CIO-072 IT Access Control and User Access Management PolicyProvides guidance in decision-making and practices to mitigate risk, protect the privacy, security, confidentiality, and integrity of the Commonwealth of Kentucky resources and data, and prevent unauthorized access to such resources.
Policy
CIO-073 Anti-Virus PolicyHelps protect computing devices (servers, desktops, laptops and tablets) from malware (viruses, Trojans, worms, hoaxes, etc.).
Policy
CIO-091 Enterprise Information Security Program PolicyThis policy has been created to align the Commonwealth's Enterprise Information Security Program with the security framework of the current National Institute of Security Standards (NIST) Special Publication 800-53.
Policy
CIO-093 Risk Assessment PolicyEnsures proper application of risk management principles through proactive risk identification, management and acceptance pertaining to information technology activities. It also identifies the family of controls for Risk Assessment as defined in NIST Special Publication 800-53.
Policy
CIO-106 Enterprise Privacy PolicyProvides a structured set of principles for protecting privacy and serves as a roadmap for agencies to use in identifying and implementing privacy principles for the entire life cycle of Personal Information (PI), whether in paper or electronic form.
Policy
CIO-112 Security Planning PolicyEstablishes controls related to security planning. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
CIO-114 System Maintenance PolicyEstablishes controls related to maintenance of the Commonwealth of Kentucky’s information systems. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
CIO-115 Physical and Environmental ProtectionEstablishes controls related to Physical and Environmental Protection. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
CIO-116 Personnel Security PolicyEstablishes controls related to Personnel Security. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
CIO-117 System and Services Acquisition PolicyEstablishes controls related to System and Services Acquisition. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
CIO-119 Audit and Accountability PolicyEstablishes controls related to audit and accountability. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
CIO-120 Security Assessment and Authorization PolicyEstablishes controls related to security assessment and authorization. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
CIO-121 Security Awareness and Training PolicyEstablishes controls related to security awareness and training. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
CIO-123 Identification and Authentication PolicyEstablishes controls related to identification and authentication. The policy provides guidance in decision-making and practices that optimize resources, mitigate risk, and maximize return on investment.
Policy
ENT-201 Enterprise Security Controls and Best PracticesDetails the security controls that COT’s Office of the CISO requires for information systems and activities for the Commonwealth of Kentucky. COT established this security framework using the moderate-level controls outlined in NIST Special Publication 800-53 Rev 5.
Standards