You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Document Name: ACHE Vulnerability and Patch Management Standard
Version: 0.1
Accountable: Adam Slagell
Authors: Adam Slagell
Approved:  

Introduction

Vulnerability management is a key component to the protection and maintenance of any modern compute system. NCSA policy requires all systems with high risk data to have a plan to identify and remediate security vulnerabilities. This standard sets describes how system's vulnerabilities are managed in the context of the regular patching and maintenance of systems in the Advanced Computational Health Enclave (ACHE).

Supporting Policies & References

There are several supporting policies, standards and guides, some of which include:

Scope

This standard applies to all systems in the NCSA's Advanced Computational Health Enclave where there is not a more specific system-level standard. It includes any hardware dedicated to ACHE, including switches, hypervisors, and support systems as applicable. Exceptions are made for devices that cannot be scanned or updated.

Vulnerability Identification

Vulnerability identification includes scanning all critical systems and a representative cluster member weekly. Two types of scans are utilized: perimeter scans and authenticated scans. Perimeter scans probe the services from NCSA IP addresses without logging in. Authenticated scans are performed from local appliances that authenticate to the systems using restricted non-root privileged accounts that query the system for information such as kernel and installed packages versions. A continuously updated vulnerability analysis tool uses this information to generate reports for consumption by both systems administrators and security team members.

The reports are discussed at regularly occurring meetings between the mForge administrators and the security team. These meetings are also used to discuss other intelligence gathered by the NCSA security team; such as information gathered through threat hunting, other security intelligence gathering systems and any vendor or community provided notices and intelligence. Items that require action on the part of the Systems Team are communicated via the NCSA ticketing system. High priority items are also followed up directly with a system administrator and with management.

Major configuration changes or the addition of services require a vetting of the changed system and services by the NCSA Security team. The Security team reviews the configuration for adherence to best practices and runs vulnerability scanning tools against the changed service.

  • No labels