Search Results

These guidelines are expected to be strictly adhered to by all government institutions including institutions at central and local government as well as all their affiliated agencies and parastatals. They cover areas including network infrastructure, hardware ...

These ICT Implementation guidelines will be used as best practices for ICT deployment. Regular ICT audits will be conducted periodically by RISA to ensure compliance and enforcement. All institutions should have individual 3 years ICT strategic plans that ...

Number of users in the institution: identify the number of network users both onsite and offsite. Services accessed or offered by the institution: services should be defined andcategorized depending on processes and availability requirements Broadband tech...

Network equipment: network equipment and devices comprising the core network infrastructure to provide connectivity and security features include rack, minimum routers, switches, and access points, as well as a firewall. Network cabling, labeling and physic...

Network performance: redundancy, load balancing, application response time, and quality of service should be controlled and assured. Network maintenance: each institution should elaborate a network maintenanceplan, together with the disaster recovery and bu...

Government institutions are required to host all government data in the National Data Center (NDC) as per the Ministerial instruction in March 2012). However in case of colocation, institutions may rent space for servers and other computing hardware at the Dat...

The following are the minimum requirements that shall guide Government institutions during the acquisition of computers and communication devices for office use or any other administrative purpose. However, the detailed technical specifications are found in th...

The computer network infrastructure at the institutional premises should have main power supply and power backup battery. General specifications are provided in the framework contract that governs the acquisition of the computer devices and related power suppl...

Government institutions are recommended to acquire printing, scanning and copying as services instead of procuring, operating and maintaining printers, scanners and copiers. Institutions’ system administrators should have control usage and ensure access creden...

User devices: institutional devices used by employees should be labeled and recorded. Proper naming should be done, in accordance to advised network set up. They should not be used to illegally process, distribute, or store any data protected by copyright of...

Maintenance plan: All IT equipment should be checked once in every quarter, and maintained according to the elaborated maintenance plan. Maintenance contract with equipment supplier: After the warranty period, there should be agreements with equipment supplie...

Architectural model for e-government applications: all systems should be documented in five viewpoints including the enterprise viewpoint (describe purpose, scope and processes), the information viewpoint (determines the structure and semantics of the system...

Data availability: Data should be available round the clock (24-hour access) to access from different time zones. Data creation: single point of capture, duplication of data capture should be avoided as much as possible. Standardization of shared data: sho...

Password should not be written down on paper; Password should not be sent through email,  Password should not be included in a non-encrypted stored document,  Password should not be revealed over the phone,  Password should not be revealed or hinted on a...

Official Government of Rwanda (GoR) employees as well as administrative visitors of departments must request for a generic user account to facilitate operations and communications. A request must be made to IT departments. Generic accounts created are not to b...

Connection to the local area network (LAN): personal computers that have been out of office shall be automatically updated with the latest antivirus signature file by a server. Computers: users should terminate active sessions or log out of their computers ...

nstall and configure gateway firewall, IPsec and SSL VPN, and wireless; Configure inbound and outbound Access Control List (ACL) to control only required and legitimate traffic only to be allowed to go in and out of the network; Close all the ports and onl...

Access control: should start with IT assets, data, and personnel classification into specific groups, and restrict related access through VLAN. Access management: access to VLANs should be restricted by isolating them from one another and dispatching resour...

Role-based access control: access to network resources should be granted or denied based on job functions. Permissions should be defined based on the level of access needed to perform job functions and related duties. Standard operating procedures: should b...

Strictly use strong passwords with minimum 8 characters comprised of alpha numerical and special characters, as was described in section 6.3; Users should have different passwords for different accounts; All default passwords must be changed upon installat...