by Lori Kleckner
We are deviating from our series (slightly) to highlight the recently published Next Generation Security (NG-SEC) Audit Checklist. The Audit Checklist is designed as a companion to the NG-SEC Standard and utilized as a means to conduct a NG-SEC audit. The checklist is a reflection of the requirements and best practice provided in the NG-SEC Standard.
The audit is in the format of questions to ask, 396 questions to ask. Each question is comprised of:
- Question number
- NG-SEC Standard - Reference to the NG-SEC Standard section pertaining to the question
- Audit Area - The question to ask
- Compliance Type - Indicates if the audit area is a requirement or a best practice
- Compliance Finding - Recorded as Comply, Does not comply, or Not Applicable
- Comment - Provided for comments to support or clarify findings if needed
Although this establishes a sound method for conducting an audit, it should be understood that this is intended for a person well versed in security and the NG-SEC Standard. It is highly technical. For PSAPs without specialized security personal, it is recommended that a third-party be engaged to conduct the audit. In either case of a self-audit or a third-part audit, the NG-SEC Audit Checklist is the form that should be utilized.
Consider an Assessment
If the thought of an audit is too daunting, consider an assessment. The NG-SEC checklist can also be used as a tool to provide insight for where you are today, and what should be put in place before your ESInet is built. This will demonstrate the areas that should be focused on to provide a safe and secure network.
The NG-SEC Audit Checklist is located at: http://www.nena.org/?page=NGSecurityChecklist
The NG-SEC Standard is located at http://www.nena.org/general/custom.asp?page=NG911_Security
Next month we will return to highlighting sections of the NG-SEC standard. Our topic will discuss Change Control and Documentation. The blogs are intended to provide insight and assistance with understanding NG-SEC and providing awareness of areas that are commonly found to be non-compliant during assessments.