Date Task Time(min)

Meeting with Nakul 30

3/21/2023
Troubleshooting Website Issues 60
Creation of IAM roles in Azure 30
2/22/2023
Understanding Azure China Setup and requiremmnets 30
Date Task Time(min)
Updating on the requested points over mail
2/20/2023
Arranging and validating of the User Stories and Tasks Pending
Meeting with Nakul
2/21/2023
Troubleshooting Website Issues
Creation of IAM roles in Azure
Understanding Azure China Setup and requiremmnets
2/22/2023
POC on creation of Enterprise Role
R&D on Migration - Azure Instance, App Service & DB
Tasks Status
Discussion on 3 IT & Security Policies Active
Creation of 27 IT & Security Policies Active
Implementation of MFA On-Hold
Implementation of SSO On-Hold
 On Hold Policies: Since 21-Feb-2023
Policy Name
Clean Desk
E-Commerce
Log Management

AREA Policy Name

IT Acceptable-Use-Of-Information-Systems

IT Account Management

IT Anti-Virus

IT Owned-Mobile-Device-Acceptable-Use-and-Security

IT Clean Desk
IT E-Commerce
IT Email

IT Firewall

IT Hardware-and-Electronic-Media-Disposal

IT Security Security-Incident-Management
 IT 11. Information-Technology-Purchasing

IT 12. Internet
SRE 13. Log Management

IT 14. Safeguarding-Member-Information

IT 15. Network-Security-And-VPN-Acceptable-Use

IT 16. Personal-Device-Acceptable-Use-And-Security-BYOD
IT 17. Password Management

SRE 18. Patch Management

IT 19. Physical-Access-Control
SRE 20. Cloud Security
IT Security 21. Server Security
IT 22. Social-Media-Acceptable-Use
SRE 23. Systems-Monitoring-And-Auditing
IT Security 24. Vulnerability-Assessment
SRE 25. Website Operation
IT 26. Workstation-Configuration-Security
IT 27. Server-Virtualization
IT 28. Wireless-Wi-Fi-Connectivity
IT 29. Telecommuting

IT Security IOT
 Remarks
LS is working with the
Legal team to get the
required details, post
that DOE team will take
it up and work on it

Status Pre-requisites

Approved
Policy for giving devices, Policy for
connecting personal devices to Wifi.

Need to discuss hierarchy of the

Approved
organization, RBAC policies, Roles/Teams,
Level of clearences for each team/role.

Approved NA

What kind of devices are provided to

Approved employees, What kind of information are on
the devices other than Laptops/PCs,

On-Hold for Discussion

On-Hold for Discussion

Approved
SMTP server info

Approved Need to understand the network flow,

network architecture, usage of Apps(Dev,
QA, Prod), Permission alottment to diff roles,
Whitelisting, Client end network operations

How the org is procuring devices, how they

Approved
are disposing/resaling

Need to understand whether the org is

Approved having SOC team or not, How they are
handling now if there is any security
incident,
 Present policies for buying hardware,
Approved
software, etc

Approved
Present Intra organization internet policies
On-Hold for Discussion

Kind of data being collected from users, this

Approved
policy will be highly swayed by the country
the client/employee will be in

Present VPN configuration, Need for VPN,

Approved
BYOD policy, Remote Work Policy,

Approved BYOD policies for all kind of devices

Approved Present - password policy, password
management, password storage
Approved Need to have what types of OS is the
organization using.
Approved
Approved
Approved
Approved
Approved
Approved
Approved
Approved
Approved
Approved
Approved
Discuss any IOT implementation is being
Approved used across the organization or deployed at
an client site.
 Req Clarification/under
Description
St Date
The aim of this policy is to establish the proper use of computer equipment within
[LS/DOE]. These guidelines have been put in place to safeguard both [LS/DOE] and its
authorized users. Improper usage could potentially subject [LS/DOE] to risks such as virus
infections, network system and service breaches, as well as legal complications.
The purpose of this policy is to set a standard for the management, creation, utilization, and
termination of accounts that provide access to technology and information resources at
[LS/DOE].
The establishment of this policy aims to prevent malware and other malicious codes from
infecting the computers, networks, and technology systems of [LS/DOE]. The policy's
objective is to safeguard user applications, data, files, and hardware from any potential
harm.
This policy outlines the regulations, protocols, and limitations that must be followed by end
users who require legitimate access to corporate data through mobile devices that are
connected to unmanaged networks beyond [LS/DOE]'s direct control. The scope of this
mobile device policy includes any mobile device that [LS/DOE] has issued, containing
stored data belonging to [LS/DOE], and all accompanying media.

The purpose of this policy is to establish rules for the use of [LS/DOE] email for sending,
receiving, or storing of electronic mail.

This policy outlines the guidelines for filtering Internet traffic through firewalls to minimize
the potential risks and damages resulting from security threats to [LS/DOE]'s network and
information systems.

This policy applies to surplus hardware, obsolete machines, and any equipment that
[LS/DOE] owns, which are beyond reasonable repair or reuse, including media. Its purpose
is to establish and define the regulations, protocols, and limitations for disposing of non-
leased IT equipment and media in a legal and cost-effective manner.

This policy establishes the necessary steps for reporting and handling incidents related to
[LS/DOE]'s information systems and business activities. By responding to incidents,
"[LS/DOE]" is able to detect security breaches as they occur.
The purpose of this policy is to set forth guidelines, procedures, and restrictions for the
acquisition of IT hardware, software, computer-related components, and technical services
that are procured using [LS/DOE] funds. All purchases of technology and technical services
must be authorized and coordinated by the IT Department.
This policy aims to define the regulations for accessing the Internet or Intranet using
[LS/DOE]'s network.

This policy aims to guarantee that [LS/DOE] adheres to all applicable federal and state laws
and to safeguard the confidentiality and security of information concerning its members.

The purpose of this policy is to create a standard for connecting to the [LS/DOE] network
from any host. These standards are intended to limit the harm [LS/DOE] may suffer from
unauthorized use of its resources.
This policy will outline the process of getting there own devices(Laptop/mobile/tab)
This policy aims to create a guideline for generating robust passwords, safeguarding them,
and determining the frequency of password changes.
Req Clarification/understand Document draft/in-progress Review
End Date Remarks St Date End Date % completRemarks St Date
Review Completed
End Date % completRemarks St Date End Date % completRemarks