Executive Office of Technology Services and Security Policies

EOTSS maintains responsibility and authority for establishing standards and guidelines for infrastructure and hosting services. These standards are currently under review and will be published ASAP. In the interim, if you have questions on Hosting and Infrastructure, please contact the EOTSS Assistant Secretary for Technology, Security and Operations or the Commonwealth CTO. All executive branch agencies must comply with these standards and guidelines, and must ensure that all business applica

Tips and techniques to reduce the risk of a cyber attack on your home network.

The Business Continuity and Disaster Recovery Standard details the responsibility of the Enterprise Security Office to establish and follow processes for business continuity and disaster recovery management in the event of any organizational or information technology infrastructure failure.

This policy reinforces the Commonwealth's commitment to protecting its information assets, establishes high-level functions of the Enterprise Security Office, and outlines information security requirements to safeguard information assets and assist the Commonwealth to achieve its strategic objectives.

This standard reinforces the Commonwealth’s commitment to an incident management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

The Information Security Risk Management Standard defines the key elements of the Commonwealth’s information security risk assessment model to enable consistent identification, evaluation, response and monitoring of risks facing IT processes

This standard reinforces the Commonwealth’s commitment to an risk management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

This standard reinforces the Commonwealth's commitment to protecting its information assets, establishes high-level functions of the Enterprise Security Office, and outlines information security requirements to safeguard information assets and assist the Commonwealth to achieve its strategic objectives.

This Knowledge Base is your self-service guide to authoring and updating content for Mass.gov. Most of this guide focuses on the Content Management System (CMS), but it also addresses related third-party tools such as Formstack and Google Analytics.

This standard reinforces the Commonwealth’s commitment to a logging and event monitoring strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.