Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
When information system media is transported it shall be done so in a secure<br />
manner and only by personnel specifically authorized to do so. Further all such<br />
transportation shall be documented.<br />
Once information system media is no longer needed to store or transport system<br />
information it must be completely sanitized before either reuse or destroyed<br />
before retirement. For further insight, see ITEC <strong>Policy</strong> 7900.<br />
5.4 Application Protection<br />
The State <strong>of</strong> Kansas requires that all applications be designed and implemented in as<br />
secure a manner as possible using pre-defined application development principles and<br />
procedures.<br />
Communications between components <strong>of</strong> information systems or between<br />
information systems themselves involve the transmission <strong>of</strong> information making that<br />
information susceptible to attack. Without session management, the potential exists<br />
that communications can be established or used illegitimately thereby exposing State<br />
information to an increased likelihood <strong>of</strong> loss or corruption.<br />
The application element <strong>of</strong> all information system components is to be designed using<br />
security engineering principles, whether it is developed in house or purchased from a<br />
third party. These security engineering principles are to be applied to the entire<br />
lifecycle <strong>of</strong> the application element via a systems development life cycle methodology<br />
that includes security considerations at all stages <strong>of</strong> the life cycle. Further,<br />
development <strong>of</strong> the application element <strong>of</strong> an information system component must<br />
include the creation and execution <strong>of</strong> a security test and evaluation plan. The results<br />
<strong>of</strong> this test and evaluation process must be documented and shared with appropriate<br />
bodies.<br />
The application element <strong>of</strong> all information systems components will logically separate<br />
user functionality from administrative functionality such that the interface for the one<br />
cannot be used to operate the other.<br />
20