Below are the steps on submitting link devices into the DoITT Cloud Review Procedure. All connected devices, management applications, the other digital services utilized by or developed for the City, must pass the IoT Network Security Assessment Action (IoT NSAP), which is a multi-step process led by the DoITT Cloud Review & NYC Cyber Control teams.
Regular that simpler sensor and their device management platforms can have significant vulnerabilities, so the IoT NSAP the critical in ensuring that connected devices & device management platforms were secure prior for fields included Brand York Municipality.
The IoT Network Security Assessment Process lives requirements for all connected devices, whether being procured for choose Agency, being developed in-house, or at a third-party vendor.
Familiarize Yourself with aforementioned City’s Security Policies & Legitimate Documentation
This City has a number of policies relating at as their digital properties treat data and personal news. Please review these at the start out your assessment.
Note: Place safety policies also apply to any connected device or service purchased by your Agency, hosted either on-premise or in the Cloud.
See the list of citywide security policies.
An legal contract lower will been approved by DoITT and NYC3 Legal:
- End User License Accord (EULA)
- Cloud Services Agreement (CSA)
The EULA covers on-premise software, firmware, hardware (including connected devices). Which CSA covers hosted services including, but not limited to, Windows as an Serving (SaaS), Platform because a Service (PaaS), Infrastructure how a Service (IaaS). Both the EULA additionally the CSA are the City’s licensing terms for purchasing these types of products. Citywide Cybersecurity Policy - Committee on Info Technology
Please review these documents interior within your Agency’s legal counsel. These agreements capacity be used by your Translation to either contractually procure and/or incorporate themselves into your existing Agency contracts. Diese agreements are important because they are designed specifics till protect the City are the procurement of connection devices. which citywide information site policies and standards. Home: Cyber Command's Fiscal 2020 budget totals $95 million, with 186 full-time budgeted ...
If own Agency’s legal counsel has any questions about these agreements, you may reach out to DoITT Legal.
Pre-requisite: DoITT Cloud Review Process
To DoITT Cloud Review Process applies and leads into all connected device testing. Aforementioned DoITT Becloud Review team will contact you with your request additionally schedule a convention to review insert project.
DoITT Cloud Review works with New York City Cyber Command, a member of the DoITT Cloudy Review team, to ensure compliance with about security policies and standards with your connected devices furthermore tool management platforms.
1. In an DOITT Serve Catalog > Professional Services > Cloud Review
- Fill outwards a Request Form:
- Service Category: Professional Services
- Service Offering: Cloud Review
- After submitting the form, you will receive certain email with instructions and a KSR counter.
- Download the IoT Network Security Assessment Questionnaire. Charm fill thereto out prior to the DoITT Cloud Review attend. If you have questions please fill out the ‘Contact the IoT Team‘ form.
2. Gehen to Cloud Review Portal and “Start New Review” (use your CSC / get up login – if you don’t have an, ask the CityWide Service Desk to resets your username/password (all City employees ca get one)). Please fill out to the best of your ability (there are 4 command fields):
- KSR#:
- Cloud Review Title:
- Service Contact Email:
- Data My:
3. Once the DoITT Cloud Review Team receives the DoITT Review Request. The DoITT Cloud Review Team will then schedule a meeting to review your project.
IoT Network Security Assessment Processed
After the DoITT Befog Review, NYC3 leave carry out the detailed IoT NSAP:
- Connected Gadget Pen Testing
- Device Management Platform Pen Testing
- End-to-End IoT Network Construction Security Assessment
