Information Security Policies

The Office of Information Security has issued the following rules and policies under the authority of 24-37.5-401 through 406, C.R.S. These policies apply to public agencies as defined in section 402 of that part. Rules in support of the Colorado Information Security Act.

Colorado Information Security Policies (CISPs)
 
These Colorado Information Security Policies are effective as of Feb. 11, 2015, and supersede any policies posted prior to this date. Unless otherwise noted, the revision date is Feb. 11, 2015.

Colorado Security Standards

The following State of Colorado technology standards support the state's information security polices.