Browse
Search
Agenda - 06-15-2021; 8-n - USDA Lease of a Portion of the Orange County Bonnie B. Davis Environmental and Agricultural Center
OrangeCountyNC
>
BOCC Archives
>
Agendas
>
Agendas
>
2021
>
Agenda - 06-15-2021 Virtual Business Meeting
>
Agenda - 06-15-2021; 8-n - USDA Lease of a Portion of the Orange County Bonnie B. Davis Environmental and Agricultural Center
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/10/2021 4:40:03 PM
Creation date
6/10/2021 4:14:04 PM
Metadata
Fields
Template:
BOCC
Date
6/15/2021
Meeting Type
Business
Document Type
Agenda
Agenda Item
8-n
Document Relationships
Agenda for June 15, 2021 Board Meeting
(Attachment)
Path:
\BOCC Archives\Agendas\Agendas\2021\Agenda - 06-15-2021 Virtual Business Meeting
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
126
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
124 <br /> b. Safeguard sensitive data and/or login credentials through <br /> the use of strong encryption on devices and applications. <br /> This means using NIST- approved encryption algorithms, <br /> secure protocols (i.e., Transport Layer Security (TLS) 1.1, <br /> TLS 1.2, TLS 1.3) and Federal Information Processing <br /> Standard (FIPS) 140-2 validated modules. <br /> c. Disable unnecessary services in order to protect the system <br /> from unnecessary access and a potential exposure point by <br /> a malicious attacker. Examples include File Transfer <br /> Protocol-FTP (a protocol used for transferring files to a <br /> remote location) and Telnet (allowing a user to issue <br /> commands remotely). Additionally, use of protocols that <br /> transmit data in the clear (such as default Zig Bee) should <br /> be avoided, in favor of protocols that are encrypted. <br /> d. Close unnecessary open ports to secure against <br /> unprivileged access. <br /> e. Monitor and free web applications and supporting servers <br /> of common vulnerabilities in web applications, such as <br /> those identified by the (Open Web Application Security <br /> Project (OWASP) Top 10 Project <br /> (https://www.owasp.org/index.php/Category:OWASP Top <br /> Ten Project). <br /> f. Enforce Least Privilege, where proper permissions are <br /> enforced on a device or application so that a malicious <br /> attacker cannot gain access to all data. Enforcing Least <br /> Privilege will only allow users to access data they are <br /> allowed to see. Additional information can be found at <br /> https://www.beyondtrust.com/blog/what-is-least-privilege/ <br /> g. Protect against Insufficient User Access Auditing, where <br /> device or application does not have a mechanism to <br /> log/track activity by user. Enforce changing of factory <br /> default Username and Password to prevent unauthorized <br /> entry into the BACS system. <br /> h. Use updated antivirus software subscription at all times. <br /> Kaspersky-branded products or services, prohibited from <br /> use by the Federal Government, are not to be utilized. <br /> i. Conduct antivirus and spyware scans on a regular basis. <br /> Patching for workstations and server Operating System <br /> (OS), as well as vulnerability patching should follow <br /> standard industry best practices for software development <br /> life cycle (SDLC). <br /> j. Discontinue the use of end of life (EOL) systems and use <br /> only applications/systems that are supported by the <br /> manufacturer. <br /> k. Operating Systems must be supported by the vendor for <br /> security updates (e.g., do not use Windows Server 2003). <br /> I. Proposed standard installation, operation, maintenance, <br /> updates, and/or patching of software shall not alter the <br /> configuration settings from the approved United States <br /> Government Configuration Baseline (USGCB) or tenant <br /> agency uidance if applicable). <br /> PAGE 7 LESSOR: GOVERNMENT: FPAC V11.13.2020 <br />
The URL can be used to link to this page
Your browser does not support the video tag.