Unsure who to contact? Have a question or issue?
|
|
 |
The Bureau of Enterprise Architecture in the Office for Information Technology/Office of Administration was created in November 2004. Its mission is to establish an Enterprise Architecture (EA) and deploy enterprise-wide technology policies, standards, and best practices. Architectural reviews of existing agency systems as well as new application development efforts are within the scope of EA. In addition, the establishment of security procedures and protocols are also an integral part of EA. The OIT has organized all of its technical standards and policies into Information technology Bulletins (ITB's) encompassing 10 primary Enterprise Architecture domains. These domains include: Access, Application, Enterprise Project Management, Information, Integration, Network, Platform, Privacy, Security, and Systems Management. These Domains can be further categorized by Disciplines and Technology Areas. There is an additional grouping called Related ITB's for subject areas such as IT Acquisition. The ITB's below relate to the Security Domain only. For a complete list of all Commonwealth ITB's relating to all primary domains, click on:
All Information Technology Bulletins
Security Domain (SEC) Information Technology Bulletins (ITB's)
 ITB-SEC001 - Enterprise Host Security Software Suite Standards and Policy, Issued: 3/1/06, Revised: 1/18/07 - ITB-SEC002 - Internet Accessible Proxy Servers and Services, Issued: 11/8/05
- ITB-SEC003 - Enterprise Security Auditing and Monitoring - Internet Access Control and Content Filtering (IACCF) Standard, Issued: 3/1/06, Revised: 1/18/07
- ITB-SEC006 - Commonwealth of Pennsylvania Electronic Signature Policy, Issued: 3/1/06, Revised: 9/7/06
- ITB-SEC007 - Minimum Standards for User IDs and Passwords, Issued: 9/7/06
- ITB-SEC009 - Minimum Contractor Background Checks Policy, Issued: 11/25/02, Revised: 3/23/06
- ITB-SEC011 - Enterprise Policy and Software Standards for Agency Firewalls, Issued: 1/31/02, Revised: 3/1/06
- ITB-SEC012 - Commonwealth of PA System Logon Banner Requirements Policy, Issued: 5/26/07, Revised: 3/16/07
- ITB-SEC013 - Identity Protection and Access Management (IPAM) Architectural Standard - Identity Management Services, Issued: 6/22/06, Revised: 12/7/07
- ITB-SEC014 - Identity Protection and Access Management (IPAM) Architectural Standard – Identity Management Technology Standards, Issued: 6/22/06, Revised: 4/16/08
- ITB-SEC016 - Commonwealth of Pennsylvania – Information Security Officer Policy, Issued: 3/29/06, Revised: 4/28/06
- ITB-SEC017 - CoPA Policy for Credit Card Use for e-Government Applications, Issued: 9/7/06, Revised: 10/20/06
- ITB-SEC019 - Policy and Procedures for Protecting Commonwealth Electronic Data, Issued: 11/16/07
- ITB-SEC020 - Encryption Standards for Data at Rest, Issued: 8/17/07, Revised: 3/19/08
- ITB SEC021 - Security Information and Event Management Policy, Issued: 10/20/06
- ITB-SEC023 - Security Assessment and Testing Policy, Issued: 4/19/07, Revised: 12/17/07
- ITB-SEC024 - IT Security Incident Reporting Policy, Issued: 9/21/07
- ITB-SEC027 - Standard for Electronic Postmarks, Issued: 3/16/07
- ITB-SEC029 - Minimum Standards for Improving Physical Security Access , Issued: 6/21/07
- ITB-SEC031 - Encryption Standards for Data in Transit, Issued: 8/17/07, Revised: 11/6/07
- ITB-B.5. - Security & Digital Certificate Policy and Encryption & Internet/Intranet Browser Standards for e-Government Web Sites & Applications, Issued: 2/14/00, Revised: 3/29/05
- ITB-I.6 - Commonwealth Enterprise Network Security Policy Statement, Issued: 9/7/00, Revised: 12/4/03
There are various security related ITB's encompassing many of the other Domains and have been identified in the following list:
- Network Domain (NET) Security Related ITB's
