Search Results

Following the institution’s disposal committee resolutions regarding digitalization equipment to be disposed, the current electronic devices’ disposal guidelines shall be adhered to.

Architectural model for e-government applications: All systems shall be documented in five viewpoints including the enterprise viewpoint (describing purpose, scope and processes), the information viewpoint (determining the structure and semantics of the syst...

Data produced or collected by government institutions is necessary for measuring effectiveness and developing public services. In that sense, institutions are expected to perform the following: Data discovery and metadata capture. Search and filtering. Bu...

Business continuity management is a planning and holistic management through which institutions create and implement measures, strategies and plans which are effective to manage crises, respond to/ and recover from a disaster. Business continuity is more than...

All Public institutions are obliged to encourage and make sure that all employees own official work emails and to collaborate online using official and well tested channels such as for video conferencing or document handling and transfer. All employees shal...

The following are minimum requirements to create as well as protecting password: The length of a password is 10 characters and shall comprise at least 2 lowercase, 2 uppercase, numbers, and special characters such as ! @ # $ {} : ” > ? <; Password shall no...

All employees shall use corporate emails for any official communication. Email accounts belonging to government institutions shall have a domain with a suffix of .gov.rw for example abc.xyz@risa.gov.rw. The e-mail account format shall be FirstName.LastName...

All corporate computers shall be joined to the Active Directory-Domain Controller for proper management and access to institutional resources. Connection to the local area network (LAN): End-user/Personal computers that have been out of office shall be auto...

The public institution shall as a minimum have a documented Information Security Policy (ISP) based on information security requirements defined in this document and applicable legal, statutory and regulatory requirements. Information security and topic-speci...

Install and configure gateway firewall. Configure inbound and outbound Access Control List (ACL) to control only required and legitimate traffic only to be allowed to go in and out of the network. Close all the ports and only open the required port. Avoid...

The institution shall limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems). The institution shall limit system access to the types of transactions and functions that authorized users ...

Access control: It shall start with IT assets, data, and personnel classification into specific groups, and restrict related access through VLAN. Access management: access to VLANs shall be restricted by isolating them from one another and dispatching resou...

The institution shall ensure that executives, senior management, managers, systems administrators, and users of institutional systems are made aware of the security risks associated with their activities and of the applicable policies, standards, and procedure...

The institution shall create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity. The institution shall ensure that the actions of individual...

The institution shall establish and maintain baseline configurations and inventories of institutional systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles. The inventory shall contain info...

The institution shall identify system users, processes acting on behalf of users, and devices. The institution shall authenticate (or verify) the identities of users, processes, or devices as a prerequisite to allowing access to institutional systems. The ...

The institution shall have an operational incident-handling capability for institutional systems, including preparation, detection, analysis, containment, recovery, and user response activities. The institution shall notify the public authority in charge of c...

The institution shall perform maintenance on institutional digitalization systems. The institution shall provide controls on the tools, techniques, mechanisms and personnel used to conduct system maintenance.

The institution shall protect (i.e., physically control and securely store) system media containing paper and digital media. The institution shall limit access to system media to authorized users. The institution shall sanitize or destroy system media befo...

The public institution shall identify (inventories) its own human resources. For each official position with access, the scope of duties and the analyzed security requirements are defined (the level of access to zones, rooms, documents, systems etc.). The p...