Public Access Systems

Topics: 

PS-08-028 Public Access Systems

Issue Date: 3/20/2008

Effective Date: 3/20/2008

PURPOSE

The World Wide Web (i.e. the “Web”) also known as the Internet, is one of the most beneficial resources for publishing an organization’s information, interacting with constituents and businesses and establishing an e-commerce/e-government presence. However, if an organization is not rigorous in configuring and operating its public website, it may be vulnerable to a variety of security threats.  Web servers are often the most targeted and attacked hosts on organizations’ networks. As a result, it is essential to secure web servers and the network infrastructure that supports them.

This policy requires each agency to implement security controls on public access, web facing systems.

POLICY

Any agency that deploys and/or maintains web facing public access systems shall provide desired services and functionality with security controls that protect the interests of the users and the confidentiality, integrity, and availability of web servers, applications and data as well as the network infrastructure that supports them.

RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES

Network Security-Information Flow (PS-08-030)

Network Security Controls (PS-08-027)

Network Security - Boundary Protection (SS-08-047)

Network Access and Session Controls (SS-08-048)

Web and E-Commerce Security (SS-08-049)

REFERENCES

NIST SP 800-44 Guide for Securing Public Web Servers

NIST SP 800-96 Guide to Secure Web Services