Logs of user and administrator access to servers and applications must be securely maintained on a remote computer, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (...
Owners/managers of applications dealing with Level 4 information must designate which employees have permission to access the application from outside the Harvard wired network or other Harvard strongly authenticated and encrypted wireless network.
The firewall between the Level 4 server and networks that include user computers must be configured to only permit outbound traffic that is required properly operate the service provided by the Level 4 server
Server operators must take reasonable actions on a regular basis to ensure that their systems are not vulnerable to attack, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g....
Securely overwrite disk drives in servers at a block level or physically destroy when the server is removed from service or disk drives are permanently removed from servers.
Follow instructions posted on the Information Security Website to start the incident reporting process. The University CISO and the OGC will be informed as appropriate of any known or suspected breach of a server containing confidential information. In addition, the University maintains a whistleblowing policy. The policy is intended to encourage all members of the Harvard community to report suspected violations of law or Harvard...
Use software (e.g. Splunk) to periodically review the server and application logs to see if the system is under attack (e.g., many bad password guesses) and that the users are following documented practices (e.g., not logging as root).
User and administrator access to servers and applications must be logged, whether the system is managed directly by Harvard or via contract with a third-party service provider for Harvard's use.
