| PHYSICAL SECURITY | YES | NO |
| Are the individual machine's keys securely stored? | | |
| Does the server console have an active password for access? | |
|
| Is the fileserver contained in a locked room/repository? | | |
| Is the fileserver protected against inadvertent/ advertent tampering by unauthorized personnel? | | |
| Is the fileserver under visual access? | | |
| BANYAN VINES GENERAL CONFIGURATION | | |
| Maximum password age: expire in 12 weeks? |
| |
| Minimum password length: at least 6 characters? | | |
| Force password change on expiration?YES | | |
| Users are prevented from editing their own login profile? YES |
| |
| Users are able to change their own password? YES | | |
| The maximum number of stations that a user may be logged into at any given time is 1? YES | | |
| Group membership is consistent with need-to-know? | | |
| GUEST/Default accounts have been disabled/removed? | | |
| Auditing Enabled for Logon/Logoff (Success and Failure) | | |
| Individual user security settings default to GROUP? YES | | |
| A written justification exists for any user not adhering to group level security? YES | | |
| For non-user ID's (such as Sample Profiles, PC Print logins, etc.), the Disable Mailbox setting is set to YES? | | |
| A written justification exists for any user ID not adhering to the setting identified in this checklist? | | |
| User login confined to specific days and times? | | |
| Users forcibly logged out after authorized hours? | | |
| Users confined to specific workstations | | |
| User login levels appropriate to the user? | | |
| Are the members of the AdminList Mission System Administrators or individuals with "need to know", or allowed admin access? | | |
| AdminList does not appear as an item in the server level AdminList? | | |
| |
| REMOTE ACCESS CONFIGURATION |
| Modems are turned off when not in use? | | |
| Dial-in access list created for each server (if applicable)? | | |
| Modems with dial-in access are not attached to workstations connected to the LAN. | | |
| Dial-in modem connections are mediated through the use of a firewall. | | |
| Default passwords for remote software removed/changed? | | |
INTERNETWORK ACCESS |
| |
| Console password distribution is limited on a "need to know" basis? | | |
| Internetwork Access Lists have been established, with levels of access defined? | | |
NETPRO REPORT STANDARDS | | |
| The "USERSEC.REP" report is run every week and all user security settings verified? | | |
| The "MAILOLD.REP" report is run every two weeks and all invalid ST names removed? | | |
| The "SERVERS.REP" report is run monthly and the information provided verified? | | |
| |
LOGGING/AUDIT TRAIL | | |
| StreetTalk and User Access reports generated? | | |
| Log reports printed weekly? | | |
| Log reports archived and retained for 6 months? | | |
ATTRIBUTES | | |
| Sharing attribute is OFF? | | |
PRINTERS | | |
| AdminList of the print server is restricted? | | |
ACCESS RIGHTS LIST STANDARDS |
| | |
| The rights assignments for Program file services are configured properly? | | |
The rights assignments for Users file services are configured properly? | | |
| The rights assignments for Users file services are configured properly? | | |
| System Administrator Signature:_______________________________________
| Date: | ______ |
| | | |
