Defense in Depth Measures Expected in the Environment

• The Windows operating system that is used should be one of the officially supported operating systems documented in the GENESIS system requirements.
• The Windows operating system should have the latest security updates installed and should be kept up-to-date regarding security updates.
• The file system/network should be protected by ordinary/normal/standard IT practices, such as internet firewalls and restricted/secure access to physical server hardware. This protection would include:
  • Ensuring that only a system administrator has direct file system access on a GENESIS server.
  • Ensuring that all system administration activities are monitored.
  • Anti-virus software that is installed on all servers and workstations is operational, and the virus definition files are regularly updated.
  • All third-party plugins and tools (if any) that are embedded or deployed as part of IT systems are patched to the latest versions.
  • The SQL Server version being used is included in the GENESIS list of supported versions (refer to the system requirements).
  • The SQL Server version being used has the latest SQL Server service packs and hot fixes installed.
• For physical security, we recommend that all server machines have limited physical access. For example, use locked rooms with restricted access for the server hardware and networking devices. In addition, access to back-up media should be restricted by storing the media at a secure off-site location.