Technical Security Requirements

The technical security requirements are directly related to the sensitivity/criticality level of the data processed.

Workstation Security Requirements

Workstations include corporate personal computers (PCs), LANs, and LAN servers. When a workstation is used as a host, host security requirements apply.

Single User Workstation

A single user workstation is one which, though many people have access, may be used by one person at a time. Where single user workstations are installed, management should do the following:

 

Critical Level * Requirements
3, 2, 1
  • Implement a risk management program commensurate with sensitivity and/or criticality of the information/application being processed.
  • Ensure that virus detection software is installed on each single user workstation.
0
  • Ensure that the system configuration is documented.
  • Establish backup requirements.
  • Ensure that virus detection software is installed on each single user workstation.
* See Appendix B for critical level definitions.

 

Multi-User Workstation

A multi-user workstation is one that can be accessed simultaneously by other workstations. In some cases a multi-user workstation may be configured to operate as a host, and the requirements for hosts will apply to that workstation, Otherwise, the requirements below should apply. Management, where multi-user corporate workstations are installed, should implement a process that accomplishes the following:

 

Critical Level * Requirements
3, 2
  • Documents system configuration.
  • Ensure that virus detection software is installed in the workstation.
  • Ensure the backup requirements are established.
  • Implement a risk management program commensurate with sensitivity and/or criticality of the information/application being processed.
  • Assigns a system administrator.
  • Identifies each user by a unique user ID and password.
  • Provides secure backup storage external to the processing area.
  • Ensures that critical data backups are placed in secure storage.
1
  • Documents system configuration.
  • Ensure that virus detection software is installed in the workstation.
  • Ensure the backup requirements are established.
  • Establishes the development of a contingency plan.
0
  • Documents system configuration.
  • Ensure that virus detection software is installed in the workstation.
  • Establish backup requirements.
* See Appendix B for critical level definitions.