Browse by Topic

Information Security Controls Policy

Improves how security controls are managed within the State’s shared-service environment. The Security Control Policy addresses this business challenge by establishing clearer lines of delineation between security controls, ownership and the overall responsibility of execution.

Information Security Controls Standard

In accordance with the Information Security Control Policy, each agency operating within a shared-service environment is responsible for ensuring that applicable NIST 800-53 (rev. 4) security controls are implemented and operated effectively. This standard establishes responsibilities for security controls per application and/or system operating within a shared-services environment.