- ITB-NET001 - Wireless LAN Technology, Issued: 9/12/05
- ITB-NET002 - Network Router and Switch Technology Standards, Issued: 9/13/05, Revised: 9/22/06
- ITB-NET003 - Enterprise Voice Communications, Issued: 9/15/06, Revised: 2/15/07
- ITB-NET004 - Internet Protocol Address Standards, Issued: 3/1/06
- ITB-NET005 - Commonwealth Domain Naming Standards (DNS) and Configuration, Issued: 3/1/06
- ITB-NET006 - Virtual Private Network Policy, Issued: 6/22/06, Revised: 8/17/07
- ITB-NET007 - Capitol Complex Cable Television (CATV) Services, Issued: 2/5/98, Revised: 7/19/06
- ITB NET008 - Telecommunications Services for Commonwealth Business Partners , Issued: 6/18/04, Revised: 11/5/07
- ITB-NET009 - Video Conferencing Services for the Commonwealth of PA, Issued: 11/16/98, Revised: 6/19/06
- ITB-NET010 - Commonwealth of Pennsylvania Satellite Services & Equipment Policy, Issued: 9/26/06
- ITB-NET014 - Active Directory Architecture, Issued: 2/27/04, Revised: 11/20/06
- ITB-NET015 - Enterprise Network Maintenance Scheduling, Issued: 6/14/04, Revised: 2/15/07
- ITB NET016 - Wireless Cellular Data Technology, Issued: 2/16/07, Revised: 11/5/07
- ITB-NET017 - Network Timing Protocol, Issued: 10/19/07
- ITB-NET018 - Internet Access, Issued: 8/17/07
- Platform Domain (PLT) Security Related ITB's
- ITB-PLT001 - Desktop and Laptop Technology Standards, Issued: 9/13/05
- ITB-PLT002 - Desktop and Server Software Patching Policy, Issued: 9/28/05
- ITB-PLT003 - Guidelines for Deploying Blackberry Devices in Commonwealth Agencies, Issued: 12/5/03, Revised: 11/28/07
- ITB-PLT004 - Statewide PC / Terminal Maintenance Contract, Issued: 11/20/98, Revised: 11/18/05
- ITB PLT005 - Microsoft and Linux Server Policy & Standards, Issued: 1/6/06, Revised: 10/20/06
- ITB-PLT006 - Server Virtualization Policy, Issued: 3/13/06
- ITB-PLT007 - Commonwealth of Pennsylvania Data Cleansing Policy, Issued: 5/3/06, Revised: 9/1/06
- ITB-PLT008 - File Transfer Protocol (FTP) Guidelines, Issued: 4/4/06, Revised: 9/22/06
- ITB-PLT009 - Commonwealth of Pennsylvania Centralized Email Policy, Issued: 6/22/06
- ITB-PLT010 - Commonwealth of Pennsylvania Policy for the Management of Networked Multi-Function Equipment, Issued: 4/28/06
- ITB-PLT011 - Mobile Device Policy and Standards, Issued: 9/22/06
- ITB-PLT012 - Use of Privately Owned PCs to Access CoPA Resources, Issued: 10/20/06
- ITB-PLT013 - Use of Freeware Policy, Issued: 11/20/06
- ITB-PLT016 - Emergency Telework Policy, Issued: 8/15/07, Revised: 11/28/07
- Privacy Domain (PRV) Security Related ITB's
- ITB-PRV001 - Commonwealth of Pennsylvania Electronic Information Privacy Policy, Issued: 8/7/06, Revised: 1/18/07
- ITB-PRV002 - Electronic Information Privacy Officer, Issued: 8/7/06
- Systems Management Domain (SYM) Security Related ITB's
- ITB-SYM001 - Enterprise IT Service Management Standards, Issued: 9/7/06
- ITB SYM003 - Off-Site Storage for Commonwealth Agencies, Issued: 12/19/06
- ITB SYM004 - Policy for Establishing Alternate Processing Sites for Commonwealth Agencies, Issued: 6/21/07
- ITB SYM005 - Integrated Enterprise System SAP License Review, Issued: 12/23/05, Revised: 12/11/06
Security Related Management Directives
 205.29 Commonwealth Internet Access - 205.34 Commonwealth of Pennsylvania Information Technology Acceptable Use Policy
- 210.12 Electronic Commerce Initiatives and Security
- 210.15 Instant Messaging
- 245.18 IT Administrator Acceptable Use, Auditing and Monitoring, Incident Notification, and Response Policies and Procedures
- 245.19 Enterprise Technology Security Council
Security Related Enterprise Memo's
|
|
|
|
Sign up to receive Cyber eAlerts
Want to receive up to the minute e-mail notifications when there are is a State Threat Level change or Commonwealth Security Advisories issued? Subscribe to Cyber eAlerts.
|
|
