Public Access Systems (PS-08-028)

Requires security controls on public facing systems

Reliance on Electronic Records (PS-08-007)

Establishes the State’s intent to rely on electronic data as a form of official record and adherence to proscribed records retention requirements

Remote Access (PS-08-023)

Requires protection from risks associated with remote access

Retention of Data Backup Media and Records Management Media - Guideline (GM-13-001)

Guidelines for handling media used for data backup and for records archiving

Risk Management Framework (SS-08-041 )

Adopts the NIST risk management framework

Secure Remote Access (SS-08-038)

Requires protection of systems from risks associated with remote access

Security Awareness Program (PS-08-010)

Establishes a need to increase user security awareness through an awareness and training program

Security Controls Review and Assessment (PS-08-029.02)

Agencies shall periodically review and continuously monitor the management, operational and technical security controls for all information systems to assess their effectiveness to determine the extent to which they are operating as intended and comply with federal, state, enterprise and agency s

Security Education and Awareness (SS-08-012)

Requires all employees and contractors to attend annual security awareness training

Security Log Management (PS-08-022)

Requires log management practices