Policies and Standards

finger clicking on symbols of justice icon

Statewide IT policies and standards protect the State of Wisconsin data and systems. By setting rules for state agencies to follow in handling and managing data, the policies and standards protect the security and integrity of citizens' personal and confidential information. The State of Wisconsin IT Security Policies and Standards noted below were developed to provide a baseline of executive branch IT security policies and controls.

Policies

Acceptable Technology Use, Access, and Security Policy (AUP) (Last Revised 3/10/2025)
Security Policies: IT Security Policy Handbook (8/1/2024)

Standards

100 - Access Control Standard (Last Revised 8/1/2024)

101 - Access Control for Remote Access Standard (Last Revised 8/1/2024)

102 - Access Control for Wireless Access Standard (Last Revised 8/1/2024)

103 - Access Control for Mobile Device Security Standard (Last Revised 8/1/20234)

110 - Security Awareness and Training Standard (Last Revised 8/1/2024)

120 - Audit and Accountability Standard (Last Revised 8/1/2024)

130 - Security Assessment and Authorization Standard (Last Revised 8/1/2024)

140 - Configuration Management Standard (Last Revised 8/1/2024)

150 - Contingency Planning Standard (Last Revised 8/1/2024)

160 - Identification and Authentication Standard (Last Revised 8/1/2024)

161 - Password Standard (Last Revised 8/1/2024)

170 - Incident Response Standard (Last Revised 8/1/2024)

180 - System Maintenance Standard (Last Revised 8/1/2024)

190 - Media Protection Standard (Last Revised 8/1/2024)

191 - Data Classification Standard (Last Revised 8/1/2024)

200 - Physical and Environment Protection Standard (Last Revised 8/1/2024)

210 - Security Planning Standard (Last Revised 8/1/2024)

220 - Personnel Security Standard (Last Revised 8/1/2024)

230 - Risk Assessment Standard (Last Revised 8/1/2024)

240 - System and Services Acquisition Standard (Last Revised 8/1/2024)

250 - System and Communications Protection Standard (Last Revised 8/1/2024)

260 - System and Information Integrity Standard (Last Revised 8/1/20234)

270 - PII Processing & Transparency Standard (Last Revised 8/1/2024)

280 - Supply Chain Risk Management Standard (Last Revised 8/1/2024)

290 - Removal of Prohibited Foreign Products Standard (Last Revised 3/18/2025)

500 - Program Management Standard (Last Revised 8/1/2024)

Controls Selected for Standards (Last Revised 8/1/2024)

For easy keyword searching, view the compilation of all the above Security Standards.

Statutes and Regulations

There are many federal and state laws and regulations which govern aspects of the work DET does.

A few laws and regulations which pertain closely to DET are noted below:

Subchapter VII (Wis. Stats. 16.97 to 16.979) of Chapter 16 of the Wisconsin Statutes governs the provision of information technology services by the State of Wisconsin. While most of the laws in this section relate to DET, some relate to other areas within the Department of Administration.

Subchapter IX (Wis. Stats. 16.99 to 16.998) of Chapter 16 of the Wisconsin Statutes governs the Technology for Educational Achievement (TEACH) program, which is run by DET and provides internet connectivity to certain public institutions specified in State law.

DET's security policies and standards are derived from NIST Special Publication 800-53 (Revision 5), which establishes security and privacy controls for information systems and organizations.