...
- Use two-factor authentication for administrative access or escalation, or request an exemption from Security.
- Disable routing, traffic forwarding, bridging between subnets and other forms of internetwork traffic proxy through the host unless approved by Security & Networking.
- Label systems in the rack and keep labels up-to-date.
- Maintain and provide the security team with:
- accounts on the system or a way to quickly get access 24/7 for emergencies
- purpose of the system and notification of any sensitive high risk or confidential data (as defined by UIUC policy).
- a list of authorized administrators and a responsible full-time NCSA staff person
- a list of necessary services/ports open
- a plan for vulnerability and patch management
It is important that changes in the information initially provided to the security team are updated in a timely manner of 3 business days or lesskept up-to-date, and system owners will need to update this annually. Changes to include high risk or confidential data need to be updated as soon as possible by contacting Security.
Systems or their administrators should:
...