 |
|
 |
| Introduction - SharePoint
Server Physical Access Policy |
SharePoint support staff, security administrators, SharePoint
administrators, and others may have physical SharePoint server access
requirements as part of their job function. The granting, controlling, and
monitoring of the physical access to [SharePoint Portal Owning Organization]
SharePoint servers is extremely important to an overall Communications and
Collaborations security program. |
| Purpose |
The purpose of the [SharePoint Portal Owning Organization] SharePoint
Physical Access Policy is to establish the rules for the granting, control,
monitoring, and removal of physical SharePoint server access to [SharePoint
Portal Owning Organization] facilities where SharePoint servers might reside. |
| Audience |
The [SharePoint Portal Owning Organization] Server Hardening Policy applies
to all individuals that are responsible for the installation of new SharePoint
property, the operations of existing SharePoint property, and individuals
charged with SharePoint security, as well as data owners. |
| SharePoint Server Physical
Access Policy
Policy |
- All physical security systems where SharePoint is going to reside must
comply with applicable all applicable regulations such as, but not limited
to, building codes and fire prevention codes.
- Physical access to all [SharePoint Portal Owning Organization]
SharePoint resources facilities must be documented and managed.
- All [SharePoint Portal Owning Organization] facilities must be
physically protected in proportion to the criticality or importance of their
function at [SharePoint Portal Owning Organization].
- Access to SharePoint server facilities must be granted only to [SharePoint
Portal Owning Organization] support personnel, and contractors, whose job
responsibilities require access to that facility.
- The process for granting card and/or key access to SharePoint server
facilities must include the approval of the person responsible for the
facility.
- Each individual that is granted access rights to a SharePoint server
facility must receive emergency procedures training for the facility and
must sign the appropriate access and non-disclosure agreements.
- Requests for access must come from the applicable [SharePoint Portal
Owning Organization]. data/system owner.
- Access cards and/or keys must not be shared or loaned to others.
- Access cards and/or keys that are no longer required must be returned to
the person responsible for the SharePoint server facility. Cards must not be
reallocated to another individual bypassing the return process.
- Lost or stolen access cards and/or keys must be reported to the person
responsible for the SharePoint server facility.
- All SharePoint server facilities that allow access to visitors will
track visitor access with a sign in/out log.
- Visitors must be escorted in card access controlled areas SharePoint
server facilities.
- The person responsible for the SharePoint server facility must review
access records and visitor logs for the facility on a periodic basis and
investigate any unusual access.
- The person responsible for the SharePoint server facility must review
card and/or key access rights for the facility on a periodic basis and
remove access for individuals that no longer require access.
- Signage for restricted access rooms and locations must be practical, yet
minimal discernible evidence of the importance of the location should be
displayed.
- Card access records and visitor logs for areas SharePoint server
facilities must be kept for routine review based upon the criticality of the
SharePoint and other Information Technology resources being protected.
- The person responsible for the SharePoint server facility must remove
the card and/or key access rights of individuals that change roles within [SharePoint
Portal Owning Organization]. or are separated from their relationship with [SharePoint
Portal Owning Organization].
|
| SharePoint Server Physical
Access
Policy Supporting Information |
- Any and all [SharePoint Portal Owning Organization] SharePoint security
controls must not be bypassed or disabled.
- SharePoint Security awareness by [SharePoint Portal Owning Organization]
personnel must be continually emphasized, reinforced, updated and validated.
- All [SharePoint Portal Owning Organization] SharePoint users are responsible
for managing their use of SharePoint and are accountable for their actions
relating to SharePoint security. Users are also equally responsible for
reporting any suspected or confirmed violations of this policy to the
appropriate management responsible for SharePoint security incident handling.
- User SharePoint account passwords shall be protected by the individual user
from use by, or disclosure to, any other individual or organization. All
security violations shall be reported to respectful SharePoint security incident
handling management.
- Access to, change to, and use of SharePoint Account Managmenet Policy must
be strictly secured. SharePoint information access authority for each user must
be reviewed on a regular basis, as well as each job status change such as: a
transfer, promotion, demotion, or termination of service.
- All SharePoint software programs, SharePoint applications, Web Part /
Application source code, Web Part / Application object code, documentation and
general operational data shall be guarded and protected as if it were [SharePoint
Portal Owning Organization] property.
- On termination of the relationship with the Sharepoint user all security
policies for [SharePoint Portal Owning Organization] apply and remain in force
surviving the terminated relationship.
- [SharePoint Portal Owning Organization] server custodian departments must
provide adequate access controls in order to monitor SharePoint systems to
protect business data and associated programs from misuse in accordance with the
needs defined by owner departments. All SharePoint access must be properly
documented, authorized and controlled, following [SharePoint Portal Owning
Organization] standardized processes.
- [SharePoint Portal Owning Organization] SharePoint implementation(s) and/or
associated equipment used for [SharePoint Portal Owning Organization] SharePoint
implementations that are conducted and managed outside of [SharePoint Portal
Owning Organization] control must meet contractual requirements and be subject
to monitoring by appropriate SharePoint administrators as well as other parties.
|
| Disciplinary Actions |
Violation of this policy may result in disciplinary action which may
include termination for employees and temporaries; a termination of
employment relations in the case of contractors or consultants;
dismissal for interns and volunteers; or suspension or expulsion in the
case of a student. Additionally, individuals are subject to loss of [SharePoint
Portal Owning Organization] SharePoint access privileges, civil, and
criminal prosecution. |
| Compliance / Regulation
Contributed to by this Policy |
- Copyright Act of 1976
- Foreign Corrupt Practices Act of 1977
- Computer Fraud and Abuse Act of 1986
- Computer Security Act of 1987
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
|
|
|
|
Any Templates Provided On This Site Are Provided Without Warranty Or Implication. To Brand The Template(s) Replace The [SharePoint Portal Server Owning Organization] With Your Company Name
|
|
|
| |
|
 |
Site 
Home 
About ARB
Blog 
SharePoint Dev Center 
Security Labs 
Contact
