Educause Security Discussion mailing list archives

Re: Policy regarding servers on the network

From: Tim Howard <Timothy_G_Howard () RAYTHEON COM>
Date: Mon, 25 Apr 2005 12:04:07 -0400

In working on the U.S. Antarctic Program for the NSF, which includes
science teams attaching systems to the network, we have developed a policy
for "Non-USAP" systems as a starting point.  You may find the policy at the
following url:

http://www.polar.org/infosec/index.htm

The policy is 5000.17, Non-USAP Systems.

If you find it helpful, please credit the National Science Foundation.  If
you find it needs some improvements, please send me your thoughts
separately, as we are still working to define procedures to implement the
policies.

Thanks
Tim



Raytheon
Tim Howard
Information Security Manager
Information Technology & Scientific Services (ITSS)
Raytheon Technical Services Company, LLC
301.883.4104 office 301.883.4136 fax
301.943.4732 cell timothy_g_howard () raytheon com



             Brian Viscuso
             <bviscuso () UWF EDU
             >                                                          To
             Sent by: The              SECURITY () LISTSERV EDUCAUSE EDU
             EDUCAUSE Security                                          cc
             Discussion Group
             Listserv                                              Subject
             <SECURITY@LISTSER         [SECURITY] Policy regarding servers
             V.EDUCAUSE.EDU>           on the network


             04/25/2005 10:09
             AM


             Please respond to
               The EDUCAUSE
                 Security
             Discussion Group
                 Listserv
             <SECURITY@LISTSER
              V.EDUCAUSE.EDU>






I am curious to see if or how many institutions have a specific policy that
regulates how servers are put on the network? And, do you have a formal
request system in place for getting these servers on-line? We are working
on formulating a policy for college/departmental servers on our network in
an effort to 'corral' rouge servers and tighten up our network traffic
going to these servers. We aren't saying they can't have them, we just want
to know about them in advance and make sure they are compliant with common
security standards. If anybody out there has something similar in place I
would be interested in seeing their policy or implementation.

Many thanks in advance.

- Brian
______________________________________

Brian Viscuso
Director for Systems Engineering
Information Technology Services
University of West Florida
11000 University Parkway
Pensacola, Florida 32514
(850) 474-3453 wk.
bviscuso () uwf edu
______________________________________
********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Policy regarding servers on the network Brian Viscuso (Apr 25)
- <Possible follow-ups>
- Re: Policy regarding servers on the network Lucas, Bryan (Apr 25)
- Re: Policy regarding servers on the network Brian Viscuso (Apr 25)
- Re: Policy regarding servers on the network Steve Schuster (Apr 25)
- Re: Policy regarding servers on the network Gary Dobbins (Apr 25)
- Re: Policy regarding servers on the network Tim Howard (Apr 25)
- Re: Policy regarding servers on the network Darnell Walker (Apr 25)
- Re: Policy regarding servers on the network Mark Borrie (Apr 25)