I have asked the auditor to clarify the deficiency and provide supporting regulations or standards but have not heard anything back yet. If whatever is plugged in is actively attacking things, or encrypting the place where you have your spreadsheet, then I can see how a physical label would be superior. The one thing a physical label will do for you is reduce the time it takes since you won't have to go find the spreadsheet. As long as you know where that patch goes (like in a spreadsheet) you can then find the physical device. Generally, if you're monitoring for unauthorized devices, you have to see it electronically (like by IP or MAC address) then determine what port it's on in a managed switch, and trace the wire to the patch panel. While I won't argue that labeling things is helpful, I don't understand what audit criteria it addresses.įor example, if it's a security thing, the label itself will not prevent someone from plugging anything in nor will a physical label increase your ability to detect the issue or remedy the situation. What kind of audit was this? We do SOC 2, and the auditors never seemed the least bit interested in labeling on our patch panels, or even if we had records in a spreadsheet as you do.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |