@@ -381,9 +381,17 @@ An enterprise server room or data centre will have some physical access controls
A cloud service provider will have strong physical security measures in place, but the servers hosting the PKI software will not be physically separated from other infrastructure.
#### 4.2.4.3 Network security
The enterprise will implement security controls such as firewalls on the edge of their network and deploy malware detection and removal software on their infrastructure.
The enterprise will implement security controls such as firewalls on the edge of their network.
The enterprise will implement internal network access controls that limit access to systems hosting the PKI software to authorised users.
The enterprise will deploy malware detection and removal software on their systems.
### 4.2.5 User description
The enterprise will employ competent system administrators to install, configure and manage the software.
However, system operators may have limited experience running critical component services and have have only received basic training in cybersecurity or data protection.
