Additional Resources: Basic to Standardized Checklist
The following checklist outlines the requirements you must meet to move to the Standardized level. After you have addressed each item under the main topics, you have successfully moved from the Basic level to the Standardized level.
Once you have incorporated all of the processes and technologies highlighted in this guide, your organization has reached the Standardized level. Your next step is to explore the benefits and requirements for progressing to the Rationalized level. Guidelines for moving to the Rationalized level are in the Core IO Implementer Resource Guide: Standardized to Rationalized.
On This Page
Identity and Access Management
Desktop, Device and Server Management
Security and Networking
Data Protection and Recovery
Security Process
ITIL/COBIT-Based Management Process
Identity and Access Management
Directory Services for Authentication of User
Requirements |
|
---|---|
|
Implemented Active Directory directory service for authentication of 80 percent or more of connected users. |
Desktop, Device and Server Management
Automated Patch Distribution to Desktops and Laptops
Requirements |
|
---|---|
|
Implemented process and tools to inventory hardware and software assets. |
|
Implemented process and tools to scan client computers for software updates. |
|
Established a process to automatically identify available patches. |
|
Established standard testing for every patch. |
|
Implemented patch distribution software. |
Defined Standard Images for Desktops and Laptops
Requirements |
|
---|---|
|
Used tools to capture a standard image. |
|
Defined a strategy for standard images. |
|
Defined a standard set of disk images (OS and applications) for all hardware types. |
|
Established deployment tools for network-based or offline image installation. |
Centralized Management of Mobile Devices
Requirements |
|
---|---|
|
Installed software to discover and track the mobile devices in your organization |
|
Implemented password-controlled access. |
|
Established centralized data and software synchronization. |
|
Ensured that decommissioned devices are free of company information. |
Identity Validation, Data Protection, and Data Backup of Mobile Devices
Requirements |
|
---|---|
|
Established and are enforcing a password-access policy or using public key certificates for user identification. |
|
Encrypted all transfers for data distribution to, and data backup from, mobile devices. |
|
Implemented device lockout on mobile devices. |
|
Ensured that company information can be removed with remote wipe in case a mobile device is lost or stolen. |
Consolidation of Desktop Images to Two Operating System Versions
Requirements |
|
---|---|
|
Implemented an image-consolidation strategy. |
|
Reduced the number of production operating systems to no more than two. |
Security and Networking
Antivirus Software for Desktops
Requirements |
|
---|---|
|
Installed all operating system and software application security updates. |
|
Activated available host-based firewalls. |
|
Installed antivirus software on 80 percent or more of your desktop computers. |
Central Firewall Services
Requirements |
|
---|---|
|
Installed a centralized hardware or software firewall. |
Internally Managed Basic Networking Services (DNS, DHCP, WINS)
Requirements |
|
---|---|
|
Implemented DNS services on servers or other devices within your organization. |
|
Implemented DHCP services on servers or other devices within your organization. |
|
Implemented WINS services for older operating systems on servers or other devices within your organization. |
Availability Monitoring of Critical Servers
Requirements |
|
---|---|
|
Installed availability monitoring software such as Microsoft Operations Manager (MOM). |
|
Are monitoring 80 percent of your critical servers for performance, events, and alerts. |
Data Protection and Recovery
Defined Backup and Restore Services for Critical Servers
Requirements |
|
---|---|
|
Created a data backup plan and a recovery plan for 80 percent or more of your critical servers. |
|
Used drills to test your plans. |
Security Process
Security Policies, Risk Assessment, Incident Response, and Data Security
Requirements |
|
---|---|
|
Named a dedicated person for security strategy and policy. |
|
Established a risk assessment methodology. |
|
Established an incident response plan. |
|
Established a process to manage user, device, and service identities |
|
Established consistent processes to identify security issues, including all network-connected devices |
|
Established consistent security policy compliance on network devices |
|
Established a plan to evaluate and test all acquired software for security compliance |
|
Established a consistent policy to classify data |
ITIL/COBIT-Based Management Process
Support and Change Management Process
Requirements |
|
---|---|
|
Implemented incident management techniques. |
|
Implemented problem management techniques. |
|
Improved end-user support services. |
|
Implemented service definition and configuration management |
|
Implemented change management best practices. |