editing disabled

wikiheader.jpg

Standards, Rules, and Policies


Rules and Statewide Policies

R895-1 Access to Records
R895-3 Computer Licensing Copyright Control, Retention and Transfer
R895-7 Acceptable Use
R895-8 State Privacy Policy and Agency Privacy Policies
R895-13 Access to Identity Theft Reporting Information System

Published Standards
4100-0001 CMDB Change Management
4300-0001-0 Utah.gov Web Security, Privacy, Accessibility, and Terms of Use policies.
4300-0001-1 Web Standards and Guidelines
  • 4300-0001 3.2 Content and Presentation
  • 4300-0001 3.3 Development and Site Implementation
  • 4300-0001 3.4 Reporting, Monitoring, and Metrics
  • 4300-0001 3.5 User Interface
  • 4300-0001 4.0 Accessibility and Usability Guidelines
  • 4300-0001 5.0 Advertising and Acknowledgements
  • 4300-0001 6.0 Copyright and Attribution on State Web Sites
  • 4300-0001 7.0 Internet Domain Names
  • 4300-0001 8.0 Linking to Other Internet Sites
  • 4300-0001 9.0 Privacy and Security
  • 4300-0001 10.0 Management of Financial, Electronic, and Signed Records
  • 4300-0001 11.0 Search Functionality on State Web Sites
  • 4300-0001 12.0 Tagging and Use of Meta Tags on State Web Sites
4300-0001-4 Accessibility Standards UtahWebStandards S4 013111.pdf
4300-0001-5 Mobile Platform Design Guidelines Mobile Platform Design Guidelines 1.31.11.pdf
4300-0002 Internal Web Browser Standard
4300-0003 Application Server Standard
4300-0004 Laptop and Email Encryption 4300-0004.pdf
4300-0005 Antivirus-Spyware Standard 4300-0005.pdf
4300-0008 Multimedia Internet Standards
4300-0009 Document Exchange Standards
4300-0010 Network Tools Standards
4300-0011 Software Inventory and Distribution Standard
4300-0012 Collaboration Tool Standard: Internet Based

4300-0013 Java Application Framework Standard
4300.0014 Linux Server OS Standard
4300-0015 Virtualization Software Standard
4300-0016 Office Suites Standards
4300-0017 Website Search Engine Standards
4300-0018 Windows Server Standard
4300-0019 Web Training Platform Standard
4300-0020 State Website Mobile Access Standards
4300-0021 Host Printing Standard
4300-0022 Directory Services Standards
4300-0023 Web Analytics Standards
4300-0025 IP Addressing and NAT Standard IP Addressing and NAT Standard.pdf
4300-0026 Wireless Network Access Standard Wireless Network Access Final Draft.pdf
4300-0029 State of Utah Social Media Guidelines State of Utah Social Media Guidelines 9.29.pdf
4300-0030 Mobile Device Policy 8.8.12
4300-0031 iPad User Guidelines 3.8.2012
4300-0032 Policy on Use of External Service Providers for Data Storage ESP Policy 10.6.10.pdf
4300-0040 Windows 7 Migration Policy Win7 Policy 4300-0040.pdf

5000-0001 Removal of Data from Decommissioned Storage Devices
5000-0800-S1 Configuration Management Standard
5000-1002 S1 Patch Management Standard
5000-1106-S1 Sanitization and Disposal of Hard Drives Standard
5000-1250 Computer Incident Reporting Policy
5000-1500 Access Controls - Employee Terminations
5000-1700 Information Protection
5000-1700 S7 Payment Card (PCI) Security Standard
5000-1701 Confidential Information Policy / Confidentiality Agreement Form
5000-1713 S4 Encryption Standards
5000-1760 Firewall Management Policy
5110-0002 Information Asset Security Classification Policy

WSCA PC Desktop Standards, Approved November 2012 - April 2013, http://purchasing.utah.gov/documents/wscapcstandards.pdf

