Network Management Policy

Purpose

The purpose of the Midstate Broadband Network Management Policy is to establish the rules for the maintenance, expansion, and use of the network infrastructure.

Audience

The Midstate Broadband Network Management Policy applies to individuals who are involved in the configuration, maintenance, or expansion of the Midstate Broadband network infrastructure.

Policy

General

• Midstate Broadband IT owns and is responsible for the Midstate Broadband network infrastructure and will continue to manage further developments and enhancements to the infrastructure.
• To provide a consistent network infrastructure capable of leveraging new networking developments, all cabling must be installed by Midstate Broadband IT or an approved contractor.
• Information security requirements must be included in any new information system or enhancements to the existing system.
• Appropriate technical solutions must be implemented to protect Confidential information from unauthorized transfer, modification, or disclosure (i.e. next-gen firewalls, IDS/IPS, DLP).
• A map or diagram of the network and data flow, including external connections, must be maintained. This map or diagram must be updated after any changes to the network occur. This diagram should be reviewed every 6 months to ensure it continues to represent the network architecture
• All systems on the network must be authenticated. Connections to the network must be authorized by IT.
• All hardware connected to the Midstate Broadband network is subject to Midstate Broadband's IT management and monitoring standards.
• Documented baseline configurations must be maintained for all Information Resources that create, collect, store, and/or process confidential or internal information and all network connected resources must be configured to these specifications.
• Operating procedures for activities associated with information processing must be documented and made available to personnel who need access to them.
• Resource usage must be monitored to ensure the required system performance.
• Information processing facilities must address redundancy sufficient to meet availability requirements.
• Changes to the configuration of active network management devices must be made according to the Change Control Policy.
• The Midstate Broadband network infrastructure supports a well-defined set of approved networking protocols. Any use of non-sanctioned protocols must be approved by Midstate Broadband IT Management.
• All connections of the network infrastructure to external third party networks are the responsibility of Midstate Broadband IT.
• Groups of information services, users and information systems must be segregated on the network. The perimeter of each domain should be well defined and based on the relevant security requirements.
• Network devices must be installed and configured following Midstate Broadband implementation standards.
• The use of departmental network devices is not permitted without the written authorization from Midstate Broadband IT Management.
• Personnel are not permitted to access or alter existing network hardware in any way.

Wireless Networking

• All wireless access points or devices that provide access to the Midstate Broadband wireless network must be approved by management.
• Wireless access points must be placed in secure locations.
• Wireless networks must be segmented using appropriate technical controls.
• Authentication settings (passwords, encryption keys, etc.) must be changed on a periodic basis as well as anytime it is suspected that such information has been compromised or if anyone with knowledge of the information leaves the organization.
• All wireless network traffic must be encrypted in accordance with the Midstate Broadband Encryption Policy and supporting standards, regardless of information sensitivity.
• The Midstate Broadband Wireless Network must not be used inappropriately; in particular, persons must not use the network to:
  • Intercept or attempt to intercept other wireless transmissions for the purposes of eavesdropping.
  • Access or run utilities or services which might negatively impact on the overall performance of the network or deny access to the network, e.g. RF jamming, Denial of Service (DoS).
• Midstate Broadband wireless network users must not tamper with network access points or security settings.
• Users must not connect to another wireless network and the (District/Organization) wireless network simultaneously.
• Midstate Broadband will conduct scans of wireless access points and identify all authorized and unauthorized wireless access points at regular intervals.

Waivers

Waivers from certain policy provisions may be sought following the Midstate Broadband Waiver Process.

Enforcement

Personnel found to have violated this policy may be subject to disciplinary action, up to and including termination of employment, and related civil or criminal penalties.

Any vendor, consultant, or contractor found to have violated this policy may be subject to sanctions up to and including removal of access rights, termination of contract(s), and related civil or criminal penalties.