Search Results

All employees shall use corporate emails for any official communication. Email accounts belonging to government institutions shall have a domain with a suffix of .gov.rw for example abc.xyz@risa.gov.rw. The e-mail account format shall be FirstName.LastName...

All corporate computers shall be joined to the Active Directory-Domain Controller for proper management and access to institutional resources. Connection to the local area network (LAN): End-user/Personal computers that have been out of office shall be auto...

The public institution shall as a minimum have a documented Information Security Policy (ISP) based on information security requirements defined in this document and applicable legal, statutory and regulatory requirements. Information security and topic-speci...

Install and configure gateway firewall. Configure inbound and outbound Access Control List (ACL) to control only required and legitimate traffic only to be allowed to go in and out of the network. Close all the ports and only open the required port. Avoid...

The institution shall limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). The institution shall limit system access to the types of transactions and functions that authorized users ...

Access control: It shall start with IT assets, data, and personnel classification into specific groups, and restrict related access through VLAN. Access management: access to VLANs shall be restricted by isolating them from one another and dispatching resou...

The institution shall ensure that executives, senior management, managers, systems administrators, and users of institutional systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedure...

The institution shall create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. The institution shall ensure that the actions of individual...

The institution shall establish and maintain baseline configurations and inventories of institutional systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. The inventory shall contain info...

The institution shall identify system users, processes acting on behalf of users, and devices. The institution shall authenticate (or verify) the identities of users, processes, or devices as a prerequisite to allowing access to institutional systems. The ...

The institution shall have an operational incident-handling capability for institutional systems, including preparation, detection, analysis, containment, recovery, and user response activities. The institution shall notify the public authority in charge of c...

The institution shall perform maintenance on institutional digitalization systems. The institution shall provide controls on the tools, techniques, mechanisms and personnel used to conduct system maintenance.

The institution shall protect (i.e., physically control and securely store) system media containing paper and digital media. The institution shall limit access to system media to authorized users. The institution shall sanitize or destroy system media befo...

The public institution shall identify (inventories) its own human resources. For each official position with access, the scope of duties and the analyzed security requirements are defined (the level of access to zones, rooms, documents, systems etc.). The p...

The institution shall divide the area it manages into security zones based on risk assessment to ensure physical security. The institution shall provide, limited by the scope of official duties, access to particular security zones. The principle of necessar...

The institution shall periodically (at least once a year) assess the risk to institutional operations (including mission, functions, image, or reputation), institutional assets, and individuals resulting from the operation of institutional systems and the asso...

The institution shall monitor, control, and protect communications (i.e., information transmitted or received by institutional systems) at the external and key internal boundaries of institutional digitalization systems. The institution shall use architectu...

The institution shall identify, report, and correct system security flaws on time. The institution shall protect malicious code (malware) within institutional digitalization systems and update malicious code protection mechanisms when new releases are avail...

The institution shall identify and meet the requirements for preserving privacy and protecting PII according to applicable laws and regulations and contractual requirements and especially comply with the law(s) relating to the protection of personal data and p...

The institution shall ensure that backup copies of data, software and system images are regularly made and tested. The institution shall establish, maintain, and effectively implement plans for emergency response, backup operations, and post-disaster recove...