ACP 122 (F) - Multilateral Planners Conference
ACP 122 (F) - Multilateral Planners Conference
ACP 122 (F) - Multilateral Planners Conference
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
UNCLASSIFIED<br />
<strong>ACP</strong> <strong>122</strong>(F)<br />
b. Dial-In/Out Accounts. Users should be briefed on the security problems inherent<br />
in providing dial-in access. Such connections should be used only on a strictly<br />
mission-critical basis and when no other type of connections are available,<br />
c. Privileged Accounts. Access to privileged user accounts should be monitored,<br />
and only used when needed; unless the privileges are needed all the time, the user<br />
should be encouraged to have a 2 nd , standard account for routine use,<br />
d. Operating System Software Configuration. Users shall not modify the<br />
operating system software configuration without the consent of the ISSO or the<br />
Information Systems (IS) Manager,<br />
e. Detection and Surveillance - Audit Records. All security relevant-events, as<br />
defined by national policy, shall be recorded in audit records,<br />
f. Remote Diagnostics. Remote diagnostics should not normally be provided for<br />
Classified CIS,<br />
g. Malicious Software. A malicious software strategy shall be maintained. All data<br />
shall be checked on export. The requirements for handling malicious software, as<br />
laid down at Chapter 14, should be known by all users,<br />
h. Import of Information. The import of all information into an IT system from any<br />
source, either by media or a network connection to an external system, is to be<br />
approved in accordance with operating procedures. It is also to be legally acquired<br />
and used in accordance with the licence agreement,<br />
i. Handling and Marking of Electronic Storage Media. All types of removable<br />
electronic storage media are to be labelled, handled, accounted for, de-classified or<br />
re-classified, and disposed of, in accordance with their security classification,<br />
j. On-site Maintenance of Classified Hardware and Media. If classified assets of<br />
a Defence information system are maintained on-site, the maintainer is to either<br />
hold a security authorisation and/or clearance at the appropriate level, or be<br />
escorted by someone who is authorised and/or cleared, and<br />
k. Off-Site Repair of Classified Hardware and Media. If classified assets of an<br />
information system are repaired off-site, the removal and repair of the media is to<br />
be in accordance with (i) above.<br />
11-2 Original<br />
UNCLASSIFIED<br />
(Reverse Blank)