ENTERPRISE SECURITY POLICIES AND STANDARDS
ITS is responsible for implementing and maintaining security polices and standards capable of improving the cybersecurity posture in the function of any state agency, institution or function of state government as a whole.
Enterprise Security Policy
The State of Mississippi Enterprise Security Policy establishes the minimum requirements for preserving the confidentiality, integrity, and availability of State data and information technology (IT) resources from unauthorized use, access, disclosure, modification, or destruction. This policy was last revised on October 1, 2013.
Enterprise Cloud and Offsite Hosting Security Policy
The State of Mississippi Enterprise Cloud and Offsite Security Policy establishes additional security requirements specifically for cloud and offsite hosting services. The requirements of this policy references contract terms and conditions and baseline security controls specially for cloud and offsite hosting services. This policy, the contract terms and conditions, and the baseline security controls were last revised on July 1, 2018.
Enterprise Security Awareness Training Standard
The Enterprise Security Awareness Training Standard establishes an enterprise standard for a computer-based solution to be utilized by all state agencies that rely on computer-based training for delivering security awareness to their users. This standard was last revised on September 9, 2019.
Cybersecurity Incident Notification Response Standard
The Cybersecurity Incident Notification Response Standard establishes resolution response requirements that state agencies shall follow when addressing a cybersecurity incident notification received from ITS. This standard was last revised on September 3, 2019.