Sheet1Complete System Administrator ChecklistDailyAreaTasksStatusNotesToolsReferencesReview Audit logsCheck application log for warning and error messages for service startup errors, application or database errors and unauthorized application installsWindows Event ViewerCheck security log for warning and error messages for invalid logons, unauthorized user creating, opening or deleting filesCheck system log for warning and error messages for hardware and network failuresCheck web/database/application logs for warning and error messagesCheck directory services log on domain controllersReport suspicious activity to IAOPerform/verify daily backupRun and/or verify that a successful backup of system and data files has completedWindows Backup ToolRun and/or verify that a successful backup of Active Directory files has completed on at least one Domain ControllerVeritas Backup SoftwareTrack/monitor system performance and activityCheck for memory usageMicrosoft Management Consolewww.Microsoft.com - Monitoring Server performanceCheck for system pagingPerformance Log and AlertsCheck CPU usageTask ManagerSystem MonitorMicrosoft Operations ManagerCheck free hard-drive spaceCheck all drives for adequate free spaceDisk Defragmenterwww.Microsoft.com - Monitoring Server performanceTake appropriate action as specified by site's Standard OperatingDisk ManagementDisk QuotasPhysical checks of systemVisually check the equipment for amber lights, alarms, etc.Take appropriate action as specified by site's Standard OperatingWeeklyArchive Audit logsArchive audit logs to a media device with one year retentionPerform/verify weekly backupRun or verify that a successful backup of system and data files has been completedWindows Backup ToolVeritas Backup SoftwareUpdate Anti-Virus signature fileDownload and install current Anti-Virus signature fileswww.cert.milRun Anti-Virus scan on all hard-drivesScan all hard-drives using current Anti-Virus signature filesCheck Vendor Websites for Patch InformationCheck vendor websites such as Microsoft, Sun, HP, Oracle, etc for new vulnerability information including patches and hotfixeshttp://iase.disa.mil - DoD Patch Repositorywww.cert.milCompare system configuration files against a baseline for changesCompare system configuration files against the baselineUnix TripwireCompare application executables against the baselineCompare database stored procedures against the baselineRun file system integrity diagnosticsRun diagnostic tools to detect any system problemsDisk Defragmenterwww.Microsoft.com - Managing Disks and VolumesError-checking toolDevice ManagerVerify Retina Vulnerability Scan Performed (SCCVI)Verify system scanned by IAO or NSO using Retina tool to detect for vulnerabilitieshttp://iase.disa.mil - DoD IA Enterprise-wide Tools and Software: SCCVI(DoD PKI cert req'd)Remediate with Citadel Hercules remediation Tool (SCRI)Verify Hercules remediation tool is used on system to correct vulnerabilitieshttp://iase.disa.mil - DoD IA Enterprise-wide Tools and Software: SCCVI(DoD PKI cert req'd)Check for Password FilesPerform file search on system checking for documents containing words such as 'password', 'passwd', 'pwd', etcPerform Wireless CheckCheck system for wireless devices and accesshttp://iase.disa.mil - Security Technical Implementation Guides (STIGs)Perform server clock/time synchronizationSynchronize system clock with master serverWindows Time Servicewww.Microsoft.com - Windows Time ServiceReferencesTools - Unix /WindowsNTPCheck for Unnecessary ServicesCheck system services for any unnecessary services runningMonthlyPerform Self-Assessment Security ReviewReview technology checklist for any changesDISA FSO Gold Disk and Scriptshttp://iase.disa.mil - DoD IA Enterprise-wide Tools and Software:Run current security review tooleEye Retina ScannerGold Disk (.mil only)Import results into Vulnerability Management System (VMS)Citadel Hercules Remediation Toolhttp://iase.disa.mil - IA Subject Matter Areas: Security TechnicalTools - UNIXImplementation Guides - STIGS: Security Readiness Review Evaluation ScriptsDISA FSO ScriptseEye Retina ScannerCitadel Hercules Remediation ToolPerform Hardware/Software InventoryReview hardware and compare to inventory listReview software and compare to inventory listUpdate VMS, where applicableRun Password-Cracking Tool (Domain Controller only)Run (or verify IAO team has run) a password-cracking tool to detect weak passwordsJohn-the-RipperProvide output to IAO teamL0phtCrackTools - UNIXCrackTools available on DISA FSO Gold Disk (Windows) andDISA FSO Scripts (UNIX)Perform/verify monthly backupRun or verify that a successful backup of system and data files has been completedWindows Backup ToolVeritas Backup SoftwareVerify User Account ConfigurationRun DumpSec tool to verify user account configurationTool available on DISA FSO Gold Disk (Windows)Verify and/or delete dormant accounts with IAO approvalProvide output to IAO teamQuarterlyTest backup/restore proceduresRestore backup files to a test system to verify procedures and filesWindows Backup and Recovery ToolVeritas Backup SoftwareAnnuallyChange Service-Account passwordsWork with appropriate application administrator to ensure password changes for service accounts such as database accounts, application accounts and other service accounts are implementedReview appropriate Security Technical Implementation Guides (STIG)Review appropriate STIGs which are updated annuallyParticipate in STIG Technical Interchange Meetings (TIM), when possibleParticipate in TIMs to exchange information about updated STIGs, etc.Review training requirementsReview training requirements according to DoD Directive 8570.1http://iase.disa.mil - IA Subject Matter Areas: Policy and GuidanceAs RequiredTest Patches and HotfixesInstall Patches and HotfixesSchedule Downtime for RebootsApply OS upgrades and service packsCreate/maintain user and groups accountsSet user and group securityAfter system configuration changes:Create Emergency System Recovery DataCreate new system configuration baselineDocument System Configuration ChangesReview and update SSAAUpdate VMS for Asset ChangesUpdate VMS for IAVMs

Sheet2

Sheet3