All Security Policies

Access Control - PS-08-009

Each agency is responsible for establishing access control measures that limits access (logical and/or physical) to only those individuals that are authorized to obtain it.

Accountability of Assets - PS-08-002

Establishes accountability for all hardware and software acquired using public funds

Appropriate Use of Information Technology Resources - PS-08-003.2

Defines appropriate use IT resources

Business Continuity and Disaster Recovery - PS-08-025

Requires plans to maintain continuity of essential state government operations and services

Change Management - PS-08-015

Requirements for a formal change management process

Computer Security Incident Management - PS-08-004

Establishes the process for detecting and responding to security incidents

Data and Asset Categorization - PS-08-012

Provides for inventory and classification of state data and information processing systems

Enterprise Information Security Charter - PS-08-005.3

Commits the State of Georgia to protecting information systems and data from unauthorized disclosure, modification, use, or destruction

Information Security - Risk Management - PS-08-031

Requires a risk-based approach to information security management

Information Security Controls Policy - PS-17-001

Improves how security controls are managed within the State’s shared-service environment. The Security Control Policy addresses this business challenge by establishing clearer lines of delineation between security controls, ownership and the overall responsibility of execution.

Media Controls - PS-08-026

Requirements protection of system media from unauthorized disclosure, modification, destruction or loss

Multi-Factor Authentication Policy - PS-19-001

Agencies shall use Multi-Factor authentication (MFA) for all network access to privileged accounts as outlined in NIST Special Publication 800-53 Revision 4 and required in federal regulatory requirements.

Network Security - Information Flow - PS-08-030

Requires protection of information traversing networks

Network Security Controls - PS-08-027

Requires network security controls

Outsourced Facilities Management - PS-08-019

Establishes requirements over outsourcing data processing facilities

Password Authentication - PS-08-006

Establishes use of passwords as primary authentication mechanism

Personnel Security - PS-08-014

Provides for identity verification of IT employees and contractors

Physical and Environmental Security - PS-08-013

Physical security is an essential element to the overall security of IT resources

Protection from Malicious Software - PS-08-021

Requires protections against malicious software

Public Access Systems - PS-08-028

Requires security controls on public facing systems

Reliance on Electronic Records - PS-08-007.02

Establishes the State’s intent to rely on electronic data as a form of official record and adherence to proscribed records retention requirements

Remote Access - PS-08-023

Requires protection from risks associated with remote access

Security Awareness Program - PS-08-010

Establishes a need to increase user security awareness through an awareness and training program

Security Log Management - PS-08-022

Requires log management practices

Security Review Control and Assessment - PS-08-029.02

Agencies shall periodically review and continuously monitor the management, operational and technical security controls for all information systems to assess their effectiveness to determine the extent to which they are operating as intended and comply with federal, state, enterprise and agency security policies, standards and requirements.

Separation of Production and Development Environments - PS-08-020

Requires separation of production from development and test environments

Systems and Development Lifecycle - PS-08-018.02

Requirements for a formal IT lifecycle management program

Third-Party Access - PS-08-011

Provisions for third-party access to state facilities and information systems

Use of Cryptography - PS-08-024

Requires the use of cryptographic controls