System Security Worksheet
All campus servers must have a completed System Security Worksheet (SSW). The SSW is a living document of the security posture of campus systems. SSW documents key security procedures, events and configuration of the server as well as the applications and database hosted on it.
- System Administrator drafts SSW
- ISEC meeting with each administrator
- ISEC draft network diagram
- ISEC final meeting to review SSW
- System Administrator maintains SSW/change log
- ISEC annual review
Events that trigger a new or updated SSW
|Trigger Events||System Administrator Action|
|New server purchase or repurpose||Start drafting SSW and contact ISEC to setup a review meeting.|
|Addition/modification/deletion of host firewall on system with SSW||Review new rule set and minimize to only IP/Ports required to meet business needs. Evaluate new rules for risk and recommend/implement controls to mitigate. Forward proposed new rule set to ISEC for approval.|
|Response change on SSW question or area||Update the SSW or document in a change log. Contact ISEC with updated information.|
|Decommission server||Update the SSW and note decommissioned, by whom, and date.|
For more information...
Contact the Information Security Office at ChicoInformationSecurity@csuchico.edu