High Level Server Controls

  1. Are duties between system administrators, developers, and security staff shared or separated?
  2. The system provides a system use notification as users log in saying that only authorized users are allowed and for official use only.
  3. There is a disaster recovery plan for the system.
  4. There is an incident reporting and response policy that applies to the system along with procedures
  5. System security plan.
  6. Is each server limited to one primary service or function?
  7. Is Automatic Session termination after a defined time period provided for?