CWOPA authorized personnel only ) • ITP-SFT000 - Software Development Life Cycle (SDLC) Policy • ITP-SEC000 – Information Security Policy • ITP-SEC003 - Enterprise Security Auditing and Monitoring • ITP-SEC005 – Commonwealth Application Certification and Accreditation • ITP-SEC019 – Policy and Procedures for Protecting Commonwealth Electronic Data • ITP-SEC020 – Encryption Standards for Data at Rest • ITP-SEC021 - Security Information and Event Management Policy
ITP-BUS011 IT Service Organization Management and Cloud Requirements Page 11 • ITP-SEC023 - Information Technology Security Assessment and Testing Policy • ITP-SEC031 – Encryption Standards for Data in Transit • ITP-SEC034 – Enterprise Firewall Rule Set • ITP-SEC038 - COPA Data Center Privileged User Identification and Access Management Policy • NIST SP 800-92 - Guide to Computer Security Log Management • NIST SP 800-144 – Guideline on Security and Privacy in Public Cloud Computing • NIST SP 800-145 – NIST Definition of Cloud Computing and Deployment Models • NIST SP 800-146 – NIST Cloud Computing Synopsis and Recommendations 7. Authority Executive Order 2016-06 Enterprise Information Technology Governance 8. Publication Version Control It is the user’s responsibility to ensure they have the latest version of this publication, which appears on for Commonwealth personnel and on the Office of Administration public portal: . Questions regarding this publication are to be directed to [email protected] . 9. Exemption from This Policy In the event an agency chooses to seek an exemption from the guidance within this IT policy, a request for a policy waiver is to be submitted via the enterprise IT policy waiver process. Refer to ITP-BUS004 IT Waiver Review Process for guidance. This chart contains a history of this publication’s revisions. Redline documents detail the revisions and are available to CWOPA users only. Version Date Purpose of Revision Redline Link Original 07/18/2018 Base Document N/A Revision 01/27/2020 Clarified policy language throughout Added SOC guidance and OPD-BUS011B, OPD- BUS011C Updated Cloud Service Requirements table and added “Responsible Party” column Updated References section Revised IT Policy Redline <01/27/2020>
You've reached the end of your free preview.
Want to read all 11 pages?
- Summer '20
- Service Organization Management and Cloud Requirements