Search Results

Password should not be written down on paper; Password should not be sent through email,  Password should not be included in a non-encrypted stored document,  Password should not be revealed over the phone,  Password should not be revealed or hinted on a...

Official Government of Rwanda (GoR) employees as well as administrative visitors of departments must request for a generic user account to facilitate operations and communications. A request must be made to IT departments. Generic accounts created are not to b...

Connection to the local area network (LAN): personal computers that have been out of office shall be automatically updated with the latest antivirus signature file by a server. Computers: users should terminate active sessions or log out of their computers ...

nstall and configure gateway firewall, IPsec and SSL VPN, and wireless; Configure inbound and outbound Access Control List (ACL) to control only required and legitimate traffic only to be allowed to go in and out of the network; Close all the ports and onl...

Access control: should start with IT assets, data, and personnel classification into specific groups, and restrict related access through VLAN. Access management: access to VLANs should be restricted by isolating them from one another and dispatching resour...

Role-based access control: access to network resources should be granted or denied based on job functions. Permissions should be defined based on the level of access needed to perform job functions and related duties. Standard operating procedures: should b...

Strictly use strong passwords with minimum 8 characters comprised of alpha numerical and special characters, as was described in section 6.3; Users should have different passwords for different accounts; All default passwords must be changed upon installat...

Government institution must plan for and conduct regular internal cyber security awareness for end users at 3 times per year in partnership with RISA.

Preventive maintenance: government institutions should plan and perform IT infrastructure vulnerability assessment and penetration testing at least once a year. Incidence response: government institutions should be prepared to mitigate or to respond as quic...

All public institutions are advised to develop an ICT strategic plan to guide the adoption and implementation of ICT in accordance to each institution’s functions, in line with SmartRwanda Master Plan, the enterprise architecture blueprint development guidelin...

ICT project initiation: all ICT projects should be derived from the assessment as indicated in the above section of ICT strategic planning. All institutions are advised to involve RISA at the starting of the project, since the project concept elaboration. I...

ICT committee: it is imperative that all government institutions establish an ICT committee. Role of the ICT Committee: the primary role of the IT committee is to define the institution’s ICT Strategy and ensure all ICT projects within respective entity dep...

The ICT structure of public entities is established through consultation between the concerned entity, RISA and MIFOTRA. Ideally, the reporting line for ICT function should be direct to the Chief Budget Manager, where it is not the case, ICT unit is advised to...

Recruitment procedure: the recruitment of ICT staff is done jointly by the recruiting institution and RISA. ICT job vacancy advertisement: is initiated at institutional level and each institution will submit ToRs to RISA ahead of time for review. Candidate...

All ICT staff across the Government should perform team and individual self-skills assessment, skills development in accordance to respective job profile and duties. All ICT staff should leverage huge rich content and trainings available for continuous impr...

ICT procurement plans: all government institutions should consolidate and share with RISA at centralizedprocurement@risa.gov.rw their ICT procurement plans on yearly basis in accordance to the government planning cycle. RISA compiles and harmonizes submitted...

Centralized hardware procurement − On yearly basis, RISA selects commonly procured ICT items from submitted institutional ICT procurement plans.− RISA sets technical specifications based on government needs and technologytrend.− RISA initiates annual cent...

Procurement process: institutions should obtain approval from RISA to initiate anyICT procurement process Relevance of the hardware/software item: RISA shall confirm the to be acquired based on submitted ICT gap analysis and ICT gap bridging roadmap in refe...

Decision to acquire or develop the software: government institutions should seek advice from RISA about the acquiring or developing the software.The below criteria should be based on in order to take a decision between acquisition anddevelopment: Government...

Total lifecycle cost: including initial cost, installation, training, and recurrent cost for maintenance and support. Maintainability: the ease of how (cost and effort) the software can be modified tocorrect faults, improve performance or other attribute or...