Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
5. Systems Configuration<br />
These Systems Configuration Non-Mandatory Procedures support the Enterprise Security<br />
<strong>Policy</strong> (ITEC 7230 Rev 1), the Network Security Architecture <strong>Policy</strong> (ITEC 4210), and the<br />
Enterprise Media Sanitization <strong>Policy</strong> (ITEC 7900).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
5. Systems Configuration <br />
5.1. Configuration Management<br />
5.1.1. Build and Maintain a Systems Inventory (3 sets) (4 sets)<br />
5.1.2. Perform Systems and Data Classification (5 sets) (2 sets)<br />
5.1.3. Follow Process by Change Control (6 sets) (2 sets)<br />
5.2. Systems Protection<br />
5.2.1. Create and Maintain Security Infrastructure (3 sets) (2 sets)<br />
5.3. Data/Media Protection<br />
5.3.1. Securely Handle Data and Media (2 sets) (3 sets) (5 sets) (2 sets)<br />
5.4. Application Protection<br />
5.4.1. Apply Security Principles to Code Development (4 sets) (4 sets)<br />
5.5. Maintain Records <br />
5.1. Configuration Management<br />
The following are the Non-Mandatory Procedures that support the Configuration<br />
Management section <strong>of</strong> the Default Security Requirements:<br />
5.1.1. Build and Maintain a Systems Inventory<br />
Agencies should create a complete list <strong>of</strong> all systems as well as components<br />
that comprise those systems. Ensure configuration specifications are included:<br />
5.1.1.1 Inventory all Information Systems and Components<br />
Systems inventories allow the organization to keep accurate track <strong>of</strong><br />
the systems and system components. Such information is essential to<br />
ensuring that such components are appropriately protected:<br />
• Create an inventory that is keyed by system.<br />
• Catalogue specifications <strong>of</strong> all systems and system<br />
components.<br />
• Catalogue configurations <strong>of</strong> all systems and system<br />
component s<strong>of</strong>tware.<br />
5.1.1.2 Collect System and Component Documentation<br />
System documentation is essential to providing on-going support in<br />
lieu <strong>of</strong> relying on personnel:<br />
• For each system and system component, collect a complete<br />
set <strong>of</strong> documentation, where possible in electronic format:<br />
12