImportantNetwork Operators and Service Providers should deploy security and reliability related software updates (e.g., patches, maintenance releases, dot releases) when available between major software releases. Prior to deployment, appropriate testing should be conducted to ensure that such software updates are ready for deployment in live networks. Equipment Suppliers should include such software updates in the next generic release and relevant previous generic releases.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Network Elements; Network Operations; Procedures; Software; Technical Support;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSEFALSE13-13-8952Network Operators, Service Providers, Public Safety and Government should patch hosts as patches become available, on the system.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUETRUE13-9-0550Highly ImportantNetwork Operators, Equipment Suppliers, and Public Safety should implement procedures to ensure synchronization and security of databases.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Information Protection; Network Operations; Network Provisioning; Procedures; Software; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUEFALSETRUE2TRUEFALSEFALSETRUE13-9-0566CriticalNetwork Operators, Service Providers, and Public Safety should consider placing and maintaining 9-1-1 TDM or IP based networks over diverse interoffice transport facilities (e.g., geographically diverse facility routes, automatically invoked standby routing, diverse digital cross-connect system services, self-healing fiber ring topologies, or any combination thereof).Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Facilities - Transport; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0567ImportantNetwork Operators, Service Providers, and Public Safety should spread 9-1-1 and Next Generation 9-1-1 access connections across similar equipment to avoid single points of failure and clearly mark plug-in level components and termination points as critical essential services that are to be treated with a high level of care.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Facilities - Transport; Network Operations; Procedures; Public Safety and Disaster;TRUEThis service provider equipment identification applies to E9-1-1 and may apply to some elements of NG9-1-1.TRUETRUEFALSETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-0568CriticalNetwork Operators, Service Providers, and Public Safety should establish a routing plan so that in the case of lost connectivity or disaster impact affecting a Public Safety Answering Point (PSAP), 9-1-1 calls are routed to an alternate PSAP answering point.Cable; Internet/Data; Wireline;Network Operator; Public Safety;Emergency Preparedness; Essential Services; Industry Cooperation; Network Operations; Procedures; Public Safety and Disaster;TRUETRUETRUEFALSEFALSETRUEFALSETRUE3FALSEFALSEFALSETRUE13-9-0569Highly ImportantNetwork Operators, Service Providers, and Public Safety should consider using the Public Switch Telephone Network (PSTN) as a backup to dedicated trunks for the 9-1-1 network during periods of network failure. In cases where the ability to deliver 9-1-1 calls to the Public Safety Answering Point (PSAP) through normal routing is interrupted by a failure (not all trunks busy conditions) consider forwarding the call over the PSTN to a telephone number specified and answered by Public Safety authorities. It is desirable for that specified telephone number to be a type that can provide the original Caller ID/Automatic Number Identification (ANI).Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Facilities - Transport; Network Interoperability; Network Operations; Procedures; Public Safety and Disaster;TRUEThis best practice does not propose that any 9-1-1 call delivery stakeholder bypass acceptable congestion control techniques commonly applied within the industry for 9-1-1 calls.TRUETRUEFALSEFALSETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0570ImportantNetwork Operators, Service Providers, and Public Safety should implement procedures that allow for 9-1-1 traffic to be rerouted to an alternate 9-1-1 answering location such as a fixed, mobile, or temporary PSAP (automatically, based on policy rules or with minimal manual intervention). For example situations where a network condition causes 9-1-1 call delivery to be disrupted or PSAP personnel must be evacuated for safety reasons.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Network Operations; Network Provisioning; Procedures; Public Safety and Disaster;TRUETRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-0571CriticalNetwork Operators and Public Safety should consider deploying dual active 9-1-1 selective routing architectures to enable circuits from the serving end office to be split between two selective routers or Emergency Service Routing Proxies (ESRP) in order to eliminate single points of failure (SPOF) taking diversity between Selective Routers (SR) or ESRP and PSAP into consideration.Cable; Internet/Data; Wireless; Wireline;Network Operator; Public Safety;Essential Services; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUEFALSETRUE3FALSEFALSEFALSETRUE13-9-0574CriticalNetwork Operators, Service Providers, and Public Safety should actively monitor and manage the 9-1-1 network components using network management controls, where available, to quickly restore 9-1-1 service and provide priority repair during network failure events. When multiple interconnecting providers and vendors are involved, they will need to cooperate to provide end-to-end analysis of complex call-handling problems.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Network Operations; Pandemic; Procedures; Public Safety and Disaster; Supervision;TRUESuperceded by 7-7-0574 developed under NRIC.TRUETRUEFALSEFALSETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0575CriticalNetwork Operators, Service Providers, and Public Safety should deploy location identification systems used by Public Safety in a redundant, geographically diverse manner (i.e., two identical ALI/Mobile Positioning Center (MPC) Gateway Mobile Location Center (GMLC)/VPC/LIS database systems with mirrored data located in geographically diverse locations).Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Essential Services; Network Provisioning; Public Safety and Disaster;TRUEThese include, but are not limited to, ALI, MPC/GMLC, VPC systems, and LIS.TRUETRUEFALSETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0576Highly ImportantNetwork Operators and Service Providers should minimize impact from pre-planned high volume call events by invoking network management and congestion controls for affected end offices to maximize 9-1-1 call throughput.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Network Operations; Network Provisioning; Procedures; Public Safety and Disaster;TRUETRUETRUEFALSEFALSETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0657CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should design standby generator systems for fully automatic operation and for ease of manual operation, when required.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Business Continuity; Emergency Preparedness; Power; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-9-0577CriticalNetwork Operators, Service Providers and Public Safety should jointly and periodically test and verify that critical components (e.g., automatic re-routes, PSAP Make Busy keys) included in contingency plans work as designed if they are responsible for Public Safety Answering Point (PSAP) operations.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Essential Services; Liaison; Network Operations; Procedures; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0578Highly ImportantNetwork Operators, Service Providers, and Public Safety should actively engage in public education efforts aimed at informing the public of the capabilities and proper use of 9-1-1.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Essential Services; Liaison; Policy; Training and Awareness;TRUETRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSETRUETRUE13-9-0579CriticalNetwork Operators, Service Providers, and Public Safety should routinely team to develop, implement, test, evaluate and update, as needed, plans for managing 9-1-1 disruptions (e.g., share information about network and system security and reliability where appropriate).Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Essential Services; Liaison; Network Interoperability; Network Operations; Procedures; Public Safety and Disaster; Training and Awareness;TRUETRUETRUEFALSETRUETRUETRUETRUE3FALSEFALSETRUETRUE13-9-0580CriticalNetwork Operators and Public Safety should apply redundancy and diversity where feasible, to all network links considered vital to a community's ability to respond to emergencies.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Government; Public Safety;Essential Services; Facilities - Transport; Industry Cooperation; Liaison; Public Safety and Disaster;TRUESecurity practices and concepts should be applied to the critical systems supporting Link Redundancy and Diversity.TRUETRUEFALSEFALSETRUETRUETRUE3FALSEFALSETRUETRUE13-9-0581CriticalNetwork Operators and Service Providers should include Automatic Location Identification (ALI) data for both traditional and alternate providers (e.g., Private Switch, Competitive Local Exchange Carrier (CLEC), Voice over Internet Protocol (VoIP)) in the ALI systems, where required.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Industry Cooperation; Public Safety and Disaster;TRUETRUETRUEFALSETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0599Highly ImportantNetwork Operators, Service Providers, and Public Safety should conduct exercises periodically to test a network's operational readiness for various types of events (e.g., hurricane, flood, nuclear, biological, and chemical), through planned, simulated exercises being as authentic as practical including scripts prepared in advance with team members playing their roles as realistically as possible.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Documentation; Emergency Preparedness; Network Operations; Pandemic; Procedures; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-0603Highly ImportantNetwork Operators, Service Providers, and Public Safety should establish policies and procedures that outline how critical network element databases will be backed up onto a storage medium (e.g., tapes, optical diskettes) on a scheduled basis.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Policy; Procedures;TRUEExamples of network databases include router configurations, digital cross connect system databases, switching system images, base station controller images. These policies and procedures should address, at a minimum, the following: Database backup schedule and verification procedures; Storage medium standards; Storage medium labeling; On site and off site storage; Maintenance and certification; Handling and disposal.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-0619Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should coordinate with fire agencies in emergency response preplanning efforts for communications equipment locations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety; Property Manager;Emergency Preparedness; Essential Services; Fire; Industry Cooperation;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUETRUETRUE13-9-0622Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should use approved industry standards for Telecommunications Environmental Protection, DC Power Systems for key equipment locations (e.g., routers, central office switches, and other critical network elements) to reduce fires associated with DC power equipment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Fire; Hardware; Network Elements; Power;TRUEExample ANSI T1.311-1998TRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-0635ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should ensure that AC surge protection is provided at the power service entrance to minimize the effects caused by lightning or extremely high voltages.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Fire; Liaison; Power;TRUETR-NWT-001011 "Generic Requirements for Surge Protection Devices".TRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-9-0644CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should use over-current protection devices and fusing.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Fire; Power;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0655CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should coordinate hurricane and other disaster restoration work with electrical and other utilities as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Disaster Recovery; Emergency Preparedness; Industry Cooperation; Liaison; Network Operations; Power;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-9-0658CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should ensure generator life support systems (e.g., radiator fan, oil cooler fan, water transfer pumps, fuel pumps, engine start battery chargers) are on the essential Alternating Current (AC) buss of the generator they serve.