New standards will become effective in July 2016
October 1, 2015

We've been hard at work updating our resources to reflect the state's Information Security and Privacy Standards. The requirements were last updated in September 2015 and will be effective July 2016. We've created a companion document that clarifies responsibility for implementation and offers a starting point for most of the individual controls.

As a starting point, we suggest filtering items assigned to organizational units (OUs) by the highest classification of data in your area. Items assigned to Enterprise and DIS are listed for informational purposes only. If your unit has created or used an alternative resource to address a particular issue, please share it with us so we can update the Guidance for others!

In the coming months, you can expect updates on how we can help your unit comply with the state's program. Updates will include policy revisions, measurement tools, an updated Security site, recommended priorities, templates, and other resources. Much of this will be communicated through units' Security Liaisons, so now is a great time to familiarize yourself with him or her!