Network Design
-
NICE uses segmented networks for CXone to protect business unit
High-level organizational grouping used to manage technical support, billing, and global settings for your CXone environment-facing applications with secure DMZs. In the case of AWS, applications are protected with security groups and rules. -
Voice services are segmented into a separate internal production network.
-
CXone production, lab, and corporate networks are separated from each other physically, logically, and by security permissions.
-
Virus and malware protection software is installed on all:
-
Corporate servers
-
Lab servers
-
Production servers
-
Desktops
-
-
Amazon maintains VPCs, virtual networks, and subnets with security groups and ACLs.
-
Regular, timely patch management is performed.
-
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are continuously monitoring the CXone threat surface.
Boundary and Connectivity Protection Devices
Firewalls
NICE uses firewalls to protect internal networks from unauthorized access by examining all network traffic.
Ports and Protocols
NICE has many policies on acquiring commercial-off-the-shelf (COTS) system components and information system services. For the components and services implemented within CXone, developers must identify the following:
-
Ports
-
Protocols
-
Functions
-
Other required services
There may be some cases where it is not possible for the developer to provide this information. In these cases, the information is extracted for available documentation. Compensating controls, like system isolation, are also employed.
All external systems that process or store federal information must include identification of:
-
Ports
-
Protocols
-
Functions
-
Other required services
Identification is part of the security approval for the acquisition or use of these systems.
NICE requires developers to identify:
-
Information systems
-
Components
-
Services
They must do so early in the system development life cycle.