The purpose of the checklist is to guide an agency and for the Statewide Office of Information Security to
follow in validating security requirements for systems, applications, system software, and other
technologies before they are deployed into a production environment. It is designed to ensure
compliance with specifications, regulations, standards and objectives identified during each phase of
the System Development Life Cycle (SDLC). Reference the 205 – Certification and Accreditation
Policy.
Check Boxes for those that are Completed
Logical SAR
Authentication
Implemented an authentication service such as State’s Credential and Identity Access
and Access
System. Implemented account provisioning procedures and defined access roles.
Controls
Firewall
Verified and implemented firewall rule set.
Controls
Business Entity
or Extranet:
Completed the Business Entity and Extranet Appendices.
Appendix A, B,
C, and D
A.
Application Form.
NJOIT_0110%20GSN%20Extranet%20Application%20Form_Appendix_A.pdf
B.
Memorandum of Understanding.
NJOIT_0184_Business_Entity_IT_Services_Extranet_%20MOU_Appendix_B.dot
C.
Operational Form.
NJOIT_0145_Business_Entity_IT_Services_Extranet_Connection_Detail_Appendix_C.dot
D.
Security Controls Assessment Checklist.
Documentation is available through SOIS (njinfosecure@oit.nj.us) request or NJ-ISAC
The data is encrypted in transit.
Encryption
The data is encrypted at rest.
PCI-related
PCI certification (Attestation of Compliance).
application
The Attestation is a PCI-DSS assessment and certification of the Business Entity’s PCI
security requirements performed by a security representative (Qualified Security
Assessor). A copy of the Attestation of Compliance has been provided.
Data Transfer
An interface report has been completed and workflow established.
OIT-0137 (11/02/2016)
Information Security’s Certification and Accreditation Checklist Version 4
Page 2 of 4