{"id":370,"date":"2023-09-29T09:35:01","date_gmt":"2023-09-29T16:35:01","guid":{"rendered":"https:\/\/www.cdcr.ca.gov\/hcdom\/?post_type=dom&#038;p=370"},"modified":"2023-10-30T15:51:30","modified_gmt":"2023-10-30T22:51:30","slug":"5-3-13-server-configuration","status":"publish","type":"dom","link":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-13-server-configuration\/","title":{"rendered":"5.3.13 Server Configuration"},"content":{"rendered":"\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Introduction and Overview<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>This document defines the policy for all servers, physical and virtual, owned or operated by the department.\u00a0 Effective implementation of this policy minimizes the risk of server vulnerabilities that can result in system unavailability, data corruption, unauthorized access, information and resource misuse, and service disruption.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Objectives<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>The objective of this policy is to establish the base configuration of internal server equipment that is owned and operated by the department.\u00a0 Effective implementation of this policy will minimize unauthorized access to department proprietary information and technology.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Scope and Applicability<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The scope of this policy extends to all information assets owned or operated by the department, including critical infrastructure, as well as information assets owned or operated by third-parties on behalf of the department.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>This policy applies to Owners of Information Assets and Information Asset Custodians.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Policy Directives<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The department shall:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Only create server service accounts when necessary.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Use the Principle of Least Privileged to limit user access rights to a minimum.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Not use administrative accounts (e.g., root, administrator, O365 Global) when a non-privileged account will suffice.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Disable\/lock\/delete all accounts except those required to provide necessary services.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Change the default passwords for all accounts and follow password security best practices outlined in Statewide Information Management Manual (SIMM) 5300-A, Org-Defined Standards, (National Institute of Standards and Technology [NIST] IA-5(1)).<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Limit access to administrative accounts to only those who have operational need and have been authorized.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Ensure service accounts are not part of Local Administrators or Domain Administrator accounts.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Authorize and document all administrative (privileged) accounts.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Encrypt all passwords and all sensitive and confidential data while in transit. Passwords shall adhere to State Org-Defined Policy. (See State Administrative Manual [SAM] 5350.1, SIMM 5300-B and NIST, Special Publications [SP] 800-63B, FIPS 140-2).<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Authenticate users over encrypted protocols.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Log all access to the server and services that are protected through access control methods.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Establish and implement controls to ensure that service account functions are authorized using service account credentials only.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Systems Configuration and Maintenance<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Servers shall be patched and hardened before attaching them to the network.\u00a0 Security patches shall be installed on the system not less than monthly. If an intelligence source advises of an imminent threat, patches shall be installed according to documented information technology standards.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Servers shall be physically secured in locations accessible only to authorized personnel.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Only required services shall be enabled or installed on the server. Services that are not required shall be uninstalled or disabled.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Regular back-ups of the server shall be completed according to the back-up and retention policy and tested on a periodic schedule.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Monitoring<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The server shall capture and archive critical user, network, system, and security event logs to enable review of system data for forensic and recovery purposes.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Security-related events shall be reviewed and investigated. Events include, but are not limited to:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Account lockouts<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Failed user account logins<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Evidence of unauthorized access to privileged accounts<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Anomalous occurrences that are not related to specific applications on the server<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Security incidents shall be handled immediately in accordance with SAM and SIMM and reported to the department Information Security Officer (ISO), the data owners or their designees.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Roles and Responsibilities<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Chief Information Officer (CIO) or Designee:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Owns this policy and is responsible for ensuring that all Owners of Information Assets, Information Asset Custodians, and users of department information assets are aware of this policy and acknowledge their individual responsibilities.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Is responsible for ensuring that this policy is reviewed annually, and updated accordingly.\u00a0<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Is required to audit and assess compliance with this policy at least once every 2 years.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department ISO:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall assist Owners of Information Assets and information asset custodians in the identification of data security controls and processes.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall ensure data security controls, methods, and processes meet department and applicable regulatory requirements for security.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall participate in all incidents involving information security.