IS3230 Unit 4 Assignment 1 Chris Wigint
IS3230 Unit 4 Assignment 1
Chris Wiginton
ITT Technical Institute, Tampa FL
Instructor: David Marquez
14 April, 2014
Access Control Plan
INTRODUCTION
This Dragon Net Solutions (DNS) Access Control and Account Management Plan details the access control and account management activities for Dragon Net Solutions. It facilitates compliance with the National Institute of Standards and Technology’s (NIST) Recommended Security Controls for Federal Information Systems (NIST 800-53) and the NIST Guide for Accessing the Security Controls in Federal Information Systems (NIST 800-53A). Specifically, the following NIST Access Controls (AC) are addressed:
AC-1 Access Control Policy and Procedures
AC-2 Account Management
AC-3 Access Enforcement
AC-5 Separation of Duties
AC-6 Least Privilege
This Plan also relates to three
Dragon Net Solutions (DNS)
Date: April 14, 2014
SECURITY IMPLEMENTATION
Security implementation responsibilities focus on implementing the access controls and account management processes outlined in this Plan. The following positions are responsible for security implementation:
CTSP/SA
Privileged User
Basic User
ACCESS CONTROL REQUIREMENTS
All access control requirements are commensurate with the user’s duties at a particular incident. For DNS, access control is implemented in accordance with the following principles:
Access Enforcement
Least Privilege
Separation of Duties
ACCESS ENFORCEMENT
Automated Rules of Behavior (ROB) are implemented. There are three different ROBs:
1. Privileged: Users with DB Admin role
2. DNS: Users without DB Admin role who are DNS employees
3. Non-DNS: Users without DB Admin role who are not DNS employees. This includes MAD employees.
Privileged Users will be presented the ROB for Users with Privileged Access to Information Systems. Non-Privileged Users are required to select the appropriate ROB at first login per database prior to receiving access to the application. If a user elects to decline the ROB, access to
Chris Wiginton
ITT Technical Institute, Tampa FL
Instructor: David Marquez
14 April, 2014
Access Control Plan
INTRODUCTION
This Dragon Net Solutions (DNS) Access Control and Account Management Plan details the access control and account management activities for Dragon Net Solutions. It facilitates compliance with the National Institute of Standards and Technology’s (NIST) Recommended Security Controls for Federal Information Systems (NIST 800-53) and the NIST Guide for Accessing the Security Controls in Federal Information Systems (NIST 800-53A). Specifically, the following NIST Access Controls (AC) are addressed:
AC-1 Access Control Policy and Procedures
AC-2 Account Management
AC-3 Access Enforcement
AC-5 Separation of Duties
AC-6 Least Privilege
This Plan also relates to three
Dragon Net Solutions (DNS)
Date: April 14, 2014
SECURITY IMPLEMENTATION
Security implementation responsibilities focus on implementing the access controls and account management processes outlined in this Plan. The following positions are responsible for security implementation:
CTSP/SA
Privileged User
Basic User
ACCESS CONTROL REQUIREMENTS
All access control requirements are commensurate with the user’s duties at a particular incident. For DNS, access control is implemented in accordance with the following principles:
Access Enforcement
Least Privilege
Separation of Duties
ACCESS ENFORCEMENT
Automated Rules of Behavior (ROB) are implemented. There are three different ROBs:
1. Privileged: Users with DB Admin role
2. DNS: Users without DB Admin role who are DNS employees
3. Non-DNS: Users without DB Admin role who are not DNS employees. This includes MAD employees.
Privileged Users will be presented the ROB for Users with Privileged Access to Information Systems. Non-Privileged Users are required to select the appropriate ROB at first login per database prior to receiving access to the application. If a user elects to decline the ROB, access to