Information Technology Policy Manual 2022

Server Secure Configuration Standards City of Greensboro, NC Cyber Security Division

PURPOSE Define secure configuration standards to protect servers from unauthorized access and disclosure of sensitive information. SCOPE The standards apply to all City-owned and leased servers. ROLES AND RESPONSIBILITIES Function Responsibility Information Security Department • Work with technology groups to define the standards. • Communicate the standards • Run vulnerability scans against servers to ensure compliance to the standards IT Systems Administrator • Configure servers according to the defined standards

STANDARDS

1) Change the local Administrator’s account name. 2) Change the number of cashed logons to 2. 3) Enable screen saver lock after 15 minutes of inactivity. 4) Disable the execution of Autorun.ini files. 5) Install SCCM agent and deploy all required security updates. 6) Ensure CrowdStrike is installed on the server. 7) Enable automatic virus scanning of USB flash drives.

8) Assign only required access rights for administrators to access files and folders on servers. 9) Ensure that servers have a warning banner to warn users against unauthorized access. It may be impossible to prosecute malicious users unless they have been notified that they are not permitted to access the server.

10) Disable unneeded ports and services. 11) Disable and remove unused accounts. 12) Restrict access to remotely manage servers.

6 2 | P a g e

Server Secure Configuration Standards

2/21/2022