Skip to main content

Devices: Network-Attached Storage Policy

Last updated : January 14, 2022

This policy is will be effective from Monday 17 January 2022

To see prior version, please click here.

Estimate Reading Time : 3 minutes

Policy Statement

This policy defines acceptable methods for disaster recovery planning, preparedness, management, and mitigation of IT systems and services of any information system on behalf of PT. Mandiri Tunggal Sejahtera Berkarya/ MTS Group Holding, LLC. (“Company“, “We“, “Our“, “Us“).

Reason for Policy

To provide our customers information detailing the ITS on devices.

Entities Affected by this Policy

PT. Mandiri Tunggal Sejahtera Berkarya/ MTS Group Holding, LLC.

Who Should Read this Policy

All individuals responsible for configuring, maintaining, and monitoring information systems on the Company. Individuals may include Company department, staff, vendors, contractors, or managed service providers.

Web Address of this Policy

Network-Attached Storage Policy

1. What are network-attached storage devices?

A network-attached storage device, or NAS, is a standalone server with the ability to store files for users on a network.

2. NAS vs. ITS File Sharing Storage

ITS provides several sustainable and scalable digital storage solutions for Company users. ITS storage solutions are centrally managed, meet security and privacy requirements permitting the storage of high risk data, and account for physical security, resiliency, and offsite backup.

3. Use of NAS Devices

NAS devices managed individually and not stored within a Company data center introduce added security risk. WCM is responsible for maintaining an asset inventory of Company data. Departments who wish to use a NAS device must have the device “tagged” by ITS for asset tracking. The use and intent of the NAS device, including the type of data it will store, must be documented. Furthermore, the NAS device must meet the minimum security requirements in the section below.

NAS devices are not permitted to store protected health information as they do not offer offsite data backups to meet HIPAA requirements. ITS storage solutions must be used instead.

3.01 Minimum Security Requirements

NAS devices must meet the following minimum security requirements:

  • Event logs must be enabled on the device to capture such events when users are accessing the system, modifying files, or transferring data
  • Event logs must be available to ITS in the case of incident response activities and should be forwarded to the ITS security and event information management system
  • Embedded, enabled, and updated antivirus software
  • Configured with centralized authentication against ITS directories, such as Active Directory or LDAP
  • Any local accounts used to manage the system should be disabled; if absolutely necessary, default passwords must be changed to meet ITS policy 1.15 – Password Policy & Guidelines
  • Unnecessary, insecure, or legacy services must be disabled, such as telnet, FTP, SSH, etc.
  • Direct remote access to the NAS device (or any web interface to manage the device) must be disabled as Company’s existing remote access services should be utilized instead
  • Encryption (full disk or file and folder) should be enabled across all storage drives and exceptions should follow the existing process defined in ITS policy 1.06 – Device Encryption
  • Disable or uninstall any unnecessary third-party applications offered with the NAS device software
  • Install security updates released by the vendor upon release
    Physically secure the NAS device to reduce the risk of theft, including the theft of individual hard drives

ITS will regularly review NAS device configurations to ensure they continue to meet the above requirements.

4. Supported Models

ITS has reviewed various NAS devices. Many Synology and QNAP devices are capable of supporting the above security requirements (with added configuration).

5. Procedures

Individuals wishing to utilize a NAS device should contact their ITS departmental liaison prior to purchase to ensure the device will meet the above security requirements. ITS Security will review and evaluate these requests.

Did the information shown in this page help you solve your problem?

The purpose is receiving the feedback from the visitors, so we can make necessary changes to our informations which increase trust and customer satisfaction and make our platform better. For futher information about Customer Research: Designing for Transparency and Trust, please visit our Trust and Transparency Principles.

SWITCH DARK MODE - Works across all operating systems including Android, iOS, macOS, Microsoft Windows, Linux, Unix. Our accesibility systems intelligently detects device preferences and dynamically delivers a handcrafted, expert-designed dark mode experience for your readers. Toggle darkmode by bluetooth keyboard shortcut (Ctrl+Alt+D). For the best experience when using this application platform, We recommend upgrading to the latest version of one of the latest browsers available. For convenience and security, this site looks best at a mobile screen resolution of 720x1280 pixel or higher, at least using the latest version of the latest mobile web browsers like Chrome, Mozilla Firefox, Safari, Microsoft Edge, Opera, or Brave Browser. We recommended you to install the PopIt Platform App from your device's application Store.