19 - HaloPSA¶
NOTE: To be completed by Stratus Cyber Team
Configuration Items¶
-
Setup SSO if possible
-
Issue Tickets w/ IsPOAM field
-
Scheduled Ticket -- Annual Internal Risk Assessment and Security Control Assessment
-
Scheduled Ticket -- Annual Incident Response Table-top
-
Scheduled Ticket -- Annual update of SSP
-
Scheduled Ticket -- Annual Audit Log Event Review
Create User Access Workflow¶
-
Workflow should cover new user access, user access change/transfer, user access removal/termination, non-privileged or privileged account, what components they will have access to
-
If onboarding, a workflow step should be Screen Individual
-
Create a Report which details active/approved users, their function, and the "security functions" or components they have access to
Validate Change Management¶
-
Validate change management ticketing is in place
-
Change request tickets must include Security Impact Analysis