1.1.5 Description of groups, roles, and
responsibilities for management of
1.1.5.a Verify that firewall and router configuration standards
include a description of groups, roles, and responsibilities for
management of network components.
1.1.5.b Interview personnel responsible for management of
network components to confirm that roles and responsibilities
are assigned as documented.
This description of roles and assignment of
responsibilities ensures that personnel are aware
of who is responsible for the security of all
network components, and that those assigned to
manage components are aware of their
responsibilities. If roles and responsibilities are not
formally assigned, devices could be left unmanaged.