Government Standard on Information & Communication Technology odg/ 14 Security
Download 214.17 Kb.
|
- Navigate this page:
- Purpose
- Context
- Scope
- 1.3Scope Exclusions
 
Government Standard on Information & Communication Technology ODG/S4.14 Security Confidentiality: Version: 1.2 Government Standard on Information & Communication Technology
Table of Contents 1.Purpose 4 2.Context 4 1.1 Background 4 3.Scope 5 1.2 Scope Inclusions 5 1.3 Scope Exclusions 5
1.4 Terms and Abbreviations 6 1.5 Conventions 6
5.1 Requirements Analysis 7 5.2 Design 8 5.3 Development 9 5.4 Outsourced Development 9 5.5 Testing 10 5.6 Implementation 11 5.7 Hosting 11 5.8 Operations and Maintenance 12 5.9 Protection of Source Code 13 6.Implementation 14 1.6 Implementation Considerations 14 1.7 Exemptions 14 1.8 Responsibilities 14 7.References & Links 15 1.Appendix A – Web Application Coding Checklist 17 1.9 Input Validation 17 1.10 Output Validation 18 1.11 Authentication and Identity Management 18 1.12 Access Controls 19 1.13 Cookies & Session Management 20 1.14 File Management 20 1.15 Logging and Auditing 21 1.16 Error Handling 21
The purpose of these standards is to secure the web presence and information assets of the Government of South Australia. The objectives of these standards are to ensure that:
These standards are written to support the implementation of the AS/NZS ISO/IEC 27002 standard and the Government of South Australia Information Security Management Framework (ISMF) versions 3.0 and later.
1.1BackgroundThe Government of South Australia has a large number of web applications that provide critical services to public and internal agency stakeholders. These web applications are developed by internal agency staff, and by external parties. Commercial off the shelf software is typically procured via existing agency processes. These web applications provide static or dynamic content for internal and external users. Security requirements must be considered in all stages of the web development and procurement to ensure that effective security outcomes are achieved, leading to overall risk reduction to agencies. This standard is intended to be independent of specific application development platforms or commercial applications and therefore does not define platform or vendor specific requirements.
1.2Scope InclusionsThese standards apply to all web applications1 used for SA Government business. This extends to:
1.3Scope ExclusionsThese standards do not apply to non-web based software applications (e.g. desktop applications and operating systems).
1.4Terms and AbbreviationsPublic facing Web content that is accessible by the general public from the Internet. SDLC Systems Development Lifecycle ISMF Information Security Management Framework PCI DSS Payment Card Industry Data Security Standard OWASP Open Web Application Security Project ITSA Information Technology Security Advisor Directory: sites -> default -> files -> content files files -> Nstructions for Acquiring Excess Equipment online, through the 1033 Program files -> Occupational health and safety files -> The Black Panther Party’s Ten Point Program files -> International programs roel profile files -> Fermi Questions a guide for Teachers, Students, and Event Supervisors Lloyd Abrams, Ph. D. DuPont Company, cr&D/ccas experimental Station Wilmington, de 19880 files -> Personal Information Name: Maha Al-Ammari Nationality: Saudi Relationship Status content files -> Information on Deanship with technology of quick response symbol (QR) content files -> Microbiology of Pulmonary tuberculosis causative agent content files -> Form Title: ccna cert Practice Exam Download 214.17 Kb. Share with your friends:
|