I would like to know how other Federal agencies approach computer security in regards to their integrated library system. Especially if their agency has a high-level of security.
Does the server that the system is housed on have it's own private firewall? Have you granted the vendor remote access to the server? How do they access (no access, vendor visit, remote communications using dial up, SSH, VPN, ISDN, etc. - specify)? Does your system require leaving ports open? Do you leave them open 24x7? How do you handle access when you need customer support? Do you require the vendor to give one IP address that your agency can recognize, or does the agency recognize the IP address for the firewall?
Needless to say, you may not be able to share your security plan (per-se). However, if you can provide general information to another Federal agency on how your library approaches security, without violating your security policy, it would be appreciated. You may call me, email, or if possible send a redacted version of your security plan.
If you are on this listserv, but cannot provide this information, it would be appreciated if you would send this email to whoever might be able to answer.
Claire Robb, Systems Librarian
U.S. Nuclear Regulatory Commission
Phone: (301) 415-5618
email: [log in to unmask]