Versions Compared

Old Version 58

changes.mady.by.user Douglas Fein

Saved on

compared with

New Version Current

changes.mady.by.user Douglas Fein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

Document Name: NCSA Network Security Policy
Version: 3.23
Accountable: James Eyrich
Authors: Adam Slagell & , Mike Dopheide, Douglas Fein

Reviewed: Sept 21Dec 8, 20222023
Approved: Dec 1614, 2021 2023 by IIB


Table of Contents

Introduction

...

  • The authorized set of administrators must all be workforce members of the NCSA Staff with ACHE Access, and this group's access must be automated by a process approved by the NCSA CISOLead of Trust, Compliance and Risk Management.
    • The security operations team is part of this group and must be able to access systems 24/7 in an emergency.
  • It is assumed that CUI, which is high risk data, is on these systems. These are not dual-use systems but are only for work related to research involving CUI. The NCSA CISO must Lead of Trust, Compliance and Risk Management must be informed of any data from new sources on these systems, especially when personally identifying information is recorded.
  • Approved (by the NCSA CISOLead for Trust, Compliance and Risk Management) vulnerability and patch management procedures must be in place.
  • Approved (by the NCSA CISOLead for Trust, Compliance and Risk Management) change control procedures must be implemented and documented.
  • Local and privileged account passwords are managed with the NCSA-provided, two-factor password management solution.

...

  • Cryptographic and security configurations will be consistent with UIUC policies and standards of practice.
  • These networks authenticate and authorize against the NCSA LDAP service, and are not used for guest access 
  • Like the default office subnets, the primary wireless network is firewalled or equivalently controlled to not allow servers for outside the NCSA IP space.
  • The security team must have the ability to readily map wireless IPs and timestamps to users for at least 90 days.
  • Only the NCSA and/or CITES networking UIUC Tech Services networking teams have the ability and authority to configure access points and networking hardware for the wireless networks NCSA buildings.

...

  • System owners must follow all campus and NCSA policies regarding software updating, virus scanning, data security, incident reporting, etc.
  • This network is not to be used for any user access or data transfer services.



...

VPN Zone

Definition

NCSA offers a VPN services with different authentication profiles. These can be used as more flexible bastions in conjunction with firewall rules, to access privately addressed subnets, or to reach other services that might be blocked at the border (e.g., mounting filesystems).

...