Notice: If you are looking for resources on HyFlex teaching, please visit our Teach HyFlex Page
Step by step instructions on how to register your server.
Account Control Plan – Strong passwords/pass-phrases are used and their use enforced. Accounts on the server are unique and those that are not needed are disabled or removed. Access to data is on a need to know basis
Patching Plan - Operating System Patches are installed in a timely fashion and given a priority. This plan also includes the application that the server is going to be using and any other 3rd party applications.
Access Controls - All servers have some network access controls enabled, capable of limiting network and Internet access to the server. The server is in a secured location with limited physical access. When possible, the applications and services will work in a non-administrative mode.
Malware Controls - Operating Systems that are historically susceptible to malware attacks have protection installed, enabled, and be able to be updated.
Logging - Operating System level and Application level events are to be logged to assist in troubleshooting and forensic investigations.
Backups - A plan is in place for the backup/recovery of data. Data backups should be stored in an off-site secure location.
Offsite Logging - Store logs in a different location or a central repository so they are not lost due to failure or breach.
Repurposing Plan - A plan is in place to ensure data protection, either physical destruction of the storage media or digital data destruction when the server repurposed or retired.
Data Encryption - Ensure that if data needs to be protected based on data classification and standards, it is encrypted both at rest and in transit.
Multifactor Authentication - Multifactor authentication will be used for servers handling or storing sensitive data.