IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.84 Deciding on and developing the installation
instructions for standard software
Initiation responsibility: Agency/company management
Implementation responsibility: Procurer, Head of Specialist Department ,
Head of IT Section
Following the completion of all tests, the test results must be submitted to the
procurer. The decision in favour of a product must now be made by the
procurer with the involvement of the Head of the Specialist Department and
the Head of IT Sector on the basis of the test results and the price-performance
ratio resulting from them. In this connection, the particular aspect to be set in
relation to the purchase price is the level of performance of the individual
products compared to the Requirements Catalogue. Also, additional functions
of the products which were not listed in the Requirements Catalogue but
which are nevertheless significant to their use, should be taken into account in
reaching the decision.
Drawing up of installation instructions
After a decision is taken in favour of a product, installation instructions must
subsequently be drawn up for the selected product. During testing, the
configuration of the product was so determined to permit secure and efficient
production working. This is the way to guarantee user-friendliness,
correctness and security in the workplace.
In order to guarantee the right configuration of the product in actual operation,
specific parameters must be specified. Some of these must be accompanied by
organisational provisions.
For some features of a product the following section shows, by way of
example, what can be specified in the context of installation instructions.
Example:
User-friendliness:
- Drivers X, Y and Z (screen, printer, mouse, network) must be installed
with the product to create an acceptable working environment for the user
(screen flicker-free, reasonable editing, etc.).
- The settings at which individual functions have the greatest processing
speed must be specified if other criteria such as security are not at variance
with them (the size of the swapping-out files must be fixed at at least 10
MB, the verification option must be activated for data backup, although
verification requires additional time).
Security:
- Security function parameters must be pre-set (e.g. the minimum length of
passwords must be 6 characters, backups must be created each day, logging
must be activated to its full extent, rights of access to personl-related log
files must be arranged only for the data privacy officer, ...).
- If several procedures are being supported which are relevant to security
(e.g. encryption algorithm, hash functions), the ones that must be selected
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000