Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Table <strong>of</strong> Contents<br />
Introduction ................................................................................................. 1<br />
2. Assessment & Security Planning ............................................................ 2<br />
2.1. Risk and Privacy Assessment .................................................................... 2<br />
2.1.1. Perform Risk Assessment ........................................................................ 2<br />
2.1.2. Perform Privacy Assessment .................................................................. 2<br />
2.2. Security Planning ....................................................................................... 3<br />
2.3. Maintain Records....................................................................................... 3<br />
3. Awareness & Operations Training ......................................................... 4<br />
3.1. Security Awareness Training ..................................................................... 4<br />
3.1.1. Design and Develop an Awareness Training Program ........................... 4<br />
3.1.2. Provide Security Awareness Training ..................................................... 5<br />
3.2. Security Operations Training .................................................................... 5<br />
3.2.1. Design and Develop an Operations Training Program........................... 5<br />
3.2.2. Provide Security Operations Training ..................................................... 5<br />
3.3. Maintain Records....................................................................................... 6<br />
4. Access Control ........................................................................................ 7<br />
4.1. Identification and Authentication ............................................................ 7<br />
4.1.1. Manage Identification and Authentication ............................................ 7<br />
4.2. Account Management ............................................................................... 8<br />
4.3. Session Management ................................................................................ 8<br />
4.4. Maintain Records....................................................................................... 8<br />
5. Systems Configuration ........................................................................... 9<br />
5.1. Configuration Management ...................................................................... 9<br />
5.2. Systems Protection .................................................................................... 9<br />
5.2.1. Create and Maintain Security Infrastructure ......................................... 9<br />
5.3. Data/Media Protection ........................................................................... 10<br />
5.3.1. Securely Handle Data and Media ......................................................... 10<br />
5.4. Applications Protection ........................................................................... 11<br />
5.5. Maintain Records..................................................................................... 11<br />
6. Systems Operation ............................................................................... 12<br />
6.1. Assessment Operations ........................................................................... 12<br />
6.1.1. Perform Security Assessments ............................................................. 12<br />
6.1.2. Perform Security Self Assessment ........................................................ 12<br />
Mandatory Baselines