• Projects

    If you are interested in participating in any of the working committee meetings for any of the projects listed on this page, please contact Stephanie Marsan (Stephanie.marsan@state.ma.us).

    If you would like to suggest a policy for development, please send an email to standards@state.ma.us

    The links below go to the working space for each of the Enterprise Policy efforts (Login required).  These working spaces are maintained in the Enterprise Policy Space on Commonwiki.  These are working pages and are intended to provide authorized individuals with information used to develop and support each of the associated efforts.  Participation in any of these efforts is open and strongly encouraged for any Commonwealth Employee.  Broad involvement from a diverse community is critical to our ability to develop and maintain a library of meaningful and useful materials.

  • Enterprise InfoSec Policy Workbook Project

    Parts of the Executive Order 504 (EO 504) implementation efforts indicate the need to amend, supplement and modify several of the existing Enterprise Information Security Policies.  This effort has resulted in recommended prioritization and framework for those efforts.
     

    There are currently 10 Enterprise Policies that have been identified for this effort. 

    DescriptionStatus
    Enterprise IT Acquisition Security PolicyIn Progress
    Enterprise Access Control Policy ProjectCompleted
    Enterprise Physical and Environmental Security Policy ProjectCompleted
    Enterprise IT Asset and Risk Management Policy ProjectCompleted
    Enterprise IT Security Incident Response Policy ProjectCompleted
    Enterprise Staff Information Technology Policy ProjectCompleted
    Enterprise Staff Information Technology Policy ProjectCompleted


    Priority: In Progress

  • Enterprise IT Acquisition Technology Policy

    The Enterprise Information Technology Acquisition Policy states requirements for evaluating all viable technology solutions based on best value.  A best value evaluation should consider at the minimum, total cost of ownership, accessibility, reliability, identified business requirements, security, legal risks and ease of migration.  To evaluate best value, it is imperative that that careful consideration is given to all possible solutions including proprietary, Public code sharing, and open source solutions and the accessibility of each.

    Priority: In Progress

  • ETRM Refresh

    The Enterprise Technical Reference Model has historically focused on the Technical Standards and Specifications required for supporting a Services Oriented Architecture for Applications.  However, as the Enterprise Technology Architecture continues to mature; it is important to acknowledge and plan for other areas of the Enterprise’s Architecture. 

    ETRM:  Application Architecture
    ETRM:  Information and Data Architecture
    ETRM:  Business Architecture
    ETRM:  Standard Operating Environment Architecture

    Priority: Planning

  • Records Retention Policy, Standards and Procedures

    An ongoing project the Secretary of State and the Records Conservation Board are preparing to issue guidance surrounding how the Commonwealth stores, maintains, and verifies it’s custodial responsibilities for public records.

  • Standard Operating Environment: Rack Mounted Server

    The Standard Operating Environment for Rack Mounted Servers establishes a set of enterprise-wide standards for standalone/rack-mounted intel-based server hardware.  This document will describe all technical requirements for rack mount server computer hardware and associated bundled software features for use in the Commonwealth of Massachusetts. These requirements will be updated annually.  Agencies governed by the Enterprise IT Acquisition Policy must adhere to the standards detailed in this document for all rack mount server computer hardware and associated bundled software.

    Review Draft docx format of Standard Operating Environment Rack Mounted Server - DR

     

  • Enterprise IT Accessibility Policy Revision

    Currently there are two policies that exist to articulate requirements for ensuring that IT Solutions meet the needs of the broadest possible audience with diverse needs.  It has long been considered reasonable to combine the two sets of requirements into a single document to eliminate confusion and improve compliance.

    Current efforts are focused on providing feedback to the Federal Government's refresh of Section 508.

    Priority: Medium

  • Disaster Recovery Policy

    Given the current efforts to ensure that critical Commonwealth systems are available in the event of a disaster, it is critical that a clear policy is developed to ensure that business owners are provided with appropriate understanding of their obligations.

    Priority: Medium

  • Agency Security Policy Templates

    Develop agency policy templates which are in support of and in compliance with the Enterprise Information Security Policies and Standards. The purpose of the agency policy templates is to assist and guide agencies in their development of security policies that are in accordance with the enterprise policies and standards while addressing and being in compliance with the more detailed and agency specific directives within their respective organizations as agencies mature in development and implementation of their Enterprise Security Programs as required per Executive Order 504.

    Priority: Ongoing

  • Personal Device Usage

    Given the growing use of iPhones and other personally owned devices it is important to understand any obligations that agencies may have in introducing the use of an iPhone to their organization.

    Priority: TBD

  • Annual Review of Existing Policies

    The review and assessment of all published Enterprise Policies and Standards will result in recommendations for what policies and standards require updates, revisions, corrections and/or retirement.  This effort will also provide recommended prioritization that takes into consideration the other projects under way. 
    This effort will be folded into the Enterprise Security Policy Workbook Project and all other efforts to update existing policies.

    Priority: TBD
     

  • Website Review and Re-organization

    This effort has not yet been kicked off but will focus on review of the current Mass.Gov/ITD Intranet posting of Enterprise Policies and Standards.  The goal of this effort will be to improve the organization of the site's content to allow for easier navigation and consumption of these important documents.

    Priority: TBD

  • Templatization of Existing Enterprise Policies

    This is the second phase of the Enterprise Policy Template Development effort.  Now that the templates for Enterprise Policies and Standards have been completed, it is important to apply the new templates to existing policies and standards to promote a consistent look and feel for all Enterprise Policies and Standards.

    Priority: TBD

  • Cyber-event After Action Report & Status Advisory

    In May of 2008 the Commonwealth of Massachusetts Enterprise Security Board (ESB), Information Technology Division (ITD), Executive Office of Public Safety and Security (EOPSS), and the Department of Homeland Security National Cyber Security Division (NCSD) hosted a Massachusetts Cyber Exercise, code-named Mass-Attack, at the Boston Convention and Exhibition Center.  The event included more than 131 participants from state and local government and law enforcement. 

    Given the important nature of this exercise and the resulting After Action Report, the ESB is working to provide a status of all of the work and progress that has taken place since the event.  It is the hope that this status will serve as a reminder of how important it is that we continue to apply the lessons learned from this event and continue to strengthen our collective ability to react to potential incidents.

    Priority: De-Prioritized due to elapsed time.