Public Access Systems (PS-08-028)
PS-08-028 Public Access Systems
Issue Date: 3/20/2008
Effective Date: 3/20/2008
The World Wide Web (i.e. the “Web”) also known as the Internet, is one of the most beneficial resources for publishing an organization’s information, interacting with constituents and businesses and establishing an e-commerce/e-government presence. However, if an organization is not rigorous in configuring and operating its public website, it may be vulnerable to a variety of security threats. Web servers are often the most targeted and attacked hosts on organizations’ networks. As a result, it is essential to secure web servers and the network infrastructure that supports them.
This policy requires each agency to implement security controls on public access, web facing systems.
Any agency that deploys and/or maintains web facing public access systems shall provide desired services and functionality with security controls that protect the interests of the users and the confidentiality, integrity, and availability of web servers, applications and data as well as the network infrastructure that supports them.
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
NIST SP 800-44 Guide for Securing Public Web Servers
NIST SP 800-96 Guide to Secure Web Services