Public Access Systems (PS-08-028)
Topics:
PS-08-028 Public Access Systems
Issue Date: 3/20/2008
Effective Date: 3/20/2008
Review Date:12/1/2023
PURPOSE
The World Wide Web (i.e. the “Web”) also known as the Internet, is one of the most beneficial resources for publishing an organization’s information, interacting with constituents and businesses and establishing an e-commerce/e-government presence. However, if an organization is not rigorous in configuring and operating its public website, it may be vulnerable to a variety of security threats. Web servers are often the most targeted and attacked hosts on organizations’ networks. As a result, it is essential to secure web servers and the network infrastructure that supports them.
SCOPE and AUTHORITY
O.C.G.A 50-25-4(a)(10) – State Government, Georgia Technology, General Powers
O.C.G.A 50-25-4(a)(21) - State Government, Georgia Technology, General Powers
PM-04-001 – Information Technology Policies, Standards and Guidelines
PS-08-005 – Enterprise Information Security Charter
POLICY
Any agency that deploys and/or maintains web-facing public access systems shall provide desired services and functionality with security controls that protect the interests of the users and the confidentiality, integrity, and availability of web servers, applications and data as well as the network infrastructure that supports them.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Network Security-Information Flow (PS-08-030)
Network Security Controls (PS-08-027)
Network Security - Boundary Protection (SS-08-047)
Network Access and Session Controls (SS-08-048)
Web and E-Commerce Security (SS-08-049)
REFERENCES
NIST SP 800-44 Guide for Securing Public Web Servers
NIST SP 800-95 Guide to Secure Web Services