Differences

This shows you the differences between two versions of the page.

--- erds:preparing_for_system_audit [2018/11/01 18:12] – brett.zamora
+++ erds:preparing_for_system_audit [2019/01/18 01:00] (current) – administrator
@@ Line 1: / Line 1: @@
 ===== Preparing For A System Audit =====
-CeRTNA ERDS workstations must pass a security audit prior to processing production level transactions through the CeRTNA ERDS platform. Per the California DOJ Baseline Security Requirements, CeRTNA ERDS workstations must be used only for CeRTNA ERDS activity. The follow topics are designed to help you prepare your workstation so that it will meet the CeRTNA ERDS audit requirements.
+CeRTNA ERDS workstations must pass a security audit prior to processing production level transactions through the CeRTNA ERDS platform. An [[guides:workstation_configuration|ERDS & G2G Workstation Setup]] document is available in the secured User Guides section of this Wiki.
+You can contact CeRTNA to obtain a user id and password for accessing the User Guides.
-==== Additional Workstation Preparation ====
+The [[guides:workstation_configuration|ERDS & G2G Workstation Setup]] document contains detailed information about how to prepare your workstation and prepare it to pass the ERDS workstation/system audit.
-In addition to the hardware recommendations outlined in the [[erds:hw_os_reqs|Hardware & OS Requirements]] document, CeRTNA ERDS workstations must also have Anti-Virus/Anti-Malware software installed.
-== Anti-Virus & Anti-Malware Software ==
-For Windows 7 workstations, CeRTNA recommends the installation of Microsoft Security Essentials, however, other software tools are also acceptable, such as Symantec Endpoint Protection. Microsoft Security Essentials can be downloaded for free from the following URL:
-[[https://www.microsoft.com/en-us/download/details.aspx?id=5201]]
-For Windows 10 workstations, Microsoft Security Essentials is built into the operating system in the form of a product named Windows Defender. As with Windows 7 workstations, other products such as Symantec Endpoint Protection are also acceptable.
-== Microsoft Baseline Security Analyzer (MBSA) ==
-The CeRTNA ERDS workstation audit will require a clean Microsoft Baseline Security Analyzer (MBSA) report. The Microsoft Baseline Security Analyzer 2.3 (MBSA) software can be downloaded from the following URL:
-[[https://admin.certna.org/Downloads/MBSA23x64.zip]]
-Once you have downloaded and installed the MBSA software, complete the following tasks:
-  * Rename the Administrator account on the CeRTNA ERDS workstation.
-  * Create individual user accounts (non-admin) for the users that are or will be authorized to use
-  * the CeRTNA ERDS workstation.
-  * Disable the local Guest account.
-  * Ensure the anti-virus/anti-malware software is active.
-  * As an Administrator run the MBSA 2.2 software and clear all issues. (Exceptions)
-Run the Microsoft Baseline Security Analyzer (MBSA) and scan the ERDS workstation. Resolve any items that are flagged on the MBSA scan.
-==== System Audit ====
-During your system audit, you will be asked to perform the following tasks as an Administrator to show that the CeRTNA ERDS workstation meets the workstation security configuration requirements:
-=== Run/review MSBSA 2.3 output. Validate clean report ===
-  * __Record output__
-=== Validate System Properties ===
-Path: Control Panel\System
-  * Windows 10 operating system with 8.00 GB RAM (minimum)
-  * or
-  * Windows 7 (x86 or x64) operating system with 4.0 GB RAM (minimum)
-  * __Record output__
-Path: Control Panel\Administrative Tools\Local Security Policy\Account Policies\Password Policy
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}}
-^ Setting ^ Value ^
-| Enforce password history | 5 |
-| Maximum password age | 30 |
-| Minimum password age | 1 |
-| Minimum password length | 8 |
-| Password must meet complexity requirements | Enabled |
-| Store passwords using reversible encryption | Disabled |
-Path: Control Panel\Administrative Tools\Local Security Policy\Account Policies\Account Lockout Policy
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}}
-^ Setting ^ Value ^
-| Account lockout duration | 60 mins |
-| Account lockout threshold | 3 invalid logon attempts |
-| Reset account lockout counter after | 60 mins |
-Path: Control Panel\Administrative Tools\Local Security Policy\Local Policies\Audit Policy
-  * Select all items for audit of success and failure.
-Path: Control Panel\Administrative Tools\Local Security Policy\Local Policies\Security Options  (s=
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}}
-^ Setting ^ Value ^
-| Accounts:Guest account status | Disabled |
-| Accounts:Rename administrator account | {New Name} |
-| Accounts:Rename administrator account | {New Name} |
-Path (Win10): Control Panel\System and Security\Windows Defender Firewall\Customize Settings  (See note)
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}}
-^ Setting ^ Value ^
-| Private network settings | Turn on Windows Defender Firewall |
-| Public network settings | Turn on Windows Defender Firewall |
-Path (Win7): Control Panel\System and Security\Windows Firewall\Customize Settings  (See note)
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}}
-^ Setting ^ Value ^
-| Private network settings | Turn on Windows Firewall |
-| Public network settings | Turn on Windows Firewall |
-**Note:** CeRTNA does not require any custom firewall rules to be applied. The only requirement is that a local workstation based firewall is enabled with the default settings. Organizations that have a product like Symantec Endpoint Protection will use the Symantec Endpoint Protection firewall, which will disable the Windows Firewall. Regardless of the local firewall that is used, you will need to show the auditor that the firewall for private and public networks is enabled.
-Path (Win10):System\Windows Update
-By default Windows 10 Updates are enabled.
-Verify the Windows Update History to show that the updates are being applied.
-Path (Win7):System\Windows Update
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}}
-^ Setting ^ Value ^
-| Install updates automatically | Selected |
-| Install new updates every day | Selected |
-| Allow all users to install updates on this computer | Selected |
-Control Panel\All Control Panel Items\Power Options\System Settings
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}}
-^ Setting ^ Value ^
-| Require a password on wakeup | Selected |
-Path (Win10):Settings\Lock Screen\Screen saver settings
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}}
-^ Setting ^ Value ^
-| On resume, display logon screen | Enabled |
-=== Microsoft Security Essentials (Win7) or Windows Defender (Win10) ===
-If you are using Windows 7 Security Essentials or Windows 10 Defender, you will need to have your anti-virus and anti-malware settings enabled. If you are using a 3rd party product, such as Symantec Endpoint Protection or AVG Anti-Virus protection, you will need to show the auditor equivalent settings that show that the computer is being protected with anti-virus/anti-malware software, the version information for the software and the virus definition files, the scan frequency, and a history showing the scans are being performed.
-The administration UI for Windows 10 Defender settings is significantly different than the UI for Windows 7 Security Essentials. As such, the configuration and verification of each of these environments must be documented separately to achieve the same end goals as they relate to Virus Protection and Scan Settings.
-=== Windows 10 Defender Settings ===