Objective: The objective of technical checks is the detection of states which can jeopardize the availability, confidentiality or integrity of IT systems and services.
Requirements (must): Requirements for auditing IT systems or services are determined.
The scope of the system audit is specified in a timely manner.
System or service audits are coordinated with the operator and users of the IT systems or services.
The results of system or service audits are stored in a traceable manner and reported to the relevant management.
Measures are derived from the results.
Requirements (should): System and service audits are planned taking into account any security risks they might cause (e.g. disturbances).
Regular system or service audits are performed
- carried out by qualified personnel
- suitable tools (e.g. vulnerability scanners) are used for system and service audits (if applicable)
- performed from the internet and the internal network
Within a reasonable period following completion of the audit, a report is prepared.