...
Panel |
---|
Document Name: NCSA Network Security Policy Approved: Dec 1614, 2021 2023 by IIB |
Table of Contents |
---|
Introduction
...
- The authorized set of administrators must all be workforce members of the NCSA Staff with ACHE Access, and this group's access must be automated by a process approved by the NCSA CISOLead of Trust, Compliance and Risk Management.
- The security operations team is part of this group and must be able to access systems 24/7 in an emergency.
- It is assumed that CUI, which is high risk data, is on these systems. These are not dual-use systems but are only for work related to research involving CUI. The NCSA CISO must Lead of Trust, Compliance and Risk Management must be informed of any data from new sources on these systems, especially when personally identifying information is recorded.
- Approved (by the NCSA CISOLead for Trust, Compliance and Risk Management) vulnerability and patch management procedures must be in place.
- Approved (by the NCSA CISOLead for Trust, Compliance and Risk Management) change control procedures must be implemented and documented.
- Local and privileged account passwords are managed with the NCSA-provided, two-factor password management solution.
...