Security Policies/Standards/Compliance

Security Policies

​​Information Technology (IT) Security Policy Handbook (updated: October 15, 2018)


Security Standards

Note - all security standards have been updated as of October 15, 2018. You must have a state login to view these security standards.

100 - Access Control Standard
​110 - Security Awareness and Training Standard
​120 - Audit and Accountability Standard
130 - Security Assessment and Authorization Standard
​140 - Configuration Management Standard
141 - Appropriate Use of Software Standard
150 - Contingency Planning Standard
​160 - Identification and Authentication Standard
161 - Password Standard
170 - Incident Response Standard
180 - System Maintenance Standard
190 - Media Protection Standard
​191 - Data Classification Standard
200 - Physical and Environment Protection Standard
210 - Security Planning Standard
220 - Personnel Security Standard​
230 - Risk Assessment Standard​
231 - Vulnerability Management Standard​
240 - System and Services Acquisition Standard​
​250 - System and Communications Protection Standard
251 - Encryption Standard​
​260 - System and Information Integrity Standard
261 - Patch Management Standard​
​300 - Remote Access Standard
310 - Wireless Access Standard
320 - Mobile Device Security Standard
​​500 - Program Management Standard


Security Exceptions

Please note:  Due to a temporary technical difficulty, if you are unable to open the documents below, please send an email to DOA DL All DET Security and you will be sent a digital copy of the form that you can fill out and return. 

Exception Request

Exception Procedure

Risk Acceptance Agreement

 

Security Compliance Management

Security Compliance Management


Resources

National Institute of Standards and Technology (NIST) Special Publication 800-53 Revision 5