ANTI-VIRUS POLICY OCIO-6006-09 TABLE OF CONTENTS



Similar documents
REMOTE ACCESS POLICY OCIO TABLE OF CONTENTS

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

IT SECURITY EDUCATION AWARENESS TRAINING POLICY OCIO TABLE OF CONTENTS

PASSWORD MANAGEMENT POLICY OCIO TABLE OF CONTENTS

Anti-Virus Policy. Computing and Networking Services (CNS).

NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO TABLE OF CONTENTS

(Self-Study) Identify How to Protect Your Network Against Viruses

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

Malicious Software. Ola Flygt Växjö University, Sweden Viruses and Related Threats

CIT End User Device Policy

Version: 2.0. Effective From: 28/11/2014

Online Security Awareness - UAE Exchange - Foreign Exchange Send Money UAE Exchange

Information Security Policy. Policy and Procedures

NC DPH: Computer Security Basic Awareness Training

System Security Policy Management: Advanced Audit Tasks

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

Data Management Policies. Sage ERP Online

Computer Viruses: How to Avoid Infection

Information Security Policy

N-CAP Users Guide. Everything You Need to Know About Using the Internet! How Worms Spread via (and How to Avoid That)

ANTIVIRUS BEST PRACTICES

Appendix H: End User Rules of Behavior

1. Threat Types Express familiarity with different threat types such as Virus, Malware, Trojan, Spyware, and Downloaders.

HIPAA Security Training Manual

U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment

SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE

Information Technology Acceptable Use Policies and Procedures

PC Security and Maintenance

How To Understand What A Virus Is And How To Protect Yourself From A Virus

UNITED STATES PATENT AND TRADEMARK OFFICE. AGENCY ADMINISTRATIVE ORDER Agency Administrative Order Series. Secure Baseline Attachment

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

PHI- Protected Health Information

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

How To Monitor The Internet In Idaho

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

Computer Security Maintenance Information and Self-Check Activities

Policy Title: HIPAA Security Awareness and Training

University of Cincinnati HIPAA Administrative, Physical and Technical Safeguards

Infocomm Sec rity is incomplete without U Be aware,

Cyber Self Assessment

Enterprise K12 Network Security Policy

2. From a control perspective, the PRIMARY objective of classifying information assets is to:


U.S. Department of the Interior's Federal Information Systems Security Awareness Online Course

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

USM IT Security Council Guide for Security Event Logging. Version 1.1

13. Acceptable Use Policy

Terms in this document are defined in the SOA policy ISP-002 Information Security Glossary.

Network and Workstation Acceptable Use Policy

CITY OF BOULDER *** POLICIES AND PROCEDURES

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Information Resource Management Directive USAP Software Management and Protection

Supplier IT Security Guide

Responsible Access and Use of Information Technology Resources and Services Policy

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Information Security Plan effective March 1, 2010

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Subject: Computers & Electronic Records. Responsible Party: Part C Coordinator

Network Incident Report

Procedure Manual. Number: A6Hx2-8.01a. Title: College Network and Software Usage by Employees. Policy Number: 6Hx of 21

Guidance for recipients of an encrypted NHSmail

Information Security Policy

Section 12 MUST BE COMPLETED BY: 4/22

Best Practices for DanPac Express Cyber Security

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

All Users of DCRI Computing Equipment and Network Resources

Countering and reducing ICT security risks 1. Physical and environmental risks

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Cyber Security Awareness

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

NETWORK AND INTERNET SECURITY POLICY STATEMENT

Hardware and Software Security

ViRobot Desktop 5.5. User s Guide

How To Audit The Mint'S Information Technology

Transcription:

OCIO-6006-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: Section I. Purpose II. Authority III. Scope IV. Definitions V. Policy VI. Roles and Responsibilities VII. Exceptions VIII. References OFFICE OF THE CHIEF INFORMATION OFFICER ANTI-VIRUS POLICY OCIO-6006-09 TABLE OF CONTENTS Anti-Virus Policy Version 2.1.1 1

I. PURPOSE This policy establishes the uniform policy within the United States Patent and Trademark Office (USPTO) for anti-virus protection for all automated information systems (AISs). It establishes minimum practices for anti-virus protection to prevent potential damage to USPTO AISs and data resulting from malicious code, trojans, worms, or other forms of viruses that might impact the confidentiality, integrity, or availability of those AISs and their associated data. The USPTO anti-virus policy is based on authoritative guidance and best practices for anti-virus protection. It presents general anti-virus protection requirements that apply to all USPTO AISs, and represents the minimum standards and configurations to be used by all USPTO employees and contractor employees. II. AUTHORITY This policy is issued pursuant to: The Federal Information Security Management Act of 2002 (FISMA) IT Security Policy Management Policy III. SCOPE The provisions of this policy apply to all USPTO employees and contractor employees using, operating, or remotely connecting to USPTO AISs and to contractor employees providing telecommunications and information system services to the USPTO. It applies to all USPTO personnel (Federal and contractor) and all USPTO AISs or resources, independent of the size of the computer, network, device, or information system. For example, it applies to desktops, government issued laptops, personally or contractor owned laptops, servers, or other media that provides file or data storage. This policy also applies to those AISs operated and used by contractor employees, guest researchers, collaborators, and other Federal agencies to carry out the USPTO mission, whether or not the information systems are owned, leased, or are located on Government property. It also applies to those information systems operated and used by contractor employees, guest researchers, collaborators, and other Federal agencies to carry out the USPTO mission, whether or not they are owned or leased by the Government or located on Government property. IV. DEFINITIONS Anti-virus protection: Antivirus (or "anti-virus") software is a class of program that searches hard drives, floppy disks, RAM, CD-ROM, or other memory location for known or potential viruses. Most anti-virus products attempt to remove the virus, or otherwise render it useless, and restore the system to normal operation when feasible. Malicious code: Harmful code that may be part of virus, worm, or Trojan. Anti-Virus Policy Version 2.1.1 2

Management controls: Controls that address management of the security aspects of the information system and the management of risk for the information system. Management controls include risk management, review of security controls, information system life cycle controls, processing authorization controls, and information system security plan controls. Operational controls: Controls that address security mechanisms primarily implemented and executed by people (as opposed to information systems) acting in compliance with policy. Technical controls: Technical Controls consist of hardware and software controls used to provide automated protection to the information systems. Technical Controls operate within the information systems. Trojan: A trojan is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can compromise the confidentiality, integrity or availability of a given information system. A trojan may be designed to install a keylogger on a user workstation or open up a backdoor. In one celebrated case, a trojan was a program that was supposed to find and destroy computer viruses. Virus: A virus is a piece of programming code that masquerades as something else, which causes some unexpected and usually undesirable event. A virus is often designed so that it is automatically spread to other computer users. Viruses can be transmitted as attachments to an e- mail, as downloads, or be present on a diskette, CD, or flash drive. The source of the e-mail, downloaded file, or diskette you have received is often unaware of the virus. Some viruses work immediately; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are playful in intent and effect but some can be quite harmful, erasing data or causing your hard disk to require reformatting. Worm: A worm is a self-replicating computer program that does not necessarily require user intervention to function as intended. A worm duplicates itself across computer networks. Worms use parts of an operating system that are usually transparent to the user. It is common for worms to be noticed only when their uncontrolled replication consumes information system resources, slowing, halting other tasks, or eventually locking-up a given information system or user workstation. Flash Drive: Flash drives (also known as thumb drives ) are small, lightweight, removable and rewritable storage devices. Flash drives are activated by being connected to a computer system's USB interface. Their name is derived from the use of non-volatile flash memory. V. POLICY E-Mail Anti-Virus Security The following minimum standards apply to all USPTO AISs regardless of operating system and/or software application type or version. All USPTO employees and contractors are reminded that there is no expectation of privacy within USPTO employee e-mail accounts. Anti-Virus Policy Version 2.1.1 3

General Server and Workstation Security All servers and workstations, regardless of physical location, shall implement real-time anti-virus scanning protection. Workstation file access from portable storage such as flash drives (also known as thumb drives ) or CD-ROM shall receive real-time anti-virus scanning. Configure e-mail servers to only allow relaying of messages from authorized hosts only. Configure e-mail servers to block attachments that could transmit malicious code. Table 1-1 contains a list of file extensions that shall be blocked. Configure e-mail servers to block encrypted attachments. Encrypted attachments are those that are usually password-protected and, therefore, cannot be scanned prior to transmitting on to intended recipient. Configure user workstations to automatically scan all attachments, including encrypted attachments. This configuration shall be set and locked by the Windows System Support Section. Users are instructed NOT to change this configuration, so as to maximize the security of workstations from mal-ware. USPTO users should save attachments to their hard drive, and then scan the attachment using the anti-virus program installed on the desktop. TABLE 1-1. Recommended List of Blocked File Extensions Types File Extension Description File Extension Description BAT Batch File PDF (Password encrypted only) Portable Document Format, Adobe CMD Windows NT Command Script REG Registration Entries COM MS-DOS Application SCR Screen Saver EXE Application VB* Any VBScript File, including encoded and script files PIF Shortcut to MS DOS Program ZIP (Password encrypted only) Zip File Anti-Virus Signatures Anti-virus signatures must be updated automatically on USPTO workstations and servers when notified of signature availability by the manufacturer, US-CERT or the USPTO CIRT. Personally-owned equipment used for remote access to USPTO systems shall be configured to receive anti-virus signature updates automatically for the respective anti-virus package. Anti-Virus Policy Version 2.1.1 4

