Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
5. Systems Configuration<br />
These Systems Configuration Mandatory Procedures support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1), the Network Security Architecture <strong>Policy</strong> (ITEC 4210), and the Enterprise<br />
Media Sanitization <strong>Policy</strong> (ITEC 7900).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
5. Systems Configuration <br />
5.1. Configuration Management<br />
5.1.1. Build and Maintain a Systems Inventory (3 sets) (4 sets)<br />
5.1.2. Perform Systems and Data Classification (5 sets) (2 sets)<br />
5.1.3. Follow Process by Change Control (6 sets) (2 sets)<br />
5.2. Systems Protection<br />
5.2.1. Create and Maintain Security Infrastructure (3 sets) (2 sets)<br />
5.3. Data/Media Protection<br />
5.3.1. Securely Handle Data and Media (2 sets) (3 sets) (5 sets) (2 sets)<br />
5.4. Application Protection<br />
5.4.1. Apply Security Principles to Code Development (4 sets) (4 sets)<br />
5.5. Maintain Records <br />
5.1. Configuration Management<br />
No applicable Mandatory Procedures.<br />
5.2. Systems Protection<br />
The following are the Mandatory Procedures that support the Systems Protection<br />
section <strong>of</strong> the Default Security Requirements:<br />
5.2.1. Create and Maintain Security Infrastructure<br />
Securely deploying systems and systems components, while beneficial, is<br />
insufficient to implementing strong security and must be supplemented with<br />
dedicated security infrastructure:<br />
5.2.1.1 Implement Network Boundary Protection<br />
The network boundary forms the touch-point between the<br />
organization’s IT infrastructure and the outside world and so<br />
protection mechanisms must be put in place to limit access and<br />
secure communications:<br />
• Determine the specific protection required.<br />
• Select and implement solutions according to requirements.<br />
• Establish standard configuration for implemented solutions.<br />
• Make changes as per change control processes (see section<br />
5.1.3 <strong>of</strong> the Non-Mandatory Procedures).<br />
• Maintain as per maintenance processes (see section 6.3.3 <strong>of</strong><br />
the Non-Mandatory Procedures).<br />
12