ISO/IEC 27001 Control 8.20: Networks security

Networks and network devices should be secured, managed and controlled to protect information in systems and applications.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

MidPoint provides important capabilities for management of access to network devices.

Role-based access control (RBAC) capabilities are essential for management of access to network devices, which is mostly privileged access. RBAC can be used to define roles are responsibilities for network security, coupled with appropriate privileges. This can be combined with organizational structure, policy rules and information classification, e.g. allowing access to network administration only to selected organizational units or users with proper clearance. Segregation of duties (SoD) mechanism can be used to avoid accumulation of super-critical access privileges to a single user. MidPoint audit trail records all changes in privileges, including changes in access to administration of network devices. Moreover, midPoint can provide supporting information for network security management, such as classification of applications and assets. Management of non-human identities (NHI) can be used to manage authentication of systems and applications on network.

While network security is a broad area and midPoint can cover only a small part of it, it is an essential part. Such as management of access to network device administration and management of network security roles and responsibilities.