Level 3

Use software to review logs

Use software (e.g. Splunk) to periodically review the server and application logs to see if the system is under attack (e.g., many bad password guesses) and that the users are following documented practices (e.g., not logging as root).

Identify user and time of access

User and administrator access to servers and applications must be logged, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use.

Block excessive logins

 Block user from logging in for a period of time after no more than 10 successive invalid login attempts.

Permit only competent operation of servers

 It is important that anyone who performs administrative responsibilities on these systems have sufficient technical knowledge, via experience and/or training, to be able to implement these requirements and recognize when they need to seek help.

Servers must meet the most stringent requirement

Servers storing or processing information belonging to more than one classification must meet the requirements associated with the highest classification. If you aren't able to identify whether or not a server may have HRCI, apply the level 4 controls.

Secure disposal

SB11: Information designated level 3 or 4 must be properly disposed of by securely overwriting the information or physically destroying the media when no longer needed, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS).

Pages