All facilities should be secured using security measures including access cards, physical keys.

Where applicable, a log register should be maintained to keep a track of any person who is visiting the facility/data center.

Physical or Logical Infrastructure should be secured through different security measures. Servers, Routers, Storage elements, and other Network Elements should be placed in a secure location.

Only authorized personnel should be allowed to access these devices physically.

Proper approval should be requested as part of Change Management or Incident Management if there is a need to visit a particular location.

All application components should be secured using Firewalls, ACLs, and User Credentials, and Keys to ensure authorized access.

Different applications should only be allowed to communicate over specific ports.

Direct traffic flow for ports is also important and where necessary only unidirectional ports should be used.

There should be a mechanism to block or shut both physical and logical application ports/sockets whenever any abnormal surge of traffic is observed.

Respective Application, Platform, Database, and other End-point monitoring tools should be deployed.

No data should be transmitted over insecure or unprotected media. Respective path level security including SSH, TLS, and respective Certificates and Tokens must be used to ensure data privacy and avoid any kind of data sniffing.

Only authorized personnel and applications should have the access to Databases, Backup Files, and Reports. All-access to any physical or digital assets should be in line with Access Management Policies.

Applications communicate with each other to deliver value, it should be ensured that the communication network between applications, their components, users are secure and enough measures are taken to protect them. These may include but not limited to firewalls, VPNs (Virtual Private Network), and ACLs (Access Control Lists).