High Level Server Requirements

  1. Duties between system administrators, developers, and security staff must be separated.
  2. The system must provide a system use notification as users log in saying that only authorized users are allowed and for official use only.
  3. A disaster recovery plan for the system must exist.
  4. An incident reporting and response policy that applies to the system along with procedures must exist.
  5. A system security plan must exist.
  6. Each server must be limited to one primary service or function.
  7. The system provides for Automatic Session termination after an organizationally defined time period.