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Business Continuity; Emergency Preparedness; Pandemic; Power; Procedures; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-9-0660Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should have a plan that is periodically verified for providing portable generators to offices with and without stationary engines.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Business Continuity; Emergency Preparedness; Network Operations; Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-0662CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should exercise power generators on a routine schedule in accordance with manufacturer's specifications. For example, a monthly 1 hour engine run on load, and a 5 hour annual run.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Network Operations; Power; Procedures; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-9-0664ImportantNetwork Operators, Service Providers, and Equipment Suppliers should provide indicating type control fuses on the front of the power panels, including smaller distribution panels.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Hardware; Power;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-9-0668ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should clearly label the equipment served by each circuit breaker and fuse.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Network Elements; Power;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-9-0669Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should develop and/or provide appropriate emergency procedures for Alternating Current (AC) transfer.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-0671Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should design and implement a preventive maintenance and inspection program for electrical systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Network Operations; Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-0674ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should initiate or continue a modernization program to ensure that outdated power equipment is phased out of plant considering capabilities of smart controllers, local and remote monitoring and control, alarm systems when updating power equipment, and being integrated into engineering and operational strategies.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Pandemic; Policy; Power;TRUETRUETRUETRUETRUETRUEFALSETRUE1FALSETRUEFALSETRUE13-9-0689ImportantNetwork Operators, Service Providers, and Public Safety should provide a separate "battery discharge" alarm for all critical infrastructure facilities, and where feasible, periodically (e.g., every 15 minutes) repeat the alarm as long as the condition exists.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-0690ImportantNetwork Operators, Property Managers, and Public Safety should consider providing power alarm redundancy so that no single point alarm system failure will lead to a network power outage.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Network Operations; Power;TRUETRUETRUETRUETRUETRUEFALSETRUE1FALSETRUEFALSETRUE13-9-0694ImportantNetwork Operators and Service Providers should check for current flow in cables with AC/DC clamp-on ammeters before removing the associated fuses or opening the circuits during removal projects.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Network Operations; Power; Procedures;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSEFALSE13-9-0695Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should develop and test plans to address situations where normal power backup does not work (e.g., commercial AC power fails, the standby generator fails to start, automatic transfer switch fails).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Business Continuity; Emergency Preparedness; Network Operations; Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-0697ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should employ an "Ask Yourself" program as part of core training and daily operations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Human Resources; Network Operations; Power; Procedures; Supervision; Training and Awareness;TRUEThis initiative is intended to reinforce the responsibility every employee has to ensure flawless network service.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-0699Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should design standby systems (e.g., power) to withstand harsh environmental conditions.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Buildings; Emergency Preparedness; Hardware; Power;TRUETRUETRUEFALSETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-9-0750Highly ImportantEquipment Suppliers should provide a mechanism for feature activation or deactivation that is not service impacting to end-users (e.g., avoid re-boot, re-start or re- initialization).Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Hardware; Network Elements; Procedures; Software;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUEFALSEFALSE2TRUEFALSEFALSEFALSE13-9-0758CriticalNetwork Operators, Service Providers and Public Safety should upon restoration of service in the case of an outage where 9-1-1 call completion is affected, make/request multiple test calls to the affected PSAP(s) to ensure proper completion.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Essential Services; Liaison; Network Operations; Procedures; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0760ImportantNetwork Operators, Service Providers, and Public Safety should maintain records that accurately track the diversity of internal wiring for office synchronization, including timing leads and power.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Documentation; Facilities - Transport; Network Elements; Network Operations; Network Provisioning; Power; Procedures;TRUEBest Practice recommended by the NRSC Timing Outage Task Force Report - March 6, 2002.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-0773Highly ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should perform annual capacity evaluation of power equipment, and perform periodic scheduled maintenance, including power alarm testing.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Network Operations; Power;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-0774ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should provide warning signs to indicate precautions to be taken when powering on circuits that require special proceduresCable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Network Operations; Power; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-0780CriticalNetwork Operators, Service Providers, and Public Safety should consider including coordination information of each other when developing disaster restoration and prioritization plans.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Essential Services; Liaison;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0786CriticalNetwork Operators, Service Providers, and Public Safety should consider allowing Equipment Suppliers or third party Service Providers remote secured access to vital hardware components.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Disaster Recovery; Hardware; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-0797ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider creating a workforce augmentation plan prior to a pandemic or other crisis situation.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Human Resources; Network Operations; Network Provisioning; Pandemic; Policy; Procedures; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-0803ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should be encouraged to continue to participate in the development and expansion of industry standards for traffic management that promote interoperability and assist in meeting end user quality of service needs.Cable; Internet/Data; Satellite; Wireless;Service Provider; Network Operator; Equipment Supplier; Public Safety;Industry Cooperation;TRUETRUETRUETRUETRUEFALSETRUETRUE1TRUEFALSEFALSETRUE13-9-1001CriticalNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should formally document their business continuity processes in a business continuity plan covering critical business functions and business partnerships. Key areas for consideration include: Plan Scope, Responsibility, Risk Assessment, Business Impact Analysis, Plan Testing, Training and Plan Maintenance.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Business Continuity; Documentation; Emergency Preparedness;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUETRUEFALSETRUE13-9-1004Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should review their Business Continuity Plan(s) on an annual basis to ensure that plans are up-to-date, relevant to current objectives of the business and can be executed as written.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Business Continuity; Emergency Preparedness;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-9-1005CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should perform a Business Impact Analysis (BIA) to assess the impact of the loss of critical operations, support systems and applications.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Business Continuity; Emergency Preparedness;TRUERelated BP is 5072.TRUETRUETRUETRUETRUEFALSEFALSE3FALSEFALSEFALSETRUE13-9-1029ImportantNetwork Operators, Service Providers, and Public Safety should periodically review their portable power generator needs to address changes to the business.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Emergency Preparedness; Network Operations; Power;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-3217Highly ImportantNetwork Operators and Service Providers should provide and maintain current 24/7/365 contact information accessible to Public Safety Answering Points (PSAPs) so that PSAPs may obtain additional subscriber information as appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Essential Services; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-1009Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should regularly conduct exercises that test their Disaster Recovery Plans. Exercise scenarios should include natural and man-made disasters (e.g., hurricane, flood, nuclear, biological, and chemical).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness; Network Operations; Public Safety and Disaster; Training and Awareness;TRUEThe exercise should be as authentic as practical. Scripts should be prepared in advance and team members should play their roles as realistically as possible. While the staff must be well prepared, the actual exercise should be conducted unannounced in order to test the responsiveness of the team members and effectiveness of the emergency processes. Also, callout rosters and emergency phone lists should be verified. Early in the exercise, make sure everyone understands that this is a disaster simulation, not the real thing! This will avoid unnecessary confusion and misunderstandings that could adversely affect service. It is particularly important to coordinate disaster exercises with other Service Provider, Public Safety Providers and vendors. It is very important immediately following the drill to critique the entire procedure and identify lessons learned. These should be documented and shared with the entire team. See http://www.DRII.org.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-1010CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should designate personnel responsible for maintaining Business Continuity and Disaster Recovery Plans.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-1011CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should establish alternative methods of communication for critical personnel.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-1015ImportantNetwork Operators, Service Providers, and Public Safety should make available to the disaster recovery team "as-built" drawings of network sites.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Documentation; Emergency Preparedness;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-1017CriticalNetwork Operators, Service Providers, and Public Safety should have documented plans or processes to assess damage to network elements, outside plant, facility infrastructure, etc. for implementation immediately following a disaster.Cable; Internet/Data; Satellite; Wireless;Service Provider; Network Operator; Public Safety;Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Procedures;TRUETRUETRUETRUETRUEFALSETRUETRUE3FALSEFALSEFALSETRUE13-9-1018Highly ImportantNetwork Operators, Service Providers ,Equipment Suppliers and Public Safety should emphasize employee and public safety during a disaster and all phases of disaster recoveryCable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-1020Highly ImportantNetwork Operators, Service Providers, Public Safety and Equipment Suppliers should assess the need for Chemical, Biological, Radiological and Nuclear (CBRN) response program to safely restore or maintain service in the aftermath of fuel/chemical contamination or a Weapons of Mass Destruction (WMD) attack.