Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5. Systems Configuration<br />
These Systems Configuration Non-Mandatory Baselines support the Enterprise Security<br />
<strong>Policy</strong> (ITEC 7230 Rev 1), the Network Security Architecture <strong>Policy</strong> (ITEC 4210), and the<br />
Enterprise Media Sanitization <strong>Policy</strong> (ITEC 7900).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
5. Systems Configuration <br />
5.1. Configuration Management<br />
5.1.1. Build and Maintain a Systems Inventory (3 sets) (4 sets)<br />
5.1.2. Perform Systems and Data Classification (5 sets) (2 sets)<br />
5.1.3. Follow Process by Change Control (6 sets) (2 sets)<br />
5.2. Systems Protection<br />
5.2.1. Create and Maintain Security Infrastructure (3 sets) (2 sets)<br />
5.3. Data/Media Protection<br />
5.3.1. Securely Handle Data and Media (2 sets) (3 sets) (5 sets) (2 sets)<br />
5.4. Application Protection<br />
5.4.1. Apply Security Principles to Code Development (4 sets) (4 sets)<br />
5.5. Maintain Records <br />
5.1. Configuration Management<br />
The following are the Non-Mandatory Baselines that support the Configuration<br />
Management section <strong>of</strong> the Default Security Requirements:<br />
5.1.1. Build and Maintain a Systems Inventory<br />
Agencies should create a complete list <strong>of</strong> all systems as well as components<br />
that comprise those systems. Ensure configuration specifications are included:<br />
5.1.1.a System and Component Specifications<br />
• Inventories should include the following specification<br />
information:<br />
o All components that form the system.<br />
o Physical specifications for all components.<br />
o Data that is stored in or used by the system.<br />
o System and data owners.<br />
o Physical location <strong>of</strong> all system components.<br />
o Indicators if components belong to multiple systems.<br />
5.1.1.b System and Component Configurations<br />
• Inventories should include the following configuration<br />
information:<br />
o S<strong>of</strong>tware (operating system and application) version.<br />
o S<strong>of</strong>tware (operating system and application) patch<br />
level.<br />
o Accounts.<br />
o Permissions <strong>of</strong> each account.<br />
10