Internal Controls
ERM ensures the relevancy and efficacy of the Commonwealth’s Enterprise Security Policies & Standards by conducting annual reviews of policy documents and continuous reviews of the programs, policies, and procedures used by all Executive Branch agencies. These reviews will produce a common and centralized collection of best practices.
Policy & Standards Compliance
Periodic reviews of Executive Branch agencies’ policies, procedures, and practices ensures they are complying with the Commonwealth’s Enterprise Security Policies & Standards. ERM will assist these agencies with making a plan for improvements and identifying tools that will help them find, address, and remediate procedural gaps and security vulnerabilities.
Risk Assessment Campaign
The ERM Risk Assessment Campaign uses a series of workshops with Executive Branch information security officers and other cybersecurity officials to better understand security concerns across all Commonwealth agencies. These workshops will help guide the priority, focus, and action plan to address the state’s overall security posture. They will also help ERM coordinate the appropriate personnel, programs, and products to assist all involved with maintaining compliance with EOTSS Enterprise Security Policies and Standards.
Application Security Center of Excellence
The ASCOE Program sets the vulnerability management standard for product security by implementing continuous security scanning of internet-facing applications.