CWOPA authorized personnel only ITP SFT000 Software Development Life Cycle SDLC

Cwopa authorized personnel only itp sft000 software

This preview shows page 10 - 11 out of 11 pages.

CWOPA authorized personnel only ) ITP-SFT000 - Software Development Life Cycle (SDLC) Policy ITP-SEC000 – Information Security Policy ITP-SEC003 - Enterprise Security Auditing and Monitoring ITP-SEC005 – Commonwealth Application Certification and Accreditation ITP-SEC019 – Policy and Procedures for Protecting Commonwealth Electronic Data ITP-SEC020 – Encryption Standards for Data at Rest ITP-SEC021 - Security Information and Event Management Policy
Image of page 10
ITP-BUS011 IT Service Organization Management and Cloud Requirements Page 11 ITP-SEC023 - Information Technology Security Assessment and Testing Policy ITP-SEC031 – Encryption Standards for Data in Transit ITP-SEC034 – Enterprise Firewall Rule Set ITP-SEC038 - COPA Data Center Privileged User Identification and Access Management Policy NIST SP 800-92 - Guide to Computer Security Log Management NIST SP 800-144 – Guideline on Security and Privacy in Public Cloud Computing NIST SP 800-145 – NIST Definition of Cloud Computing and Deployment Models NIST SP 800-146 – NIST Cloud Computing Synopsis and Recommendations 7. Authority Executive Order 2016-06 Enterprise Information Technology Governance 8. Publication Version Control It is the user’s responsibility to ensure they have the latest version of this publication, which appears on for Commonwealth personnel and on the Office of Administration public portal: . Questions regarding this publication are to be directed to [email protected] . 9. Exemption from This Policy In the event an agency chooses to seek an exemption from the guidance within this IT policy, a request for a policy waiver is to be submitted via the enterprise IT policy waiver process. Refer to ITP-BUS004 IT Waiver Review Process for guidance. This chart contains a history of this publication’s revisions. Redline documents detail the revisions and are available to CWOPA users only. Version Date Purpose of Revision Redline Link Original 07/18/2018 Base Document N/A Revision 01/27/2020 Clarified policy language throughout Added SOC guidance and OPD-BUS011B, OPD- BUS011C Updated Cloud Service Requirements table and added “Responsible Party” column Updated References section Revised IT Policy Redline <01/27/2020>
Image of page 11

You've reached the end of your free preview.

Want to read all 11 pages?

  • Summer '20
  • Service Organization Management and Cloud Requirements

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture