Skip to main content

Security and data privacy

Government institutions should follow RISA security and data privacy guidelines when deploying database management systems. In particular, the following guidelines should be followed:

Data validation [Mandatory]

When capturing new data in a DBMS, data validation must be used to ensure the DBMS’s stability an...

Functional separation between database servers and web servers [Recommended]

Due to the higher threat environment that web servers are typically exposed to, hosting database ...

Communications between database servers and web servers [Recommended]

Data communicated between database servers and web servers, especially over the internet, is susc...

Network separation [Recommended]

Placing database servers on the same network segment as user workstations can increase the likeli...

Separation of development, testing and production database servers [Mandatory]

Using production database servers for development and testing activities could result in accident...

Security hardening [Mandatory]

The server operating systems that the database is installed upon must be security hardened

Access control [Mandatory]

Implement strict access controls to restrict access to authorized personnel only Access to a D...

Default passwords[Mandatory]

The default passwords for accounts and services such as System Administrator must be changed prio...

DBMS Versions and security updates [Mandatory]

The versions of DBMS used must still be supported by the vendor All installations of a DBMS mu...

Encryption [Mandatory]

Use strong encryption algorithms to protect sensitive data stored on disks, databases, and other ...

Protecting database contents [Mandatory]

Database administrators and database users should know the sensitivity or classification associ...

Monitoring and database events logging [Recommended]

Employ real-time monitoring tools to detect and respond to unauthorized access attempts as they...

Security standards and guidelines [Mandatory]

Ensure compliance to the Minimum Cybersecurity Standards for Public Institutions that are provi...
Back to top