- Page 1 and 2:
State of Kansas Kansas Information
- Page 3 and 4:
Table of Contents Introduction ....
- Page 5 and 6:
Introduction This Security Requirem
- Page 7 and 8:
• It will ensure that privileged
- Page 9 and 10:
G. Security Administrators Security
- Page 11 and 12:
2 Assessment & Security Planning Se
- Page 13 and 14:
3 Awareness & Training Section 3.1
- Page 15 and 16:
4 Access Control Sections 4.1, 4.2,
- Page 17 and 18:
potential exists that legitimate us
- Page 19 and 20:
5 Systems Configuration Sections 5.
- Page 21 and 22:
Collaborative computing infrastruct
- Page 23 and 24:
Where data requires encryption, tha
- Page 25 and 26:
6 Systems Operation Sections 6.1, 6
- Page 27 and 28:
Only pre-approved maintenance tools
- Page 29 and 30:
ecorded logs. In the event of other
- Page 31 and 32:
event that an incident occurs, the
- Page 33 and 34: 9.2 Contingency Infrastructure The
- Page 35 and 36: 10 Physical Security Sections 10.1
- Page 37 and 38: automatically shall notify appropri
- Page 39 and 40: copy of the signed document will be
- Page 41 and 42: 12 Secure Purchasing/Acquisition Se
- Page 43 and 44: CA-1 Certification, Accreditation,
- Page 45 and 46: PE-18 Location of Information Syste
- Page 47 and 48: Appendix B - Matrix of Responsibili
- Page 49 and 50: Part 2 - Non-IT Roles (See Page 3 f
- Page 51 and 52: Appendix C - Supporting Document Cr
- Page 53 and 54: Mandatory Non-Mandatory Procedures
- Page 55 and 56: Integrity The second of the three g
- Page 57 and 58: State of Kansas Mandatory Procedure
- Page 59 and 60: 6.2. Integrity Operations .........
- Page 61 and 62: 2. Assessment & Security Planning T
- Page 63 and 64: 2.2. Create a Security Plan No appl
- Page 65 and 66: 3.1.1.2 Create Training Materials O
- Page 67 and 68: Operations Training is defined as t
- Page 69 and 70: access individual system authentica
- Page 71 and 72: 5. Systems Configuration These Syst
- Page 73 and 74: 5.3.1.3 Restrict Access to Media No
- Page 75 and 76: • When no longer required, data s
- Page 77 and 78: 8. Incident Response These Incident
- Page 79 and 80: Capture documentation appropriate t
- Page 81 and 82: Different types of disruptions requ
- Page 83: 9.3.2.1 Perform System Backup Back
- Page 87 and 88: 12. Secure Purchasing/Acquisition N
- Page 89 and 90: Table of Contents Introduction ....
- Page 91 and 92: Introduction This Mandatory Baselin
- Page 93 and 94: 2.1.2.c Information Protection •
- Page 95 and 96: o Appropriate physical security mea
- Page 97 and 98: 4. Access Control These Assessment
- Page 99 and 100: 5. Systems Configuration These Syst
- Page 101 and 102: 5.3.1.c Media Disposal Methods •
- Page 103 and 104: 6.4. Maintain Records Agencies must
- Page 105 and 106: 8. Incident Response These Incident
- Page 107 and 108: 9.1.1.c Contingency Plan Update Fre
- Page 109 and 110: Mandatory Baselines • Systems man
- Page 111 and 112: 10. Physical Security No applicable
- Page 113 and 114: • Data is to be used for its inte
- Page 115 and 116: State of Kansas Non-Mandatory Proce
- Page 117 and 118: 6.3. Maintenance Operations .......
- Page 119 and 120: Introduction This Non-Mandatory Pro
- Page 121 and 122: 2.1.1.4 Likelihood Determination Es
- Page 123 and 124: 2.2.1.5 Establish Appropriate Secur
- Page 125 and 126: 4. Access Control These Assessment
- Page 127 and 128: 4.3. Session Management The followi
- Page 129 and 130: 4.3.2.2 Restrict Intra and Inter-Sy
- Page 131 and 132: 5.1.1.3 Actively Maintain Inventory
- Page 133 and 134: 5.1.3.3 Provide Implementation Docu
- Page 135 and 136:
• Place all media in a locked con
- Page 137 and 138:
6. Systems Operation These Systems
- Page 139 and 140:
6.2. Integrity Operations The follo
- Page 141 and 142:
6.3.2. Perform Patch and Vulnerabil
- Page 143 and 144:
6.4. Maintain Records Agencies shou
- Page 145 and 146:
7.1.1.3 Require Authenticated Acces
- Page 147 and 148:
8. Incident Response These Incident
- Page 149 and 150:
8.1.2.2 Develop Supporting Strategi
- Page 151 and 152:
9. Contingency Planning No applicab
- Page 153 and 154:
10.1.1.2 Implement Physical Access
- Page 155 and 156:
11. Personnel Security These Person
- Page 157 and 158:
• Review created accounts and ass
- Page 159 and 160:
11.2.4.3 Recover all Organizational
- Page 161 and 162:
12.1.1.3 Required Test and Validati
- Page 163 and 164:
State of Kansas Non-Mandatory Basel
- Page 165 and 166:
6.2. Integrity Operations .........
- Page 167 and 168:
Introduction This Non-Mandatory Bas
- Page 169 and 170:
• High risk constitutes high like
- Page 171 and 172:
2.3. Maintain Records Agencies shou
- Page 173 and 174:
4. Access Control These Assessment
- Page 175 and 176:
• Systems that have very high ris
- Page 177 and 178:
5.1.1.c System and Component Docume
- Page 179 and 180:
5.2. Systems Protection No applicab
- Page 181 and 182:
o Passwords in the clear. o Violati
- Page 183 and 184:
o Penetration testing. o Password c
- Page 185 and 186:
o The individuals to be notified. o
- Page 187 and 188:
7. Systems Audit These Systems Audi
- Page 189 and 190:
eviewed weekly and every system and
- Page 191 and 192:
8.1.1.b IR Roles • IR Team Manage
- Page 193 and 194:
8.1.2.e IR Plan Update Scheduling a
- Page 195 and 196:
10. Physical Security These Physica
- Page 197 and 198:
10.2.1.b Power Delivery Specificati
- Page 199 and 200:
11. Personnel Security These Person
- Page 201 and 202:
11.2.2. Hire Employees in a Structu