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Public Safety and Disaster;TRUEThis can be accomplished through internal teams or contracting with an external HazMat response and remediation vendor.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-1022CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider the development of a vital records program to protect vital records that may be critical to restoration efforts.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Documentation; Emergency Preparedness;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-1023CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should identify essential staff within their organizations that are critical to disaster recovery efforts. Planning should address the availability of these individuals and provide for backup staff.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Human Resources; Pandemic;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-1024ImportantNetwork Operators, Service Providers, Public Safety, and Equipment Suppliers should plan for the possibility of a disaster occurring during a work stoppage.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness; Human Resources;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-1026ImportantNetwork Operators, Service Providers, and Public Safety should consider creating a policy statement that defines a remote system access strategy, which may include a special process for disaster recovery.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Business Continuity; Cyber Security; Emergency Preparedness; Pandemic; Policy;TRUETRUETRUETRUETRUETRUEFALSETRUE1FALSEFALSEFALSETRUE13-9-1028CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should engage in preventative maintenance programs for network site support systems including emergency power generators, UPS, DC plant (including batteries), HVAC units, and fire suppression systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety; Property Manager;Buildings; Business Continuity; Emergency Preparedness; Fire; Network Operations; Power; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUE3FALSETRUEFALSETRUE13-9-1031Highly ImportantNetwork Operators, Service Providers, and Public Safety should consider entering into Mutual Aid agreements with partners best able to assist them in a disaster situation using the templates provided on the NRIC and NCS websites. These efforts could include provisions to share spectrum, fiber facilities, switching, and/or technician resources.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Industry Cooperation; Public Safety and Disaster;TRUESee http://www.ncs.gov/ncc/nccmaa/nccmaa_toc.html and http://www.nric.org/meetings/meeting20020913.html.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-1032Highly ImportantNetwork Operators, Service Providers, and Public Safety should document their critical equipment suppliers, vendors, contractors and business partners in their Business Continuity Plans along with an assessment of the services, support, and capabilities available in the event of a disaster.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Emergency Preparedness; Industry Cooperation;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-1034CriticalNetwork Operators and Public Safety should ensure that the emergency mobile assets are maintained at a hardware and software level compatible with the existing network infrastructure so that the emergency mobile assets will be immediately available for deployment.Cable; Internet/Data; Satellite; Wireless; Wireline;Public Safety;Business Continuity; Emergency Preparedness; Hardware; Network Elements; Network Operations;TRUEExperience has shown that hardware and software maintenance of emergency mobile assets should be assigned to designated technicians.TRUETRUETRUETRUETRUEFALSEFALSE3FALSEFALSEFALSETRUE13-9-1035ImportantNetwork Operators, Service Providers, and Public Safety should include trial deployment of emergency mobile assets in disaster response exercises to evaluate level of personnel readiness.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Emergency Preparedness; Network Operations; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-1037Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should use a disaster recovery support model that provides a clear escalation path to executive levels, both internally and to business partners.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness;TRUETRUETRUETRUETRUETRUEFALSETRUE2TRUEFALSEFALSETRUE13-9-1038Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider during all hazard and preplanned events, communicating the response status frequently and consistently to all appropriate employees detailing what processes have been put in place to support customers and what priorities have been established in the response.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Pandemic; Supervision;TRUETRUETRUEFALSETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-1058Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should work collectively with local, state, and federal governments to develop relationships fostering efficient communications, coordination and support for emergency response and restoration.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Liaison;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSETRUETRUE13-9-1067Highly ImportantNetwork Operators, Public Safety, Service Providers and Property Managers should consider, in preparation for predicted natural events, placing standby generators on line and verifying proper operation of all subsystems (e.g., ice, snow, flood, hurricanes).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Disaster Recovery; Emergency Preparedness; Network Operations; Power;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-3202ImportantService Providers and Public Safety should have a pre-established procedure to notify all impacted network operators, prior to launching an alert event that utilizes Public Safety mass calling systems for emergency notification.Cable; Internet/Data; Wireless; Wireline;Service Provider; Public Safety;Emergency Preparedness; Essential Services; Industry Cooperation; Liaison;TRUETRUETRUEFALSETRUETRUETRUEFALSE1FALSEFALSEFALSETRUE13-9-3204Highly ImportantPublic Safety and Government should work with Service Providers to educate the public on the proper use of N11 Access codes (e.g., 211, 311, 411 or 511 services) where available, such that it enables the 9-1-1 network and personnel to be exclusively focused on emergencies.Cable; Internet/Data; Wireless; Wireline;Service Provider; Public Safety;Emergency Preparedness; Industry Cooperation; Liaison;TRUEProper use of all N11 codes, including 9-1-1, prevents exhaustion of resources of emergency personnel on non-emergency situations.TRUETRUEFALSETRUETRUETRUEFALSE2FALSEFALSEFALSETRUE13-9-3211Highly ImportantNetwork Operators, Service Providers, and Public Safety should develop and maintain operations plans that address network reliability issues. Network Operators and Service Providers should proactively include Public Safety authorities when developing network reliability plans in support of 9-1-1 services.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Emergency Preparedness; Liaison; Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-3212ImportantNetwork Operators and Service Providers should consider including notification of Public Safety Authorities, as appropriate, in their trouble notification plans.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Disaster Recovery; Emergency Preparedness; Liaison; Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-13-8953Public Safety, Government should disallow emergency services work on untrusted personal devices, unless there are defenses in place.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUEimplementation-groups/#collapse-a122TRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-9-3228Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should ensure if they are using Global Positioning System (GPS) enabled Phase II location solutions, that the GPS satellite location information (e.g., GPS ephemeris, almanac, etc.) is as current as is feasible to assist the handset in providing improved accuracy of the GPS fix, aiding in the reduction of the time of database responses and reduction of the number of database query rebids.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Network Design;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-3233ImportantService Providers, Public Safety should work to ensure that Phase II accuracy is optimized and the performance trouble resolution process is followed as needed when deploying wireless Phase II.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Public Safety;Network Operations;TRUESee “E9-1-1 PHASE II Accuracy Optimization Reporting and Resolution Process” document (Appendix E– NRIC VII 1A Final Report).TRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSETRUE13-9-3236Highly ImportantNetwork Operators, Equipment Suppliers, and Public Safety should have procedures in place to allow for manual configuration in the event of a failure of automatic synchronization systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Information Protection; Network Operations; Network Provisioning; Procedures; Software; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUEFALSETRUE2TRUEFALSEFALSETRUE13-9-3237Highly ImportantNetwork Operators, Equipment Suppliers, and Public Safety should consider restricting provisioning technicians from all commands except those that are needed for their work (least privileges) and avoid any "global" commands or unauthenticated, privileged access that may have the potential for significant impact.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Information Protection; Network Operations; Network Provisioning; Procedures; Software; Supervision; Training and Awareness;TRUETRUETRUETRUETRUETRUEFALSETRUE2TRUEFALSEFALSETRUE13-9-3238Highly ImportantNetwork Operators, Service Providers, and Public Safety should consider using wireless public or private networks as a backup to dedicated trunks for the 9-1-1 network during periods of network failure. In cases where the ability to deliver 9-1-1 calls to the Public Safety Answering Point (PSAP) through normal routing is interrupted by a failure (not all trunks busy conditions) consider forwarding the call over wireless public, private networks, or satellite-based services to provide an additional alternate path to the PSTN, providing IP multimedia connectivity for next generation networks, or used solely as an alternate call delivery path for the voice component of 9-1-1 calls.Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Essential Services; Facilities - Transport; Network Interoperability; Network Operations; Procedures; Public Safety and Disaster;TRUETRUETRUEFALSEFALSETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-3239Highly ImportantNetwork Operators, Service Providers, and Public Safety should implement testing and verification processes for 9-1-1 pseudo Automatic Number Identification (pANI) to prevent bad data from being entered into the wrong routing databases typically occurring at the Automatic Location Information (ALI) or Selective Router (SR) stage of the provisioning process.Cable; Internet/Data; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Provisioning;TRUETRUETRUEFALSETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-3242Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should work together to jointly perform cause analysis, and meet periodically with the specific agenda of sharing the failure and outage information to develop corrective measures.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Network Elements; Network Operations;TRUETRUETRUETRUETRUETRUEFALSETRUE2TRUEFALSEFALSETRUE13-9-3243Highly ImportantService Providers, Network Operators, and Public Safety should coordinate and perform necessary testing of all new call paths between their network and the emergency services network (e.g., Selective Routers, or the Emergency Services IP Network (ESInet)) that includes a test call using all routing elements.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Network Provisioning; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-9-5012Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should limit access to areas of critical infrastructure to essential personnel.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Buildings; Disaster Recovery; Pandemic; Physical Security Management; Policy;TRUEPrevent unauthorized access.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-5073Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should perform risk assessment on significant network changes (e.g., technology upgrades).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Facilities - Transport; Network Operations;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-5113CriticalNetwork Operators, Service Providers, Property Managers and Public Safety should when feasible, provide multiple cable entry points at critical facilities (e.g., copper or fiber conduit) avoiding single points of failure (SPOF).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Buildings; Facilities - Transport; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-9-5240Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should have a plan for responding to malfunctioning access control equipment to include determining restoration priorities for failed security systems after an event.