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Owners of Information Assets and Program Management:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>In collaboration with the Information Asset Custodians, shall ensure that this policy is implemented and implementation is reviewed annually and as appropriate.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall audit user access rights and privileges to ensure alignment with individual job roles and functions on an annual or more frequent basis as appropriate.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Department Information Asset Custodians:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall review accounts with privileged access no less than semi-annually and verify that continued privileged access is required.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>In collaboration with Owners of Information Assets, shall ensure the information security control measures are commensurate with the sensitivity or criticality of information assets under their purview.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall assist Owners of Information Assets in identifying data security controls commensurate with the classification of the data.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall document, implement, monitor, and maintain data security protection controls based upon the sensitivity or criticality of the assets.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall develop and implement tools, technologies, processes, and procedures to support, monitor, and maintain data security controls.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Shall maintain data security records.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Enforcement<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Non-compliance with this policy may result in disciplinary or adverse action as set forth in the California Deparmtent of Corrections and Rehabilitation, Department Operations Manual, Chapter 3, Article 22.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The department shall comply with the information security and privacy policies, standards, and procedures issued by the California Department of Technology (CDT), Office of Information Security (OIS). In addition to compliance with the information security and privacy policies, standards, procedures, and filing requirements issued by the OIS, the department shall ensure compliance with all security and privacy laws, regulations, rules, and standards specific to and governing the administration of their programs. Program administrators shall work with their general counsel, ISO, and Privacy Program Officer or Coordinator to identify all security and privacy requirements applicable to their programs and ensure implementation of the requisite controls.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The consequences of negligence and non-compliance with State laws and policies may include department and personal:<\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Loss of delegated authorities.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Negative audit findings.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Monetary penalties.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>Legal actions.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Auditing<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>The department has the right to audit any activities related to the use of State information assets.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p>CDT OIS and the department have the statutory right to audit department readiness to respond and recover from an incident.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Reporting<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>Violations of this policy shall be reported to the department ISO.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Security Variance Process<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>If compliance is not feasible, or if deviation from this policy is necessary to support a business function, the respective manager shall formally request a security variance as defined by the ISO.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Authority<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>This policy complies with the State of California Government Code section 11549.3.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block\">\n\t\t\t\t\t<p><strong>Revisions<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>The CIO or Designee shall ensure that the contents of this article are current and accurate.<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p><strong>References<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Statewide Information Management Manual, Section 5300-B, Foundational Framework<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Statewide Information Management Manual, Section 5305-A, Information Security Program Management Standard<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5305.5, Information Asset Management<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5310.4, Individual Access to Personal Information<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5310.6, Data Retention and Destruction<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5310.7, Security Safeguards<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5340, Information Security Incident Management<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5340.1, Incident Response Training<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5340.2, Incident Response Testing<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5340.3, Incident Handling<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5340.4, Incident Reporting<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5350.1, Encryption<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5365, Physical Security<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5365.1, Access Control for Output Devices<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5365.2, Media Protection<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>State Administrative Manual, Section 5365.3, Media Disposal<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Federal Information Processing Standards, FIPS 199<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>Federal Information Processing Standards, FIPS 140-2<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Access Control, AC-3, AC-4<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Audit and Accountability, AU-2,\u00a0AU-3, AU-13<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Configuration Management, CM-8<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Identification and Authentication, IA-5(1)<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Media Protection, MP-1, MP-2,\u00a0MP-3, MP-4, MP-5, MP-6, MP-7<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Physical and Environmental Protection, PE-5, PE-19, PE-20<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Planning, PL-4<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Program Management, PM-9<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Risk Assessment, RA-2, RA-3<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-53, Security