Information Security Policies

Security concern or incident to report?

We are here to help with network security vulnerabilities and threats in Colorado:

ISOC@state.co.us 303.764.7760

Information Security Policies & Standards

The Office of Information Security has issued the following rules and policies under the authority of 24-37.5-401 through 406, C.R.S. These policies apply to public agencies as defined in section 402 of that part. Rules in support of the Colorado Information Security Act.

Glossary of Terms for the below Colorado Information Security Policies (CISPs)»

Colorado Information Security Policies (CISPs)

All of the Colorado Information Security Policies were revised on Feb. 1, 2017. These mandatory policies supersede all previously posted CISPs (including the version 1.0 policies dated Feb. 11, 2015).

Colorado Security Standards

The following State of Colorado technology standards support the state's information security polices.

TS-Data Cat-001: Data Security Categorization Technical Standard

Forms

OIT Secure Configuration Exception Request Form

Information Security Policies & Standards

Colorado Information Security Policies (CISPs) All of the Colorado Information Security Policies were revised on Feb. 1, 2017. These mandatory policies supersede all previously posted CISPs (including the version 1.0 policies dated Feb. 11, 2015).

Colorado Security Standards

Forms

Colorado Information Security Policies (CISPs)

All of the Colorado Information Security Policies were revised on Feb. 1, 2017. These mandatory policies supersede all previously posted CISPs (including the version 1.0 policies dated Feb. 11, 2015).