Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6. Systems Operation<br />
These Systems Operations Mandatory Baselines support the Enterprise Security <strong>Policy</strong> (ITEC<br />
7230 Rev 1), and the IT Security Self Assessment <strong>Policy</strong> (ITEC 7310).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
6. Systems Operation <br />
6.1. Assessment Operations<br />
6.1.1. Perform Security Assessment (7 sets) (3 sets)<br />
6.1.2. Perform Security Self Assessment (4 sets) (2 sets)<br />
6.2. Integrity Operations<br />
6.2.1. Monitor System Security Controls (3 sets) (1 sets)<br />
6.3. Maintenance Operations<br />
6.3.1. Plan for, and Provide Notice <strong>of</strong>, Security Operations (4 sets) (1 sets)<br />
6.3.2. Perform Patch and Vulnerability Management (5 sets) (3 sets)<br />
6.3.3. Securely Maintain Systems (2 sets) (2 sets)<br />
6.4. Maintain Records <br />
6.1. Assessment Operations<br />
The following are the Mandatory Baselines that support the Assessment Operations<br />
section <strong>of</strong> the Default Security Requirements:<br />
6.1.1. Perform Security Assessments<br />
No applicable Mandatory Baselines.<br />
6.1.2. Perform Security Self Assessment<br />
To ensure compliance with Kansas Policies and Procedures, all Agencies must<br />
perform a Security Self Assessment:<br />
6.1.2.a Security Assessment Scheduling and Frequency<br />
• Security self assessments must be performed on an annual<br />
basis.<br />
6.1.2.b Security Assessment Data Management<br />
• Security self assessment data must be treated as Very High<br />
risk and all systems that store such data must also be<br />
considered Very High risk. Both data and systems must be<br />
afforded appropriate protection based on this risk<br />
classification.<br />
• Self assessment reports must be retained for two years.<br />
6.2. Integrity Operations<br />
No applicable Mandatory Baselines.<br />
6.3. Maintenance Operations<br />
No applicable Mandatory Baselines.<br />
Mandatory Baselines<br />
Page 12 <strong>of</strong> 25