Technology Procedure Categories
IT Component security protection policy
This procedure outlines the requirements to protect the integrity of IT system components prior to placing placing system component into production.
When Was This Policy Written?
March 18, 2017
When Was This Policy Updated?
Who Should Read This Procedure?
WSC NATS staff
The following precautions will be taken prior to placing a system component (hardware, software, appliance, virtual appliance, operating system, service) into production on the WSC network:
- Vendor supplied default passwords are changed
- Unnecessary accounts are disabled
- Management access is encrypted by an appropriately strong cipher where possible
- Where encryption of management access is not possible, access to management interfaces must be protected via Network Access Control (firewall, VPN, etc.)
- When possible, management interfaces should be protected via NAC even when encrypted
These precautions must be in place within 24 hours of the component being placed in connection with the network.
Last Updated: N/A