University of Colorado Denver Facility for Advanced Spatial Technology

safflowerpepperoniΚινητά – Ασύρματες Τεχνολογίες

24 Νοε 2013 (πριν από 3 χρόνια και 4 μήνες)

91 εμφανίσεις


University of Colorado Denver

Facility for Advanced Spatial Technology


Subject: Supplemental Policies to HIPAA Policy



Policy #:

SP
-
8.1

Title:

Wireless

Security Policy







Page
1

of

5




Reviewed by:

Sue Hawkins


Approved by:

Sue Hawkins


Effective Date

11/24/2013


Supe
rs
edes Policy:

N/A









Effective Date of This Revision:

November 24, 2013



Contact
:

HIPAA
Security

Officer

Responsible Department:

Sue Hawkins

Facility for Advanced Spatial Technology

1200 Larimer Street NC 5032


303
-
556
-
4172




Category:


Administrative Safeguard

Type:


Standard


Physical Safeguard



Implementation Specification


Technical Safeguard



Required


Addressable




AUDIENCE:


T
he

HIPAA

Security
policies
affects
all covered
health care
components that may be designated by
FAST

at anytime , to include
FAST
‘s partner/ subsidiaries
but only to the extent that each component performs
activities that would make such component a business assoc
iate of
FAST.

Such component would
include any third party outsourced

functions

including billing
,
transcription,
Information Technology
Services, Insurance Department, Internal Audit, Office, Legal Counsel, Press Office/Public Affairs, Public
Safety, Thes
e policies affect all
FAST

workforce members in covered components.


PURPOSE:


The purpose of the wireless policy and related standards and guidelines is to assure that

FAST

employees, guests, and contractors have access to a reliable, robust, and integrat
ed wireless network,
and to increase the security of the campus wireless network to the extent possible.


This document describes how wireless technologies are to be deployed, administered, and supported at

the FAST
. Only wireless systems that meet the cri
teria of this policy or have been granted an exclusive
waiver are approved for connectivity to

FAST

networks. This procedure also addresses wireless access
points (APs) connected to

the FAST

network.


Applies to:


Officers


S
taff
/ Faculty


Student clinicians


Volunteers


Other agents


V
isitors


C
ontractors



University of Colorado Denver

Facility for Advanced Spatial Technology


Subject: Supplemental Policies to HIPAA Policy



Policy #:

SP
-
8.1

Title:

Wireless

Security Policy







Page
2

of

5




Reviewed by:

Sue Hawkins


Approved by:

Sue Hawkins


Effective Date

11/24/2013


Supe
rs
edes Policy:

N/A










SCOPE
:


This policy covers all wireless data communic
ation devices (e.g., personal computers, cellular phones,
PDAs, etc.) connected to any of
FAST
's internal networks. This includes any form of wireless
communication device capable of transmitting packet data. Wireless devices and/or networks without any
co
nnectivity to

FAST’
s networks do not fall under the purview of this policy.



POLICY
:


FAST

wireless infrastructure must follow these guidelines:


Design

1.

Configure a firewall between the wireless network and the wired infrastructure.

2.

Ensure that 128
-
bit or

higher encryption is used for all wireless communication.

3.

Fully test and deploy software patches and updates on a regular basis.

4.

Deploy Intrusion Detection Systems (IDS) on the wireless network to report
suspected activities.


Access Points (AP)

1.

Maintain
and update an inventory of all Access Points (AP) and wireless devices.

2.

Locate APs on the interior of buildings instead of near exterior walls and windows
as appropriate.

3.

Place APs in secured areas to prevent unauthorized physical access and user
manipulat
ion.

4.

The default settings on APs, such as those for SSIDs, must be changed.

5.

APs must be restored to the latest security settings when the reset functions are
used.

6.

Ensure that all APs have strong administrative passwords.

7.

Enable user authentication mechani
sms for the management interfaces of the AP.

8.

Use SNMPv3 and/or SSL/TLS for Web
-
based management of APs.

9.

Turn on audit capabilities on AP; review log files on a regular basis.


Mobile Systems

1.

Install anti
-
virus software on all wireless clients.

2.

Install pers
onal firewall software on all wireless clients.

3.

Disable file sharing between wireless clients.



University of Colorado Denver

Facility for Advanced Spatial Technology


Subject: Supplemental Policies to HIPAA Policy



Policy #:

SP
-
8.1

Title:

Wireless

Security Policy







Page
3

of

5




Reviewed by:

Sue Hawkins


Approved by:

Sue Hawkins


Effective Date

11/24/2013


Supe
rs
edes Policy:

N/A









Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including
termination of employment.








University of Colorado Denver

Facility for Advanced Spatial Technology


Subject: Supplemental Policies to HIPAA Policy



Policy #:

SP
-
8.1

Title:

Wireless

Security Policy







Page
4

of

5




Reviewed by:

Sue Hawkins


Approved by:

Sue Hawkins


Effective Date

11/24/2013


Supe
rs
edes Policy:

N/A










DEFINITIONS:


Client Systems (hardware/software)
-

The equipment and software that is installed in a desktop,

laptop,
handheld
-
, portable
-
, or other computing device.

Campus Wireless Zone


The zone that accommodates wireless devices in the internal

Campus Zone. It
allows users to connect directly to the internal network without using VPN
access.

Media Access Control (MAC)
-

This is a unique hardware identifier for each individual device or
d
evice
interface on a network.

Network Address Transla
tion (NAT)


This is a mechanism for reducing the need for globally unique IP
addresses. NAT allows an organization with addresses that are not globally
unique to connect to the Internet by translating them into globally routable
address space. It is also

known as a Network Address Translator.

Port Address Translation (PAT)


The function of PAT is similar to that of NAT, but here data from
different IP addresses are altered so that they can share the same source IP
address. To ensure that the data is sti
ll distinguishable (and the replies can be
routed back correctly), the source port is varied in some defined way. Again, if
NAT means Translation rather than Translator, omit "a" in front of NAT and PAT.

SSID


A Service Set Identifier is a name that ident
ifies a wireless network. All devices on a specific
wireless network must know its SSID.

User Authentication
-

A method verifying that the user of a wireless system is a legitimate user,
independent of the computer or operating system being employed.

Vi
sitor Wireless Zone


A zone that allows persons using laptop computers equipped with wireless
network cards to connect to the Visitor Network without needing to physically
attach to the network, and with the capability to access the internal Campus Zone
v
ia a VPN. Public access points are generally located in areas accessible to all
people, and are usable by all members of the Brookhaven community.

Wireless Access Point
-

Any piece of equipment that allows wireless communication using transmitters
and rece
ivers. These devices act as hubs and allow communications to the
campus network.

Wired Equivalent Privacy


This is a system used to encrypt and decrypt data signals transmitted
between Wireless LAN devices.



REFERENCE:


International Standards Organizati
on (ISO/IEC 17799:2000(E)
)



University of Colorado Denver

Facility for Advanced Spatial Technology


Subject: Supplemental Policies to HIPAA Policy



Policy #:

SP
-
8.1

Title:

Wireless

Security Policy







Page
5

of

5




Reviewed by:

Sue Hawkins


Approved by:

Sue Hawkins


Effective Date

11/24/2013


Supe
rs
edes Policy:

N/A









NIST standards