Introduction
|
5300 |
Arrangement of Chapter
|
5300.1 |
Governing Provisions
|
5300.2 |
Applicability
|
5300.3 |
Definitions
|
5300.4 |
Minimum Security Controls
|
5300.5 |
Information Security Program
|
5305 |
Information Security Program Management
|
5305.1 |
Policy Procedure and Standards Management
|
5305.2 |
Information Security Roles and Responsibilities
|
5305.3 |
PersonnelManagement
|
5305.4 |
Information Asset Management
|
5305.5 |
Risk Management
|
5305.6 |
Risk Assessment
|
5305.7 |
Provisions for Agreements with State and Non-State Entities
|
5305.8 |
Information Security Program Metric
|
5305.9 |
Privacy
|
5310 |
State Entity Privacy Statement and Notice on Collection
|
5310.1 |
Limiting Collection
|
5310.2 |
Limiting Use and Disclosure
|
5310.3 |
Individual Access to Personal Information
|
5310.4 |
Information Integrity
|
5310.5 |
Data Retention and Destruction
|
5310.6 |
Security Safeguards
|
5310.7 |
Privacy Threshold and Privacy Impact Assessments
|
5310.8 |
Information Security Integration
|
5315 |
System and Services Acquisition
|
5315.1 |
System DevelopmentLifecycle
|
5315.2 |
Information Asset Documentation
|
5315.3 |
System Developer Security Testing
|
5315.4 |
Configuration Management
|
5315.5 |
Activate Only Essential Functionality
|
5315.6 |
Software Usage Restrictions
|
5315.7 |
Information Asset Connections
|
5315.8 |
Security Authorization
|
5315.9 |
Training and Awareness for Information Security and Privacy
|
5320 |
Security and Privacy Awareness
|
5320.1 |
Security and Privacy Training
|
5320.2 |
Security and PrivacyTraining Records
|
5320.3 |
Personnel Security
|
5320.4 |
Business Continuity with Technology Recovery
|
5325 |
Technology Recovery Plan
|
5325.1 |
Technology Recovery Training
|
5325.2 |
Technology Recovery Testing
|
5325.3 |
Alternate Storage and Processing Site
|
5325.4 |
Telecommunications Services
|
5325.5 |
Information SystemBackups
|
5325.6 |
Information Security Compliance
|
5330 |
Security Assessments
|
5330.1 |
Compliance Reporting
|
5330.2 |
Information Security Monitoring
|
5335 |
Continuous Monitoring
|
5335.1 |
Auditable Events
|
5335.2 |
Information Security Incident Management
|
5340 |
Incident ResponseTraining
|
5340.1 |
Incident Response Testing
|
5340.2 |
Incident Handling
|
5340.3 |
Incident Reporting
|
5340.4 |
Vulnerability and Threat Management
|
5345 |
Operational Security
|
5350 |
Encryption
|
5350.1 |
Endpoint Defense
|
5355 |
Malicious Code Protection
|
5355.1 |
Security Alerts- Advisories- and Directives
|
5355.2 |
Identity and Access Management
|
5360 |
Remote Access
|
5360.1 |
Wireless Access
|
5360.2 |
Physical Security
|
5365 |
Access ControlFor Output Devices
|
5365.1 |
Media Protection
|
5365.2 |
Media Disposal
|
5365.3 |