|
|
Initiation responsibility: Agency/company management, Head of IT Section, IT Security Management
Implementation responsibility: Head of IT Section, IT Security Management
The purchase, installation and operation of IT components of all kinds must be co-ordinated and approved. Procedures must be defined as to how IT components are accepted, approved, installed and used. This affects, for example, the use of modems, disk drives, software and mobile phones. A corresponding procedure for the area of standard software is described in Section 9.1. The entire life cycle of standard software is considered here: drawing up of a requirements catalogue, pre-selection of a product, testing, approval, installation, licence administration and deinstallation. This section will likewise provide orientation regarding the development of an analogous procedure for other IT components.
Within the framework of the approval procedure for new IT components,
Moreover, during the approval procedure installation and configuration instructions which include documentation of all the security-relevant settings, must be drawn up. After the initial installation of IT components these will require ongoing maintenance (see also S 4.78 Careful modifications of configurations). Prior to entry into service of new IT components (as far as possible) Administrators and users must be trained in their use.
The installation and use of non-approved IT components must be forbidden and adherence to this ban must be checked at regular intervals.
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
last update: July 2001 |