Policy 7230A - Department of Administration
Policy 7230A - Department of Administration Policy 7230A - Department of Administration
9.2 Contingency Infrastructure ...................................................................... 29 9.3 Contingency Operations ........................................................................... 30 10 Physical Security ................................................................................... 31 10.1 Physical Access Control ............................................................................ 31 10.2 Physical Environment Control .................................................................. 32 11 Personnel Security ................................................................................ 34 11.1 Acceptable Usage ..................................................................................... 34 11.2 Personnel Operations............................................................................... 35 12 Secure Purchasing/Acquisition .............................................................. 37 12.1 Secure Purchasing .................................................................................... 37 Appendix A – NIST SP 800-53 Rev. A Index ................................................. 38 Appendix B – Matrix of Responsibilities by Role ........................................ 43 Appendix C – Supporting Document Cross Reference Grid ........................ 47 Appendix D – Glossary ............................................................................... 50
Introduction This Security Requirements Document represents one component of the Kansas Default Security Requirements (ITEC 7230A) and is supported by a series of additional documents. In total, five distinct documents exist that form the full Kansas Default Security Requirements. These documents are: • Security Requirements Document (this document) • Kansas Mandatory Procedures • Kansas Mandatory Baselines • Kansas Non-Mandatory Procedures • Kansas Non-Mandatory Baselines The relationship between these various documents is shown in Diagram 1, below. This diagram not only indicates the relationship of the various documents but is color-coded to indicate to the reader at which layer of the overall taxonomy the document being read exists. Similar diagrams are provided in all documents that form the set. Diagram 1 – Kansas Default Security Requirements Document Taxonomy Kansas Security Requirements Document Security Self Assessment Tool Kansas Supporting Documents The Kansas Security Self Assessment Tool is supported by the combination of the Kansas Security Requirements Document (ITEC 7230A) plus all Supporting Documents. Kansas x000 Series Documents Kansas Mandatory Procedures Kansas Mandatory Baselines The primary portion of the Kansas Supporting documents is composed of Mandatory Procedures and Baselines. Both of these document sets are tied to existing Kansas x000 series Policies. NIST and other sources Kansas Non-Mandatory Procedures Kansas Non-Mandatory Baselines The secondary portion of the Kansas Supporting documents is composed of Non-Mandatory Procedures and Baselines. These documents are related to NIST 800 series documents among other sources.. 1
- Page 1 and 2: State of Kansas Kansas Information
- Page 3: Table of Contents Introduction ....
- Page 7 and 8: • It will ensure that privileged
- Page 9 and 10: G. Security Administrators Security
- Page 11 and 12: 2 Assessment & Security Planning Se
- Page 13 and 14: 3 Awareness & Training Section 3.1
- Page 15 and 16: 4 Access Control Sections 4.1, 4.2,
- Page 17 and 18: potential exists that legitimate us
- Page 19 and 20: 5 Systems Configuration Sections 5.
- Page 21 and 22: Collaborative computing infrastruct
- Page 23 and 24: Where data requires encryption, tha
- Page 25 and 26: 6 Systems Operation Sections 6.1, 6
- Page 27 and 28: Only pre-approved maintenance tools
- Page 29 and 30: ecorded logs. In the event of other
- Page 31 and 32: event that an incident occurs, the
- Page 33 and 34: 9.2 Contingency Infrastructure The
- Page 35 and 36: 10 Physical Security Sections 10.1
- Page 37 and 38: automatically shall notify appropri
- Page 39 and 40: copy of the signed document will be
- Page 41 and 42: 12 Secure Purchasing/Acquisition Se
- Page 43 and 44: CA-1 Certification, Accreditation,
- Page 45 and 46: PE-18 Location of Information Syste
- Page 47 and 48: Appendix B - Matrix of Responsibili
- Page 49 and 50: Part 2 - Non-IT Roles (See Page 3 f
- Page 51 and 52: Appendix C - Supporting Document Cr
- Page 53 and 54: Mandatory Non-Mandatory Procedures
9.2 Contingency Infrastructure ...................................................................... 29<br />
9.3 Contingency Operations ........................................................................... 30<br />
10 Physical Security ................................................................................... 31<br />
10.1 Physical Access Control ............................................................................ 31<br />
10.2 Physical Environment Control .................................................................. 32<br />
11 Personnel Security ................................................................................ 34<br />
11.1 Acceptable Usage ..................................................................................... 34<br />
11.2 Personnel Operations............................................................................... 35<br />
12 Secure Purchasing/Acquisition .............................................................. 37<br />
12.1 Secure Purchasing .................................................................................... 37<br />
Appendix A – NIST SP 800-53 Rev. A Index ................................................. 38<br />
Appendix B – Matrix <strong>of</strong> Responsibilities by Role ........................................ 43<br />
Appendix C – Supporting Document Cross Reference Grid ........................ 47<br />
Appendix D – Glossary ............................................................................... 50