Policies / Standards


Search Policies

Please type your keyword(s) into the box below and click the "Search" button.



Applicability

The following policies, procedures, standards, and guidelines apply to all Executive Branch agencies, boards, and commissions except those exempt under The Code of Alabama 1975 (Title 41, Chapter 4, Article 11). Those exemptions include:
Two-way radio communications equipment, systems or networks operated by state agencies for purposes related to public safety, the administration of criminal justice or highway maintenance and construction operations (Section 41-4-290)
Any county or city board of education, the education television commission, the postsecondary education system, or any public college or university (Section 41-4-291)
The legislative and judicial branches of government (Section 41-4-293)

Consolidated IT Policy Manual

You can now view or download all of the IT and security policies, standards, procedures, and guidelines in a single PDF document.

Released Reviewed Title
10/24/2012 10/2012 Consolidated IT Policy Manual (268 pages)     Revision 1!


Individual Policies, Standards, Procedures and Guidelines
Released Reviewed Title
INFORMATION TECHNOLOGY (GENERAL)
05/31/2013 05/2013 Policy 100: Information Technology Policies    Additional Information Added!
09/27/2012 10/2012 Reference: Information Technology Dictionary -  Revision 6
IT PLANNING, BUDGETING & PROCUREMENT
04/26/2011 10/2012 Policy 200: Information Technology Planning
     
04/26/2011 10/2012 Policy 220: Information Technology Budgeting
     
04/26/2011 10/2012 Policy 230: Information Technology Procurement
04/26/2011 10/2012 *  Standard 230S1: IT Procurement
     
IT ARCHITECTURE
09/01/2011 10/2012 Policy 500: Statewide Information Systems Architecture
09/12/2012 10/2012 *  Standard 500S1 Network Architecture Standard
     
09/01/2011 10/2012 Policy 510: Digital Government
     
09/01/2011 10/2012 Policy 520: Domain Naming & Registration
     
09/01/2011 10/2012 Policy 530: Web Development
09/01/2011 10/2012 *  Standard 530S1: Online Privacy and Data Collection
09/01/2011 10/2012 *  Standard 530S2: Universal Accessibility
09/01/2011 10/2012 *  Standard 530S3: Online Security Statement
09/01/2011 10/2012 *  Standard 530S4: Hypertext Linking
06/26/2012 10/2012 Policy 540: E-mail Communications
     
09/01/2011 10/2012 Policy 545: Electronic Collaboration
     
CYBER SECURITY MANAGEMENT
05/16/2011 10/2012 Policy 600: Information Security
05/31/2011 10/2012 Policy 602: Info Security for Service Providers
     
10/23/2012 10/2012 Policy 603: Security Council     Revised!
10/24/2012 10/2012 *  Procedure 603P1: Security Council     Revised!
     
07/19/2012 10/2012 Policy 604: Cyber Security Incident Response
06/16/2011 10/2012 *  Procedure 604P1: Incident Reporting
08/09/2012 10/2012 *  Procedure 604P2: Incident Handling
     
06/16/2011 10/2012 Policy 605: Configuration Management
06/16/2011 10/2012 *  Guideline 605G1: CM Process
     
09/01/2011 10/2012 Policy 606: Risk Management
09/01/2011 10/2012 *  Guideline 606G1: Risk Assessment
01/18/2012 10/2012 *  Guideline 606G2: Personnel Security
     
CYBER SECURITY TRAINING
09/01/2011 10/2012 Policy 610: Security Awareness
ACCESS CONTROLS
11/23/2011 10/2012 Policy 621: Network & System Access
     
09/01/2011 10/2012 Policy 622: Remote Access
09/01/2011 10/2012 *  Standard 622S1: Virtual Private Networks
09/01/2011 10/2012 *  Standard 622S2: Dial-In Access
     
09/01/2011 10/2012 Policy 623: Authentication
09/01/2011 10/2012 *  Standard 623S1: Authentication-Passwords
09/01/2011 10/2012 *  Standard 623S2: Authentication-Biometrics
     
05/23/2013 05/2013 Policy 623-01: Authentication     Effective July 1, 2013!
     
