S 2.207 Defining security guidelines for Lotus Notes

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: IT Security Management

Just as it is necessary to define appropriate security guidelines for every software product used within an organisation, the same applies to the use of Lotus Domino servers. Lotus Domino can be viewed as a separate network communication system which uses the underlying operating system only as a runtime environment and has independent mechanisms at the administrative level. Hence, when determining a set of security guidelines, the range of subjects that need to be covered will be similar to those applicable for a network operating system.

The security guidelines should consider the following aspects:

• The security guidelines for Lotus Notes must comply with the applicable general security guidelines of the organisation (see S 2.192 Drawing up an Information Security Policy).

• Access rules must specify

• which users may access which server and which users should not access which servers (exclusion list);

• which users may access which database with which rights;

• which database is administered from which server;

• which other servers may access a given server;

• how databases are replicated;

• which database elements (data records, views, scripts etc.) are replicated;

• from where access to a Notes server may be allowed.

• In addition, the following must be specified:

• How Notes ID files are to be handled, for example, in relation to creation, distribution, storage and the two-person rule (in this connection, see also safeguard S 4.129 Secure handling of Notes ID files);

• Whether and under what conditions passwords for Notes ID files and entire Notes ID files are recovered;

• Whether any form of communication protection (e.g. for network communications and e-mail communication) should be used, what mechanism should be used and what communication connections should be protected.

• Auditing and logging policies must be drawn up. Care must be taken here to ensure that the Data Privacy Officer is included in the planning stage since the information monitored is likely to include person-related data.

• The Notes domains need to be planned, the access authorisations between the domains must be specified (user-oriented and server-oriented) and replication of databases must also be planned.

• Security planning is required for every function module of Domino Application Server that is enabled. Access restrictions, types of access, authentication mechanisms to be used and responses to security breaches must all be specified.

The security guidelines for the use of Lotus Notes must be agreed across the organisation and all users must be informed of them. It is recommended here that a brief quick reference guide that contains the most important information is prepared for the end users, e.g. in the form of a leaflet or website. Whenever the security procedures change, all users must be informed.

The situation can arise that particular security requirements contained in the existing security guidelines cannot be implemented with the mechanisms of Lotus Notes. In this case a decision must be made as to whether the existing security guidelines need to be modified or whether such severe restrictions should be applied to operation of Lotus Notes that the guidelines can be implemented.

Additional controls:

• Is there an up-to-date set of security guidelines for the use of Lotus Notes?

• Can all the relevant security provisions of the organisation-wide security guidelines be mapped onto Lotus Notes?

• Are all the users informed of additions or changes to the security provisions?