|
|
Introduction
|
5300 |
|
Arrangement of Chapter
|
5300.1 |
|
Governing Provisions
|
5300.2 |
|
Applicability
|
5300.3 |
|
Definitions
|
5300.4 |
|
Minimum Security Controls
|
5300.5 |
|
Information Security Program
|
5305 |
|
Information Security Program Management
|
5305.1 |
|
Policy Procedure and Standards Management
|
5305.2 |
|
Information Security Roles and Responsibilities
|
5305.3 |
|
PersonnelManagement
|
5305.4 |
|
Information Asset Management
|
5305.5 |
|
Risk Management
|
5305.6 |
|
Risk Assessment
|
5305.7 |
|
Provisions for Agreements with State and Non-State Entities
|
5305.8 |
|
Information Security Program Metric
|
5305.9 |
|
Privacy
|
5310 |
|
State Entity Privacy Statement and Notice on Collection
|
5310.1 |
|
Limiting Collection
|
5310.2 |
|
Limiting Use and Disclosure
|
5310.3 |
|
Individual Access to Personal Information
|
5310.4 |
|
Information Integrity
|
5310.5 |
|
Data Retention and Destruction
|
5310.6 |
|
Security Safeguards
|
5310.7 |
|
Information Security Integration
|
5315 |
|
System and Services Acquisition
|
5315.1 |
|
System DevelopmentLifecycle
|
5315.2 |
|
Information Asset Documentation
|
5315.3 |
|
System Developer Security Testing
|
5315.4 |
|
Configuration Management
|
5315.5 |
|
Activate Only Essential Functionality
|
5315.6 |
|
Software Usage Restrictions
|
5315.7 |
|
Information Asset Connections
|
5315.8 |
|
Security Authorization
|
5315.9 |
|
Training and Awareness for Information Security and Privacy
|
5320 |
|
Security and Privacy Awareness
|
5320.1 |
|
Security and Privacy Training
|
5320.2 |
|
Security and PrivacyTraining Records
|
5320.3 |
|
Personnel Security
|
5320.4 |
|
Business Continuity with Technology Recovery
|
5325 |
|
Technology Recovery Plan
|
5325.1 |
|
Technology Recovery Training
|
5325.2 |
|
Technology Recovery Testing
|
5325.3 |
|
Alternate Storage and Processing Site
|
5325.4 |
|
Telecommunications Services
|
5325.5 |
|
Information SystemBackups
|
5325.6 |
|
Information Security Compliance
|
5330 |
|
Security Assessments
|
5330.1 |
|
Compliance Reporting
|
5330.2 |
|
Information Security Monitoring
|
5335 |
|
Continuous Monitoring
|
5335.1 |
|
Auditable Events
|
5335.2 |
|
Information Security Incident Management
|
5340 |
|
Incident ResponseTraining
|
5340.1 |
|
Incident Response Testing
|
5340.2 |
|
Incident Handling
|
5340.3 |
|
Incident Reporting
|
5340.4 |
|
Vulnerability and Threat Management
|
5345 |
|
Operational Security
|
5350 |
|
Encryption
|
5350.1 |
|
Endpoint Defense
|
5355 |
|
Malicious Code Protection
|
5355.1 |
|
Security Alerts- Advisories- and Directives
|
5355.2 |
|
Identity and Access Management
|
5360 |
|
Remote Access
|
5360.1 |
|
Wireless Access
|
5360.2 |
|
Physical Security
|
5365 |
|
Access ControlFor Output Devices
|
5365.1 |
|
Media Protection
|
5365.2 |
|
Media Disposal
|
5365.3 |
|
Privacy Threshold and Privacy Impact Assessments
|
5310.8 |
