Policies / Standards


Search Policies

Please type your keyword(s) into the box below and click the "Search" button.





Policies

Released Reviewed Title
INFORMATION TECHNOLOGY (GENERAL)
04/26/2011 08/2011 Policy 100: Information Technology Policies
01/18/2012 08/2011 Reference: Information Technology Dictionary     Revised!
IT PLANNING, BUDGETING & PROCUREMENT
04/26/2011 08/2011 Policy 200: Information Technology Planning
     
04/26/2011 08/2011 Policy 220: Information Technology Budgeting
     
04/26/2011 08/2011 Policy 230: Information Technology Procurement
04/26/2011 08/2011 *  Standard 230S1: IT Procurement
     
IT ARCHITECTURE
09/01/2011 08/2011 Policy 500: Statewide Information Systems Architecture
     
09/01/2011 08/2011 Policy 510: Digital Government
     
09/01/2011 08/2011 Policy 520: Domain Naming & Registration
     
09/01/2011 08/2011 Policy 530: Web Development
09/01/2011 08/2011 *  Standard 530S1: Online Privacy and Data Collection
09/01/2011 08/2011 *  Standard 530S2: Universal Accessibility
09/01/2011 08/2011 *  Standard 530S3: Online Security Statement
09/01/2011 08/2011 *  Standard 530S4: Hypertext Linking
     
09/01/2011 08/2011 Policy 545: Electronic Collaboration
     
CYBER SECURITY MANAGEMENT
05/16/2011 08/2011 Policy 600: Information Security
05/31/2011 08/2011 Policy 602: Info Security for Service Providers
     
05/10/2011 08/2011 Policy 603: Security Council
10/19/2011 08/2011 *  Procedure 603P1: Security Council
     
06/16/2011 08/2011 Policy 604: Cyber Security Incident Response
06/16/2011 08/2011 *  Procedure 604P1: Incident Reporting
09/01/2011 08/2011 *  Procedure 604P2: Incident Handling
     
06/16/2011 08/2011 Policy 605: Configuration Management
06/16/2011 08/2011 *  Guideline 605G1: CM Process
     
09/01/2011 08/2011 Policy 606: Risk Management
09/01/2011 08/2011 *  Guideline 606G1: Risk Assessment
01/18/2012 *  Guideline 606G2: Personnel Security     New!
     
CYBER SECURITY TRAINING
09/01/2011 08/2011 Policy 610: Security Awareness
ACCESS CONTROLS
11/23/2011 08/2011 Policy 621: Network & System Access
     
09/01/2011 08/2011 Policy 622: Remote Access
09/01/2011 08/2011 *  Standard 622S1: Virtual Private Networks
09/01/2011 08/2011 *  Standard 622S2: Dial-In Access
     
09/01/2011 08/2011 Policy 623: Authentication
09/01/2011 08/2011 *  Standard 623S1: Authentication-Passwords
09/01/2011 08/2011 *  Standard 623S2: Authentication-Biometrics
     
SYSTEM USE
09/01/2011 08/2011 Policy 630: System Use
     
CONNECTIONS
09/01/2011 08/2011 Policy 641: External Connections
09/01/2011 08/2011 *  Standard 641S1: Interconnecting IT Systems
09/01/2011 08/2011 *  Standard 641S2: Secure Web Application Deployment
09/01/2011 08/2011 Policy 643: Wireless Security
09/01/2011 08/2011 *  Standard 643S1: Wireless Networks
09/01/2011 08/2011 *  Standard 643S2: Wireless Clients
09/01/2011 08/2011 *  Standard 643S3: Bluetooth Security
09/01/2011 08/2011 Policy 644: Voice over Internet Protocol
09/01/2011 08/2011 *  Standard 644S1: VoIP_Security
PHYSICAL SECURITY
05/31/2011 08/2011 Policy 651: Physical Security
06/08/2011 08/2011 Policy 652: Card Key Access Control
SYSTEM/APPLICATION SECURITY
09/01/2011 08/2011 Policy 661: Application Security
12/01/2011 08/2011 *  Guideline 661G1: Application Security
01/26/2012 *  Guideline 661G2: Security Engineering Principles     New!
09/01/2011 08/2011 Policy 662: Systems Security
09/01/2011 08/2011 *  Standard 662S1: Server Security
09/01/2011 08/2011 *  Standard 662S2: Client Systems Security
09/01/2011 08/2011 *  Standard 662S3: POS Systems Security
09/01/2011 08/2011 *  Guideline 662G1: Systems Security
12/14/2011   *  Guideline 662G2: BIOS Protection
     
12/06/2011   Policy 663: RACF Security
12/06/2011   *  Standard 663S1: RACF Security - System Options
   (limited distribution - click here to request a copy)
 
SECURITY ADMINISTRATION
09/01/2011 08/2011 Policy 673: Backup and Recovery
11/04/2011 08/2011 Policy 674: Virus Protection  
09/01/2011 08/2011 *  Standard 674S1: Virus Protection
11/04/2011 10/2011 *  Procedure 674P1: Spam Protection 
09/01/2011 08/2011 Policy 675: Vulnerability Management
09/01/2011 08/2011 *  Standard 675S1: Vulnerability Scanning
09/01/2011 08/2011 Policy 676: Monitoring and Reporting
09/01/2011 08/2011 Policy 677: Log Management
01/18/2012 08/2011 *  Standard 677S1: Log Management    Revised!
09/01/2011 08/2011 Policy 678: System Maintenance
INFORMATION/DATA MANAGEMENT
09/01/2011 08/2011 Policy 681: Information Protection
09/01/2011 08/2011 *  Standard 681S1: Information Protection
09/01/2011 08/2011 *  Standard 681S2: Protecting PII
09/01/2011 08/2011 *  Standard 681S3: Media Sanitization
09/01/2011 08/2011 Policy 682: Information Release
09/01/2011 08/2011 Policy 683: Encryption
01/18/2012 Policy 685: Data Breach Notification     New!
DISASTER RECOVERY
04/26/2011 08/2011 Policy 690: Disaster Recovery




Finance Home   |   Alabama Directory   |   Media   |   Online Services   |   Alabama.gov   |   Alerts   |   Feeds
Governor's Site   |   Translation Services:   German (Deutsch)   |   Japanese 日本語   |   Korean 한국어   |   Spanish (Español)