Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology

Network Device Management Policy

 

I. Statement

The Office of Information Technology (OIT) must have at least a read-only access to any device in the State network. Further, any vendor-managed device inside the State network must be isolated behind an internal firewall.

 

II. Purpose

If not properly hardened and isolated, any network device may be compromised, thereby jeopardizing the entire shared State network. In order to guard against it, OIT must be able to scan any network device for security vulnerabilities. And, in order to scan a network device, OIT must be granted at least a read-only access to that device. Further, since OIT cannot guarantee the safety of a network device that it does not manage, any vendor-managed network device inside the State network must be isolated behind an internal firewall.

 

III. Applicability

This policy applies to any Internet Protocol (IP) device in the State address space.

 

IV. Responsibilities

A. Chief Technology Officer: The OIT Chief Technology Officer owns, executes, and enforces this policy.

 

V. Guidelines & Procedures

A. OIT must have at least a read-only access to any IP device located in any State address space.

 

B. Any vendor-managed IP device located inside the State Wide Area Network must be behind an internal firewall, provisioned by the vendor but configured by the State.

 

VI. Definitions

A. Internet Protocol (IP): The chief communications protocol used to relay data packets across a computer network.

 

B. State Address Space: The set of all IP addresses assigned by the State, irrespective of their location with respect to the State firewall(s).

 

VII. References

VIII. Document Information

2.          Document Reference Number: 

 

3.          Category: Internet, Network and Transport

 

4.          Adoption Date: October 24, 2011

 

5.          Effective Date: October 24, 2011

 

6.          Revision Date: October 24, 2011

 

7.          Review Date:  October 24, 2013

 

8.          Point of Contact: B. Victor Chakravarty, Enterprise Architect, Office of Information Technology, State House Station #145, Augusta, ME 04333, (207) 624-9840.

 

9.          Approved By: Greg A. McNeal, Acting Chief Information Officer, State House Station #145, Augusta, ME 04333, (207) 624-9471.

 

10.      Position Title(s) or Agency Responsible for Enforcement: Wayne E. Gallant, Chief Technology Officer, Office of Information Technology, State House Station #145, Augusta, ME 04333, (207) 624-9424.

 

9.          Legal Citation:  5 M.R.S.A. Chapter 163 Section 1973 paragraphs B and D, which read in part, “The Chief Information Officer shall: “Set policies and standards for the implementation and use of information and telecommunications technologies…” and “Identify and implement information technology best business practices and project management.”

 

10.      Waiver Process: See the Waiver Policy[1].