
150 ■ Case 5 SRA International, Inc.
T
ABLE 5-6 Assessment Questions
(continued)
16.1.8 If encryption is used, are there procedures for
key generation, distribution, storage, use,
destruction, and archiving?
16.1.9 Is access restricted to files at the logical view or field?
16.1.10 Is access monitored to identify apparent security
violations and are such events investigated?
16.2. Are there logical controls over network access?
16.2.1 Has communication software been implemented
to restrict access through specific terminals?
16.2.2 Are insecure protocols (e.g., UDP, ftp) disabled?
16.2.3 Have all vendor-supplied default security parame-
ters been reinitialized ...