Server Configuration Policy

Document Sample
Server Configuration Policy Powered By Docstoc
					Server Configuration Policy
This tool outlines the basic characteristics required in the deployment of secured or hardened
servers. It can be adopted as-is as the enterprise’s server security configuration policy or be used
as a guide towards the creation of a new document. The metrics specified herein are based on
industry standard best practices but by no means should be taken as absolute; feel free to
customize the listed metrics to better suit the needs of the enterprise.

Purpose
The purpose of this policy is to define standards, procedures, and restrictions for new servers
being installed on [company name]’s internal network(s) or related technology resources via any
means. This can include, but is not limited to, the following:

       Internet servers (FTP servers, Web servers, Mail servers, Proxy servers, etc.).

       Application servers.

       Database servers.

       File servers.

       Print server.

       Third-party appliances that manage network resources.

This policy also covers any server device outsourced, co-located, or hosted at external/third-party
service providers, if that equipment resides in the [company name].com" domain or appears to be
owned by [company name].

The overriding goal of this policy is to reduce operating risk. The [company name] Server
Configuration Security Policy will:

       Eliminate configuration errors and reduce server outages.
       Reduce undocumented server configuration changes that tend to open up security
        vulnerabilities.
       Facilitate compliance with the Health Insurance Portability and Accountability Act
        (HIPAA) and Sarbanes-Oxley which requires companies to institute IT controls and
        demonstrate that the controls are working.
       Protect corporate data, networks, and databases from unauthorized use and/or malicious
        attack.

Therefore, all new server equipment that is owned and/or operated by [company name] must be
provisioned and operated in a manner that adheres to company-defined processes for doing so.




                                               Page 1

                                     
				
DOCUMENT INFO
Description: A Big Help for Small Firms As the IT manager in a small organization, you don't have time to design the templates and policies you need from scratch. We've compiled the essential tools you need to start your own download toolkit. Info-Tech uses common file formats, like Microsoft Word and Excel, to ensure the highest levels of usability. Simply download the tool, save it to your own drive, and change the contents or fill in the blanks as much as you like.
This document is also part of a package Top IT Tools for Small Businesses 50 Documents Included