Fredonia Minimum Security Standards: Servers

A server is defined as a host that provides a network accessible service.

Follow the minimum security standards in the table below to safeguard your servers.

STANDARDS

RECURRING TASK

WHAT TO DO

LOW RISK

MODERATE RISK

HIGH RISK

Patching

✔

Based on National Vulnerability Database (NVD) ratings, apply high severity security patches within seven days of publish and all other security patches within 30 days. Use a supported OS version.

✔

✔

✔

Vulnerability Management

✔

Perform a monthly Vulnerability scans via Enterprise Vulnerability Management System. Remediate severity Critical and High within seven days of discovery and severity Medium vulnerabilities within 90 days.

✔

✔

✔

Inventory

✔

Review and update records quarterly. Maximum of one node per record.

✔

✔

✔

Firewall



Enable host-based firewall in default deny mode and permit the minimum necessary services.

✔

✔

✔

Credentials and Access Control

✔

Review existing accounts and privileges quarterly.

✔

✔

✔

Two-Factor Authentication



Require two-factor authentication for all interactive user and administrator logins. Two-factor will be required for all remote authentications.



✔

✔

Centralized Logging

 

Forward logs to a remote log server. University IT Splunk service recommended.

 

✔

✔

Security Training

✔

Complete annual Secure the Human Training.

 

✔

✔

Malware Protection & Intrusion Detection

✔

Deploy Symantec Endpoint Protection. Review alerts as they are received.



✔

✔

Physical Protection

 

Place system hardware in a data center.

 

✔

✔

Dedicated Admin Workstation



Access administrative accounts only through a Privileged Access Workstation (PAW).





✔

Security, Privacy, and Legal Review



Request a Security, Privacy, and Legal review by the Information Security Officer and implement recommendations prior to deployment.



 ✔

✔

Regulated Data Security Controls



Implement PCI DSS, HIPAA, FISMA, or export controls as applicable per the Information Security Officer.





✔


Search Answers

Related articles