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Buildings; Disaster Recovery; Emergency Preparedness; Physical Security Management; Security Systems;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-9-5127CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should provide a Government Emergency Telecommunications Service (GETS) card to essential staff critical to disaster recovery efforts and should consider utilizing Wireless Priority Service (WPS) for essential staff. Appropriate training and testing in the use of GETS & WPS should occur on a regular basis (i.e. in conjunction with testing of the corporate disaster recovery plan).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Emergency Preparedness; Human Resources; Liaison; Training and Awareness;TRUEThe GETS and WPS web sites are http://wps.ncs.gov/ and http://getes.ncs.gov.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-5128CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should maintain accurate records for Government Emergency Telecommunications Service (GETS) cards and Wireless Priority Service (WPS) phone assignments as staff changes occur.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Emergency Preparedness; Human Resources; Liaison;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-5130ImportantNetwork Operators, Service Providers, Equipment Suppliers, Public Safety, and the Government should conduct public and media relations in such a way as to avoid disclosing specific network or equipment vulnerabilities that could be exercised by a terrorist.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Disaster Recovery; Industry Cooperation; Information Protection; Liaison; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-5131Highly ImportantNetwork Operators and Public Safety should provide appropriate security for emergency mobile units (both pre- and post-deployment) in order to protect against a coordinated terrorist attack on emergency communications capabilities.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Disaster Recovery; Emergency Preparedness; Material Movement; Physical Security Management; Power;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSETRUE13-9-5133Highly ImportantNetwork Operators and Public Safety should minimize availability of information to a need to know basis regarding locations where emergency mobile units and equipment are stored.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Public Safety;Disaster Recovery; Emergency Preparedness; Information Protection; Power;TRUETRUETRUETRUETRUETRUEFALSETRUE2FALSEFALSEFALSETRUE13-9-5139Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should consider establishing procedures for managing personnel who perform functions at disaster area sites.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Corporate Ethics; Disaster Recovery; Emergency Preparedness; Human Resources; Pandemic; Policy; Procedures; Supervision; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-5160Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should have contingency plans in place for the possible absence of critical personnel in their business continuity plan.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness; Human Resources; Pandemic;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-5162CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should ensure adequate physical protection for facilities/areas that are used to house certificates and/or encryption key management systems, information or operations.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Cyber Security; Encryption; Information Protection; Physical Security Management;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-5196CriticalNetwork Operators, Service Providers, and Public Safety should ensure that contractors and Equipment Supplier personnel working in critical network facilities follow the current applicable MOP (Method of Procedures), which should document the level of oversight necessary.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Network Operations; Procedures; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-5200Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should establish and implement procedures for the proper disposal and/or destruction of hardware (e.g., hard drives) that contain sensitive or proprietary information.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Hardware; Information Protection; Material Movement; Network Elements; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-5204CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should ensure availability of emergency/backup power (e.g., batteries, generators, fuel cells) to maintain critical communications services during times of commercial power failures, including natural and manmade occurrences (e.g., earthquakes, floods, fires, power brown/black outs, terrorism). The emergency/backup power generators should be located onsite, when appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Buildings; Disaster Recovery; Emergency Preparedness; Network Operations; Power; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-5206CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should maintain sufficient fuel supplies for emergency/backup power generators running at full load and ensure contracted refueling is in place.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Emergency Preparedness; Network Operations; Power; Public Safety and Disaster;TRUESee NRIC BP 0658.TRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-9-5207CriticalNetwork Operators, Service Providers, Property Managers and Public Safety should take appropriate precautions to ensure that fuel, other supplies, and alternate sources of power are available for critical installations in the event of major disruptions in a geographic area (e.g., hurricane, earthquake, pipeline disruption). Consider contingency contracts in advance with clear terms and conditions (e.g., Delivery time commitments, T&Cs).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Disaster Recovery; Emergency Preparedness; Material Movement; Network Operations; Pandemic; Power; Public Safety and Disaster;TRUESee NRIC BP 0658. Editorial changes were proposed from NRSC and approved at the 12/10/19 CSRIC VI meeting as editorial changes. No numbering changes were made.TRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-9-5208ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure that electrical work (e.g., AC and high current DC power distribution) is performed by licensed technicians.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Human Resources; Network Operations; Power; Training and Awareness;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-9-5223Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should establish a technical support plan that prevents the loss of one facility or location from disabling their ability to provide support.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Emergency Preparedness; Network Operations; Physical Security Management; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-5225ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should ensure that Business Continuity Plan(s) are restricted to those with a need-to-know.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Business Continuity; Corporate Ethics; Disaster Recovery; Documentation; Emergency Preparedness; Information Protection;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUETRUEFALSETRUE13-9-5227Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should perform after-action reviews of emergency response and restoration of major events to capture lessons learned (e.g., early warning signs) and to enhance emergency response and restoration plans accordingly. A process similar to NRIC VII, Focus Group 2B Report Appendices Appendix Z “Recovery Incident Response (IR) Post Mortem Checklist” can be used to capture and identify countermeasures to prevent or mitigate the impact of future incidents and to quickly and effectively restore service from such events in the future.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Physical Security Management;TRUEhttp://www.nric.org/meetings/docs/meeting_20041206/NRICVII_FG2B_December2004_BPs_Appendices.pdfTRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-9-5228ImportantNetwork Operators, Service Providers, and Equipment Suppliers should consider including cross-subsidiary (e.g. A LEC and its Wireless Business Unit) resource sharing and communications in business continuity plans to support emergency response and restoration.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Business Continuity; Disaster Recovery; Emergency Preparedness; Policy;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-5231Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should develop documentation for the restoration of power for areas of critical infrastructure including such things as contact information, escalation procedures, restoration steps and alternate means of communication. This documentation should be maintained both on-site and at centralized control centers.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Disaster Recovery; Documentation; Emergency Preparedness; Information Protection; Network Operations; Power; Technical Support;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUETRUEFALSETRUE13-9-5232CriticalNetwork Operators, Service Providers, Property Managers, and Public Safety should test fuel reserves used for standby or backup power for contamination at least once a year or after any event (e.g., earth tremor, flood) that could compromise the integrity of the tank housing, fill pipe or supply pipe.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Disaster Recovery; Network Operations; Power; Procedures;TRUEThese tests should include inspection for water, sediment, organic contaminates, and any other items that may inhibit the peak performance of the standby/backup generator.TRUETRUETRUETRUETRUETRUETRUE3FALSETRUEFALSETRUE13-9-5234ImportantNetwork Operators, Service Providers, Property Managers, and Public Safety should provide or arrange for security to protect temporary equipment placements and staging areas for critical infrastructure equipment in a disaster area.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Access Control; Disaster Recovery; Material Movement; Network Operations; Physical Security Management;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSETRUEFALSETRUE13-9-5237Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should verify the integrity of system spares and replenish spares, as appropriate, as part of a disaster response and at the conclusion of a disaster response at a facility.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Disaster Recovery; Emergency Preparedness; Hardware; Network Elements; Network Operations; Pandemic;TRUETRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-8629ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should have processes in place to ensure that all third party software (e.g. operating system) have been properly patched with the latest security patches and that the system works correctly with those patches installed.Wireless;Service Provider; Equipment Supplier; Public Safety;Cyber Security; Hardware; Network Interoperability;TRUEFALSEFALSEFALSETRUEFALSETRUEFALSE1TRUEFALSEFALSETRUE13-9-5258ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should define and assign responsibility for retrieval of all corporate assets (e.g., access cards, equipment) and ensure temporary physical and logical access is removed after completion of a restoration effort for all temporary personnel associated with the restoration.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Access Control; Disaster Recovery; Human Resources; Physical Security Management; Supervision;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-5259Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Property Managers, and Public Safety should establish and enforce access control and identification procedures for all individuals (including temporary contractors, and mutual aid workers) at restoration sites for which they have responsibility. Provide for issuing and proper displaying of ID badges and the sign-in and escorting procedures, where appropriate.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety; Property Manager;Access Control; Disaster Recovery; Guard Services; Human Resources; Physical Security Management; Procedures; Supervision; Visitors;TRUETRUETRUETRUETRUETRUEFALSETRUE2TRUETRUEFALSETRUE13-9-5281Highly ImportantNetwork Operators, Service Providers, Property Managers and Public Safety should design, install and maintain each generator as a standalone unit, for buildings serviced by more than one emergency generator, that is not dependent on the operation of another generator for proper functioning, including fuel supply path.