Policies and Standards Overview

The policies and standards were divided into a framework of five basic areas:

  1. General
    Basic responsibilities, business continuity and disaster recovery, intellectual property, exceptions, sanctions and incidents
  2. Accounts and Usage
    User accounts, acceptable use and passwords
  3. Computing Devices
    Workstations, servers and other computing devices, protection from malicious software, backup and retention of data as well as inventory, tracking, redeployment and discarding of computing devices or media
  4. Network Services
    Network service and web sites
  5. Data Centers and Facilities
    Data facility security

The charts below illustrate the framework at both the policy level and the standards level.