Policy 7230A - Department of Administration
Policy 7230A - Department of Administration Policy 7230A - Department of Administration
State of Kansas Security Requirements Document State of Kansas January 11, 2010
Table of Contents Introduction ................................................................................................. 1 1 Governing Principles ............................................................................... 2 1.1 Security Policy Overview ............................................................................ 2 1.2 Roles and Responsibilities .......................................................................... 3 1.3 Policy Revision ............................................................................................ 6 2 Assessment & Security Planning ............................................................. 7 2.1 Risk and Privacy Assessment ...................................................................... 7 2.2 Security Plan ............................................................................................... 8 3 Awareness & Training ............................................................................. 9 3.1 Security Awareness Training ...................................................................... 9 3.2 Security Operations Training .................................................................... 10 4 Access Control ...................................................................................... 11 4.1 Identification & Authentication ............................................................... 11 4.2 Account Management .............................................................................. 12 4.3 Session Management ............................................................................... 13 5 Systems Configuration .......................................................................... 15 5.1 Configuration Management ..................................................................... 15 5.2 Systems Protection .................................................................................. 17 5.3 Data/Media Protection ............................................................................ 18 5.4 Application Protection ............................................................................. 20 6 Systems Operation ................................................................................ 21 6.1 Assessment Operations ............................................................................ 21 6.2 Integrity Operations ................................................................................. 21 6.3 Maintenance Operations ......................................................................... 22 7 System Audit ......................................................................................... 24 7.1 System Audit ............................................................................................ 24 8 Incident Response ................................................................................. 26 8.1 Incident Response .................................................................................... 26 9 Contingency Planning ........................................................................... 28 9.1 Contingency Plans .................................................................................... 28
- Page 1: State of Kansas Kansas Information
- Page 5 and 6: Introduction This Security Requirem
- Page 7 and 8: • It will ensure that privileged
- Page 9 and 10: G. Security Administrators Security
- Page 11 and 12: 2 Assessment & Security Planning Se
- Page 13 and 14: 3 Awareness & Training Section 3.1
- Page 15 and 16: 4 Access Control Sections 4.1, 4.2,
- Page 17 and 18: potential exists that legitimate us
- Page 19 and 20: 5 Systems Configuration Sections 5.
- Page 21 and 22: Collaborative computing infrastruct
- Page 23 and 24: Where data requires encryption, tha
- Page 25 and 26: 6 Systems Operation Sections 6.1, 6
- Page 27 and 28: Only pre-approved maintenance tools
- Page 29 and 30: ecorded logs. In the event of other
- Page 31 and 32: event that an incident occurs, the
- Page 33 and 34: 9.2 Contingency Infrastructure The
- Page 35 and 36: 10 Physical Security Sections 10.1
- Page 37 and 38: automatically shall notify appropri
- Page 39 and 40: copy of the signed document will be
- Page 41 and 42: 12 Secure Purchasing/Acquisition Se
- Page 43 and 44: CA-1 Certification, Accreditation,
- Page 45 and 46: PE-18 Location of Information Syste
- Page 47 and 48: Appendix B - Matrix of Responsibili
- Page 49 and 50: Part 2 - Non-IT Roles (See Page 3 f
- Page 51 and 52: Appendix C - Supporting Document Cr
State <strong>of</strong> Kansas<br />
Security Requirements Document<br />
State <strong>of</strong> Kansas<br />
January 11, 2010