Encrypted Attachments Encrypted attachments, those files that are usually zipped and require a password to open, cannot be scanned for malicious code. Therefore, encrypted files shall be blocked. If a USPTO employee or contractor must receive encrypted files via e-mail, the intended recipient shall contact the USPTO Help Desk and inform the support technician that an encrypted attachment is expected. The recipient shall provide their e-mail address and the sender s e-mail address. The Help Desk shall notify the [email group name], requesting that the expected e-mail be transmitted to the recipient. To minimize potential malware from infecting the recipient s workstation, the recipient shall save the encrypted file to their desktop (recipient will be prompted for the password) and scan the file with the desktop anti-virus application prior to opening the file. VI. ROLES AND RESPONSIBILITIES Remote users and contractors should consult the Remote Access Policy for the application of these mandatory requirements. Implement and actively maintain real-time anti-virus protection on e-mail clients residing on workstations, laptops and on personally-owned or contractor owned equipment used for remote access, including WebMail, to USPTO information systems. The anti-virus software shall be configured to automatically scan both incoming and outgoing email and attachments. Privileged accounts with system administrative rights (e.g., Unix superuser, etc.) should not be used for e-mail. E-mail should only be accessed and sent using nonprivileged (regular PTONet) accounts. USPTO end users, contractors, and system administrators: Must report occurrences of malicious code attacks to the USPTO Help Desk or by e- mail (do not send from the infected machine) using the Help Desk 9000 e-mail address in the Microsoft Outlook Global Address List (you may also use the helpdesk@uspto.gov e-mail addresses from within USPTO or from remote locations). Must contact the Help Desk if they get a warning that their virus pattern file is out of date. Should observe the following to minimize chance of information system infection: a. NEVER open any files or macros attached to an e-mail from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then empty your Trash or recycle bin to completely remove them from your system. b. Delete spam, chain, and other junk e-mail without forwarding. c. Never download files from unknown or suspicious sources. Anti-Virus Policy Version 2.1.1 5

d. Always scan a floppy diskette, flash drive, or CD-ROM from an unknown source for viruses before using it. The USPTO CIRT 1 shall consider as reportable to US CERT all instances of viruses, Trojan horses, worms or other malicious code that either: Infect one or more hosts at USPTO and cause significant impact on programmatic mission, or Have not been seen before. Malicious code detected and blocked by commercial e-mail proxies or similar mechanisms shall not be reported to US-CERT unless they appear to be significant or unusually persistent. It is the responsibility of all employees and contractor employees to adhere to this policy and to refrain from any activity that might circumvent this policy. Remote users should additionally be aware of and observe the requirements of the Remote Access Policy. It is the responsibility of OCIO system administrators to ensure technical controls and/or operational procedures are in place to identify, prevent, correct, and report violations of this policy. Each USPTO System Owner shall implement the mandatory practices of this policy that are not covered by an approved waiver. The ITSMG shall maintain and update the policy as required and at least annually, review waivers for approval or denial as required, and monitor compliance through the conduct of annual compliance reviews. System Owners, Information System Security Officers (ISSOs), and the USPTO Compliance Officer shall be responsible for the monitoring of AIS user compliance with this policy as part of the periodic IT security self-assessment program or AIS assessments, and maintain approved waivers as part of the documentation for appropriate system security plan(s). VII. EXCEPTIONS Additional exceptions to this policy shall be determined on a case-by-case basis using the waiver process as defined in the USPTO IT Security Handbook. VIII. REFERENCES Department of Commerce (DOC) Minimum Implementation Standards, June 2005 USPTO Remote Access Policy Rules of the Road, Rules 11 and 12 National Institute of Standards and Technology (NIST) Special Publication 800-40, Procedures for Handling Security Patches, November 2005 1 Refer to the USPTO IT Security Handbook for the general incident response policy. Anti-Virus Policy Version 2.1.1 6

NIST Special Publication 800-44, Guidelines on Securing Public Web Servers, February 2007 NIST Special Publication 800-45, Guidelinesfor Electronic Mail Security, February 2007 SANS Institute, Guidelines on the Anti-Virus Process, Feb. 26,2003. ISSUED BY: chief 1nP$, rmkron Officer United States Patent and Trademark Office OFFICE OF PRIMARY INTEREST: IT Security Management Group Anti-Virus Policy Versio~~ 2.1.1 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information