Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5 Systems Configuration<br />
Sections 5.1, 5.2, 5.3 and 5.4 constitute the State <strong>of</strong> Kansas’ System Configuration <strong>Policy</strong>.<br />
This policy is accompanied by defined System Configuration Mandatory and Non-<br />
Mandatory Procedures and Baselines that are distributed in a companion document.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
5. Systems Configuration <br />
5.1. Configuration Management<br />
5.1.1. Build and Maintain a Systems Inventory (3 sets) (4 sets)<br />
5.1.2. Perform Systems and Data Classification (5 sets) (2 sets)<br />
5.1.3. Follow Process by Change Control (6 sets) (2 sets)<br />
5.2. Systems Protection<br />
5.2.1. Create and Maintain Security Infrastructure (3 sets) (2 sets)<br />
5.3. Data/Media Protection<br />
5.3.1. Securely Handle Data and Media (2 sets) (3 sets) (5 sets) (2 sets)<br />
5.4. Application Protection<br />
5.4.1. Apply Security Principles to Code Development (4 sets) (4 sets)<br />
5.1 Configuration Management<br />
The State <strong>of</strong> Kansas requires that all information systems and all components <strong>of</strong><br />
information systems be configured according to pre-defined, standardized<br />
configuration settings.<br />
Standardized configuration settings allow information systems and information<br />
system components to be consistently deployed in an efficient and secure manner.<br />
Without standardized configuration settings the potential exists that information<br />
systems or information system components may be deployed that fail to meet the<br />
security requirements <strong>of</strong> the State themselves or compromise the security<br />
requirements <strong>of</strong> other information systems with which they interconnect.<br />
A. System Configuration<br />
A standardized configuration will be established and maintained for all information<br />
systems and for all information system components. These baselines will indicate<br />
the specifications <strong>of</strong> information system component elements (hardware,<br />
firmware, s<strong>of</strong>tware), their relationship as well as the relationship <strong>of</strong> information<br />
system components, and their ownership. These baselines will be constructed<br />
such that information systems provide only essential capabilities. To achieve this,<br />
information systems must be configured for a singular purpose where possible.<br />
These baselines will be reviewed and where necessary, updated on an at least<br />
annual basis.<br />
Information systems will be configured according to these standards for the<br />
purpose <strong>of</strong> protecting the integrity and availability <strong>of</strong> information and applications.<br />
15