Fileserver(s) Location(s) _____________________________________________________
| PHYSICAL SECURITY | YES | NO | |
| Are the individual machine's keys securely stored? | |||
| Does the server console have an active password for access? | |||
| Is the fileserver contained in a locked room/repository? | |||
| Is the fileserver protected against inadvertent/ advertent tampering by unauthorized personnel? | |||
| Is the fileserver under visual access? | |||
| BANYAN VINES GENERAL CONFIGURATION | |||
| Maximum password age: expire in 12 weeks? | |||
| Minimum password length: at least 6 characters? | |||
| Force password change on expiration?YES | |||
| Users are prevented from editing their own login profile? YES | |||
| Users are able to change their own password? YES | |||
| The maximum number of stations that a user may be logged into at any given time is 1? YES | |||
| Group membership is consistent with need-to-know? | |||
| GUEST/Default accounts have been disabled/removed? | |||
| Auditing Enabled for Logon/Logoff (Success and Failure) | |||
| Individual user security settings default to GROUP? YES | |||
| A written justification exists for any user not adhering to group level security? YES | |||
| For non-user ID's (such as Sample Profiles, PC Print logins, etc.), the Disable Mailbox setting is set to YES? | |||
| A written justification exists for any user ID not adhering to the setting identified in this checklist? | |||
| User login confined to specific days and times? | |||
| Users forcibly logged out after authorized hours? | |||
| Users confined to specific workstations | |||
| User login levels appropriate to the user? | |||
| Are the members of the AdminList Mission System Administrators or individuals with "need to know", or allowed admin access? | |||
| AdminList does not appear as an item in the server level AdminList? | |||
| Modems are turned off when not in use? | |||
| Dial-in access list created for each server (if applicable)? | |||
| Modems with dial-in access are not attached to workstations connected to the LAN. | |||
| Dial-in modem connections are mediated through the use of a firewall. | |||
| Default passwords for remote software removed/changed? | |||
INTERNETWORK ACCESS |
|||
| Console password distribution is limited on a "need to know" basis? | |||
| Internetwork Access Lists have been established, with levels of access defined? | |||
NETPRO REPORT STANDARDS | |||
| The "USERSEC.REP" report is run every week and all user security settings verified? | |||
| The "MAILOLD.REP" report is run every two weeks and all invalid ST names removed? | |||
| The "SERVERS.REP" report is run monthly and the information provided verified? | |||
LOGGING/AUDIT TRAIL | |||
| StreetTalk and User Access reports generated? | |||
| Log reports printed weekly? | |||
| Log reports archived and retained for 6 months? | |||
ATTRIBUTES | |||
| Sharing attribute is OFF? | |||
PRINTERS | |||
| AdminList of the print server is restricted? | |||
ACCESS RIGHTS LIST STANDARDS |
|||
| The rights assignments for Program file services are configured properly? | The rights assignments for Users file services are configured properly? | ||
| The rights assignments for Users file services are configured properly? | |||
| System Administrator Signature:_______________________________________ | Date: | ______ | |