Tuesday, February 2, 2016 -
1:00pm to 2:30pm

Location Details: 

Information Technology Dept.
Room 208V
4201 Normandy Street North
Bismarck, ND 58503

Meeting Agenda:

  • News and Updates
  • Requirements for DPI Waiver
  • New Public Access Standard
  • BitLocker and Management via AD
  • Prioritization of Security Initiatives
  • Final review of Standards
  • Open Discussion

Meeting Recap:

News and Updates
  • Since a recent security update from Microsoft, versions of Internet Explorer older than version 11 are displaying a new tab upon startup that notifies the user that they using an unsupported versions, and provides a link to download ID 11.
  • Surveys will be sent to EA participants for three updated standards, SS002 Remote Access, SS003 Employee Security Awareness, and SS004 Access Control. The results of the surveys will result in a recommendation to the CIO to approve the updates or ask for revisions.
  • ITD will be purchasing licenses to use the existing Remote Support tool that DES purchased as a short term solution and an opportunity to learn more about the features of the tool. An Enterprise scale infrastructure and a billing model are being worked on and there will be a service offering for agencies soon.
Requirements for DPI Waiver
  • The Department of Public Instruction was recently approved for a waiver from the Public On-Line Services User Authentication standard. Conditional upon approval was that EA Security Architecture would provide guidance for user account and password requirements. The group drafted that guidance and will forward it to DPI.
New Public Access standard SS001
  • The Public On-Line Services User Authentication standard has never defined user account and password requirements. With more SaaS solutions today and the possibility that the Public On-Line Services User Authentication standard might be rescinded, there is a need to develop policy to define requirements for public facing applications or applications that cannot use Active Directory. The group began drafting a new standard to address this and further work will be required before a final draft is reached.
BitLocker and Management of AD
  • Several agencies have begun switching to BitLocker for encryption. Some are using AD Backup to manage keys, some are managing them manually, and ITD is using additional tools from Microsoft like MBAM and MDOP.
  • There have been some discrepancies from one agency to the next regarding the steps needed to grant permission to the proper level of system administrator to manage the keys. More testing will need to be done, but it appears to be a solid solution and lower in cost than previously used tools.