Our Organization
ITD's Top Five Goals
- Oversee Executive Department IT Consolidation
- Support Health IT and Healthcare Cost Containment
- Plan and implement e-Government and access enhancements
- Drive IT Financial Reform
- Implement Springfield Data Center
Initiatives
ITD Resources
Key Technology Resources
Getting to Our Content
Enterprise Access Control Policy and Standards Published
All Executive Department agencies are required to comply with this policy and the supporting standards in addition to any agency or third party that connects to the Commonwealth’s wide area network (MAGNet). Entities outside the Executive Department are encouraged to adopt these or similar policies and standards. This policy is effective as of the date of publication and is available on this web site under the section Security Policies & Standards .
The Enterprise Access Control Policy and supporting standard, Enterprise Access Control Security Standards have been drafted together as a suite with sections that are aligned with each other as well as with ISO 27k. The Policy is generally higher level and relies on the associated Standards to elaborate into the detail required for further technical use. The suite was written in this fashion to make the overall document suite more consumable.
The Enterprise Access Control Policy effort has been an comprehensive effort to consolidate and reorganize many of the Commonwealth’s Enterprise security access policies and standards and align them with the structure of Section 11 “Access Control” of the ISO/IEC 27002:2005, “Information technology - Security techniques - Code of practice for information security management”.
.
Complementary Content
John Letchford,
Commonwealth Chief Information Officer
Welcome to ITD's Website

