Text Size
Increase text size
Increase text size

Information Security Policies

The Office of Information Security has issued the following rules and policies under the authority of 24-37.5-401 through 406, C.R.S. These policies apply to public agencies as defined in section 402 of that part.

 

  RULES IN SUPPORT OF THE COLORADO INFORMATION SECURITY ACT  

 

Policy Number Description Download
P-CISP-001 Information Security Planning    PDF   
P-CISP-002 Incident Response   PDF  
P-CISP-003 IT Risk Management   PDF  
P-CISP-004  Disaster Recovery    PDF  
P-CISP-005  Vendor Management    PDF  
P-CISP-006  Network Operations    PDF  
P-CISP-007  Systems and Applications Security Operations    PDF  
P-CISP-008  Access Control    PDF  
P-CISP-009  Change Control    PDF  
P-CISP-010  Physical Security    PDF  
P-CISP-011  Data Classification, Handling, and Disposal    PDF  
P-CISP-012  Personnel Security    PDF  
P-CISP-013  System Access and Acceptable Use    PDF  
P-CISP-014  Online Privacy    PDF  
P-CISP-015  Security Training and Awareness    PDF  
P-CISP-016  Self Assessment    PDF  
P-CISP-017  Security Metrics and Measurement    PDF  
P-CISP-018  Mobile Computing    PDF  
P-CISP-019  Wireless Security    PDF