Listing policies

Name File Division Last Revision Date Summary
Access Control Policy ETSS_Policy_10-10_Access_Control__AC_.pdf DoIT 2020-08-28 Employees and vendors accessing State or Rhode Island information resources who use password authentication shall use a password that complies with this policy.
Audit and Accountability Policy ETSS_Policy_10-13_Audit_and_Accountability__AU_.pdf DoIT 2019-08-28 To provide the Agency with policy, standards and guidelines for establishing and effectively managing an Information Systems Audit and Accountability program at the Agency.
Bring Your Own Device Security Policy DOIT_Bring_Your_Own_Device_Security_Policy_4-1-16.pdf DoIT 2016-04-01 To establish a Bring Your On Device Security Policy for the effective management of personally owned mobile devices used to access State networks, applications and/or data and to ensure the confidentiality, integrity, and availability of State networks, applications and data.
Configuration Management Policy ETSS_Policy_10-14_Configuration_Management__CM_.pdf DoIT 2020-08-28 To establish a Configuration Management Policy for effectively managing risk associated with changes to and tha have an impact on system configurations, baseline configuration settings and overall information system security,
Contingency Planning Policy ETSS_Policy_10-28_Contingency_Planning__CP_.pdf DoIT 2020-08-31 To establish policy for effective contingency planning that enables the restoration and continuity of operations of mission-critical assets and business functions.
Federal Tax Information Access Policy ETSS_Policy_10-11_Federal_Tax_Information_Access__FTI_.pdf DoIT 2020-08-28 To establish policy that adequately protects and ensures the confidentiality of federal tax information (FTI) in accordance with Internal Revenue Service (IRS) has issued Publication 1075 entitled “Tax Information Security Guidelines for Federal, State, and Local Agencies” (IRS Publication 1075).
Identification and Authorization Policy ETSS_Policy_10-20_Identification_and_Authentication__IA_.pdf DoIT 2020-08-31 To establish policy for identifying and authenticating user access to information systems and network resources that ensures user access is authorized, confidential and sensitive data is protected, and accountability is maintained.
Incident Handling and Response Policy ETSS_Policy_10-12_Incident_Handling_and_Response__IR__2021.pdf DoIT 2021-03-01 To establish policy for the effective and timely management of IT security related incidents to safeguard State of Rhode Island IT resources, infrastructure, and data.
Information Technology Project Approval Policy Policy_07-02_Information_Technology_Project_Approval_Policy.pdf DoIT 2018-11-07 Prior to the expenditure of State resources, the State CDO/CIO will ensure that all major information technology (IT) efforts are consistent with the State of Rhode Island's strategic direction and will be delivered within the DoIT Project Management Framework.
IT Systems and Services Acquisition Policy ETSS_Policy_10-17_IT_System_and_Services_Acquisition__SA_.pdf DoIT 2020-08-28 This policy provides requirements for the IT system and service acquisition process required to assure that information systems are acquired using controls sufficient to safeguard the State’s information systems.
IT-07-02 Information Technology Project Approval Policy IT-07-02_Information_Technology_Project_Approval_Policy.pdf DoIT 2022-03-22 Prior to the expenditure of State resources, the State CIO/CDO will ensure that all major IT efforts are consistent with the State of Rhode Island's strategic direction and will be delivered within the Division of Information Technology Project Management Framework.
Media Handling and Security Policy ETSS_Policy_05-01_Media_Handling_and_Security__MP__2021.pdf DoIT 2021-03-03 To establish policy for effectively handling and securing media in a manner that protects the confidentiality and integrity of data maintained on digital and non-digital media.
Mobile Device Security Policy ETSS_Policy_10-04_Mobile_Device_Security.pdf DoIT 2020-08-28 Establish policy for effectively managing and securing mobile devices that store, process, or transmit state data.
Personnel Security Policy ETSS_Policy_10-21_Personnel_Security__PS__2021.pdf DoIT 2021-03-05 To establish a personnel security policy that provides effective governance of personnel to ensure the security of sensitive information systems and data.
Physical and Environmental Security Policy ETSS_Policy_10-16_Physical_and_Environmental_Security__PE_.pdf DoIT 2020-08-31 To establish policy for the implementation of adequate physical and environmental security controls at data centers and facilities where data centers reside to ensure the protection of information systems and supporting components and infrastructure from physical and environmental hazards.
Risk Assessment Policy ETSS_Policy_10-25_Risk_Assessment__RA_.pdf DoIT 2020-09-11 To establish policy that effectively manages inherent risk, vulnerabilities, threats, and countermeasures based on the criticality of the information system and data to ensure its confidentiality, integrity, and availability, and achieve an acceptable level of enterprise risk.
Security and Risk Program Management ETSS_PM_1_Security_and_Risk_Program_Management_2020.pdf DoIT 2020-08-31 The Security and Risk Management Program defines the foundation for information technology security in Rhode Island. It establishes the Statewide information security standards, providing direction for the Chief Information Security Officer (CISO) to establish a set of standards for information technology security to maximize the functionality, security, and interoperability of the State’s distributed information technology assets, including, but not limited to, data classification and management, communications, and encryption technologies. These standards apply to all executive branch agencies.
Security Assessment and Authorization Policy ETSS_Policy_10-23_Security_Assessment_and_Authorization__CA_.pdf DoIT 2021-08-31 To establish policy for the effective implementation of security controls to safeguard State of Rhode Island IT system resources, infrastructure, and data.
Security Awareness and Training Policy ETSS_Policy_10-26_Security_Awareness_and_Training__AT_.pdf DoIT 2020-08-31 To establish policy that ensures information system users are aware of current threats to information security and are adequately trained to perform their assigned roles and responsibilities in a manner that maintains system security.
Security Planning Policy ETSS_Policy_10-18_Security_Planning__PL_.pdf DoIT 2020-08-31 To establish policy for the effective management of Enterprise risk via a security planning program to ensure the confidentiality, integrity, and availability of information systems and data.