Executive Office of Technology Services and Security Policies

The Third Party Risk Management Policy establishes the minimum security requirements that must be implemented to manage third-party vendors who provide any type of information technology goods and/or services, outsources applications, cloud services, and/or network and security management to the Commonwealth.

This standard reinforces the Commonwealth’s commitment to a Third-Party information security strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

The Vulnerability Management Policy establishes the minimum security requirements that must be implemented to protect, detect and remediate vulnerabilities in the Commonwealth’s information technology environment.

The Vulnerability Management Standard documents the requirements to protect, detect and recover from vulnerabilities in the technology environment and applies to all Executive Department offices and agencies.

This standard reinforces the Commonwealth’s commitment to a vulnerability management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.