| 1 The project management shall ensure that an effective network device program shall be developed for the network control devices (e.g., firewalls, routers, switches) in accordance with DOD policy and organization specific guidelines. The program must include, but are not limited to, the following information: |
· Roles and responsibilities for personnel involved in installing, operating, and managing the network control devices
· Instructions for restart and recovery procedures in accordance with DISA STIGs and vendor system administration guides related to firewalls, routers, and switches
· Restrictions on source code access, system utility access, and system documentation in accordance with DISA STIGs and vendor security administration guides
· Protection from deletion of system and application file through proper file permissions in accordance with DISA STIGs and vendor security administration guides;
· A structured process for the implementation of directed solutions (e.g., IAVA).
2. The network administrator shall configure the network control devices in accordance with DISA STIGs and NSA security guides to prevent unauthorized access to the network control devices.
3. The network administrator shall enable the auditing capabilities of individual network control devices so that access to the devices is monitored and recorded in audit trails.
4. If feasible, the project management shall ensure that network-based IDSs are implemented to detect security events occurred to the network control devices. (refer to ECID-1)
5. The network administrator shall test changes and updates made to the network control devices periodically to ensure their integrity in accordance with the system Configuration Management Plan.