Network Security

Is there a DMZ environment within the network that transmits, processes or stores Scoped Systems and Data?

DMZs are employed within our networks. Our firewalls provide logical separations between critical and less sensitive systems and isolate them into segments.

Is there an approval process prior to installing a network device?

QR Planet's network engineers and its management review the necessity and need to approve the installation of all new network devices by authorized personell.

Are encrypted communications required for all remote network connections from external networks to networks containing Scoped Systems and Data?

Any system access by remote sources, regardless of Scoped Systems and Data, needs to be encrypted, as required by our policy handling remote access.

Do the firewalls have any rules that permit 'any' network, sub network, host, protocol or port on any of the firewalls (internal or external)?

No. All allowed Network traffic and ports are clearly defined and limited in their use. QR Planet's firewalls have no rules permitting 'any' network or port.

Do network devices deny all access by default?

Yes. As required, all access attempts to QR Planet's network devices are denied by default and only permitted if necessary and explicitly allowed.

Is every connection to an external network terminated at a firewall (e.g., the Internet, partner networks)?

Any connection to an external network terminates at a firewall, as required by our Network Security Policy. All traffic is filtered and monitored, IDPS in use.

Are critical and sensitive systems secured through appropriate network technologies?

QR Planet's firewalls provide logical separations between critical and less sensitive systems and isolate them into network segments.

Are all available high-risk security patches applied and verified on network devices?

Is there sufficient detail contained in network device logs to support incident investigation?

In accordance to our Network Security Policy, logs are retained for as long and in such detail as indicated by all relevant compliance requirements.

Are default passwords changed or disabled prior to placing network devices into production?

Only custom passwords according to our comprehensive password policy are used in our systems and devices. No vendor default passwords are ever used.

Are all network device administrative interfaces configured to require authentication and encryption?

QR Planet's network devices' administrative interfaces all require authentication and encryption in accordance to our Network Security Policy and all rules.

Are there security and hardening standards for network devices, including Firewalls, Switches, Routers and Wireless Access Points?

QR Planet's Network Security Policy is in accordance with current security standards. All our network devices deny all access by default and are up to date.

Is remote administration of organizational assets performed in a manner that prevents unauthorized access?

All possible remote administration of organizational assets is done by pre-approved parties with restricted access as befits their role (RBAC) and requirement.

Are encrypted communications required for all remote system access?

Yes. Any system access by remote sources needs to be encrypted, as required by our policy handling remote access and our Network Security Policy.

Are Baseboard Management Controllers (BMCs) enabled on any servers or other devices?

Yes. The default passwords have been changed on all BMCs, and they are configured on network address ranges reserved specifically for BMCs and no other devices.

Are Network Intrusion Detection Systems (NIDS) employed?

We employ NIDS to monitor and analyze traffic for signs of malicious activities or security policy violations as crucial components of our cybersecurity.

Are wireless networking devices connected to networks containing Scoped Systems and Data?

Yes, wireless networking devices are connected to our networks in accordance to our wireless policy, the GDPR (https://qrplanet.com/gdpr) and our Privacy Policy

Is there a policy that defines the requirements for remote access from external networks to networks containing Scoped Systems and Data?

QR Planet's remote access policy includes Multi-Factor Authentication, VPN Access, complex and encrypted passwords, and the monitoring of remote access.

Is there a policy that defines network security requirements?

QR Planet's network security policy has been approved by management and was communicated to all appropriate constituents. An owner has been assigned.

Is a Wireless Policy in place?

QR Planet's wireless policy has been approved by management and was communicated to all appropriate constituents. An owner has been assigned.