OCTO has established the following policies, guidelines and procedures for the proper use and management of IT equipment and tools for the District government.
IT Security Operations Policies
- Access Control Policy
- Audit & Accountability Policy
- Compliance Policy
- Configuration Management Policy
- Contingency Planning Policy
- Data and Records Retention Policy
- Identification & Authentication Policy
- Incident Response Policy
- Information System Change Control Policy
- Media Protection Policy
- Network Access Policy
- Patch Management Policy
- Personnel Security Policy
- Physical Access Security Policy
- Physical and Environmental Protection Policy
- Public Key Infrastructure Policy
- Security Assessment and Authorization Policy
- System and Communications Protection Policy
- System and Information Integrity Policy
- System Maintenance Policy
- Virtual Private Network (VPN) Policy
- Vulnerability Management Policy
IT System Management Policies
- Asset Management Policy
- Cyber Security Incident Response Team Policy
- Information Security Program Management Policy
- IT Procurement and IT Project Policy
- Risk Assessment Policy
- Security Planning Policy
- System and Services Policy
IT Users Policies
- Acceptable Use Policy
- Clean Desk Policy
- Email Use Policy
- Enterprise Mobile Device Management Policy
- International Travel Policy for Mobile Computing Devices
- Password Management Policy
- Remote Access Policy
- Responsible Disclosure Policy
- Security Training & Awareness Policy
Other OCTO Policies
- Content Filtering Standard
- CWITS Audit Trail Monitoring and Reporting Policy
- Data Policy
- Policy Definitions
- Security Sensitive Information Policy
- Social Media Access and Use Policy
Telecommuting Policy
Telecommunications Policies and Procedures
- Telecommunications Service Acquisition
- Landline Telephone and Mobile Electronic Communications Device Usage