An official website of the State of Georgia.
How you know
Local, state, and federal government websites often end in .gov. State of Georgia government websites and email systems use “georgia.gov” or “ga.gov” at the end of the address. Before sharing sensitive or personal information, make sure you’re on an official state website.
Call 1-800-GEORGIA to verify that a website is an official website of the State of Georgia.
Each agency is responsible for establishing access control measures that limits access (logical and/or physical) to only those individuals that are authorized to obtain it.
Establishes accountability for all hardware and software acquired using public funds
Defines appropriate use IT resources
Requires plans to maintain continuity of essential state government operations and services
Requirements for a formal change management process
Establishes the process for detecting and responding to security incidents
Provides for inventory and classification of state data and information processing systems
Commits the State of Georgia to protecting information systems and data from unauthorized disclosure, modification, use, or destruction
Requires a risk-based approach to information security management
Improves how security controls are managed within the State’s shared-service environment. The Security Control Policy addresses this business challenge by establishing clearer lines of delineation between security controls, ownership and the overall responsibility of execution.
To provide guidance to State agencies on identifying, assessing, selecting and implementing risk management processes and controls throughout the enterprise to manage IT supply chain risk.
Requirements protection of system media from unauthorized disclosure, modification, destruction or loss
Agencies shall use Multi-Factor authentication (MFA) for all network access to privileged accounts as outlined in NIST Special Publication 800-53 Revision 4 and required in federal regulatory requirements.
Requires protection of information traversing networks
Requires network security controls
Establishes requirements over outsourcing data processing facilities
Establishes use of passwords as primary authentication mechanism
Provides for identity verification of IT employees and contractors
Physical security is an essential element to the overall security of IT resources
Requires protections against malicious software
Requires security controls on public facing systems
Establishes the State’s intent to rely on electronic data as a form of official record and adherence to proscribed records retention requirements
Requires protection from risks associated with remote access
Establishes a need to increase user security awareness through an awareness and training program
Requires log management practices
Agencies shall periodically review and continuously monitor the management, operational and technical security controls for all information systems to assess their effectiveness to determine the extent to which they are operating as intended and comply with federal, state, enterprise and agency s
Requires separation of production from development and test environments
Requirements for a formal IT lifecycle management program
Provisions for third-party access to state facilities and information systems
Requires the use of cryptographic controls