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety; Property Manager;Emergency Preparedness; Power; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE2FALSETRUEFALSETRUE13-9-8008CriticalNetwork Operators, Service Providers, and Public Safety should implement architectures that partition or segment networks and applications using means such as firewalls, demilitarized zones (DMZ), or virtual private networks (VPN) so that contamination or damage to one asset does not disrupt or destroy other assets. In particular, where feasible, it is suggested user traffic networks, network management infrastructure networks, customer transaction system networks, and enterprise communication/business operations networks be separated and partitioned from one another.Internet/Data;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Elements; Network Operations;TRUE"ISF SB52, http://www.sans.org ITU-T Rec. X.805 ITU-T Rec. X.812".FALSETRUEFALSEFALSEFALSETRUETRUE3TRUEFALSEFALSETRUE13-9-8018CriticalNetwork Operators, Service Providers and Equipment Suppliers should for OAM&P applications and interfaces, harden the access control capabilities of each network element or system before deployment to the extent possible (typical steps are to remove default accounts, change default passwords, turn on checks for password complexity, turn on password aging, turn on limits on failed password attempts, turn on session inactivity timers, etc.).  A preferred approach is to connect each element or system's access control mechanisms to a robust AAA server (e.g., a RADIUS or TACAS server) with properly hardened access control configuration settings.Internet/Data;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Network Operations;FALSEhttp://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations.FALSETRUEFALSEFALSEFALSETRUETRUE3TRUEFALSEFALSEFALSE13-9-8019CriticalNetwork Operators, Service Providers, and Equipment Suppliers should have operating system hardening procedures applied with devices equipped with operating systems used for OAM&P. Harding procedures include (a) all unnecessary services are disabled; (b) all unnecessary communications pathways are disabled; (c) all critical security patches have been evaluated for installations on said systems/applications; and d) review and implement published hardening guidelines, as appropriate. Where critical security patches cannot be applied, compensating controls should be implemented.Internet/Data;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Network Elements; Network Operations;FALSEConfiguration guides for security from NIST (800-53 Rev. 3), NSA (Security Configuration Guides), Center For Internet Security (CIS Benchmarks), http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Note: This Best practice could impact 9-1-1 operations.FALSETRUEFALSEFALSEFALSETRUETRUE3TRUEFALSEFALSEFALSE13-9-8030ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should use session timers for all Operations, Administration, Maintenance, and Provisioning (OAM&P) applications, systems, and interfaces to disconnect, terminate, or logout authenticated sessions that remain inactive past some preset (but ideally configurable by the Administrator) time limit that is appropriate for operational efficiency and security.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Operations; Network Provisioning;TRUETRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-8032ImportantNetwork Operators, Service Providers, and Equipment Suppliers should design and deploy a patching process based on industry recommendations, especially for critical OAM&P systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Network Operations; Software;FALSEConfiguration guide for security from NIST (800-53 Rev. 3). 'http://www.atis.org/ - ATIS-0300276.2008 Operations, Administration, Maintenance, and Provisioning Security Requirements for the Public Telecommunications Network: A Baseline of Security Requirements for the Management Plane: March 2008. Cross reference with 7-6-8032. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSEFALSE13-9-8034Highly ImportantNetwork Operators and Service Providers should define and incorporate a formal patch/fix policy into the organization's security policies.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Network Operations; Policy; Software;FALSEConfiguration guide for security from NIST (800-53 Rev. 3). Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-9-8035ImportantNetwork Operators, Service Providers, and Public Safety should include steps to appropriately test all patches/fixes in a test environment prior to distribution into the production environment in their patch/fix policy and process guidelines.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Network Operations; Policy; Software;TRUEConfiguration guide for security from NIST (800-53 Rev. 3). Related to NRIC BP 8020.TRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-8037ImportantNetwork Operators, Service Providers, and Public Safety should maintain a complete inventory of elements to ensure that patches/fixes can be properly applied across the organization. This inventory should be updated each time a patch/fix is identified and action is taken.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Public Safety;Cyber Security; Network Operations;TRUETRUETRUETRUETRUETRUETRUEFALSE1FALSEFALSEFALSETRUE13-9-8038Highly ImportantNetwork Operators and Service Providers should have a formal process during system or service development that exist in which a review of security controls and techniques is performed by a group independent of the development group, prior to deployment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Procedures;TRUEThis review should be based on an organization's policies, standards, and guidelines, as well as best practices. In instances where exceptions are noted, mitigation techniques should be designed and deployed and exceptions should be properly tracked.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSETRUE13-9-8039CriticalService Providers, Network Operators, and Public Safety should perform a verification process to ensure that patches/fixes are actually applied as directed throughout the organization. Exceptions should be reviewed and the proper patches/fixes actually applied.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Network Operations; Policy; Software;TRUEConfiguration guide for security from NIST (800-53 Rev. 3).TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-8061CriticalService Providers, Network Operators, and Public Safety should establish a set of standards and procedures for dealing with computer security events that should be part of the overall business continuity/disaster recovery plan, exercised periodically and revised as needed, and cover likely threats to those elements of the infrastructure which are critical to service delivery/business continuity. See Appendix X and Y of the NRIC VII, Focus Group 2B Report Appendices.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Training and Awareness;TRUEhttp://www.nric.org/meetings/docs/meeting_20041206/NRICVII_FG2B_December2004_BPs_Appendices.pdfTRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-8064CriticalService Providers, Network Operators, and Public Safety should generate and collect security-related event data for critical systems (i.e., syslogs, firewall logs, IDS alerts, remote access logs, etc.). Where practical, this data should be transmitted to secure collectors for storage and should be retained in accordance with a data retention policy. A mechanism should be enabled on these systems to ensure accurate timestamps of this data (e.g., Network Time Protocol).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Encryption;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-8065CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should establish a process for releasing information to members of the law enforcement and intelligence communities and identify a single Point of Contact (POC) for coordination/referral activities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Liaison; Procedures;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-8068CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should develop and practice a communications plan as part of the broader Incident response plan identifying key players to include as many of the following items as appropriate: contact names, business telephone numbers, home telephone numbers, pager numbers, fax numbers, cell phone numbers, home addresses, internet addresses, permanent bridge numbers, etc. Notification plans should be developed prior to an event/incident happening where necessary. The plan should also include alternate communications channels (e.g., alpha pagers, internet, satellite phones, VOIP, private lines, smart phones) balancing the value of any alternate method against the security and information loss risks introduced.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness;TRUEAlternate broadband communication path for coordination and management.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-8073CriticalNetwork Operators, Service Providers, and Public Safety should deploy Intrusion Detection/Prevention Tools (IDS/IPS) with an initial policy that reflects the universe of devices and services known to exist on the monitored network. Due to the ever evolving nature of threats, IDS/IPS tools should be tested regularly and tuned to deliver optimum performance and reduce 0 positives.Internet/Data; Satellite;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Operations; Security Systems;TRUENIST SP800-94 Guide to Intrusion Detection and Prevention Systems (IDPS) http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf.FALSETRUETRUEFALSEFALSETRUETRUE3FALSEFALSEFALSETRUE13-9-8502CriticalNetwork Operators, Service Providers, and Public Safety should perform an audit of available network services when a compromise occurs, or new exploits are discovered, to reassess any vulnerability to attack and re-evaluate the business need to provide that service, or explore alternate means of providing the same capability.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection;TRUEConfiguration guides for security from NIST, US-CERT, NSA, SANS, vendors, etc. Related to NRIC BP 8000.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-8074CriticalNetwork Operators, Service Providers, and Equipment Suppliers should design equipment to survive significant increases in both packet count and bandwidth utilization. Infrastructure supporting mission critical services should be designed for significant increases in traffic volume and must include network devices capable of filtering and/or rate limiting traffic. Network engineers must understand the capabilities of the devices and how to employ them to maximum effect. Wherever practical, mission critical systems should be deployed in clustered configuration allowing for load balancing of excess traffic and protected by a purpose built DoS/DDoS protection device. Operators of critical infrastructure should deploy DoS survivable hardware and software whenever possible.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-9-8083Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should protect authentication databases/files from unauthorized access, and they must be backed-up and securely stored in case they need to be restored.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Information Protection; Intrusion Detection;TRUEFilter access to the TCP and/or UDP ports serving the database at the network border. Use strong authentication for those requiring access. Prevent users from viewing directory and file names that they are not authorized to access. Enforce a policy of least privilege. Build a backup system in the event of loss of the primary system. Document and test procedures for backup and restoral of the directory.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-8086CriticalNetwork Operators, Service Providers, Equipment Suppliers and Public Safety should should develop capabilities and processes to determine which users require access to a specific device or application based on the principles of least–privilege (the minimum access needed to perform the job) and separation of duties (certain users perform certain tasks).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Intrusion Detection;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-8103CriticalNetwork Operators, Service Providers, and Public Safety should deploy malware protection tools where feasible, establish processes to keep signatures current, and establish procedures for reacting to an infection.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Operations; Software;TRUENIST SP800-83 Guide to malware incident prevention and handling http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf Note: Service providers may choose to offer virus protection as a value-added service to their customers as part of a service offering, but that is not required by this Best Practice.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-8121Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should conduct regular audits of their Information Security practices.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Information Protection; Intrusion Detection;TRUEISO17799: http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail_ics.htm?csnumber=50297; COBIT: http://www.isaca.org/COBIT; OCTAVE: http://www.cert.org/octave/.