Search Results

1.0 Purpose This policy establishes the minimum requirements for maintaining a secure workspace environment, commonly referred to as a "clean desk." A clean desk practice is a critical control for protecting sensitive and confidential information (in both phy...

1.0 Purpose This policy establishes the mandatory requirements for securely storing, retrieving, and managing database authentication credentials (usernames and passwords) used by software applications connecting to the organization's databases. Improper hand...

1.0 Purpose As electronic communication and documentation become standard practice, digital signatures provide a mechanism for verifying the identity of a sender or signatory and ensuring message/document integrity. The purpose of this policy is to define whe...

1.0 Purpose Electronic mail (email) is a primary communication tool essential for business operations within the organization. However, its misuse can create significant legal, privacy, security, and reputational risks. The purpose of this policy is to ensure...

1.0 Purpose Effective encryption relies on the secure management of cryptographic keys. Improper handling, storage, or distribution of encryption keys, particularly private keys or symmetric keys, can lead to their compromise, negating the security provided b...

1.0 Purpose This policy establishes the organization's commitment to upholding the highest standards of ethical conduct in all business practices. It serves as a guide for employees and affiliates, emphasizing the expectation of fairness, honesty, integrity, ...

1.0 Purpose Comprehensive logging from critical systems, applications, and services is essential for security monitoring, incident response, forensic analysis, and compliance verification. Audit logs provide crucial information about activities performed, pot...

1.0 Purpose Laboratory environments (labs) often require configurations and network access distinct from the standard corporate production environment, potentially introducing unique security risks. This policy establishes the information security requirement...

This policy is intended for companies that do not meet the definition of critical infrastructure as defined by the federal government. This type of organization may be requested by public health officials to close their offices to non-essential personnel or co...

Since disasters happen so rarely, management often ignores the disaster recovery planning process.  It is important to realize that having a contingency plan in the event of a disaster gives <Company Name> a competitive advantage.   This policy requires manage...

1.0 Purpose Passwords are a fundamental component of information security, acting as the first line of defense for user accounts, systems, and data. Weak or easily guessable passwords significantly increase the risk of unauthorized access and compromise. The ...

1.0 Purpose Passwords are a critical security control for protecting user accounts, organizational systems, and sensitive information. This policy establishes the mandatory standards for password creation, protection, management, and system-level handling to ...

A Security Response Plan (SRP) provides the impetus for security and business teams to integrate their efforts from the perspective of awareness and communication, as well as coordinated response in times of crisis (security vulnerability identified or exploit...

1.0 Purpose Remote access tools and remote desktop software (e.g., RDP, VNC, LogMeIn, GoToMyPC) offer significant benefits for productivity, collaboration, and IT support by enabling screen sharing and remote system control. However, insecure or unmanaged use...

1.0 Purpose Routers and switches form the backbone of the organization's network infrastructure. Their secure configuration is paramount to maintaining network integrity, availability, and protecting data traversing the network. This standard establishes the ...

1.0 Purpose Servers are critical components of the organization's IT infrastructure, hosting vital applications and sensitive data. Unsecured or improperly configured servers represent a significant vulnerability and a primary target for malicious actors. The...

1.0 Purpose The installation of unauthorized or improperly vetted software on organizational computing devices introduces significant risks. These risks include, but are not limited to, software conflicts leading to system instability or loss of functionality...

1.0 Purpose Organizational technology equipment often contains sensitive data and components requiring special handling at the end of its lifecycle. Improper disposal poses significant risks, including data breaches if storage media are not securely sanitized...

1.0 Purpose Web application vulnerabilities represent a primary attack vector and pose significant risks to organizational security. Identifying and remediating vulnerabilities resulting from misconfigurations, coding errors, weak authentication, improper err...

1.0 Purpose Wireless networking (Wi-Fi) is prevalent and essential for connectivity using devices like laptops, smartphones, and tablets. However, insecure wireless configurations create significant vulnerabilities that malicious actors can exploit. The purpo...