Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
5. Systems Configuration<br />
These Systems Configuration Mandatory Baselines support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1), the Network Security Architecture <strong>Policy</strong> (ITEC 4210), and the Enterprise<br />
Media Sanitization <strong>Policy</strong> (ITEC 7900).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
5. Systems Configuration <br />
5.1. Configuration Management<br />
5.1.1. Build and Maintain a Systems Inventory (3 sets) (4 sets)<br />
5.1.2. Perform Systems and Data Classification (5 sets) (2 sets)<br />
5.1.3. Follow Process by Change Control (6 sets) (2 sets)<br />
5.2. Systems Protection<br />
5.2.1. Create and Maintain Security Infrastructure (3 sets) (2 sets)<br />
5.3. Data/Media Protection<br />
5.3.1. Securely Handle Data and Media (2 sets) (3 sets) (5 sets) (2 sets)<br />
5.4. Application Protection<br />
5.4.1. Apply Security Principles to Code Development (4 sets) (4 sets)<br />
5.5. Maintain Records <br />
5.1. Configuration Management<br />
No applicable Mandatory Baselines.<br />
5.2. Systems Protection<br />
The following are the Mandatory Baselines that support the Systems Protection<br />
section <strong>of</strong> the Default Security Requirements:<br />
5.2.1. Create and Maintain Security Infrastructure<br />
Securely deploying systems and systems components, while beneficial, is<br />
insufficient to implementing strong security and must be supplemented with<br />
dedicated security infrastructure:<br />
5.2.1.a Mandatory Infrastructure Components<br />
• All networks must provision a firewall at the network<br />
perimeter to monitor for and block inappropriate network<br />
traffic.<br />
• All networks must provision anti-malware on the network to<br />
monitor for and block malware (viruses, worms, spam, etc.).<br />
• All networks must provision anti-malware to the endpoint<br />
(servers, desktops and laptops) to monitor for and block<br />
malware (viruses, worms, spam, etc.).<br />
• All networks must deploy Intrusion Detection (IDS) or<br />
Intrusion Prevention (IPS) at least on the network to monitor<br />
for inappropriate network traffic that may bypass other<br />
network perimeter controls.<br />
Mandatory Baselines<br />
Page 9 <strong>of</strong> 25