The system administrator checklist will help in capturing the information related to.
- Role based access control matrix maintained for privileged accounts (administrative) on its systems and applications.
- Is the access to the critical applications/servers to staff is provided on need-to-know basis and is authorized by concerned dm/pm.
- Are the testing and production environments separated from each other and the respective responsible staff identified?
- The project’s user-id and company user-id are the same.
- Is there a ‘unique id’ assigned to all users / groups in the project?
- The password policy of company ltd. Adhered (uses 8 characters) to? Elaborate the password policy followed.
- Client defined security practices /company policies (isms).
- The fixed login attempts for the users before the account gets locked.
- Policy of not reusing the last 5 passwords? (if it is different, mention how many times).
- Default account (guest, administrator, scott in oracle) renamed.
- Authorized persons changing the system-privileged passwords.
- Idle time-out enabled for the system.
- Do you follow information classification in your documents?
- Do you have standard operating procedures for system administration?
- Security incident management