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-8131ImportantNetwork Operators, Service Providers and Public Safety should factor into Business Continuity and Recovery Plans, potential Information Security threats of a plausible likelihood or significant business impact.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Business Continuity; Cyber Security; Encryption; Intrusion Detection;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-8132ImportantNetwork Operators and Service Providers should leverage the BCP/DR Business Impact Assessment (BIA) efforts as input to prioritizing and planning Information Security Incident Response efforts.Internet/Data;Service Provider; Network Operator;Business Continuity; Cyber Security; Network Operations;FALSENote: This Best practice could impact 9-1-1 operations.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-9-8134ImportantService Providers should carefully consider possible impacts on their networks from changes in the configuration or authentication information on devices beyond the service demarcation point, and thus beyond their physical or logical scope of control. Service Providers should consider network filters or network authentication to protect against malicious traffic or theft of service caused by such insecure devices.Internet/Data;Service Provider;Cyber Security; Encryption; Network Operations; Security Systems;FALSENote: This Best practice could impact 9-1-1 operations.FALSETRUEFALSEFALSEFALSETRUEFALSE1FALSEFALSEFALSEFALSE13-9-8136ImportantNetwork Operators, Service Providers, and Public Safety should deploy tools to detect unexpected changes to file systems on Network Elements and Management Infrastructure systems where feasible and establish procedures for reacting to changes. Use techniques such as cryptographic hashes.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Elements; Network Operations;TRUEwww.cert.org/security-improvement/practices/p072.html www.cert.org/security-improvement/practices/p096.html ITU-T Rec. X.1051FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-9-8139ImportantNetwork Operators, Service Providers, and Public Safety should review and analyze security-related event data produced by critical systems on a regular basis to identify potential security risks and issues. Automated tools and scripts can aid in this analysis process and significantly reduce the level of effort required to perform this review.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection;TRUETRUETRUETRUETRUETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-8647ImportantService Providers should develop and implement security event logging systems and procedures to allow for collection of security related events.Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-9-8506Highly ImportantNetwork Operators, Service Providers, and Public Safety should re-evaluate the architecture for single points of failure following a compromise and reestablishment of lost service. Review the process of evaluating and documenting single points of failure and provide spares for redundancy in the architecture to ensure adequacy of the security architecture.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Network Operations;TRUEISO 27002 Information Security Standards - 13.2.2 Learning from information security incidents ISF SB52.FALSETRUEFALSEFALSEFALSETRUETRUE2FALSEFALSEFALSETRUE13-9-8508ImportantNetwork Operators, Service Providers, and Public Safety should re-evaluate the adequacy of existing security architecture immediately following incident recovery and implement revisions as needed.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Operations; Procedures;TRUEEnsure any changes are adequately documented to reflect the current configuration. Review existing processes for establishing and maintaining security architectures update as necessary to maintain currency.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-9-8509ImportantNetwork Operators, Service Providers should as part of a post-mortem process, review segmentation design to evaluate adequacy of the architecture and data isolation when, through audit or incident, a co-mingling of data or violation of a trust relationship is discovered.Internet/Data;Service Provider; Network Operator;Cyber Security; Network Elements; Network Operations;FALSEISF SB52, www.sans.org ITU-T Rec. X.1051. Note: This Best practice could impact 9-1-1 operations.FALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSEFALSE13-9-8510Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should upon an occurrence of compromise or trust violations conduct a forensic analysis to determine the extent of compromise, revoke compromised keys, and establish new crypto keys as soon as possible, and review crypto procedures to re-establish trust.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Encryption; Intrusion Detection;TRUEFIPS 140-2, PUB 46-3, PUB 74, PUB 81,   PUB 171, PUB 180-1, PUB 197, ANSI X9.9, X9.52, X9.17.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSEFALSETRUE13-9-8522ImportantNetwork Operators, Service Providers, and Public Safety should investigate to determine ownership and purpose/use upon discovery of an unsanctioned device on the organizational network. Where possible, this phase should be non-alerting (i.e., log reviews, monitoring of network traffic, review of abuse complaints for suspect IP address) to determine if the use is non-malicious or malicious/suspect. If use is determined to be non-malicious, employ available administrative tools to correct behavior and educate user. Conduct review of policies to determine: If additional staff education regarding acceptable use of network/computing resources is required if processes should be redesigned / additional assets allocated to provide a sanctioned replacement of the capability. Was the user attempting to overcome the absence of a legitimate and necessary service the organization was not currently providing so that s/he could perform their job? If the use is deemed malicious/suspect, coordinate with legal counsel: Based on counsel's advice, consider collecting additional data for the purposes of assessing depending on the scope of the misuse, consider a referral to law enforcement.Internet/Data;Service Provider; Network Operator; Public Safety;Cyber Security; Intrusion Detection; Network Elements; Network Operations;TRUEFALSETRUEFALSEFALSEFALSETRUETRUE1FALSEFALSEFALSETRUE13-9-8523CriticalNetwork Operators, Service Providers should 1) Turn on logging where appropriate to analyze the logs, 2) Implement the appropriate filter and access list to discard the attack traffic 3) Utilize DoS/DDoS tracking methods to identify the source of attack if the control plane is under attack.Cable; Internet/Data; Wireless;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness;FALSEIETF RFC2350, CMU/SEI-98-HB-001. Note: This Best practice could impact 9-1-1 operations.TRUETRUEFALSETRUEFALSETRUETRUE3FALSEFALSEFALSEFALSE13-9-8553CriticalNetwork Operators, Service Providers and Equipment Suppliers should during a security event, release to the National Communications Service National Coordination Center (ncs@ncs.gov) or USCERT (cert@cert.org) information which may be of value in analyzing and responding to the issue, following review, edit and approval commensurate with corporate policy. Information is released to these forums with an understanding redistribution is not permitted.  Information which has been approved for public release and could benefit the broader affected community should be disseminated in the more popular security and networking forums such as NANOG and the Security Focus Mailing Lists.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Business Continuity; Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection; Network Operations;FALSECross reference with 7-7-8553 developed under NRIC. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSEFALSE13-9-8554CriticalNetwork Operators, Service Providers, and Public Safety should handle and collect information as part of a computer security investigation in accordance with a set of generally accepted evidence-handling procedures insomuch as is possible without disrupting operational recovery.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety; Property Manager;Cyber Security; Disaster Recovery; Emergency Preparedness;TRUEExample evidence handling processes are provided in Appendix X, Section 2f of the NRIC VII, Focus Group 2B Report Appendices.TRUETRUETRUETRUETRUETRUETRUE3TRUETRUEFALSETRUE13-9-8564CriticalNetwork Operators, Service Providers, and Public Safety should follow processes similar to those outlined in Appendix X of the NRIC VII, Focus Group 2B Report Appendices after responding to a security incident or service outage to capture lessons learned and prevent future events.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Equipment Supplier; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness;TRUEIETF RFC2350, CMU/SEI-98-HB-001.TRUETRUETRUETRUETRUEFALSETRUE3TRUEFALSEFALSETRUE13-9-8648ImportantNetwork Operators and Service Providers should ensure that initial configurations are secure [if they provide or manage Customer Premise Equipment (CPE)].Cable; Internet/Data; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection; Network Operations;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSEFALSE13-9-8725ImportantNetwork Operators should establish alarming thresholds for various message types to ensure that DoS conditions are recognized. Logs should be maintained and policies established to improve screening and alarming thresholds for differentiating legitimate traffic from DoS attacks.Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUEFALSEFALSETRUEFALSETRUE1FALSEFALSEFALSEFALSE13-9-8727ImportantNetwork Operators, Service Providers, and Public Safety should implement industry guidelines for validating physical diversity, and consider performing signaling link diversification validation on a scheduled basis (e.g., twice a year).Cable; Internet/Data; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Hardware; Network Elements; Network Operations; Policy;TRUEProcesses and procedures should exist for tracking discrepancies and maintaining a historical record. Re: PBX & statewide networks - sonic ring could be influenced by this.TRUETRUEFALSEFALSETRUETRUETRUE1FALSEFALSEFALSETRUE13-9-8729CriticalNetwork Operators should establish policies and processes for adding and configuring network elements, that include approval for additions and changes to configuration tables (e.g., screening tables, call tables, trusted hosts, and calling card tables). Verification rules should minimize the possibility of receiving inappropriate messages.Cable; Internet/Data; Wireline;Network Operator;Cyber Security; Intrusion Detection; Network Elements; Network Operations; Policy;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUEFALSEFALSETRUEFALSETRUE3FALSEFALSEFALSEFALSE13-9-8748CriticalNetwork Operators, Service Providers, Equipment Suppliers, and Public Safety should test new devices to identify unnecessary services, outdated software versions, missing patches, and misconfigurations, and validate compliance with or deviations from an organization’s security policy prior to being placed on a network.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Intrusion Detection;TRUENIST SP 800-115 A Technical Guide to Information Security Testing and Assessment.TRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE13-9-8755ImportantService Providers, Network Operators, Equipment Suppliers, and Public Safety should utilize automated (where possible) Patch Management to quickly deploy patches for known vulnerabilities. PSAP software version control is important for backroom PSAP systems.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Network Operations;TRUENIST Special Publication 800-40, Creating a Patch and Vulnerability Management Program - 2.1 Recommended Process.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-8756CriticalNetwork Operators and Public Safety should establish and implement procedures to ensure that all security patches and updates relevant to the device or installed applications are promptly applied. The patching process should be automated whenever possible. The system should be rebooted immediately after patching if required for the patch to take effect.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Public Safety;Cyber Security; Network Operations;TRUESource: http://www.k-state.edu/its/security/procedures/mobile.html#summary.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSETRUE13-9-8757ImportantNetwork Operators, Service Providers, and Public Safety should set policy within each corporation or agency to provide guidance when there is a security breach.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;TRUEIETF RFC2350, CMU/SEI-98-HB-001.TRUETRUETRUETRUETRUETRUETRUE1TRUEFALSEFALSETRUE13-9-8759Highly ImportantNetwork Operators and Service Providers should remove invalid records whenever it is determined that a network element has been modified without proper authorization, or rollback to the last valid version of record. The attack should be investigated to identify potential security changes.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;FALSEIETF RFC2350, CMU/SEI-98-HB-001. