The Commonwealth of Massachusetts collects, manages and stores information on a regular basis in order to support business operations. The Commonwealth is committed to preserving the confidentiality, integrity, and availability of its information assets.
The purpose of this policy is to establish the minimum information security requirements that must be implemented to protect the Commonwealth’s information assets. This policy reinforces the Commonwealth’s commitment to an effective information security program, and outlines the framework, principles, and controls required to ensure the protection of the Commonwealth’s information technology environment.