...
- Use two-factor authentication for administrative access or escalation, or request an exemption from the Security Office.
- Disable IP-forwarding and do not bridge networks without approval from Security & Networking.
- Label systems in the rack and keep labels up-to-date.
- Update the security team when information they provided has changed
- Provide Maintain up-to-date and provide the security team with:
- accounts on the system or a way to quickly get access 24/7 for emergencies
- purpose of the system and notification of any sensitive or confidential data
- a list of authorized administrators and a responsible full-time NCSA staff person
- a list of necessary services/ports open
- a plan for vulnerability and patch management
...