INFRA-12 VPN

What is INFRA-12 VPN Control?

A VPN (Virtual Private Network) establishes a protected network connection when using public networks. The VPN connection disguises the data traffic online and protects it from external access. Anyone who has network access can view unencrypted data. With a VPN, hackers and cybercriminals can’t decipher this data.

This control is not required due to cloud computing; remote workers access public cloud resources directly from the internet. Typically, the cloud environment handles all authentication and authorization.

Therefore, if this control is not applicable to your environment, it can be removed from your program.

However, if your organization has enabled a separate network, such as a DMZ, or allows remote desktop capabilities, this control can be customized to test these.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t personally used them.

VPN Tools:

OpenVPN

NordVPN

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

• N/A: No template recommendation is made for this control

Control implementation

To implement this control,

1. Install and implement a VPN connection in your organization.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Upload the VPN settings showing the connection.

Evidence example

For the suggested action, an example is provided below:

1. Upload the VPN settings showing the connection.
   The following screenshot shows the configuration of VPN settings.
   Google search