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE2FALSEFALSEFALSEFALSE13-9-8762CriticalNetwork Operators and Service Providers should work together to identify, filter, and isolate the originating points of Denial of Service (DoS) attacks when detected, and reroute legitimate traffic in order to restore normal service.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Intrusion Detection;FALSEIETF RFC2350, CMU/SEI-98-HB-001. Note: This Best practice could impact 9-1-1 operations.TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSEFALSEFALSE13-9-8772CriticalService Providers, Network Operators, Equipment Suppliers and Public Safety should establish a process for releasing information to members of the law enforcement and intelligence communities and identify a single Point of Contact (POC) for coordination/referral activities.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Intrusion Detection;TRUETRUETRUETRUETRUETRUETRUETRUE3TRUEFALSEFALSETRUE9-6-0810"Retired" - Service Providers should make available meaningful information about expected performance with respect to upstream and downstream throughput and any limitations of the service; best effort services “up to” or unspecified bit rate services should be specified as such in a clearly identifiable manner.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider;Cyber Security;FALSETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSEFALSE9-6-1041"Retired" - Equipment Suppliers should consider providing a "Disaster Information Checklist" to all of the Service Providers they support. The checklist should provide a set of questions which the Service Provider would address immediately after a disaster and then promptly inform the Equipment Supplier to facilitate equipment delivery.Cable; Internet/Data; Satellite; Wireless; Wireline;Equipment Supplier;Business Continuity; Disaster Recovery; Documentation; Emergency Preparedness; Public Safety and Disaster; Technical Support;FALSETRUETRUETRUETRUETRUEFALSEFALSETRUEFALSEFALSEFALSE9-6-5023"Retired" - Network Operators, Service Providers and Equipment Suppliers should establish and enforce a policy that requires all individuals to properly display company identification (e.g., photo ID, visitor badge) while on company property. Individuals not properly displaying a badge should be challenged and/or reported to security.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Access Control; Human Resources; Physical Security Management; Policy; Procedures; Training and Awareness; Visitors;FALSETRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSE9-6-5253"Retired" - Network Operators, Service Providers and Equipment Suppliers should use lessons learned from restoration efforts to update recovery plans for transponder loss, satellite payload failure and satellite failure.Satellite;Service Provider; Network Operator; Equipment Supplier;Disaster Recovery; Emergency Preparedness; Facilities - Transport; Network Operations;FALSEFALSEFALSETRUEFALSEFALSETRUETRUETRUEFALSEFALSEFALSE9-6-5254"Retired" - During restoration efforts, Network Operators and Service Providers should not permit unsecured wireless access points for the distribution of critical data or operating system upgrades.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Disaster Recovery; Information Protection; Network Operations; Software;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE9-7-0434"Retired" - Employee Training: Network Operators, Service Providers, Equipment Suppliers and Property Managers should provide appropriate training and periodic refresher courses for their employees.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Training and Awareness;FALSETRUETRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSE9-7-0460"Retired" - Network Operators should ensure that equipment is installed in accordance with equipment suppliers' stated environmental specifications.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Facilities - Transport; Hardware;FALSETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSEFALSEFALSE9-7-0583"Retired" - Network Operators, Service Providers and Equipment Suppliers should adopt an industry uniform method of reporting and tracking significant service outages (e.g., TL-9000 standard outage template).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Documentation; Industry Cooperation; Network Operations;FALSESee Network Outage Reporting System at http://transition.fcc.gov/pshs/services/cip/nors/nors.htmlTRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSE9-7-0597"Retired" - Network Operator and Service Provider network technicians should be trained in (1) detection of conditions requiring intervention, (2) escalation procedures, and (3) manual recovery techniques.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Network Operations; Procedures; Supervision; Training and Awareness;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE9-7-0728"Retired" - Network Operators should use industry standard markings for outside plant cables.Cable; Internet/Data; Satellite; Wireline;Network Operator;Facilities - Transport;FALSETRUETRUETRUEFALSETRUEFALSETRUEFALSEFALSEFALSEFALSE9-7-0740"Retired" - Network Operators should implement internal processes needed to support the One-Call Notification legislation.Cable; Internet/Data; Wireline;Network Operator;Facilities - Transport; Procedures;FALSETRUETRUEFALSEFALSETRUEFALSETRUEFALSEFALSEFALSEFALSE9-7-0817"Retired" - For the deployment of Residential Internet Access Service, Broadband Network Operators should select, implement and locate equipment within the operator’s architecture to provide residential internet access to the most users where economically and technically feasible.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Network Elements;FALSETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSEFALSEFALSE9-7-1025"Retired" - Network Operators and Service Providers should consider using a team to quickly determine appropriate actions both pro-active or re-active to address potential or real threats.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Business Continuity; Disaster Recovery; Emergency Preparedness;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE9-7-5028"Retired" - Network Operators, Service Providers and Equipment Suppliers should establish policies and procedures related to access control to provide exception access (e.g., emergency repair or response, forgotten credential, etc.).Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Access Control; Buildings; Emergency Preparedness; Human Resources; Pandemic; Physical Security Management; Policy; Procedures; Visitors;FALSETRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSE9-7-5115"Retired" - Network Operators, Service Providers, Equipment Suppliers and Property Managers should provide and reinforce as appropriate mail screening procedures to relevant employees and contractors to increase attention to security.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Property Manager;Human Resources; Material Movement; Physical Security Management; Procedures; Supervision; Training and Awareness;FALSETRUETRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSE9-7-5123"Retired" - Network Operators should maintain and control access to accurate location information of critical network facilities in order to identify physical locations hosting critical infrastructure assets.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator;Buildings; Documentation; Emergency Preparedness; Facilities - Transport; Information Protection; Network Operations; Network Provisioning; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSEFALSEFALSE9-7-5262"Retired" - Network Operators, Service Providers and Equipment Suppliers should evaluate the vulnerability of storage locations in an effort to protect critical spares.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier;Disaster Recovery; Emergency Preparedness; Hardware; Network Operations;FALSETRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSE9-8-0811"Retired" - Specified Rate Services: Service Providers should make available meaningful information about expected performance with respect to upstream and downstream throughput and any limitations of the service. Specified rate services (such as those covered by QoS or similar systems) should be handled by an SLA between the parties.Internet/Data;Service Provider;Cyber Security; Network Operations;FALSEFALSETRUEFALSEFALSEFALSETRUEFALSEFALSEFALSEFALSEFALSE9-9-0823"Retired" - For the deployment of Residential Internet Access Service, Network Operators, Service Providers and Equipment Suppliers should design, build, and operate broadband networks considering performance aspects of the data facilities employed, such as: packet loss ratio, Bit Error Ratio, latency, and compression, where feasible.Cable; Internet/Data; Satellite; Wireline;Service Provider; Network Operator; Equipment Supplier;Network Operations;FALSENote: This Best practice could impact 9-1-1 operations.TRUETRUETRUEFALSETRUETRUETRUETRUEFALSEFALSEFALSE"Retired" - Network Operators and Property Managers should consider agreements to share in-building antenna infrastructure between multiple service providers in order to make it more feasible to deploy in-building systems.Wireless;Network Operator; Property Manager;Industry Cooperation;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUEFALSETRUEFALSEFALSE"Retired" - Network Operators should take into consideration fundamental technology differences when operating multiple RF technologies in an existing system. Radio Frequency Interference (RFI) sources (e.g., intermodulation, out of band emissions, receiver overload), link budgets, and performance metrics (e.g., data rates, latency, capacity) should be evaluated.Wireless;Network Operator;FALSEFALSEFALSEFALSETRUEFALSEFALSETRUEFALSEFALSEFALSEFALSE13-13-8118CriticalNetwork Operators, Service Providers, Public Safety and Government should provide DNS DDoS protection by implementing protection techniques such as: 1) Rate limiting DNS network connections 2) Provide robust DNS capacity in excess of maximum network connection traffic 3) Have traffic anomaly detection and response capability 4) Provide secondary DNS for back-up 5) Deploy Intrusion Prevention System in front of DNS to provide near real time alerts of a cyber-attack to provide near real time alerts of a cyber-attack. 6) Use cloud technologies to enable rapid instantiation of alternate networks and DNS capabilities. This BP applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Encryption; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUERFC-2870, ISO/IEC 15408, ISO 17799,US-CERT \\\"Securing an Internet Name Server\\\" (http://www.cert.org/archive/pdf/dns.pdf).TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSETRUETRUE13-13-8527CriticalNetwork Operators, Service Providers, Public Safety and Government should prepare a disaster recovery plan to implement upon DNS server compromise. The plan should incorporate procedures to, first flush the DNS cache and, failing that, implement elements that may include but are not limited to: 1) bring-on additional hot or cold spare capacity, 2) bring up a known good DNS server from scratch on different hardware, 3) Reload and reboot machine to a known good DNS server software (from bootable CD or spare hard drive), 4) Reload name resolution records from a trusted back-up. After the DNS is again working, conduct a post-mortem of the attack/response. This applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Encryption; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUERFC-2870, ISO/IEC, 15408, ISO 17799, US-CERT \\\"Securing an Internet Name Server\\\".TRUETRUETRUETRUETRUETRUETRUE3FALSEFALSETRUETRUE13-13-3290Network Operators, Service Providers should apply caller authentication/verification techniques (e.g., using the SHAKEN framework) to mitigate Caller ID spoofing in general, including on incoming 9-1-1 calls, call backs and administrative emergency lines.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator;Cyber Security; Disaster Recovery; Encryption; Intrusion Detection; Network Operations; Public Safety; Public Safety and Disaster;FALSETRUETRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSE13-13-8561CriticalNetwork Operators, Service Providers, Public Safety and Government should when a network element or server is under DoS attacks, evaluate the network and ensure the issue is not related to a configuration/hardware issue,. If it is not a configuration/hardware issue, determine direction of traffic and work with distant end to stop inbound traffic. Consider adding more local capacity (bandwidth or servers) to the attacked service. Where available, deploy DoS/DDoS specific mitigation devices and/or use anti-DoS capabilities in local hardware. Coordinate with HW vendors for guidance on optimal device configuration. Where possible, capture hostile code and make available to organizations such as US-CERT and NCS/NCC for review. This BP applies to Public Safety only in an NG9-1-1 environment.