CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

All important information systems should be covered by a system security plan.  For Federal

agencies the completion of system security plans is a requirement of the Office of

Management and Budget (OMB) Circular A 130,  Management of Federal Information

Resources,  Appendix III,  Security of Federal Automated Information Resources,  updated

in 1996, and of Public Law 100 235,  Computer Security Act of 1987.   Other organizations

should strongly consider the completion a system security plan for each of their systems as

well [NIST98].

For Federal agencies,

OMB Circular A 130, Appendix III, does not distinguish between

sensitive and non sensitive systems.  Rather, consistent with the Computer Security

Act of 1987, the Circular recognizes that federal automated information systems have

varied sensitivity and criticality.  All federal systems have some level of sensitivity

and require protection as part of good management practice.

The purposes of system security plans are to [NIST98]:

Provide an overview of the security requirements of the system and describe the

controls in place or planned for meeting those requirements; and

Delineate responsibilities and expected behavior of all individuals who access the

system.

The System Owner

 is generally responsible for ensuring that the security plan is prepared

and for implementing the plan and monitoring its effectiveness.  Security plans should reflect

input from various individuals with responsibilities concerning the system, including

functional  end users,  Information Owners

, the System Administrator, and the System

Security Manager.

In general, an effective system security plan should include the following [NIST98]:

System Identification

   The first section of the system security plan provides basic

identifying information about the system. It contains general descriptive information

regarding who is responsible for the system, the purpose of the system, and the

sensitivity level of the system.

Management Controls

   This section, describes the management control measures

(in place or planned) that are intended to meet the protection requirements of the

information system. Management controls focus on the management of the computer

 The System Owner is responsible for defining the system's operating parameters, authorized functions, and

security requirements.  The information owner for information stored within, processed by, or transmitted by a

system may or may not be the same as the System Owner.  Also, a single system may utilize information from

multiple Information Owners.

 The Information Owner is responsible for establishing the rules for appropriate use and protection of the subject

data/information (rules of behavior).  The Information Owner retains that responsibility even when the

data/information are shared with other organizations.





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.