All Policies and Standards
# A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Access Control PS-08-009.01
Access to state information assets is to be controlled and monitored to protect from authorized access and disclosure.
Accountability of Assets PS-08-002.01
Establishes accountability for all hardware and software acquired using public funds.
Acquisition and Use of Telecom Services and Equipment, PM-04-002.01
Procedures governing the acquisition and use of telecommunications services and equipment.
Active Directory, SA-03-009.01
Specifies the Active Directory (AD) requirements, topology and design.
Appropriate Use and Monitoring SS-08-001.01
Establishes an enterprise standard regarding appropriate use and monitoring of State of Georgia information technology (IT) resources.
Appropriate Use of IT Resources PS-08.003.01
Establishes an enterprise policy regarding appropriate use of State of Georgia information technology (IT) resources.
Authorization and Access Management SS-08-010.01
Agencies must limit access to state facilities and information resources and manage access once granted.
Bluetooth Standard, SO-06-004.02
Deployment of wireless technology.
Business Continuity and Disaster Recovery PS-08.025.01
Requires agencies to develop a plan to maintain continuity (recovery and restoration) of essential state government operations and services during or following an emergency.
Change Management PS-08-015.01
Establishes requirement for agencies to establish a formal change management process.
Classification of Personal Information SS-08-002.01
Establishes a statewide standard for categorizing personal information
Computer Operations Center Security SS-08.016.01
Establishes minimum security requirements for computer operations centers.
Computer Security Incident Management PS-08-004.01
Establishes a requirement that each agency establish a process for detecting and responding to security incidents.
Contingency Planning SS-08-045.01
Each agency must have a plan to sustain or recover/restore critical operations in the event of a system disruption or disaster.
Data Categorization - Impact Level SS-08-014.01
Establishes Impact Level definitions and standards to be assigned to information assets throughout the enterprise.
Data Security - Electronic Records SS-08-003.01
Establishes a standard that electronic records (1) are relied upon as official records and (2) must adhere to records retention requirements.
Data Sharing, PM-07-003.02
Promotes sharing of data among agencies.
Data and Asset Categorization PS-08-012.01
Establishes a policy requirement to inventory and classify all state data and information processing systems throughout the enterprise.
Design Criteria for e-Records Management Applications, SA-06-006.01
Defines the standards used when purchasing a records management application in the state of Georgia.
Disaster Recovery - System Backups SS-08-046.01
Requires agencies to establish backup and recovery procedures for critical software and data.
E-Mail Use and Protection SS-08-011.01
Sets standards for appropriate use and security of state e-mail systems.
E-mail Calendaring, SA-07-004.01
Establishes the state standard for the calendaring format for users of email systems.
E-mail Distribution Lists, SA-07-010.01
Standard regarding the creation and use of large inter-agency and all multi-agency e-mail distribution lists.
E-mail Naming, SA-07-005.01
Establishes the state standard for the email address for users of email systems.
Electronic Communications Accountability SS-08-009.01
Provides a standard of responsibility for the content and transfer of information through electronic communications from state information systems.
Enterprise Architecture, PM-03-003.02
Defines Enterprise Architecture technology infrastructure policy.
Enterprise Information Security Charter PS-08-005.01
Commits the State of Georgia to protecting information systems and data from unauthorized disclosure, modification, use or destruction.
Facilities Security SS-08-015.01
Establishes minimum requirements to incorporate security of facilities into the overall measures to protect information assets.
IBM Mainframe Batch Job Processing, SO-04-001-.03
Batch run times, automated scheduler and tools to modify batch job data.
IBM Mainframe Production Acceptance - Batch Jobs, SO-04-003.02
Standard to ensure batch jobs are consistently packaged to meet production acceptance requirements, thereby resulting in a quick turnover into the production environment.
IT Strategic Plan, SM-09-003.01
Establishes requirements for an agency information technology strategic planning process.
Implementing Cryptographic Controls SS-08-040.01
Establishes the minimum requirements for the use of cryptographic controls.
