- Text Size
-
-
Information Security Policies
The Office of Information Security has issued the following rules and policies under the authority of 24-37.5-401 through 406, C.R.S. These policies apply to public agencies as defined in section 402 of that part.
RULES IN SUPPORT OF THE COLORADO INFORMATION SECURITY ACT
| Policy Number | Description | Download |
| P-CISP-001 | Information Security Planning | |
| P-CISP-002 | Incident Response | |
| P-CISP-003 | IT Risk Management | |
| P-CISP-004 | Disaster Recovery | |
| P-CISP-005 | Vendor Management | |
| P-CISP-006 | Network Operations | |
| P-CISP-007 | Systems and Applications Security Operations | |
| P-CISP-008 | Access Control | |
| P-CISP-009 | Change Control | |
| P-CISP-010 | Physical Security | |
| P-CISP-011 | Data Classification, Handling, and Disposal | |
| P-CISP-012 | Personnel Security | |
| P-CISP-013 | System Access and Acceptable Use | |
| P-CISP-014 | Online Privacy | |
| P-CISP-015 | Security Training and Awareness | |
| P-CISP-016 | Self Assessment | |
| P-CISP-017 | Security Metrics and Measurement | |
| P-CISP-018 | Mobile Computing | |
| P-CISP-019 | Wireless Security | |