Info-Tech's bundle of The Top 50 IT Policies are valuable tools designed to help you bank your most precious asset – time. Their ready-to-use format means that you can download and edit these tools whenever you need them to suit your specific IT and business needs. Let us do the time-consuming work for you – take advantage of our ever-expanding collection of downloadable policies.
Server Configuration Policy This tool outlines the basic characteristics required in the deployment of secured or hardened servers. It can be adopted as-is as the enterprise’s server security configuration policy or be used as a guide towards the creation of a new document. The metrics specified herein are based on industry standard best practices but by no means should be taken as absolute; feel free to customize the listed metrics to better suit the needs of the enterprise. Purpose The purpose of this policy is to define standards, procedures, and restrictions for new servers being installed on [company name]’s internal network(s) or related technology resources via any means. This can include, but is not limited to, the following: Internet servers (FTP servers, Web servers, Mail servers, Proxy servers, etc.). Application servers. Database servers. File servers. Print server. Third-party appliances that manage network resources. This policy also covers any server device outsourced, co-located, or hosted at external/third-party service providers, if that equipment resides in the [company name].com" domain or appears to be owned by [company name]. The overriding goal of this policy is to reduce operating risk. The [company name] Server Configuration Security Policy will: Eliminate configuration errors and reduce server outages. Reduce undocumented server configuration changes that tend to open up security vulnerabilities. Facilitate compliance with the Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley which requires companies to institute IT controls and demonstrate that the controls are working. Protect corporate data, networks, and databases from unauthorized use and/or malicious attack. Therefore, all new server equipment that is owned and/or operated by [company name] must be provisioned and operated in a manner that adheres to company-defined processes for doing so. Page 1
Pages to are hidden for
"Server Configuration Policy"Please download to view full document