ISO/IEC 27001 Control 8.21: Security of network services

Security mechanisms, service levels and service requirements of network services should be identified, implemented and monitored.

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

MidPoint can manage access to administration privileges of network services.

Role-based access control (RBAC) capabilities are essential for management of access to network services, which is mostly privileged access. This includes access to management of DNS domain, access to networking tools provided by Internet services providers, and other related tools. E.g. midPoint can make sure the access to DNS domain administration is re-assigned to another person when the original DNS administrator leaves the organization. This can be combined with organizational structure, policy rules and information classification, e.g. allowing access to network service administration only to selected organizational units or users with proper clearance. Segregation of duties (SoD) mechanism can be used to avoid accumulation of super-critical access privileges to a single user. MidPoint audit trail records all changes in privileges, including changes in access to administration of network services. MidPoint can be used to manage access to virtual private networks (VPNs), e.g. provide access to VPN only to administrators that need it as a part of their job. Concept of "service" can be used to maintain an inventory of network services. Approval process and role-based access control can be used to implement authorization procedures for determining who is allowed to access which networks and networked services.

Security of network services is mostly out of the control of midPoint. However, midPoint can provide essential mechanisms for management of access to administration of network services.