Verizon Cybertrust Security Certification Verification> Certification Meaning> Assessments

Assessments

The Verizon Cybertrust Security Enterprise Certification addresses 31 policy categories that affect all critical control groups within an organization.

To achieve Verizon Cybertrust Security Enterprise Certification, a company must demonstrate that it meets the established information security requirements set out in the Verizon Cybertrust Security Certification program around each policy and control group. The organization must also undergo periodic assessments (outlined below) to verify that they maintain their Verizon Cybertrust Security Certified Enterprise status.

All other Verizon Cybertrust Security certifications (Perimeter, Business, Application) and the Verizon Cybertrust Security Secured Site Program address select controls within the 31 policy categories, and are subject to assessments that are critical to the individual certification program.

Assessment Frequency Benefits
Policy Review Annually Evaluates the documentation and inspects the contents of key security policies.
Process and Procedure Validation Annually Evaluates the implementation of key policies and supporting processes and procedures.
Physical Inspection Annually Evaluates the implementation of security controls in the physical environment surrounding critical network infrastructure including doors, HVAC, entry logs, power redundancy, etc.
External Risk Assessments Quarterly Identifies possible risk areas in an organization's external network infrastructure and assesses its consistency with key controls.
Internal Risk Assessments Bi-annually Identifies possible risk areas in an organization's DMZ and LAN network infrastructure and assesses its consistency with key controls.
E-Mail Filter Check Tests Bi-annually Evaluates the effectiveness of an organization's perimeter gateway and desktop defenses.
Desktop Risk Assessments Bi-annually Examines desktop computers for consistency with required security controls such as the use of antivirus software and password protected screen-savers.
War Dials Assessments Bi-annually Validates whether fax machines and modems are identifiable and penetrable.
Wireless Assessments Bi-annually Evaluates whether wireless access points can be attributed by name and have been encryption enabled.

Learn More About Certifications: