The System/Application Domain is the engine for your organization’s distributed applications. Although other domains are crucial to supporting your organization, the System/Application Domain houses most of your organization’s data and the programs that access it. You can consider this domain to be the last chance you have to protect your organization’s data from attackers. Although a good layered security plan should prevent attackers from ever getting this far, never assume this domain is safe. You can consider this domain to be the last chance you have to protect your organization’s data from attackers. Although a good layered security plan should prevent attackers from ever getting this far, never assume this domain is safe.
Establish physical controls to protect the data center
Use at least one firewall to limit network traffic from other domains to only authorized traffic
Use NAC devices to restrict which computers and devices can connect to system/application domain components
Use application-defined access controls to limit access to data
Install a fire suppression system
If your organization engages in software development or software modifications, follow these best practices:
Use software configuration management software to control software changes.
Create separate environments for development, testing, and production.
Prohibit developers from accessing the production environment.
Follow formal procedures for approving software to move from development
Testing, and from testing to production.
Create a BCP and DRP that includes each component in the System/Application domain.
Keep the BCP and DRP up to date to reflect any changes to the domain.
Test the BCP and DRP at least annually.
Protect all backup media in transit and storage.
Ensure all backup media is encrypted.
Encrypt all sensitive data when it is stored on disks.