Published Standards (Access Restricted)
5000-1008 Web Content Filtering
5000-1008-S1 Web Content Filtering Standard
5000-1100 Media Protection Policy
5000-1100-S1 Media Protection Standards
5000-1100-S4 Encryption Standards
5000-1100-S5 Portable Computing Devices Security Standard
5000-1160 Removal of Data
5000-1200 Incident Response Policy
5000-1200 Incident Response Standards
5000-1300 Awareness and Training Policy
5000-1300-S1 Awareness and Training Standards
5000-1400 Identification & Authentication Policy
5000-1400-S1 Identification and Password Standards
5000-1500 Access Control Policy
5000-1500-S1 Access Control Standards
5000-1508 Warning Banner Policy
5000-1600 Audit and Accountability Policy
5000-1600 Audit and Accountability Standards
5000-1700 Information Protection Policy
5000-1700-S1 System & Communications Protection Standards
5000-1707 Malicious Activity Policy
Security Controls Framework 20090112

Published Checklists (Access Restricted)
Executive Security Breach Checklist
SDLC - Initial Security Review Checklist
SDLC - Full Security Review Checklist
DTS Employee Termination Tasks
Workplace Security Checklist
Apache Web Server Configuration Standard Checklist
PHP Configuration Hardening Checklist
Network eDirectory Configuration Standard Checklist
Windows Server 2008 Configuration Standard Checklist
Oracle Database Configuration Standard Checklist
SuSE 10 Server Configuration Standard Checklist

Published Policies (Access Restricted)
5000-0002 Information Assett Security Classification
1000-0003 Rules of Behavior - Acceptable Use Policy
2000-0001 Rules of Behavior - Code of Conduct Policy
2000-0014 Personnel Security - Background Check Policy
2000-0017 Personnel Security - Drug Free Work Place Policy
2000-0013 Telecommuting Policy
1000-0006 Personnel Security - Internal Affairs Policy
5000-1521 Data Center Security and Access Control Policy
Security Configuration Management

Technical Bulletins with Standards and Migration Information

2008

TB0417: Registering new Domain Names to the State of Utah External DNS Servers
Effective January 1, 2009
TB0416: Requiring DNS Names To Access State Mainframe Computers
Effective January 1, 2009
TB0415: Data Set Name Changes – Control Products
Effective October 12, 2008
TB0414: Projected End of Life ADABAS/Natural
Effective April 30, 2011
TB0413: CAPNET Wireless Network Protocol Management
Effective August 22, 2008
TB0412: Peer to Peer (P2P) Traffic Shaping
Effective July 13, 2008
TB0411: CICS Command Security
Effective June 29, 2008
TB0410: RACF Mixed Case Passwords
Effective August 17, 2008
TB0409: Mobile Data Network 700 MHz Discontinuance
Effective June 30, 2008

2007

TB0402: Oracle 10G Migration Shared DTS Database Environment Effective October 1, 2007

TB0401: DNS Recursive Lookups Effective September 23, 2007

TB0400: Oracle Development Mainframe Upgrade to Version 10.2.0.2 Effective August 28, 2007

TB0399: SiteMinder Web Agent Upgrade Effective September 1, 2007

TB0398: Removal of 3480 Tape Drivers Effective July 15, 2007

TB0397: Sunsetting of State Dial-up Service Effective July 1, 2007

TB0396: RACF Minimum Password Interval Effective June 24, 2007

TB0395: Discontinuance of CICSV620 Effective July 1, 2007

TB0394: Network Perimeter Security Enhancements Effective July 30, 2007

TB0393: DNS Domain Changes Effective May 17, 2007

TB0392: Restricting Remedy User Tool Access Effective April 15, 2007

TB0391: Websphere 6 Migration Schedule Effective March 19, 2007

TB0390: Oracle Daylight Saving Time Patches Effective February 4, 2007

TB0402: Oracle 10G Migration Shared DTS Database Environment Effective October 1, 2007

TB0401: DNS Recursive Lookups Effective September 23, 2007

TB0400: Oracle Development Mainframe Upgrade to Version 10.2.0.2 Effective August 28, 2007

TB0399: SiteMinder Web Agent Upgrade Effective September 1, 2007

TB0398: Removal of 3480 Tape Drivers Effective July 15, 2007

TB0397: Sunsetting of State Dial-up Service Effective July 1, 2007

TB0396: RACF Minimum Password Interval Effective June 24, 2007

TB0395: Discontinuance of CICSV620 Effective July 1, 2007

TB0394: Network Perimeter Security Enhancements Effective July 30, 2007

TB0393: DNS Domain Changes Effective May 17, 2007

TB0392: Restricting Remedy User Tool Access Effective April 15, 2007

TB0391: Websphere 6 Migration Schedule Effective March 19, 2007

TB0390: Oracle Daylight Saving Time Patches Effective February 4, 2007