Incident Response and Reporting SS-08-004.01
Sets minimum requirements for information security incident response and reporting.
Independent Security Assessments SS-08-042.01
Establishes requirement for agencies to have IT systems assessed by an independent third-party.
Independent Verification and Validation, SM-06-001.02
Requires that agencies use GTA to contract for services to independently verify and validate information technology projects with budgets of $1 million or greater.
Information Security - Risk Management PS-08-031.01
Establishes a requirement for agencies to implement a risk-based approach to cost-effective information security
management.
Information Security Infrastructure SS-08-005.01
Sets standards for creating an information security program and infrastructure.
Information Security Management Organization SS-08-006.01
Sets minimum standards for an information security management organization.
Information Security Reporting SS-08-053.01
Requires agencies to report the status of their information security program annually to GTA.
Information Technology Policies, Standards and Guidelines, PM-04-001.03
Information Technology Policies, Standards and Guidelines, PM-04-001.03
GTA’s statutory authority and approach for setting technology policies, standards and guidelines.
Integration Middleware, SA-7-020.02
Promotes a uniform middleware platform for enterprise integration.
Log Management Infrastructure SS-08-036.01
Requires agencies to monitor and analyze systems logs to record events and detect anomalies.
Malicious Code Incident Prevention SS-08-033.01
Establishes controls to protect systems against malicious software.
Management of IT Operations, PO-09-002.01
This policy establishes the IT Infrastructure Library (ITIL) as the basis for IT infrastructure management, service delivery and support.
Media Controls PS-08.026.01
Establishes requirement for agencies to implement media controls and procedures to protect system media from unauthorized disclosure, modification, destruction or loss.
Media Protection and Handling SS-08-043.01
Establishes protection requirements for system media.
Media Sanitization - Vendor Return SS-08-035.01
Establishes standards for sanitization and disposal of all electronic media subject to vendor return.
Network Access and Session Controls SS-08-048.01
Establishes requirements for agencies to control and monitor network sessions.
Network Boundary Controls SS-08-047.01
Establishes requirements for agencies to implement network boundary protection strategies.
Network Security - Information Flow PS-08-030.01
Establishes a requirement for agencies to control the flow of information traversing their networks.
Network Security Controls PS-08-027.01
Establishes requirement for agencies to implement network security controls.
Operational Change Control SS-08-026.01
Establishes a requirement for changes to operational systems be controlled and monitored.
Outsourced Facilities Management PS-08-019.01
Establishes requirements around the outsourcing of data processing facilities.
Outsourced IT Services SS-08-044.01
Establishes requirements for agencies to ensure adherence to established security requirements by third-party IT service providers and/or interconnections.
Password Authentication PS-08-006.01
Establishes use of passwords as the primary authentication mechanism.
Password Security SS-08-007.01
Establishes standards for protecting passwords.
Personal Identity Verification and Screening SS-08-017.01
Establishes standards for verifying the identities of state personnel and contractors.
Personnel Security PS-08-014.01
Establishes a requirement for identityproofing of all state employees and contractors.
Physical and Environmental Security PS-08-013.01
Establishes physical security as an essential element to the overall security posture of state information resources.
Portfolio Management, GM-09-002.01
Guidelines to implement an IT portfolio management methodology.
Project Charter Template, GM-09-003.01
A project charter is a statement of the scope, objectives and participants in a project. It
delineates roles and responsibilities, outlines the project objectives, identifies the main stakeholders and defines the authority of the project manager.
Project Charter, SM-09-004.01
A project charter is required for projects that have an information technology component.
Project Financial Management, GM-09-001.01
Guidelines for technology project financial management.
Project Financial Management, SM-09-001.01
Project expenditures shall be planned and tracked with a financial management process.
Project Management Glossary, GM-08-104.01
Protection from Malicious Software PS-08-021.01
Establishes requirement to protect systems against malicious software.
Public Access Systems PS-08-028.01
Requires agencies to implement security controls on public-facing systems.
Radio Communications: Non-Public Safety, SO-04-004.02
Non-public safety radio communications systems design standard.
