Identify, document, and approve any deviations from established configuration settings for information systems based on Nessus CIS benchmarking of information systemsĤ.4.4. Implement the configuration settingsĤ.4.3. Establish and document configuration settings for information technology products employed within the information system in accordance with CIS benchmarks for servers and network devices as part of configuration files that reflect the most restrictive mode consistent with operational requirements Ĥ.4.2. Only qualified and authorized District workforce members can be granted access to the system to initiate changes, including upgrades and modifications.Ĥ.4.1. Security impact analysis may include, for example, reviewing system plans to understand security control requirements and reviewing system design documentation to understand control implementation and how specific changes might affect the controls.Īll the District agencies must define, document, approve and enforce physical and logical access restrictions associated with changes to the information system. The system owners or business owners will conduct a security impact analysis to determine which controls will be assessed for proper implementation and operation. This requirement will allow the District agencies to improve information system performance, decrease operating costs, and ensure public confidence in the confidentiality, integrity, and availability of the District data.Īll the District agencies must analyze changes to the system to determine potential security impacts prior to change.
#FLICK APP 4.6.1 SETTINGS UPDATE#
The District's agencies must develop and review or update annually and after change to the policy, a procedure in support of this policy with the following requirements.ĭistrict agencies must provide common security configurations that provide a baseline level of security, reduce risk from security threats and vulnerabilities, and save time and resources. The following outlines the requirements for this policy. Policyĭistrict agencies and departments must develop or adhere to a strategy which demonstrates compliance with this policy and its related standards.
In addition, this policy applies to any provider and third-party entity with access to District information, systems, networks and applications. This policy applies to all District workforce members performing official functions on behalf of the District, and/or any District agency/District/entity who receive enterprise services from OCTO.
#FLICK APP 4.6.1 SETTINGS CODE#
AuthorityĭC Official Code § 1-1401 et seq., provides the Office of the Chief Technology Officer (“OCTO”) with the authority to provide information technology (IT) services, write and enforce IT policies, and secure the network and IT systems for the District government. Ensure that all configuration changes to the District of Columbia Government ("District”) owned information assets and resources are done with management’s knowledge and consent, appropriately tested, and does not introduce security weaknesses to the District’s Information system.
0 kommentar(er)
