OCTO has established the following policies, guidelines and procedures for the proper use and management of IT equipment and tools for the District government.
IT Security Operations Policies
- Access Control Policy
- Asset Management Policy
- Audit & Accountability Policy
- Compliance Policy
- Configuration Management Policy
- Contingency Planning Policy
- Cyber Security Incident Response Team Policy
- Data and Records Retention Policy
- Data Policy
- Identification & Authentication Policy
- Incident Response Policy
- Information Security Program Management Policy
- Information System Change Control Policy
- IT Procurement and IT Project Policy
- Media Protection Policy
- Network Access Policy
- Patch Management Policy
- Personnel Security Policy
- Physical Access Security Policy
- Physical and Environmental Protection Policy
- Public Key Infrastructure Policy
- Risk Assessment Policy
- Security Assessment and Authorization Policy
- Security Planning Policy
- System and Communications Protection Policy
- System and Information Integrity Policy
- System and Services Aquisition Policy
- System Maintenance Policy
- Virtual Private Network (VPN) Policy
- Vulnerability Management Policy
IT Users Policies
- Acceptable Use Policy
- AI/ML Governance Policy
- Clean Desk Policy
- Email Use Policy
- Enterprise Mobile Device Management Policy
- International Travel Policy for Mobile Computing Devices
- Password Management Policy
- Remote Access Policy
- Responsible Disclosure Policy
- Security Training & Awareness Policy
- Social Media Access and Use Policy
- Telework Policy
Other OCTO Security Artifacts
Telecommunications Policies and Procedures
- Telecommunications Service Acquisition
- Landline Telephone and Mobile Electronic Communications Device Usage