SYSTEM USE
08/28/2012 10/2012 Policy 630: System Use
     
CONNECTIONS
09/01/2011 10/2012 Policy 641: External Connections
09/01/2011 10/2012 *  Standard 641S1: Interconnecting IT Systems
09/01/2011 10/2012 Policy 643: Wireless Security
09/01/2011 10/2012 *  Standard 643S1: Wireless Networks
09/01/2011 10/2012 *  Standard 643S2: Wireless Clients
09/01/2011 10/2012 *  Standard 643S3: Bluetooth Security
09/01/2011 10/2012 Policy 644: Voice over Internet Protocol
09/01/2011 10/2012 *  Standard 644S1: VoIP_Security
PHYSICAL SECURITY
02/28/2012 10/2012 Policy 651: Physical Security
06/08/2011 10/2012 Policy 652: Card Key Access Control
SYSTEM/APPLICATION SECURITY
09/01/2011 10/2012 Policy 661: Application Security
12/01/2011 10/2012 *  Guideline 661G1: Application Security
01/26/2012 10/2012 *  Guideline 661G2: Security Engineering Principles    
09/01/2011 10/2012 Policy 662: Systems Security
09/21/2012 10/2012 *  Standard 662S1: Server Security   
09/21/2012 10/2012 *  Standard 662S2: Client Systems Security
09/01/2011 10/2012 *  Standard 662S3: POS Systems Security
09/01/2011 10/2012 *  Guideline 662G1: Systems Security
12/14/2011  10/2012 *  Guideline 662G2: BIOS Protection
07/26/2012  10/2012 *  Procedure 662P1: Portable Device Authorization
     
06/07/2012 10/2012 Policy 663: RACF Security
03/14/2012 10/2012 *  Standard 663S1: RACF System Options
   (limited distribution - click here to request a copy)
10/24/2012 10/2012 *  Standard 663S2: RACF Architectural Strategies   Revised!
06/07/2012 10/2012 *  Standard 663S3: RACF User Identification & Authentication
SECURITY ADMINISTRATION
04/15/2013 04/2013 Policy 672: Vulnerability Scanning     New!
09/01/2011 10/2012 Policy 673: Backup and Recovery
11/04/2011 10/2012 Policy 674: Virus Protection  
09/01/2011 10/2012 *  Standard 674S1: Virus Protection
11/04/2011 10/2012 *  Procedure 674P1: Spam Protection 
09/01/2011 10/2012 Policy 675: Vulnerability Management
09/01/2011 10/2012 Policy 676: Monitoring and Reporting
09/01/2011 10/2012 Policy 677: Log Management
01/18/2012 10/2012 *  Standard 677S1: Log Management
09/01/2011 10/2012 Policy 678: System Maintenance
INFORMATION/DATA MANAGEMENT
09/01/2011 10/2012 Policy 681: Information Protection
09/01/2011 10/2012 *  Standard 681S1: Information Protection
09/01/2011 10/2012 *  Standard 681S2: Protecting PII
09/01/2011 10/2012 *  Standard 681S3: Media Sanitization
02/28/2012  10/2012 *  Procedure 681P1: Equipment Disposal
09/01/2011 10/2012 Policy 682: Information Release
09/01/2011 10/2012 Policy 683: Encryption
01/18/2012 10/2012 Policy 685: Data Breach Notification
DISASTER RECOVERY
04/26/2011 10/2012 Policy 690: Disaster Recovery




Finance Home   |   Alabama Directory   |   Media   |   Online Services   |   Alabama.gov   |   Alerts   |   Feeds
Governor's Site   |   Translation Services:   German (Deutsch)   |   Japanese 日本語   |   Korean 한국어   |   Spanish (Español)