HP 3000 Manuals HP 3000 Manuals
Appendix A The FOS Security Maintenance Checklist
This checklist is provided to assist FOS security users in reviewing
account and system security.
1. Do all accounts have passwords?
2. Have all default passwords been changed?
3. Are there procedures to ensure quarterly system password
changes?
4. Are passwords changed when employees leave the organization?
5. Do special capability users (PM, SM, OP, AM, NM, and NA) have
user passwords?
6. Are user passwords unique in accounts accessible by more than
one person?
7. Is SM capability restricted to one person per system and AM
capability to one person per account?
8. Do all groups with PM have restricted save access (S=GU)?
9. Are programs protected from unpriviledged users?
10. Is there an updated list of all released files?
11. Is there a logon or NOBREAK UDC at system and account level to
restrict MPE access?
12. Is there NOLIST and NOHELP on data sensitive UDCs?
13. Are embedded passwords removed from all jobstreams?
14. Are system installation files removed?
15. Is there a procedure for positive identification from callers
requesting access to the system?
16. Are there hard copy printouts of console messages?
17. Is the system console and tape drive restricted to operation
personnel only?
18. Is the data center audited quarterly?
19. Are modem ports downed until required?
20. Are System Load Tape and System Backup Tapes protected?