Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5.2. Systems Protection<br />
No applicable Non-Mandatory Baselines.<br />
o Very Low risk constitutes low likelihood and low<br />
impact. Risks <strong>of</strong> this nature do not need to be<br />
mitigated.<br />
• Mitigate risks that are determined to have a significant<br />
enough risk factor as to impact the implementation <strong>of</strong> the<br />
change.<br />
5.3. Data/Media Protection<br />
The following are the Non-Mandatory Baselines that support the Data/Media<br />
Protection section <strong>of</strong> the Default Security Requirements:<br />
5.3.1. Securely Handle Data and Media<br />
Agencies should protect data while it is in system, both in storage and use, as<br />
well as out <strong>of</strong> system in media, in both storage and transit:<br />
5.3.1.a Transmission Configuration<br />
• Where possible, encrypted tunnels should be used for all<br />
electronic data transmissions.<br />
• Where encrypted tunnels cannot be used for electronic data<br />
transmissions, data should be directly encrypted prior to<br />
transmission.<br />
• Message digest hashes should be created and supplied for all<br />
electronic data transmissions.<br />
5.3.1.b Data Input Validation<br />
• Data should only be input by those with appropriate accounts<br />
and account permissions.<br />
• Data should only be input according to established syntax<br />
parameters.<br />
• Inputted data should be checked for accuracy, authenticity,<br />
completeness and validity by the system.<br />
13