Page tree
Description of the Identity Management of a Haka Home Organization
Introduction to Self-Assessment Questionnaire
This self-assessment questionnaire incudes the identity management procedures of a Haka home organisation to the extent that is sufficient for assessing the quality and freshness of the Identity Provider server (including related processes, procedures and information systems) in the home organization. Haka operator (CSC - IT Center for Science) expects that the home organisation fill in at least the the mandatory requirements listed in the questionnaire sheet. By fulfilling all the mandatory reqirements in all twelwe categories, a home organization will reach the expected minimum level (level 3 on the score sheet). In addition, there are several optional items on the list, fulfilling those is strongly recommended. Questionnaire categories: 1. Inventory of Authorized and Unauthorized Devices 2. Secure Configurations for Software on Workstations and Servers 3. Boundary Defense & Secure Configurations for Network Devices 4. Maintenance, Monitoring, and Analysis of Security Audit Logs 5. Application Software Security 6. Controlled Use of Administrative Privileges 7. Controlled Access Based on the Need to Know 8. Continuous Vulnerability Assessment and Remediation 9. Account Monitoring and Control 10. Privacy 11. Data Recovery & Incident Response Capability 12. Security Skills Assessment and Appropriate Training