|
One of the goals and advantages of a security policy is the implementation of a consistent policy across the organization. The goals of configuration documentation are to serve as a record of the configuration of information security controls on the network and as a guide for the future deployment of such services. This document is primarily for any staff who will be responsible for the actual implementation of elements of the security policy. Here is where access lists are described, configuration options for IPSec sessions noted, allowable server services categorized, and group membership rights defined. In all likelihood, this "document" will end up being a series of documents for the various information security countermeasures, both technical and nontechnical, employed in the organization.
|