...
- Use two-factor authentication for administrative access or escalation, or request an exemption from Security.
- Disable routing, traffic forwarding, network bridging and other forms of network traffic proxy through the host unless approved by Security & Networking.
- Label systems in the rack and keep labels up-to-date.
- Maintain up-to-date (PLEASE CLARIFY) and provide the security team with:
- accounts on the system or a way to quickly get access 24/7 for emergencies
- purpose of the system and notification of any sensitive or confidential data
- a list of authorized administrators and a responsible full-time NCSA staff person
- a list of necessary services/ports open
- a plan for vulnerability and patch managementVetting? Scheduled?
It is important that changes in the information initially provided to the security team are updated in a timely manner of 3 business days or less.
Systems or their administrators should:
...