| Organization: | Cybersecurity and Enterprise Risk Management |
|---|---|
| Date published: | January 1, 2025 |
| Last updated: | January 29, 2025 |
Overview
The EOTSS Enterprise Risk Management Office is responsible for writing, publishing, and updating all Enterprise Information Security Policies and Standards that apply to all Executive Department offices and agencies. This is a compilation of those policies and standards.
Table of Contents
- IS.001 Information Security Governance Policy
- IS.002 Acceptable Use of Information Technology Policy
- IS.003 Access Management Policy
- IS.004 Asset Management Policy
- IS.005 Incident Response Policy
- IS.006 Change and Configuration Management Policy
- IS.007 Physical and Environmental Security Policy
- IS.008 Software and Application Management Policy
- IS.009 Third Party Risk Management Policy
- IS.010 Vulnerability and Risk Management Policy
Downloads
-
Open PDF file, 223.97 KB, Enterprise Information Security Policies and Standards Glossary of Terms (English, PDF 223.97 KB)
Contact
Online
For cybersecurity or risk management questions:
ERM@mass.gov
Address
Phone
Main Office
(617) 626-4400
Open Monday through Friday 8:30 a.m. - 4:30 p.m.
EOTSS End-User Service Desk
(844) 435-7629
Online
EOTSS End-User Service Desk
Log in to ServiceNow
Security Operations Center
eotss-soc@mass.gov