Radio Public Safety, SO-04-005.02
Public safety radio communications systems design standard.
Reliance on Electronic Records PS-08-007.01
Establishes the state’s intent to rely on electronic data as a form of official record and to adhere to proscribed records retention requirements.
Remote Access PS-08-023.01
Establishes a requirement to protect internal state information systems from the risks associated with remote access.
Risk Management Framework SS-08-041.01
Adopts the risk management framework developed by NIST for managing risk and implementing security.
Secure Remote Access SS-08-038.01
Establishes a requirement to protect internal state information systems from risks associated with remote access.
Security Awareness Program PS-08-010.01
Establishes a requirement to increase user security awareness through an awareness and training program.
Security Controls Review and Assessments PS-08-029.01
Establishes a requirement for agencies to assess security controls for IT systems.
Security Education and Awareness SS-08-012.01
Establishes a requirement for all state of Georgia employees and contractors to attend annual security awareness training.
Security Log Management PS-08-022.01
Requires agencies to implement log management practices.
Separate Production and Development Environments SS-08-031.01
Establishes requirements for separating production/operational and development/test environments.
Separation of Production and Test Environments PS-08-020.01
Establishes a policy for the separation of production from development and test environments.
Strong Password Use SS-08-008.01
Establishes standards for creating and using strong passwords.
Surplus Electronic Media Disposal SS-08-034.02
Establishes a statewide standard on disposition of surplus electronic media.
System Implementation and Acceptance SS-08-032.01
Requires agencies to establish criteria for accepting a system from development to operations.
System Lifecycle Management SS-08-025.01
Requires agencies to implement a formal lifecycle
management program for systems in development or
operation.
System Operations Documentation SS-08-027.01
Requires agencies to document system operational
procedures.
System Security Plans SS-08-028.01
Requires data and system owners to create and maintain system security plans.
Systems and Development Lifecycle PS-08-018.01
Requires agencies to implement a formal lifecycle
management program for systems in development or
operation.
Technology Project Management, GM-08-101.01
GTA recommends a project management methodology to be used for projects with a $100,000 or greater investment in technology.
Technology Project Management, SM-03-006.03
Sets forth the requirement that agencies utilize and apply a project management methodology to those projects that have a $100,000 or greater investment in technology.
Technology Review (eAPR), SM-08-103.01
GTA reviews all IT initiatives for compliance with state and agency strategic goals and with enterprise policies and standards.
Technology Review, PM-06-001.04
This policy establishes GTA's process for review and recommendation of all information technology initiatives.
Telecom Technology Review, SM-05-001.03
Administering enterprise and agency open contracts for telecommunications systems and long distance services.
Teleworking and Remote Access SS-08-037.01
Establishes minimum security requirements for teleworking and remotely accessing state information systems.
Third-Party Access PS-08-011.01
Establishes provisions for third-party access to state facilities and information systems.
Third-Party Security Requirements SS-08-013.01
Establishes security requirements for state agencies when conducting business with and/or sponsoring engagement contractors, outsourcing vendors and/or other third-parties.
Use of Cryptography PS-08-024.01
Where the confidentiality, authenticity, or integrity of information is critical, the use of cryptographic controls may be warranted.
Web and E-Commerce Security SS-08-049.01
Establishes a requirement for agencies to control and manage web services.
Wireless and Mobile Computing SS-08-039.01
Establishes minimum security requirements for wireless network implementation.
Workstation Operating System, SO-03-010.02
Establishes a standard desktop and laptop/notebook OS.
XML, SA-03-004.01
Establishes XML standards for state agencies based upon W3C Consortium XML open standard recommendations.
georgia.gov Doman Name, SA-03-007.02
Domain naming convention and federal dot-gov final rule.
georgia.gov Intellectual Property Display, SA-03-005.03
Relating to third-party intellectual property displays on georgia.gov.
georgia.gov Linking, SA-03-008.02
Relating to the appropriate use, placement and removal of links on georgia.gov.