AT&T Information & Network Security Customer
Reference Guide
March 2023 v7.4
© 2023 AT&T Intellectual Property. All rights reserved. AT&T and the Globe logo are registered trademarks of AT&T Intellectual Property.
programs, involvement in standards organizations, tracking of industry developments, and
evaluation of new security technologies and products. New tools and systems are regularly
evaluated and deployed as necessary. New security architectures, taking advantage of the
latest advances in virtualization, artificial intelligence, and networking, are designed and
implemented to protect the mobility-and-cloud-based enterprise in the era of large scale,
sophisticated attacks.
32 Customer Security Responsibilities
AT&T Customers are responsible for establishing and implementing appropriate technical and
organizational policies and procedures to safeguard its data and sensitive information against
unauthorized access or use, and
any connection to the AT&T Global Network from loss,
disclosure, unauthorized access, or service
disruption. The Customer is expected to promptly
notify AT&T of any actual or suspected s ecurity
incidents or vulnerabilities relating to AT&T
services of which the Customer becomes aware.
Customer programs should address, at a minimum, physical, and logical security, and
confidentiality
of data. The Customer should designate a member of its management team
to be the owner of its
security policy and program. The Customer's security obligations
include, but are not limited to:
• Responsibility for protecting the Customer's confidential information from disclosure.
• Responsibility for the management of Customer data, content and transaction
information
stored on or transmitted over the AT&T Global Network, e.g., backup and
restoration of
data, erasing data from disk space that the Customer controls.
• Responsibility for the selection and use of appropriate services, security features, and
options to meet the Customer's business and security requirements, such as
encryption to
protect privacy of personal information.
• Responsibility for developing and maintaining appropriate management and security
procedures, such as, physical, and logical access controls and processes, (e.g.,
application
logon security, including unique user identifications and
passwords/pins/tokens complying
with prudent security policies) on any Customer
provisioned and managed networked
devices and systems.
• For "Client Managed" Customers who retain administrative control of their
environment or
portions thereof, sole responsibility for their own patch management,