All Security Policies

Access Control (PS-08-009)

Each agency is responsible for establishing access control measures that limits access (logical and/or physical) to only those individuals that are …

Accountability of Assets (PS-08-002)

Establishes accountability for all hardware and software acquired using public funds

Appropriate Use of Information Technology Resources (PS-08-003)

Defines appropriate use IT resources

Business Continuity and Disaster Recovery (PS-08-025)

Requires plans to maintain continuity of essential state government operations and services

Change Management (PS-08-015)

Requirements for a formal change management process

Cloud Provisioning Policy (PS-22-001)

Governance of cloud-based provisioning according to risk.

Computer Security Incident Management (PS-08-004)

Establishes the process for detecting and responding to security incidents

Data and Asset Categorization (PS-08-012)

Provides for inventory and classification of state data and information processing systems

Enterprise Artificial Intelligence Responsible Use (PS-23-001)

Establishes requirements for the use of AI tools within the enterprise

Enterprise Information Security Policy (PS-08-005)

Commits the State of Georgia to protect information systems and data from unauthorized disclosure, modification, use, or destruction

Information Security - Risk Management (PS-08-031)

Requires a risk-based approach to information security management

Information Security Controls Policy (PS-17-001)

Improves how security controls are managed within the State’s shared-service environment. The Security Control Policy addresses this business challe…

IT Supply Chain Security Controls Policy (PS-20-002)

To provide guidance to State agencies on identifying, assessing, selecting and implementing risk management processes and controls throughout the enterpr…

Media Controls (PS-08-026)

Requirements protection of system media from unauthorized disclosure, modification, destruction or loss

Multi-Factor Authentication Policy (PS-21-002)

The purpose of an Enterprise Multi‐Factor Authentication (MFA) Policy is to enable a means of strong authentication for all users with access to informat…

Network Security - Information Flow (PS-08-030)

Requires protection of information traversing networks

Network Security Controls (PS-08-027)

Requires network security controls

Outsourced Facilities Management (PS-08-019)

Establishes requirements over outsourcing data processing facilities

Password Authentication (PS-08-006)

Establishes use of passwords as primary authentication mechanism

Personnel Security (PS-08-014)

Provides for identity verification of IT employees and contractors

Physical and Environmental Security (PS-08-013)

Physical security is an essential element to the overall security of IT resources

Protection from Malicious Software (PS-08-021)

Requires protections against malicious software

Public Access Systems (PS-08-028)

Requires security controls on public facing systems

Reliance on Electronic Records (PS-08-007)

Establishes the State’s intent to rely on electronic data as a form of official record and adherence to proscribed records retention requirements

Remote Access (PS-08-023)

Requires protection from risks associated with remote access

Security Awareness Program (PS-08-010)

Establishes a need to increase user security awareness through an awareness and training program

Security Controls Review and Assessment (PS-08-029.02)

Agencies shall periodically review and continuously monitor the management, operational and technical security controls for all information systems to as…

Security Log Management (PS-08-022)

Requires log management practices

Separation of Production and Development Environments (PS-08-020)

Requires separation of production from development and test environments

Systems and Development Lifecycle (PS-08-018)

Requirements for a formal IT lifecycle management program

Third-Party Access (PS-08-011)

Provisions for third-party access to state facilities and information systems

Use of Cryptography (PS-08-024)

Requires the use of cryptographic controls