| Access Control Policy (AC-1) |
2025/10 |
● |
|
● |
|
|
|
|
| Access Control Procedures for Users (AC-2) |
2024/12 |
● |
|
● |
|
|
|
|
| Application Deployment Certification Guidelines |
2025/02 |
|
|
|
● |
|
|
|
| Application Deployment Certification Policy |
2023/12 |
|
|
|
● |
|
|
|
| Application Deployment Certification Templates |
2015/08 |
|
|
|
● |
|
|
|
| Architecture Compliance Policy |
2023/04 |
|
|
|
|
|
● |
|
| Business Continuity and Disaster Recovery Policy |
2017/10 |
|
|
|
|
● |
|
● |
| Change Management Policy |
2024/07 |
|
|
● |
|
|
● |
|
| Configuration Management Policy (CM-1) |
2024/03 |
|
|
● |
|
|
● |
|
| Copyrightable Works Policy |
2025/02 |
|
|
|
|
|
● |
● |
| COTS-Cloud Policy |
2019/07 |
|
|
|
|
|
|
● |
| Data Centers Access Control Procedure |
2019/04 |
● |
|
|
|
|
|
|
| Data Classification Policy |
2025/10 |
● |
|
|
|
|
|
|
| Data Exchange Policy |
2025/01 |
● |
● |
|
|
|
|
|
| Digital Accessibility Policy |
2024/02 |
|
|
|
|
|
|
|
| Domain Name Policy & Procedure |
2025/10 |
|
● |
|
|
|
● |
|
| Drone (Unmanned Aerial Vehicle) Policy |
2024/08 |
● |
|
|
|
|
|
|
| Enterprise Name Resolution Procedure |
2019/04 |
|
● |
|
|
|
● |
|
| FOAA Policy |
2017/10 |
● |
|
|
|
|
|
|
| Forensic Investigation Workflow Policy |
2023/11 |
|
|
|
|
|
● |
|
| GenAI Policy |
2025/09 |
● |
|
|
|
|
● |
|
| Global Address List Standard |
2024/03 |
|
● |
|
|
|
● |
|
| Hosting & Housing Policy |
2020/11 |
|
|
|
|
|
● |
|
| Hosting-Customization Policy |
2019/07 |
|
|
|
|
|
● |
|
| Information Privacy Policy |
2017/09 |
● |
|
|
|
|
|
|
| Information Security Policy |
2024/05 |
● |
|
|
|
|
|
|
| InforME Network Services Policy |
2022/03 |
|
● |
|
|
|
|
|
| Infrastructure Deployment Certification Policy |
2022/03 |
|
|
|
● |
|
|
|
| Major Incident Procedure |
2023/12 |
|
|
|
|
● |
|
|
| Microsoft Low-Code Governance |
2023/12 |
|
|
|
|
|
● |
|
| Microsoft Power Platform Governance: Quick Start |
2021/10 |
|
|
|
|
|
● |
|
| Microsoft Power Platform: Escalation Path |
2021/10 |
|
|
|
|
|
● |
|
| Mobile Device Policy |
2024/03 |
● |
|
|
|
|
● |
|
| Network Device Management Policy |
2023/03 |
● |
● |
|
|
|
● |
|
| Off-Hours Coverage Policy |
2018/08 |
● |
|
|
|
|
● |
|
| OIT Building Access Procedures |
2019/04 |
● |
|
|
|
|
● |
|
| Personnel Security Policy and Procedures (PS) |
2025/09 |
● |
|
● |
|
|
|
● |
| Physical and Environmental Protection Policy (PE) |
2025/10 |
● |
|
● |
|
|
● |
|
| Policy, Standard or Procedure Creation Process |
2019/09 |
|
|
|
|
|
● |
|
| Program Management Policy and Procedures (PM-1) |
2024/12 |
● |
|
● |
|
|
● |
|
| Public Data Jack Policy |
2018/07 |
|
|
|
|
|
● |
|
| Remote Hosting Policy |
2025/05 |
|
● |
|
|
|
|
● |
| Risk Assessment Policy and Procedures (RA) |
2025/10 |
● |
|
● |
|
● |
|
|
| Rules of Behavior Policy (PL-4) |
2025/10 |
|
|
● |
|
|
|
● |
| Salesforce Governance: Background |
2021/09 |
|
|
|
|
|
● |
|
| Salesforce Governance: Details |
2021/09 |
|
|
|
|
|
● |
|
| Salesforce Governance: Executive Summary |
2021/09 |
|
|
|
|
|
● |
|
| SDLC Policy |
2017/03 |
|
|
|
● |
|
|
|
| SDLC Procedure |
2018/03 |
|
|
|
● |
|
|
|
| Security Assessment and Authorization Policy and Procedures (CA) |
2025/10 |
● |
|
● |
|
|
|
|
| Security Awareness and Training Policy and Procedures (AT) |
2025/09 |
● |
|
● |
|
|
|
|
| Security Planning Policy and Procedures (PL) |
2025/10 |
● |
|
● |
|
|
|
|
| Site-to-Site VPN Policy |
2024/10 |
|
● |
|
|
|
|
|
| Social Media for Personal Use Policy |
2015/05 |
|
|
|
|
|
● |
|
| Social Media for State Business Policy |
2024/06 |
|
● |
|
|
|
● |
|
| System and Communications Protection Policy and Procedures (SC-1) |
2024/11 |
● |
● |
● |
|
|
|
|
| System and Communications Protection Policy and Procedures for Defense in Depth (SC-2, 4, 5, 20, 21, 22, 23, 28, 32, 39) |
2024/03 |
● |
● |
● |
|
|
|
|
| System and Communications Protection Policy and Procedures for Encryption Mechanisms (SC-12, 13, 17) |
2024/03 |
● |
● |
● |
|
|
|
|
| System and Communications Protection Policy and Procedures for Specific Technologies (SC-6, 10, 15, 18, 19) |
2024/11 |
● |
● |
● |
|
|
|
|
| System and Information Integrity Policy and Procedures (SI-1) |
2025/10 |
● |
|
● |
|
|
|
|
| System and Services Acquisition Policy and Procedures (SA-1) |
2024/12 |
● |
|
● |
● |
|
● |
● |
| Telecommunications Facilities and Wiring Specifications |
2024/01 |
|
|
|
|
|
● |
|
| User Device and Commodity Application Policy |
2025/08 |
● |
|
|
|
|
|
|
| Vendor Identity System Integration Policy |
2024/10 |
|
● |
|
|
|
|
|
| Vulnerability Scanning Procedure (RA-5) |
2025/10 |
● |
|
● |
|
|
|
|
| Waiver Policy |
2025/08 |
|
|
|
|
|
● |
|
| Web Standards |
2020/01 |
|
● |
|
|
|
|
|
| Website Acceptance Policy |
2020/01 |
|
● |
|
|
|
|
|