IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.87 Installation and configuration of standard
software
Initiation responsibility: Head of IT section
Implementation responsibility: Head of IT Section, Administrator
The approved software is installed on the IT systems intended for it in
accordance with the installation instructions. In addition to the programs to be
installed, the installation instructions also contain configuration parameters
and the set-up of the hardware- and software environment.
Deviations from the installation instructions require the consent of the
Approval Authority.
If the users are to install the software themselves, they must be provided with
installation instructions which enable installation to be carried out
independently. At the very least, pilot installation by a typical user should be
overseen by the IT Department, in order to check the comprehensibility of the
installation instructions.
As standard software is developed for a wide variety of application fields, it
often contains more functions than are required to perform the specialist task.
So that less problems and errors arise when working with the software, only
the functions actually required should be installed. Functions which can lead
to security problems must not be approved.
Both before and after the installation of software, a complete backup should
be made. If there are subsequent problems during installation, the first backup
can be used to recreate a consolidated re-run point. Following successful
installation, a complete backup should be made again, so that if there are
problems later, the situation, following the successful installation of the
product, can be restored.
Successful installation is reported in writing to the office responsible for the
acceptance of actual operation.
As an option, installation can be accompanied by the use of a so-called ”delta
tool” which documents all changes in an IT environment between two
definable points in time. This documentation of changes is particularly helpful
when it comes to the de-installation of software.
When a new product is used, any databases which were produced with a
previous product must be taken over. If it has become apparent from the tests
that difficulties may arise in this respect, help positions must be created for the
user or acceptance of the old databases must be carried out centrally by trained
personnel.
Additional controls:
- Which provisions are in force?
- What provisions exist with respect to possible deviations from the
installation instructions?
- How is the success of an installation reviewed?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000