S 2.495 Disposal of Lotus Notes/Domino components
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: IT Security Officer, Administrator
Within the life cycle of the Lotus Notes/Domino environment, the disposal phase must be taken into consideration as well. Normally, there is no disposal without substitution, because the business processes supported by Lotus Notes/Domino do not change to the extent that services such as email, web services, etc. are discontinued without substitution. Thus, disposal will only take place when a new product is used so that migration to a new Groupware and/or Collaboration solution takes place in most cases.
Therefore, disposal without any migration aspects normally refers to individual components of the Lotus Notes/Domino environment (or infrastructure components and the Lotus Notes/Domino components contained thereon).
When disposing of a component, all references to the disposed of component (e.g. cross-certificates) in the remaining environment must be deleted and the inventory lists and/or databases must be adapted accordingly. This way, any "reuse" of such a reference by an attacker, e.g. by integrating a component and/or a system with the identity of the disposed of component, is prevented. Licensing and licence management must be reviewed and adapted, if necessary.
The same procedure as for the references of the disposed of components in the remaining Lotus Notes/Domino environment must be applied to the data and references of the components on operating system level, in the network, on monitoring and security components (security gateways, IDS, Content Security Appliances, SIEM platforms, components for malware protection, components for network monitoring). This is not applicable if the disposed of component is substituted by a component with an identical identity within the Lotus Notes/Domino system, such as when transferring a Domino server 1:1 to more powerful hardware, for example.
Upon successful migration, module S 1.15 Deleting and destroying data must be applied before physically disposing of the disposed of Lotus Notes/Domino infrastructure. The same holds true for infrastructure reused for different purposes (e.g. as a development server).
It must be taken into consideration that the archived data must still be stored even after the disposal of the Lotus Notes/Domino environment and that accessing this data must be possible with reasonable effort and meeting reasonable periods (these can be found in the archiving concept). Therefore, corresponding resources (hardware, software, licences) must be provided.
Review questions:
- Is the method for disposing of Lotus Notes/Domino components documented (e.g. in the documentation of the operational procedures or the instruction manual)?