| Organization: | Cybersecurity and Enterprise Risk Management |
|---|---|
| Date published: | October 5, 2018 |
| Last updated: | February 26, 2024 |
Overview
The EOTSS Enterprise Risk Management Office is responsible for writing, publishing, and updating all Enterprise Information Security Policies and Standards that apply to all Executive Department offices and agencies. This is a compilation of those policies and standards.
Table of Contents
- IS.000 Enterprise Information Security Policy
- IS.001 Organization of Information Security Standard
- IS.002 Acceptable Use of Information Technology Policy
- IS.003 Access Management Standard
- IS.004 Asset Management Standard
- IS.005 Business Continuity and Disaster Recovery Standard
- IS.006 Communication and Network Security Standard
- IS.007 Compliance Standard
- IS.008 Cryptographic Management Standard
- IS.009 Information Security Incident Management Standard
- IS.010 Information Security Risk Management Standard
- IS.011 Logging and Event Monitoring Standard
- IS.012 Operations Management Standard
- IS.013 Physical and Environmental Security Standard
- IS.014 Secure System and Software Lifecycle Management Standard
- IS.015 Third Party Information Security Standard
- IS.016 Vulnerability Management Standard
Downloads
Open PDF file, 241.49 KB,
Enterprise Information Security Policies and Standards Glossary of Terms
(English, PDF 241.49 KB)
Contact
Online
For cybersecurity or risk management questions:
ERM@mass.gov
Address
Phone
Main Office
(617) 626-4400
Open Monday through Friday 8:30 a.m. - 4:30 p.m.
EOTSS End-User Service Desk
(844) 435-7629
Online
EOTSS End-User Service Desk
Log in to ServiceNow
Security Operations Center
eotss-soc@mass.gov