Access Control (PS-08-009)

Each agency is responsible for establishing access control measures that limits access (logical and/or physical) to only those individuals that are authorized to obtain it.

Read more

Access Control (PS-08-009)

Each agency is responsible for establishing access control measures that limits access (logical and/or physical) to only those individuals that are authorized to obtain it.

Read more

Accountability of Assets (PS-08-002)

Establishes accountability for all hardware and software acquired using public funds

Read more

Appropriate Use of Information Technology Resources (PS-08-003.2)

Defines appropriate use IT resources

Read more

Business Continuity and Disaster Recovery (PS-08-025)

Requires plans to maintain continuity of essential state government operations and services

Read more

Change Management (PS-08-015)

Requirements for a formal change management process

Read more

Cloud Provisioning Policy (PS-22-001)

Governance of cloud-based provisioning according to risk.

Read more

Computer Security Incident Management (PS-08-004)

Establishes the process for detecting and responding to security incidents

Read more

Data and Asset Categorization (PS-08-012)

Provides for inventory and classification of state data and information processing systems

Read more

Enterprise Information Security Charter (PS-08-005.3)

Commits the State of Georgia to protecting information systems and data from unauthorized disclosure, modification, use, or destruction

Read more

Information Security - Risk Management (PS-08-031)

Requires a risk-based approach to information security management

Read more

Information Security Controls Policy (PS-17-001)

Improves how security controls are managed within the State’s shared-service environment. The Security Control Policy addresses this business challenge by establishing clearer lines of delineation between security controls, ownership and the overall responsibility of execution.

Read more

IT Supply Chain Security Controls Policy (PS-20-002)

To provide guidance to State agencies on identifying, assessing, selecting and implementing risk management processes and controls throughout the enterprise to manage IT supply chain risk.

Read more

Media Controls (PS-08-026)

Requirements protection of system media from unauthorized disclosure, modification, destruction or loss

Read more

Multi-Factor Authentication Policy (PS-21-002)

The purpose of an Enterprise Multi‐Factor Authentication (MFA) Policy is to enable a means of strong authentication for all users with access to information systems resources while ensuring ease of use and adoption for the user(s).

Read more

Multi-Factor Authentication Policy (RETIRED) (PS-19-001)

Agencies shall use Multi-Factor authentication (MFA) for all network access to privileged accounts as outlined in NIST Special Publication 800-53 Revision 4 and required in federal regulatory requirements.

Read more

Network Security - Information Flow (PS-08-030)

Requires protection of information traversing networks

Read more

Network Security Controls (PS-08-027)

Requires network security controls

Read more

Outsourced Facilities Management (PS-08-019)

Establishes requirements over outsourcing data processing facilities

Read more

Password Authentication (PS-08-006)

Establishes use of passwords as primary authentication mechanism

Read more

Personnel Security (PS-08-014)

Provides for identity verification of IT employees and contractors

Read more

Physical and Environmental Security (PS-08-013)

Physical security is an essential element to the overall security of IT resources

Read more

Protection from Malicious Software (PS-08-021)

Requires protections against malicious software

Read more

Public Access Systems (PS-08-028)

Requires security controls on public facing systems

Read more

Reliance on Electronic Records (PS-08-007.02)

Establishes the State’s intent to rely on electronic data as a form of official record and adherence to proscribed records retention requirements

Read more

Remote Access (PS-08-023)

Requires protection from risks associated with remote access

Read more

Security Awareness Program (PS-08-010)

Establishes a need to increase user security awareness through an awareness and training program

Read more

Security Controls Review and Assessment (PS-08-029.02)

Agencies shall periodically review and continuously monitor the management, operational and technical security controls for all information systems to assess their effectiveness to determine the extent to which they are operating as intended and comply with federal, state, enterprise and agency s

Read more

Security Log Management (PS-08-022)

Requires log management practices

Read more

Separation of Production and Development Environments (PS-08-020)

Requires separation of production from development and test environments

Read more

Systems and Development Lifecycle (PS-08-018.02)

Requirements for a formal IT lifecycle management program

Read more

Third-Party Access (PS-08-011)

Provisions for third-party access to state facilities and information systems

Read more

Use of Cryptography (PS-08-024)

Requires the use of cryptographic controls

Read more