AGENCY IT SECURITY HANDBOOK
TECHNICAL CONTROLS
The Technical Controls Handbook focuses on security controls that the computer system executes. These controls are dependent upon the proper functioning of the system for their effectiveness. The implementation of technical controls, however, always requires significant operational considerations – and should be consistent with the management of security within the Agency.
Version 2
November 2001
TABLE OF CONTENTS
1. TECHNICAL SECURITY 3
1.1. PURPOSE 3
1.2. BACKGROUND 3
1.3. POLICY 3
1.4. RESPONSIBILITIES 9
2. SOFTWARE AND DATA SECURITY 11
2.1. PURPOSE 11
2.2. BACKGROUND 11
2.3. POLICY 11
2.4. RESPONSIBILITIES 15
3. NETWORK AND COMMUNICATION SECURITY 17
3.1. PURPOSE 17
3.2. BACKGROUND 17
3.3. POLICY 17
3.4. RESPONSIBILITIES 25
4. APPENDIX A 26
4.1. ACRONYMS 26
5. APPENDIX B 27
5.1. GLOSSARY 27
6. APPENDIX C 34
6.1. REFERENCES 34
1. TECHNICAL SECURITY
1.1. PURPOSE
1.1.1. This chapter provides policy and guidance to implement technical controls that will reduce the exposure of computer equipment and assist in achieving an optimum level of protection for the Agency information technology (IT) systems.
1.1.2. The policy contained in this chapter covers all the Agency IT resources maintained in-house or in the interest of the Agency. These policies are mandatory on all organizational units, employees, contractors, and others having access to and/or using the IT resources of the Agency.
1.1.3. This policy applies to all automated information systems currently in existence and any new automated technology acquired after the effective date of this policy document.
1.2. BACKGROUND
1.2.1. The issues that will be covered in this chapter under technical security are:
Identification and Authentication
Authorization/ Access Control
Audit Trails
1.2.2. Identification and Authentication are critical building blocks of computer security since they are the basis...