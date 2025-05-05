Security Standards & Policies

Management Practices

Specifies the principles set in place regarding security organization. Standards in this area involve the layout of DHS' security organizational structure, the importance of security from all aspects of one's work, and other security-specific techniques for DHS employees.

Organizational Structure

Defines DHS' hierarchy of security personnel.

Policy Commonwealth Enterprise Network Security Policy —Defines the roles and responsibilities of Commonwealth information systems users.



Standards Commonwealth Desktop and Laptop Technology Standards (Information Technology Bulletin ITB-PLT001) — Identifies the software and hardware that will be supported and provides desktop policy standards regarding best practices for support team members as well as end-users.





Security Awareness

Throughout DHS are banners, bulletins, and advertisements that promote security awareness. This is a way for DHS to educate its employees about the importance of keeping sensitive information (passwords, login IDs, confidential business information) secure. This section details the procedures and guidelines surrounding the security awareness training methods.

OA/OIT Security Policies

The Governor's Office of Administration/Office of Information Technologies (OA/OIT) has security standards and procedures in place for all Commonwealth agencies. Users may view the entire list of Commonwealth Information Technology Bulletins or Management Directives:

Cryptography

The practice of creating and using a cryptosystem, or cipher to prevent all but the intended recipient(s) from reading or using the information or application encrypted. A cryptosystem is a technique used to encode a message. The recipient can view the encrypted message only by decoding it with the correct algorithm. Cryptography is used primarily for communicating sensitive material across computer networks. This section describes the cryptographic techniques deployed at DHS and standards surrounding the use of encryption while communicating with DHS and DHS' business partners.

Telecommunications and Network Security

Three crucial characteristics of telecommunications and network security are confidentiality, integrity, and availability. Confidentiality is the use of authorization protocols and access codes to assure that only authorized users can access message content. Integrity is the use of message linking between valid source and destination nodes to guarantee messages are complete and unmodified. Availability refers to the use of redundancy, back-ups, and fault tolerance methods to ensure a high level of server and application operability.