Specifications include, but are not limited to: Backup and Recovery Strategy Review shall include: Backup schedule and recovery mechanisms Cloud services resiliency planning Redundancy in site links and hardware Business Continuity and Disaster Recovery Planning Network Segmentation Review shall include: Segmentation of Private wired and wireless networks at site level (Access Layer) Segmentation of Private networks between sites (Distribution Layer) Segmentation of Private networks within the datacenter and sites (Core Layer) Protection of private networks and systems with Internet facing access Authentication and Access Review shall include: Active Directory Structure, Permissions and Logging Multi-factor authentication methods Password management including complexity and reuse Centralized Log Aggregation Review shall include: Prioritization of systems for centralized logging Datacenter virtualization and segmentation practices shall include: Server hardening prioritization with CIS Controls Patch and vulnerability management Endpoint Protection Strategy shall include: Desktop, Laptops (Windows and Mac), mobile devices Threat mitigation strategies for devices on and off site Hosted desktops strategy Patch and vulnerability management