and Communications Protection, SC-4, SC-8, SC-13, SC-17, SC-28<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>National Institute of Standards and Technology, Special Publications 800-63B, Digital Identity Guidelines, Authentication and Lifecycle Management<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Department of Corrections and Rehabilitation, Department Operations Manual, Chapter 3, Article 22<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Department of Corrections and Rehabilitation, Department Operations Manual, Chapter 4, Article 41, Section 48010.5<\/p>\n\t\t\t\t\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-bullet\">\n\t\t\t\t\t<p>California Government Code, Section 11549.3<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p><strong>Revision History<\/strong><\/p>\n\t\t\t\t\n\t<ul class=\"cdcr-dom-group-block\">\n\t\t\n\t<li class=\"cdcr-dom-item-block is-style-no-marker\">\n\t\t\t\t\t<p>Effective: 02\/2022<\/p>\n\t\t\t\t\t<\/li>\n\t\n\t<\/ul>\n\t\n\t<\/li>\n\t\n\t<\/ul>\n\t","protected":false},"parent":228,"template":"","class_list":["post-370","dom","type-dom","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>5.3.13 Server Configuration - Health Care Department Operations Manual (HCDOM)<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"5.3.13 Server Configuration - Health Care Department Operations Manual (HCDOM)\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-13-server-configuration\/\" \/>\n<meta property=\"og:site_name\" content=\"Health Care Department Operations Manual (HCDOM)\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-30T22:51:30+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-5-administrative\\\/article-3-information-technology\\\/5-3-13-server-configuration\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-5-administrative\\\/article-3-information-technology\\\/5-3-13-server-configuration\\\/\",\"name\":\"5.3.13 Server Configuration - Health Care Department Operations Manual (HCDOM)\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#website\"},\"datePublished\":\"2023-09-29T16:35:01+00:00\",\"dateModified\":\"2023-10-30T22:51:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-5-administrative\\\/article-3-information-technology\\\/5-3-13-server-configuration\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-5-administrative\\\/article-3-information-technology\\\/5-3-13-server-configuration\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-5-administrative\\\/article-3-information-technology\\\/5-3-13-server-configuration\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HCDOM\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Chapter 5 &#8211; Administrative\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-5-administrative\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Article 3 \u2013 Information Technology\",\"item\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/dom\\\/chapter-5-administrative\\\/article-3-information-technology\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"5.3.13 Server Configuration\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#website\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\",\"name\":\"Health Care Department Operations Manual\",\"description\":\"CCHCS\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#organization\",\"name\":\"Health Care Department Operations Manual\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/wp-content\\\/uploads\\\/sites\\\/207\\\/2023\\\/08\\\/cropped-cdcr-cchcs-logos-512.png\",\"contentUrl\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/wp-content\\\/uploads\\\/sites\\\/207\\\/2023\\\/08\\\/cropped-cdcr-cchcs-logos-512.png\",\"width\":82,\"height\":82,\"caption\":\"Health Care Department Operations Manual\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cdcr.ca.gov\\\/hcdom\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"5.3.13 Server Configuration - Health Care Department Operations Manual (HCDOM)","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"5.3.13 Server Configuration - Health Care Department Operations Manual (HCDOM)","og_url":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-13-server-configuration\/","og_site_name":"Health Care Department Operations Manual (HCDOM)","article_modified_time":"2023-10-30T22:51:30+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-13-server-configuration\/","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-13-server-configuration\/","name":"5.3.13 Server Configuration - Health Care Department Operations Manual (HCDOM)","isPartOf":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#website"},"datePublished":"2023-09-29T16:35:01+00:00","dateModified":"2023-10-30T22:51:30+00:00","breadcrumb":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-13-server-configuration\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-13-server-configuration\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/5-3-13-server-configuration\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/"},{"@type":"ListItem","position":2,"name":"HCDOM","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/"},{"@type":"ListItem","position":3,"name":"Chapter 5 &#8211; Administrative","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/"},{"@type":"ListItem","position":4,"name":"Article 3 \u2013 Information Technology","item":"https:\/\/www.cdcr.ca.gov\/hcdom\/dom\/chapter-5-administrative\/article-3-information-technology\/"},{"@type":"ListItem","position":5,"name":"5.3.13 Server Configuration"}]},{"@type":"WebSite","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#website","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/","name":"Health Care Department Operations Manual","description":"CCHCS","publisher":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cdcr.ca.gov\/hcdom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#organization","name":"Health Care Department Operations Manual","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#\/schema\/logo\/image\/","url":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-content\/uploads\/sites\/207\/2023\/08\/cropped-cdcr-cchcs-logos-512.png","contentUrl":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-content\/uploads\/sites\/207\/2023\/08\/cropped-cdcr-cchcs-logos-512.png","width":82,"height":82,"caption":"Health Care Department Operations Manual"},"image":{"@id":"https:\/\/www.cdcr.ca.gov\/hcdom\/#\/schema\/logo\/image\/"}}]}},"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Health Care Department Operations Manual (HCDOM)","distributor_original_site_url":"https:\/\/www.cdcr.ca.gov\/hcdom","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom"}],"about":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/types\/dom"}],"version-history":[{"count":2,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/370\/revisions"}],"predecessor-version":[{"id":884,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/370\/revisions\/884"}],"up":[{"embeddable":true,"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/dom\/228"}],"wp:attachment":[{"href":"https:\/\/www.cdcr.ca.gov\/hcdom\/wp-json\/wp\/v2\/media?parent=370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}