Topics Map > Policies
Topics Map > Services > Security > Server Registration
Server Registration - Register Your Server
Step by step instructions on how to register your server.
- Ensure your server satisfies server requirements.
- Ensure that your server also meets NIST 800-171 Rev 2 Security Requirements
- Make sure that you classify the data that will be stored on the server with NDUS 1203.7 Data Classification Standards
- Fill out the Server Registration Request Form.
Submitting this form will initiate a Server Registration Request, creating several emails and a Service Now ticket.
- You will receive an Outlook Calendar Request to perform the Server Assessment. Accept or propose a better time for the Server Assessment.
- Once the server assessment is scheduled, the Service Now ticket will be sent to Network Engineering and Operations to reserve the IP address and DNS Name (if requested). You will be notified by email when the IP Address and DNS Name (if requested) is reserved.
- The 710 Document will be sent through DocuSign. Please complete and digitally sign the document. The document will also be sent to the heads of your department to sign.
- Run Center for Internet Security Compliance Check Software and perform all remediation steps that you can. Send the results to the NDSU IT Security Officer.
- Run and nmap -p- and an nmap -sU -p- on your sever.
- Save the results to a text document to provide open and filtered/closed ports
- Any TCP/UDP Ports that are open and not needed will have to be closed with Firewall rules
- Open TCP/UDP Ports will need to be justified in a document stating reason that the port is open and what scope is being used to protect that port
- What applications are installed on the server?
- What data will be on the server?
- Provide a list of the data that will be required for the service
- Provide a list of the data that will be generated by the service
- Provide a list of the data that will be stored on the server
- What have you enabled on the server for data protection?
- Who is going to be able to access the server?
- Please Provide a list of User accounts on the Server
- Please Provide a list of User accounts on the Applications that will be running
- Please Provide an approximate number of people that will be utilizing the services
- How is the server going to be accessed?
If this is New Hardware for an existing service the Server Registration process will have to start from scratch.
- Account Control Plan
- Strong passwords/pass-phrases are used and their use is enforced. Accounts on the server are unique and those that are not needed are disabled or removed. Access to data is on a need to know basis
- Patching Plan
- Operating System Patches are installed in a timely fashion and given a priority. This plan also includes the application that the server is going to be using and any other 3rd party applications.
- Access Controls
- All servers have some network access controls enabled, capable of limiting network and Internet access to the server. The server is in a secured location with limited physical access. When possible, the applications and services will work in a non-administrative mode.
- Malware Controls
- Operating Systems that are historically susceptible to malware attacks have protection installed, enabled, and be able to be updated.
- Operating System level and Application level events are to be logged to assist in troubleshooting and forensic investigations.
- A plan is in place for the backup/recovery of data. Data backups should be stored in an off-site secure location.
- Offsite Logging
- Store logs in a different location or a central repository so they are not lost due to failure or breach.
- Repurposing Plan
- A plan is in place to ensure data protection, either physical destruction of the storage media or digital data destruction when the server repurposed or retired.
- Data Encryption
- Ensure that if data needs to be protected based on data classification and standards, it is encrypted both at rest and in transit.
- Multifactor Authentication
- Multifactor authentication will be used for servers handling or storing sensitive data.