Executive Office of Technology Services and Security Policies

There are no legal prohibitions against state agencies using social media sites or having social media identities. However, there are legal considerations. This Social Media Legal Guidance Toolkit is designed for you and your legal counsel to review and apply before implementing social media for your agency or authorizing employees to participate on social media sites. It includes information about updating agency website policies (privacy, terms of use and social media) relating to your use of social media; training topics for agency social media participants; meeting relevant legal obligations; and considerations for employees' use of social media, both professional and personal.

The Software and Application Management Policy establishes the minimum security requirements that must be implemented to develop, test, install, manage, and terminate software programs, systems and applications.

With all levels of government and businesses across the country urging employees to work remotely to slow the spread of the Coronavirus, now’s a good time to review the security settings of your home network and pay close attention to business-specific guidance.

This standard establishes the security requirements needed when a third party is working with the Commonwealth's confidential information.

The Third Party Risk Management Policy establishes the minimum security requirements that must be implemented to manage third-party vendors who provide any type of information technology goods and/or services, outsources applications, cloud services, and/or network and security management to the Commonwealth.

This standard reinforces the Commonwealth’s commitment to a Third-Party information security strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.

Whether you're hosting a team check-in or a public webinar, securing your virtual meetings is essential.

The Vulnerability Management Policy establishes the minimum security requirements that must be implemented to protect, detect and remediate vulnerabilities in the Commonwealth’s information technology environment.

The Vulnerability Management Standard documents the requirements to protect, detect and recover from vulnerabilities in the technology environment and applies to all Executive Department offices and agencies.

This standard reinforces the Commonwealth’s commitment to a vulnerability management strategy and outlines the controls necessary to safeguard the Commonwealth’s information assets and reduce risks.