Executive Office of Technology Services and Security Policies

The purpose of this policy is to establish the minimum security requirements that must be implemented to protect the Commonwealth’s information and technology assets and ensure the continuous effective and secure management of the Commonwealth’s information technology environment.

This standard reinforces the Commonwealth's commitment to an effective acceptable use of information technology strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks posed by improper management of information.

While Microsoft Teams is the enterprise standard for the Executive Branch business collaboration software platform, agencies may utilize Zoom, GoToMeeting, and similar tools if Teams cannot meet their unique business needs or those of their employees and constituents.

This document describes access management standards for the use of information, information systems, electronic and computing devices, applications, and network resources used to conduct business on behalf of the Commonwealth.

This standard reinforces the Commonwealth's commitment to an effective access management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks posed by improper management of access.

Administrative Directives issued by the EOTSS Secretary and CIO for the Commonwealth

Sign, send, track, and collect e-signatures.

The EOTSS standard is Microsoft Defender, which will be leveraged as an anti-malware/antivirus component integrated with Windows 10. This product is replacing all other antivirus software.

This standard reinforces the Commonwealth’s commitment to an effective asset management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks posed by improper management of assets.

Deep subject matter expertise resides in Commonwealth agencies and Secretariats, making it crucial that the organizational structure envisioned by Chapter 64 of the Acts of 2017, respect and preserve the proper role of agencies and Secretariats in managing the aspects of the application layer that relate to the day-to-day operations of the Commonwealth’s core programs and services. Therefore, Secretariats and agencies own, operate, manage, and support the business applications in most instances.