2014 State IT Security Review

Agency: State-wide Report Date: March 14, 2014
Type: IT Security Review LAFRC Date: July 16, 2014
Issued By: ManTech International Corporation Period: November-December 2013

 

 

 

 

 

[pdf] Download Report

 

Executive Summary

During the months of November and December 2013, ManTech performed an external/internal vulnerability assessment of the State of North Dakota’s statewide computer network, an application security assessment of two State web applications, and reviewed the network and physical security of six State agencies. In December 2013 and January 2014, ManTech performed multiple penetration testing scenarios against the State's internal network.

 

Findings

  • Continue to Mature Structured Patch Management Program
  • Internal Segregation of Critical Servers and Development Systems
  • Require use of Encrypted Protocols for Remote Management
  • Restrict Access to Protocols for Remote Management from the Internet
  • Develop a Formal Vulnerability Scanning Program- Non-consolidated IT Services