Issue/Question
What is the USD security policy for Network Infrastructure Management
Environment
Cause
Protect against cybersecurity threats, establish cybersecurity norms, enhance cybersecurity maturity
Resolution
Network Infrastructure Management
Policy Statement: The University acknowledges the critical role of network infrastructure in supporting its operations and information systems. This policy outlines guidelines for the management and maintenance of network infrastructure to ensure its availability, reliability, and security.
Policy Implementation:
-
Network Design and Architecture:
- The University will maintain an up-to-date network design and architecture documentation that outlines the layout, configuration, and interconnections of network components.
- Network architecture will be periodically reviewed and updated to accommodate changes in organizational requirements, technological advancements, and emerging security threats.
- Dedicated computing resources will be established for all administrative work on the network.
-
Configuration Management:
- Configuration management procedures will be implemented to standardize and document the configuration settings of network devices, including routers, switches, firewalls, and wireless access points.
- Changes to network configurations will be performed following a formal change management process, including documentation, review, approval, and testing.
- Secure and modern protocols will be used in the management of network infrastructure and services.
- Centralized network authentication, authorization, and auditing will be put in place.
-
Network Segmentation:
- The University will implement network segmentation to segregate sensitive systems and data from less-trusted areas of the network, reducing the risk of lateral movement by attackers.
- Segmentation controls will be enforced through network firewalls, VLANs, access control lists (ACLs), and other network segmentation techniques.
-
Network Monitoring and Logging:
- Continuous network monitoring tools will be deployed to detect and alert on suspicious network activities, anomalies, and security incidents.
- Network devices will be configured to generate logs of network traffic, system events, and security-related activities for analysis, incident response, and forensic investigations.
-
Patch and Vulnerability Management:
- The University will implement patch and vulnerability management processes to ensure that network devices are kept up-to-date with the latest security patches and firmware updates.
- Vulnerability scans and assessments will be conducted regularly to identify and remediate security vulnerabilities in network infrastructure components.
Compliance and Enforcement: All members of the University community are responsible for adhering to this policy and actively participating in network infrastructure management activities.
Policy Review: This policy will be reviewed annually to ensure alignment with emerging threats, changes in technology, and regulatory requirements. Updates will be made as necessary to maintain the effectiveness and relevance of network infrastructure management practices.
This policy provides a comprehensive framework for implementing CIS Control 12 within the University environment, focusing on managing and maintaining network infrastructure within the University environment, and ensuring the availability, reliability, and security of network resources and services.
Please contact the Service Desk if you need further assistance