- Governance and Compliance
- IT Policies and Standards
-
Products and Services
- Applications
- Communications
- Data Center
- Desktop
- Network
- Professional Services
-
Security
- Application Security and Mainframe Access
- Enterprise Vulnerability
- Forensics Services
- Hard Drive Encryption
- Hosted Firewall Solution
- Identity Access Management
- Intrusion Detection Prevention
- Security Certificate Management
- Security Information Event Management (SIEM)
- Threat Management
- VPN Access
- Business Continuity
- Standard Products
- Web
- Support
Security
IT Security is a high-profile issue for agencies. OET takes the lead in providing directives, resources, and applications to aid agencies in protecting their information assets.
Policies
Enterprise Security Program Policy
June 2009 - The Office of Enterprise Technology, Enterprise Security Office, and the Information Security Council announce the publication of the Enterprise Security Program Policy. Download the PDF
Enterprise Security Control Policies
The following management control policies represent the overarching policy direction for managing security risks to the State's information. The process of information security risk management is fundamental to enabling agency leadership to make more informed, risk-based decisions for addressing security risks across their environment and the Executive branch as a whole.
Enterprise Security Management Control Policies
These management control policies represent the overarching policy direction for managing security risks to the State's information. The process of information security risk management is fundamental to enabling agency leadership to make more informed, risk-based decisions for addressing security risks across their environment and the Executive branch as a whole. Download the PDF
Enterprise Security Operational Control Policies
This document addresses security risks to the State's information assets at the process level. These policies provide direction on how to improve security around the processes that represent the daily activities of conducting State business; actions taken by people, not technology. Download the PDF
Enterprise Security Technical Control Policy
December 2009 - This document identifies the core security technology policies that will support and enable the business processes of the State. This will guide the direction of the technologies that will be used for information security purposes. Download the PDF
Enterprise Security Policy on Electronic Mail
Download the PDFStandards
Enterprise Information Security Sanitization and Destruction Standard
June 2009 - This standard defines the requirements that applicable Executive branch agencies must comply with for the proper destruction or sanitization of information. These requirements are necessary to ensure that not-public data is properly removed or destroyed from storage media of various forms at the end of its useful life/the end of its lease/as part of normal records purging, etc. This will help ensure that not public data is not accessible to unauthorized individuals. Download the PDF
Enterprise Physical Security and Environmental Protection Standard
March 2010 - This standard is designed to help agencies identify their physical and environmental control requirements for protecting the entity's information. It includes the requirements for identifying controls, having processes to help enforce and manage the controls, and ensuring the appropriate environmental protections are available for government entities' information systems. Download the PDF
Enterprise Information Security Incident Management Standard
December 2009 - This standard outlines the requirements for the identification and reporting of information security related incidents and events, which is one of the Operational Control Policy areas. Quickly responding to and coordinating the management of these events is vital to mitigating the effect these incidents could have on the State's information assets. Download the PDF
Enterprise Vulnerability Management Security Standard
December 2009 - This standard represents one of the technology control areas under the Technical Control Policies. It outlines the requirements for identification and remediation of security vulnerabilities within the State's information systems and related technology. Download the PDF
Enterprise Security Program Applicability Standard
April 2011 - This, along with the Enterprise Security Program Policy, represents the scope, framework, and governance authority of the Enterprise Security Program. Download the PDF
Enterprise Security Continuity of Operations Standard
April 2011 - Continuity of operation planning is the process of identifying, migrating and responding to an interruption of services. The purpose of this standard is to establish "when" continuity of operations planning is required, "what" is required and "why". Download the PDF
Enterprise Security Portable Computing Devices Standard
April 2011 - State agencies shall implement controls to reduce theft and loss of portable computing devices and data stored on them. Download the PDF
Enterprise Security Training and Awareness Standard
April 2011 - In order to create a security conscious workforce, ensure appropriately trained personnel for organizational security roles, and to comply with the Enterprise Security Operational Control Policy, OC05 – Awareness and Training, this standard identifies the requirements for security awareness training. These requirements are designed to help ensure individuals possess the required knowledge and competence for their role related to the security of information and information systems. Download the PDF
Enterprise Security Configuration Management Standard
April 2011 - Baseline, secure configurations provide defined and documented specifications to which an information system is built. Since a majority of security breaches occur because of system misconfigurations or unauthorized configuration changes, these baselines are critical to ensure systems operate as intended. This standard specifies the requirements for the implementation of information security configuration management process control for information systems and assets. Download the PDF
Enterprise Security Patch Management Standard
April 2011 - Patch management supports a number of security practices in addition to other operational activities that help mitigate the exploitation of known security vulnerabilities. Well defined patch management processes help prevent the introduction of problems into an environment and prepares for when things go wrong due to changes. This standard specifies the requirements for the implementation of information security patch management process controls for information systems and assets. Download the PDF
© Copyright 2013 MN.IT Services - State of Minnesota