Policies and Standards Overview
The policies and standards were divided into a framework of five basic areas:
-
General
Basic responsibilities, business continuity and disaster recovery, intellectual property, exceptions, sanctions and incidents -
Accounts and Usage
User accounts, acceptable use and passwords -
Computing Devices
Workstations, servers and other computing devices, protection from malicious software, backup and retention of data as well as inventory, tracking, redeployment and discarding of computing devices or media -
Network Services
Network service and web sites -
Data Centers and Facilities
Data facility security
The charts below illustrate the framework at both the policy level and the standards level.
