New standards will become effective in July 2016
October 1, 2015
We've been hard at work updating our resources to reflect the state's Information Security and Privacy Standards which you can read about here. The requirements were last updated in September 2015 and will be effective July 2016. We've created a companion document that clarifies responsibility for implementation and offers a starting point for most of the individual controls, found here.
As a starting point, we suggest filtering items assigned to organizational units (OUs) by the highest classification of data in your area. Items assigned to Enterprise and DIS are listed for informational purposes only. If your unit has created or used an alternative resource to address a particular issue, please share it with us so we can update the Guidance for others!
In the coming months, you can expect updates on how we can help your unit comply with the state's program. Updates will include policy revisions, measurement tools, an updated Security site, recommended priorities, templates, and other resources. Much of this will be communicated through units' Security Liaisons, so now is a great time to familiarize yourself with him or her!