|
Will you be storing DuPont Confidential , Special Control or Regulartory data (as defined below) in your system?
Confidential
Information of high sensitivity because of its timeliness, possible financial impact, or personnel-related content that must only be shared with those with a “need to know.” This “need to know” is what differentiates this level of sensitivity from the Internal Use Only classification. Confidential information is intended only to be shared with a limited number of people, based upon their need to know. Disclosure of Confidential information to those without a “need to know” can negatively impact business operations, cause revenue losses, productivity losses or loss of credibility and consumer confidence. Examples
include proprietary financial and technical information, business objectives, planned advertising programs, personnel matters, labor contracts, proposed organization changes, and individual benefit plans.
Special Control
Information of the highest sensitivity which, if revealed, could cause irreparable harm to the Company, its image, or financial stability. Special Control information must only be shared with selected individuals with a “need to know.” This information is of such a high level of sensitivity that access to it must be strictly controlled. Examples include process information, the loss of which would result in significant impact to the Corporation’s earnings, research which has been identified to have significant future impact to the Corporation’s earnings, unreleased earnings reports, sales forecasts, and business strategies and tactics, including information related to some unannounced mergers, acquisitions and divestitures. Note that Special Control information may be comprised of pieces of information which, by themselves, may be classified at a lower level.
Regulartory (PII, HIPPA, SOX, ITAR, EAR/Export Control)
Regulatory includes data that is applicable to or requiring additional protections / handling associated with any regulation, government requirement, or to obtain or maintain regulatory approval. Examples include export controlled information, ITAR data, Privacy requirements, etc. Note that regulatory data often requires special handling and protections. |
Yes |
1.00 |
1 |
Yes |
|
Have you identified all devices that store or have access to DuPont data? |
Yes |
|
2 |
Yes |
|
Which data encryption do you employ for DuPont data at rest? |
TrueCrypt |
|
3 |
TrueCrypt |
|
What is the strength of the cipher used? |
|
|
4 |
|
|
What is the strength of the cipher used? |
|
|
4 |
|
|
System and Information Integrity - Question 2c - Data Encryption: You specified Other. Please provide details. |
|
|
5 |
|
|
System and Information Integrity - Question 2c - Data Encryption: You specified Other. Please provide details. |
|
|
5 |
|
|
Is DuPont data encrypted in transit? |
Yes |
|
6 |
Yes |
|
Which protocal is used to encrypt data in transit? |
test protocol |
|
7 |
test protocol |
|
Which protocal is used to encrypt data in transit? |
|
|
7 |
|
|
If the contractual arrangement between your organization and DuPont were to end, do you have a process to ensure DuPont's data is appropriately returned or destroyed? |
|
|
8 |
|
|
If the contractual arrangement between your organization and DuPont were to end, do you have a process to ensure DuPont's data is appropriately returned or destroyed? |
|
|
8 |
|
|
If the contractual arrangement between your organization and DuPont were to end, do you have a process to ensure DuPont's data is appropriately returned or destroyed? |
No |
|
8 |
No |
|
If the contractual arrangement between your organization and DuPont were to end, do you have a process to ensure DuPont's data is appropriately returned or destroyed? |
|
|
8 |
|
|
Is removable media disabled on the device on which DuPont data is stored? |
|
|
9 |
|
|
How often are your employees trained in appropriate IT security practices? |
Annually |
5.00 |
10 |
Annually |
|
Do you use role-based access controls? |
Yes |
1.00 |
11 |
Yes |
|
Do you employ the principle of Least Privilege? |
Yes |
1.00 |
12 |
Yes |
|
Do privileged passwords that access Dupont data use a Privileged Password Management (PPM) tool, one-time passcode (OTP), or multi-factor authentication (MFA)? |
|
|
13 |
|
|
Do users and administrators have unique IDs? |
Yes |
1.00 |
14 |
Yes |
|
Are shared accounts, functional accounts or generic accounts used on systems storing DuPont data? |
|
|
15 |
|
|
How complex are your end-user passwords required to be on the systems that store DuPont data? Check all that apply. |
|
|
16 |
|
|
How complex are your administrator passwords required to be on the systems that store DuPont data? Check all that apply. |
|
|
17 |
|
|
Are failed login attempts configured on systems that store DuPont data? |
|
|
18 |
|
|
Are passwords required to be unique (not re-used) for at least 10 password changes on systems that store DuPont data? |
|
|
19 |
|
|
Does password aging restrict a password that was just changed from being changed again on systems storing DuPont data? |
|
|
20 |
|
|
Are end-user passwords required to be changed at least annually on systems storing DuPont data? |
|
|
21 |
|
|
Are administrator passwords required to be changed at least monthly on systems storing DuPont data? |
|
|
22 |
|
|
Do systems storing DuPont data and laptops/desktops automatically time-out (screensaver lock) after a period of inactivity? |
|
|
23 |
|
|
If an employee/contractor changes roles and no longer requires access to DuPont data, is there a process to modify their access in a timely manner? |
|
|
24 |
|
|
Is remote maintenance allowed on the systems which DuPont data is stored? |
|
|
25 |
|
| TOT |
|
|
9.00 |
|
|
| AVG |
|
|
0.29 |
|
|
Multiple values found. 
Profile
Sign up now
Manage 
Sign out