|
|
Initiation responsibility: Agency/company management
Implementation responsibility: Head of IT section
It must be guaranteed that the standard software approved can only be installed in an unchanged condition. Accordingly, the possibility of desired or unintentional changes occurring in the interim period, e.g. as a result of computer viruses, bit errors due to technical errors or manipulation in configuration files, should be prevented.
Installation must only be allowed to take place, therefore, using original data media or numbered copies of the original data medium. An alternative to the local installation from data media is the installation via a local network of a version approved specifically for this purpose. It should be guaranteed that only authorised persons have access.
If the data capacity allows (e.g. CD-ROM), backup copies should be produced of the original data media. Original data media and all copies must be kept protected from unauthorised access (see S 6.21 Backup Copy of Software Used). The copies produced should be numbered and included in inventory lists. Copies which are no longer needed must be deleted. Before installation, a computer virus test must be carried out.
As an option, a checksum (cf. S 4.34 Using Encryption, Checksums or Digital Signatures) can be created using the original data media or using a reference version installed during the test. With the aid of this, before installation the integrity of the data media used for it, or the versions deposited in local networks can be checked, as can correct installation. In addition to this, installed programs can also be provided with checksums for protection against unauthorised changes to the approved configuration. In this way infections by, as yet unknown computer viruses, can be detected. It can also be determined whether a virus infection has occurred before or after installation.
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |