User Guide: Creating an EO504 ISP-ESP file size 2MBA document to assist Executive Department agencies in preparing and submitting an ISP-ESP, as mandated by Executive Order 504.
- A guide to assist Executive Department agencies in preparing and submitting the annual Self-Audit Questionnaire (SAQ), as mandated by Executive Order 504.
This policy articulates requirements that assist management in defining a framework that establishes a secure environment for providing services provided by Commonwealth agencies, authorities, and business partners.
The purpose of this document is to identify the minimum standards that agencies must adopt for the appropriate classification of data and the ongoing management of that classification. Classification of data is a critical part of data management which includes planning and implementing comprehensive and responsible information security practices. This document describes a standard data classification scheme, the required considerations for classification, risk assessment, security control requirements and data management and lifecycle requirements.
- This policy articulates the requirements for responding to Security Incidents and Attack Intrusions.
This policy articulates the access controls that are required to meet the security objectives of the Enterprise Information Security Policy . Access control management is paramount to protecting Commonwealth Information Technology (IT) Resources and requires implementation of controls and continuous oversight to restrict access.