| Access Control Policy |
ETSS_Policy_10-10_Access_Control__AC_.pdf |
DoIT |
2022-11-08 |
Employees and vendors accessing State or Rhode Island information resources who use password authentication shall use a password that complies with this policy.
|
| Assessment, Authorization, and Monitoring Policy |
ETSS_Policy_10-23_Assessment__Authorization__and_Monitoring__CA_.pdf |
DoIT |
2022-11-08 |
To establish policy for the effective implementation of security controls to safeguard State of Rhode Island IT system resources, infrastructure, and data. |
| Audit and Accountability Policy |
ETSS_Policy_10-13_Audit_and_Accountability__AU_.pdf |
DoIT |
2022-11-08 |
To provide the Agency with policy, standards and guidelines for establishing and effectively managing an Information Systems Audit and Accountability program at the Agency.
|
| Awareness and Training Policy |
ETSS_Policy_10-26_Awareness_and_Training__AT_.pdf |
DoIT |
2022-11-08 |
To establish policy that ensures information system users are aware of current threats to information security and are adequately trained to perform their assigned roles and responsibilities in a manner that maintains system security. |
| Bring Your Own Device Security Policy |
DOIT_Bring_Your_Own_Device_Security_Policy_4-1-16.pdf |
DoIT |
2016-04-01 |
To establish a Bring Your On Device Security Policy for the effective management of personally owned mobile devices used to access State networks, applications and/or data and to ensure the confidentiality, integrity, and availability of State networks, applications and data. |
| Configuration Management Policy |
ETSS_Policy_10-14_Configuration_Management__CM_.pdf |
DoIT |
2022-11-08 |
To establish a Configuration Management Policy for effectively managing risk associated with changes to and tha have an impact on system configurations, baseline configuration settings and overall information system security,
|
| Contingency Planning Policy |
ETSS_Policy_10-28_Contingency_Planning__CP_.pdf |
DoIT |
2022-11-08 |
To establish policy for effective contingency planning that enables the restoration and continuity of operations of mission-critical assets and business functions. |
| Federal Tax Information Access Policy |
ETSS_Policy_10-11_Federal_Tax_Information_Access__FTI_.pdf |
DoIT |
2022-11-08 |
To establish policy that adequately protects and ensures the confidentiality of federal tax information (FTI) in accordance with Internal Revenue Service (IRS) has issued Publication 1075 entitled “Tax Information Security Guidelines for Federal, State, and Local Agencies” (IRS Publication 1075). |
| Identification and Authorization Policy |
ETSS_Policy_10-20_Identification_and_Authentication__IA_.pdf |
DoIT |
2022-11-08 |
To establish policy for identifying and authenticating user access to information systems and network resources that ensures user access is authorized, confidential and sensitive data is protected, and accountability is maintained. |
| Incident Handling and Response Policy |
ETSS_Policy_10-12_Incident_Handling_and_Response__IR_.pdf |
DoIT |
2022-11-08 |
To establish policy for the effective and timely management of IT security related incidents to safeguard State of Rhode Island IT resources, infrastructure, and data. |
| Information Technology Project Approval Policy |
IT-07-02_Information_Technology_Project_Approval_Policy_2022.pdf |
DoIT |
2022-03-22 |
Prior to the expenditure of State resources, the State CDO/CIO will ensure that all major information technology (IT) efforts are consistent with the State of Rhode Island's strategic direction and will be delivered within the DoIT Project Management Framework. |
| IT Systems and Services Acquisition Policy |
ETSS_Policy_10-17_System_and_Services_Acquisition__SA_.pdf |
DoIT |
2022-11-08 |
This policy provides requirements for the IT system and service acquisition process required to assure that information systems are acquired using controls sufficient to safeguard the State’s information systems. |
| IT-07-02 Information Technology Project Approval Policy |
IT-07-02_Information_Technology_Project_Approval_Policy.pdf |
DoIT |
2022-03-22 |
Prior to the expenditure of State resources, the State CIO/CDO will ensure that all major IT efforts are consistent with the State of Rhode Island's strategic direction and will be delivered within the Division of Information Technology Project Management Framework. |
| Media Handling and Security Policy |
ETSS_Policy_05-01_Media_Protection__MP_.pdf |
DoIT |
2022-11-08 |
To establish policy for effectively handling and securing media in a manner that protects the confidentiality and integrity of data maintained on digital and non-digital media. |
| Mobile Device Security Policy |
ETSS_Policy_10-04_Mobile_Device_Security.pdf |
DoIT |
2020-08-28 |
Establish policy for effectively managing and securing mobile devices that store, process, or transmit state data. |
| Personnel Security Policy |
ETSS_Policy_10-21_Personnel_Security__PS_.pdf |
DoIT |
2022-11-08 |
To establish a personnel security policy that provides effective governance of personnel to ensure the security of sensitive information systems and data. |
| Physical and Environmental Security Policy |
ETSS_Policy_10-16_Physical_and_Environmental_Security__PE_.pdf |
DoIT |
2022-11-08 |
To establish policy for the implementation of adequate physical and environmental security controls at data centers and facilities where data centers reside to ensure the protection of information systems and supporting components and infrastructure from physical and environmental hazards. |
| Risk Assessment Policy |
ETSS_Policy_10-25_Risk_Assessment__RA__.pdf |
DoIT |
2022-11-08 |
To establish policy that effectively manages inherent risk, vulnerabilities, threats, and countermeasures based on the criticality of the information system and data to ensure its confidentiality, integrity, and availability, and achieve an acceptable level of enterprise risk. |
| Security and Risk Program Management |
ETSS_PM-1_Security_and_Risk_Program_Management_Rev1.2.pdf |
DoIT |
2023-05-11 |
The Security and Risk Management Program defines the foundation for information technology security in Rhode Island. It establishes the Statewide information security standards, providing direction for the Chief Information Security Officer (CISO) to establish a set of standards for information technology security to maximize the functionality, security, and interoperability of the State’s distributed information technology assets, including, but not limited to, data classification and management, communications, and encryption technologies. These standards apply to all executive branch agencies. |
| Security Planning Policy |
ETSS_Policy_10-18_Security_Planning__PL_.pdf |
DoIT |
2022-11-08 |
To establish policy for the effective management of Enterprise risk via a security planning
program to ensure the confidentiality, integrity, and availability of information systems and
data. |
