1.Information resources, including servers, are provided for the purpose of accomplishing tasks related to the company’s mission. 2.Any server that is connected to the company network must comply with this policy, related policies, established standards and procedures. 3.Specific personnel will be identified for each of the following roles: a)Server Owner CMI, Compas, or CMI/Compas b)Server Administrator c)Security Administrator d)Application Owner (The requester)
4.Infrastructure team must register the server with the CMI/Compas Information Technology Services Division and provide yearly
verification of all necessary information required in the registration process. Changes to server registration information will be promptly reported to the Information Technology Executive Team.
5.Public services will be disabled for any server that does not meet yearly registration requirements. Infrastructure team and server administrators will participate in and/or conduct a yearly risk assessment of the designated servers based on server registration information.
6.The VP, and Director, Information Technology are responsible for the management, operation, and security of the server. Server administration functions may be designated; however, the server owner retains ultimate responsibility for the server. The server
a. b.Designate a server administrator c.Designate a security administrator d.Provide fiscal resources required to maintain server policy compliance
e.Include server management compliance in fiscal planning, business/academic continuity planning,
and personnel resource planning. Ensure proper training for server administrators and security administrators g.Respond to any vulnerability scan notifications from ITS h.Participate in yearly risk assessments i.Ensure that risk mitigation activities identified are resolved within 90 days of risk assessment completion. j.With coordination through ITS, respond to audit requests made by TSUS, state or federal audit agencies. k.Prior to the purchase of any server or services, the server, services owner should contact ITS to evaluate the capabilities required to maintain server compliance and review alternative solutions where applicable. l.ITS will be notified in advance when the purpose, location, management, or disposition of the server changes. 7.TS will conduct routine scans of the company server environment. Vulnerabilities will be communicated to the Information Technology Executive Team and server administrator for resolution. 8.The Server owner must respond with an acknowledgment within 1 days. Vulnerabilities that remain unresolved for 30 or more days are subject to disconnect. Servers that pose an immediate threat to network operations, performance, or security may be disconnected or quarantined until the threat is removed. 9.Incident management procedures will be executed by ITS when appropriate.