Articles

Do you have DMZ environments within networks handling Scoped Systems and Data?

DMZs are employed within our networks. Our firewalls provide logical separations between critical and less sensitive systems and isolate them into segments.

Last update 1 week ago

Do you employ an approval process prior to installing a network device?

QR Planet's network engineers and its management review the necessity and need to approve the installation of all new network devices by authorized personell.

Last update 2 weeks ago

Do you require communications to be encrypted for all remote connections from external networks to ones containing Scoped Systems and Data?

Yes. Any network access by remote sources, whether the target network contains Scoped Systems and Data or not, needs to be encrypted.

Last update 1 week ago

Do you employ rules that permit 'any' network, sub network, host, protocol or port on any of your firewalls (internal or external)?

No. All allowed Network traffic and ports are clearly defined and limited in their use. QR Planet's firewalls have no rules permitting 'any' network or port.

Last update 2 weeks ago

Do your network devices deny all access by default?

Yes. As required, all access attempts to QR Planet's network devices are denied by default and only permitted if necessary and explicitly allowed.

Last update 1 week ago

Do all connections to external networks terminate at a firewall?

Any connection to an external network terminates at a firewall, as required by our Network Security Policy. All traffic is filtered and monitored, IDPS in use.

Last update 2 weeks ago

Do you secure critical and sensitive systems through appropriate network technologies?

QR Planet's firewalls provide logical separations between critical and less sensitive systems and isolate them into network segments.

Last update 2 weeks ago

Do you apply and verify all available high-risk security patches on your network devices?

Yes. QR Planet's network devices are kept up to date and secured. High-risk security patches are applied as soon as they are available.

Last update 1 week ago

Do your network device logs proviode sufficient detail to support incident investigations?

Yes. In accordance with our Network Security Policy, logs are retained for as long and in such detail as indicated by all relevant compliance requirements.

Last update 1 week ago

Do you change or disable default passwords prior to placing network devices into production?

Only custom passwords according to our comprehensive password policy are used in our systems and devices. No vendor default passwords are ever used.

Last update 1 week ago

Do all your network device administrative interfaces require authentication and encryption?

Yes. QR Planet's network devices' administrative interfaces all require authentication and encryption in accordance to our Network Security Policy and all rules.

Last update 1 week ago

Do you employ security and hardening standards for network devices?

QR Planet's Network Security Policy is in accordance with current security standards. All our network devices deny all access by default and are up to date.

Last update 2 weeks ago

Do you perform remote administration tasks of organizational assets in a manner preventing any unauthorized access?

All possible remote administration of organizational assets is done by pre-approved parties with restricted access as befits their role (RBAC) and requirement.

Last update 1 week ago

Do your require encrypted communications for all remote system access?

Yes. Any system access by remote sources needs to be encrypted, as required by our Remote Access and our Network Security Policies.

Last update 1 week ago

Do you use Baseboard Management Controllers (BMCs) on servers or other devices?

Yes. The default passwords have been changed on all BMCs, and they are configured on network address ranges reserved specifically for BMCs and no other devices.

Last update 2 weeks ago

Do you employ Network Intrusion Detection Systems (NIDS)?

We employ NIDS to monitor and analyze traffic for signs of malicious activities or security policy violations as crucial components of our cybersecurity.

Last update 2 weeks ago

Do you allow connections of wireless networking devices to networks containing Scoped Systems and Data?

Yes. Wireless networking devices may be connected to QR Planet's networks in accordance with all relevant internal policies and common best practices.

Last update 1 week ago

Do you have a Remote Access Policy in place?

QR Planet's remote access policy includes Multi-Factor Authentication, VPN Access, complex and encrypted passwords, and the monitoring of remote access.

Last update 2 weeks ago

Do you have a Network Security Policy in place?

QR Planet's network security policy has been approved by management and was communicated to all appropriate constituents. An owner has been assigned.

Last update 2 weeks ago

Do you have a Wireless Policy in place?

QR Planet's wireless policy has been approved by management and was communicated to all appropriate constituents. An owner has been assigned.

Last update 1 week ago