2012 State IT Security Review

Agency: State-wide Report Date: September 28, 2012
Type: IT Security Review LAFRC Date: October 17, 2012
Issued By: ManTech International Corporation Period: May-August 2012

 

 

 

 

 

[pdf] Download Report

 

Executive Summary

During the months of May through August 2012, ManTech performed an external vulnerability assessment, internal vulnerability assessment, and penetration testing of the State of North Dakota’s statewide computer network.

 

Findings

  • Implement Formal Patch Management Program
  • Internal Segregation of Critical Servers and Development Systems
  • Require use of Encrypted Protocols for Remote Management
  • Restrict Access to Protocols for Remote Management from the Internet