Search Results

Government institutions are recommended to acquire printing, scanning and copying as services instead of procuring, operating and maintaining printers, scanners and copiers. Institutions’ system administrators should have control usage and ensure access creden...

User devices: institutional devices used by employees should be labeled and recorded. Proper naming should be done, in accordance to advised network set up. They should not be used to illegally process, distribute, or store any data protected by copyright of...

Maintenance plan: All IT equipment should be checked once in every quarter, and maintained according to the elaborated maintenance plan. Maintenance contract with equipment supplier: After the warranty period, there should be agreements with equipment supplie...

Architectural model for e-government applications: all systems should be documented in five viewpoints including the enterprise viewpoint (describe purpose, scope and processes), the information viewpoint (determines the structure and semantics of the system...

Data availability: Data should be available round the clock (24-hour access) to access from different time zones. Data creation: single point of capture, duplication of data capture should be avoided as much as possible. Standardization of shared data: sho...

Password should not be written down on paper; Password should not be sent through email,  Password should not be included in a non-encrypted stored document,  Password should not be revealed over the phone,  Password should not be revealed or hinted on a...

Official Government of Rwanda (GoR) employees as well as administrative visitors of departments must request for a generic user account to facilitate operations and communications. A request must be made to IT departments. Generic accounts created are not to b...

Connection to the local area network (LAN): personal computers that have been out of office shall be automatically updated with the latest antivirus signature file by a server. Computers: users should terminate active sessions or log out of their computers ...

nstall and configure gateway firewall, IPsec and SSL VPN, and wireless; Configure inbound and outbound Access Control List (ACL) to control only required and legitimate traffic only to be allowed to go in and out of the network; Close all the ports and onl...

Access control: should start with IT assets, data, and personnel classification into specific groups, and restrict related access through VLAN. Access management: access to VLANs should be restricted by isolating them from one another and dispatching resour...

Role-based access control: access to network resources should be granted or denied based on job functions. Permissions should be defined based on the level of access needed to perform job functions and related duties. Standard operating procedures: should b...

Strictly use strong passwords with minimum 8 characters comprised of alpha numerical and special characters, as was described in section 6.3; Users should have different passwords for different accounts; All default passwords must be changed upon installat...

Government institution must plan for and conduct regular internal cyber security awareness for end users at 3 times per year in partnership with RISA.

Preventive maintenance: government institutions should plan and perform IT infrastructure vulnerability assessment and penetration testing at least once a year. Incidence response: government institutions should be prepared to mitigate or to respond as quic...

All public institutions are advised to develop an ICT strategic plan to guide the adoption and implementation of ICT in accordance to each institution’s functions, in line with SmartRwanda Master Plan, the enterprise architecture blueprint development guidelin...

ICT project initiation: all ICT projects should be derived from the assessment as indicated in the above section of ICT strategic planning. All institutions are advised to involve RISA at the starting of the project, since the project concept elaboration. I...

ICT committee: it is imperative that all government institutions establish an ICT committee. Role of the ICT Committee: the primary role of the IT committee is to define the institution’s ICT Strategy and ensure all ICT projects within respective entity dep...

The ICT structure of public entities is established through consultation between the concerned entity, RISA and MIFOTRA. Ideally, the reporting line for ICT function should be direct to the Chief Budget Manager, where it is not the case, ICT unit is advised to...

Recruitment procedure: the recruitment of ICT staff is done jointly by the recruiting institution and RISA. ICT job vacancy advertisement: is initiated at institutional level and each institution will submit ToRs to RISA ahead of time for review. Candidate...

All ICT staff across the Government should perform team and individual self-skills assessment, skills development in accordance to respective job profile and duties. All ICT staff should leverage huge rich content and trainings available for continuous impr...