nd.gov - The Official Portal for North Dakota State Government
North Dakota: Legendary. Follow the trail of legends
Skip to the page contentSearch ITD :
Back to the previous page <Back to the home page <<
Current System Status is at: NORMAL General information about ITDITD Government Job Openings and CareersGeneral contact information for ITD
Find out how our billing process worksDocumented reference material generated by ITD and useful for CoordinatorsYou're not alone, many others have had same question...here are a few answers.
Services provided by ITD
Click to go to Support
Click to go to Software Development
Click to go to Hosting
Click to go to Security
Click to go to Telecommunications
Click to Policy and Planning Home
»SITAC
»Legislation
»Enterprise Planning
»Enterprise Architecture
»Standards and Policies
»Technology Procurement
»Enterprise Project Management
»Large Project Oversight
»Research and Reports
»Links to Other Sites
Click to go to Records Management
Click to go to Educational Technology Council

Policy and Planning

Current Standards

Security

IT Standards and Policies
Current Standards

ITD Standard STD005-98 March 3, 1998

Strategy

Security policies and standards cover the physical and electronic access to information as well as the transmission, storage, and processing of information. Security measures will be taken to prevent unauthorized modification or the destruction of critical information or systems. Implementation of security measures must also protect the confidentiality of the sensitive data from unauthorized access. Risks associated with unauthorized access should be analyzed and balanced against the cost of protecting the information to ensure that business activities are not unduly hindered or unnecessary costs incurred. The owning agency shall identify the security requirements of their information based on legal requirements and agency policy and will authorize access to the data on a need-to-know basis. Maintaining the security of the data is a joint responsibility between Information Technology Department, state agencies, and their customers who access the data.

Policy

  • All computers that share data or are connected to the network shall have current virus protection software implemented if commercially available.
  • Written backup and recovery procedures should exist for all critical agency data. (This is also in the data management standard)
  • Disaster recovery plans shall be required for all mission critical systems. (addressing requirement for data redundancy and alternate processing)
  • The number of conduits through the state system firewall shall be strictly controlled to maintain the integrity/security of the firewall.
  • ITD will provide firewall and dial-up services in order to create a "trusted" state network. (The Network Security Policy, N004-97)
  • ITD shall maintain secure FTP service and WEB servers to reduce conduits through the firewall.
  • All agencies should implement an internal agency security policy to document users' responsibilities for protecting technology resources.
  • Mission critical computer processors and related equipment shall be located in a physically secured environment.
  • The authentication of users on limited access systems and trusted networks shall be required.
  • Login IDs should be assigned on an individual basis. Passwords should not be shared.
  • Confidential data should be encrypted when transmitted.
  • Unauthorized access attempts should be logged and monitored.
  • All network security violations should be reported to ITD.
  • Identify requirements for field, record or application level security and choose products which support the requirements

Standards

RACF (Resource Access Control Facility) - mainframe

RAID technology for redundancy

C2 level security or higher on servers requiring restricted access.

 

Encryption Direction

Migrate From Technology

Current Technology Direction

Emerging Technology

No encryption

DES (Data Encryption Standard)

AES (Advanced Encryption Standard
 

SSL (Secure Socket Layer) RSA-RC4

  
 

PGP (Pretty Good Privacy)

  
 

IPSec (Internet Protocol Security)

  

Authentication Direction

Migrate From Technology

Current Technology Direction

Emerging Technology
 

UserID & password

Biometrics
 

Swipe cards

Digital Signature Certificates

Revision Date
Approved: March 3, 1998
[ About ITD ] [ Find Us ] [ Contact Us ] [ Billing ] [ Publications ] [ FAQ ]

[ Support ] [ Software Development ] [ Hosting ] [ Security ]
[ Telecom ] [ Networking ] [ Policy and Planning ] [ Records Management ]

[ Disclaimer ] [ Privacy Policy ] [ Security Policy ]

[ Back ] [ Home ]
 

Copyright 2008 © All Rights Reserved
North Dakota Information Technology Department
600 East Boulevard Avenue · Bismarck, ND 58505-0100
Phone: 701.328.3190 · Email: itd@nd.gov
 
Will Open a New Window Will open a new window (pop-up)