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Disaster Recovery; Emergency Preparedness; Encryption; Intrusion Detection; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUE3FALSEFALSETRUETRUE13-13-8768Highly ImportantNetwork Operators, Service Providers, Equipment Suppliers, Public Safety and Government should support multi-factor authentication to increase confidence in the identity of an entity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety;Cyber Security; Encryption; Information Protection; Intrusion Detection;TRUEMulti-factor authentication involves validating the authenticity of the identity of an entity by verifying multiple identifiers and attributes associated with the entity. The data for multi-factor authentication capabilities should be organized based something you are (e.g., physical of behavioral characteristics of an end user or customer\\\'s characteristic or attribute that is being compared such as typing patterns, voice recognition), something you have (e.g., a driver\\\'s license, or a security token) and something you know (e.g., a password, pin number, security image). ITU-T Y.2702, Authentication and authorization requirements for NGN release 1 ATIS-1000030, Authentication and Authorization Requirements for Next Generation Network (NGN) NIST SP 800-63, Electronic Authentication Guideline.TRUETRUETRUETRUETRUETRUETRUE2TRUEFALSETRUETRUE13-13-8936Network Operators, Service Providers, Equipment Suppliers, Public Safety and Government should exercise third-party vulnerability testing on a regular basis.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUETRUEFALSETRUETRUE13-13-8937Public Safety, Government should provide three (3) system back-ups on two (2) different forms of media storage (such as cloud, tape, external drive, flash drive) that can be connected on demand. Further, do not allow any of them to be connected until needed. One of the backups should be stored offsite, and geographically & logically separated from the others. Routine testing should be done to allow the ECC to restore hosts.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8938Network Operators, Public Safety and Government should identify deleted logs by searching for instances of log deletion or last-seen log events.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8939Network Operators, Public Safety and Government should ensure adequate logging and visibility on ingress and egress points.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Network Operations; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8940Network Operators, Public Safety and Government should search server file systems for unusual files or scripts.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Intrusion Detection; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8941Network Operators, Public Safety and Government should detect malicious use of legitimate credentials.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Encryption; Intrusion Detection; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8942Public Safety, Government should scan all emails, attachments, and downloads (both on the host and at the mail gateway) with a reputable anti-virus solution that includes cloud reputation services.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Intrusion Detection; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8943Public Safety, Government should segment any critical networks or control systems from administrative systems and networks.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Network Design; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8944Public Safety, Government should ensure that network administrators use non-privileged accounts for email and internet access.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Human Resources; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8945Public Safety, Government should periodically conduct searches of publicly available information to ensure no sensitive information has been disclosed.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Information Protection; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8946Public Safety, Government should provide cyber hygiene training to staff that includes informing end users on proper email and web usage, highlighting current information and analysis, and including common indicators of phishing.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Human Resources; Procedures; Public Safety and Disaster; Training Awareness;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8947Network Operators, Service Providers, Equipment Suppliers, Public Safety and Government should implement the �least-privilege-principle� for security in all public safety systems; meaning, provide access only to those resources that an individual should have access to.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUETRUEFALSETRUETRUE13-13-8948Network Operators, Service Providers, Public Safety and Government should log, monitor, and audit all employee electronic activity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUETRUE13-13-8949Equipment Suppliers, Public Safety and Government should support effective end point security and use resilient end points that don�t provide access to common tools typically used by hackers to encrypt files on an end point.Wireline;Equipment Supplier; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUEFALSEFALSEFALSEFALSETRUEFALSEFALSETRUEFALSETRUETRUE13-13-8950Network Operators, Service Providers, Equipment Suppliers, Public Safety and Government should maximize insider threat awareness among employees, including training about personal vulnerabilities, being engineered to become an insider threat, and detecting insider threats in their businesses.Cable; Internet/Data; Satellite; Wireline;Service Provider; Network Operator; Equipment Supplier; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUEFALSETRUETRUETRUETRUEFALSETRUETRUE13-13-8951Public Safety, Government should implement and follow a recognized cybersecurity controls framework that includes evaluating where they fall along a given method�s maturity continuity, which cyber controls they have already implemented, and which are the highest priority to implement first.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8954Public Safety, Government should disallow personal use of official emergency services devices in untrusted networks (e.g., Starbucks), unless there are endpoint defenses in place.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8955Network Operators, Service Providers, Public Safety and Government should provide a well-architected, segmented network.Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUEFALSEFALSEFALSEFALSETRUETRUETRUEFALSEFALSETRUETRUE13-13-8956Network Operators, Public Safety and Government should conduct a periodic review of US-CERT, and similar security sites for up-to-date cybersecurity prevention tips.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8957Network Operators, Public Safety and Government should be prepared to initiate alternate treatment of 9-1-1 calls that meet specific criteria when requested to do so by Public Safety agencies that are experiencing a TDoS or other type of attack.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Network Operations; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8958Network Operators, Public Safety and Government should ensure that they have access to the phone number and direct contact information for the network operator�s personnel or division that is equipped to respond to Public Safety TDoS attacks.Cable; Wireline;Network Operator; Government; Public Safety;Cyber Security; Essential Services; Network Operations; Public Safety; Public Safety and Disaster;TRUETRUEFALSEFALSEFALSETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8959Public Safety, Government should log all available information associated with calls that are associated with a DDoS or TDoS attack and share that information with emergency communications centers, other PSAPs/Public Safety Agencies, government IT departments, and any related government agency with a vested interest in emergency communications continuity of operation.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Essential Services; Industry Cooperation; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8960Public Safety, Government should support configuration changes to isolate critical phone lines (incoming 9-1-1 calls for service) from administrative and other lines, taking into account hunt-groups, busy or no-answer rollover to other lines, rollover to other PSAPs, etc. to prevent an overload of non-critical lines from rolling-over to lines answered by 9-1-1 call-takers when experiencing a TDoS attack.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Essential Services; Network Design; Network Provisioning; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8961Public Safety, Government should limit the amount and type of information about the ECC that is shared publicly, e.g., administrative telephone numbers, number of staff, type of communication technology in use, etc.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Information Protection; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8962Public Safety, Government should have a well-designed mutual aid plan with neighboring agencies (PSAPs) to help mitigate a swatting attack.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Emergency Preparedness; Essential Services; Industry Cooperation; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8963Network Operators, Service Providers, Public Safety and Government should ensure laws or rules are in place along with service level agreements identifying requirements for service providers� cooperation in providing the location of cellular phones and other devices accessing 9-1-1 services to quickly assist with a swatting attack.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Essential Services; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUETRUE13-13-8964Public Safety, Government should work with the originating service provider and/or text control center in a swatting attack to assist with identifying or locating the orchestrators.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8965Network Operators, Service Providers, Public Safety and Government should continuously monitor IP traffic for scanning, phishing attacks, and other suspicious cyber activity.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUEThis is from the FCC website, attributed to the FTC. \"Scammers often use email \\\'phishing\\\' to hook unsuspecting fraud victims. Treat all unsolicited email and spam as suspicious: Do not open or reply. To avoid loading malicious software onto your computer or device, never click a link � even from a trusted source � unless you\\\'ve verified its authenticity. Be especially wary of emails asking for emergency funds or help from friends, family and colleagues. Their email accounts may have been hacked. Scammers will also pretend to be government agencies in scam emails.\"TRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUETRUE13-13-8966Public Safety, Government should have a keen attention to detail by well-trained staff to recognize spoofed or non-valid information to mitigate the impacts of cyber attacks on incoming 9-1-1 calls and calls received on administrative emergency lines.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Essential Services; Procedures; Public Safety; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8967Network Operators, Service Providers, Public Safety and Government should ensure that any 9-1-1 cyber architecture plan addresses a reliable fail over capability that includes elements of physical and logical diversity, redundancy, and resiliency.Cable; Internet/Data; Satellite; Wireless; Wireline;Service Provider; Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUETRUETRUEFALSEFALSETRUETRUE13-13-8968Public Safety, Government should provide common cyber practices for all interconnection paths, which may come from multiple service providers for resiliency sake.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8969Public Safety, Government should provide common cyber practices for all interconnection paths that support mutual aid/inter-local arrangements for overflow and failover to other ECCs.Cable; Internet/Data; Satellite; Wireless; Wireline;Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSEFALSEFALSEFALSETRUETRUE13-13-8970Network Operators, Public Safety and Government should ensure that staff is well trained, in reporting of security incidents, weaknesses and suspicious activity and are equipped with intrusion detection capability, response tools, and processes linking operations alarms with security alerts that would support rapid response and mitigation capability.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8971Network Operators, Public Safety and Government should monitor information flow and follow cyber requirements on handling of sensitive data.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE13-13-8972Network Operators, Public Safety and Government should consider restricting recursion and disabling the ability to send additional delegation information to help prevent DNS-based DoS attacks and cache poisoning.Cable; Internet/Data; Satellite; Wireless; Wireline;Network Operator; Government; Public Safety;Cyber Security; Public Safety and Disaster;TRUETRUETRUETRUETRUETRUEFALSETRUEFALSEFALSETRUETRUE