Skip to main content

Security Policy Exception

Request for an exception for issues identified through vulnerability scan or another compliance issue that can't be resolved. Request must include a plan to mitigate the vulnerability.
Request via ServiceNow 

Contacts

EOTSS End User and IT Service Support

Phone

EOTSS End User IT Service Desk Call EOTSS End User and IT Service Support, EOTSS End User IT Service Desk at (844) 435-7629

Support for Commonwealth end users and IT support personnel

Online

ServiceNow Log in to ServiceNow 
Chat with us live! Log in and click "Chat now" 
Send us an email Email EOTSS End User and IT Service Support at MassGov@service-now.com
Learn more about this organization 

The Details

Features

Compliance with enterprise security and standards is mandatory for the Executive Department including all executive offices, boards, commissions, agencies, departments, divisions, councils, and bureaus.  In addition to enterprise security and standards, the vulnerability management program scans various environments and must comply with the standards. 

A policy exception may be granted only if the benefits of the exception outweigh the increased risks, as determined by the Commonwealth CISO.

Pricing

There is no charge for this service.

How to request

Request service via a ServiceNow request

Service Level Expectation (SLE)

Security Policy Exception

SLEResponsibilities/Dependencies

Fulfillment:  Due to the variable nature of this request item, fulfillment time will differ on a case-to-case basis. SLE will be communicated following the finalization of customer requirements.

Customer

  • Responsible for adhering to the EOTSS Standard Rules of Engagement.
  • Responsible for submitting accurate information to EOTSS during the intake and discovery process.
  • Sharing complete requirements will ensure that accurate SLEs are provided and met.
  • Responsible for including a plan to mitigate the identified risks when submitting a request for this service.
  • Upon receiving approval from the Enterprise Risk Management Team, customers are responsible for initiating a new request for implementation.  The ERM approval document should be attached to the implementation request.

EOTSS

  • Responsible for coordinating discovery meeting(s) with the customer.
  • Once all requirements are collected/finalized following intake and discovery, EOTSS will determine the appropriate SLE for the request and communicate to the customer.
  • Responsible for providing a ruling on the exception pending review of the request.
  • For approved requests ONLY: Responsible for communicating decision to the customer and providing the exception expiration date.  

Policies

IS00.16 Vulnerability Management Standard

IS00.7 Compliance Standard

Contact

Phone
EOTSS End User IT Service Desk Call EOTSS End User and IT Service Support, EOTSS End User IT Service Desk at (844) 435-7629

Support for Commonwealth end users and IT support personnel

Online
ServiceNow Log in to ServiceNow 
Chat with us live! Log in and click "Chat now" 
Send us an email Email EOTSS End User and IT Service Support at MassGov@service-now.com
Learn more about this organization 

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback