Introduction

NCSA logically divides its network into several different trust zones. Traffic between these zones is monitored by a Network Intrusion Detection System (NIDS), but traffic within a single zone may not be visible to the NIDS. Therefore, systems within a single zone must be trusted and hence hardened to a similar level.

...

• Maintain and enforce a list of authorized administrators, and keep records up-to-date so that Security can quickly determine responsible parties for the system. At least one responsible party must be a full-time employee working at the NCSA.
• Provide Security with accounts on the system or a way to quickly get access 24/7 for emergencies.
• Notify Security of any sensitive, confidential or regulated data expected to be on the system.
• An accepted vulnerability and patch management plan must be in place.
• Utilize a recognized NCSA change control process.
• Manage local and privileged account passwords with the NCSA-provided password management solution.

Host Configuration Requirements:

...