Search this site
Who We Serve
Mission & Values
Policies & Standards
Common OIT Acronyms
Customer Order Forms
Google Apps for Government
Procurement & Vendor Services
Colorado Benefits Management System
Colorado Information Marketplace
Enterprise Architecture & Data Management
Geographic Information Systems (GIS)
IT Economic Development
Public Safety Communications Network
In the News
Top Areas of Interest
Why Work @ OIT?
Where Do You Fit?
Submit a Ticket
Chief Information Security Office
Information Security Policies
Office of Information Security
Security Policies & Standards
For State Employees
News & Events
Security concern or incident to report?
We are here to help with network security vulnerabilities and threats in Colorado:
Information Security Policies & Standards
The Office of Information Security has issued the following rules and policies under the authority of 24-37.5-401 through 406, C.R.S. These policies apply to public agencies as defined in section 402 of that part.
Rules in support of the Colorado Information Security Act
Glossary of Terms for the below Colorado Information Security Policies (CISPs)»
Colorado Information Security Policies (CISPs)
All of the Colorado Information Security Policies were revised on Feb. 1, 2017. These mandatory policies supersede all previously posted CISPs (including the version 1.0 policies dated Feb. 11, 2015).
Security Awareness and Training
Audit and Accountability
Security Assessment and Authorization
Identification and Authentication
Physical and Environmental Protection
System and Services Acquisition
System and Communications Protection
System and Information Integrity
Colorado Security Standards
The following State of Colorado technology standards support the state's information security polices.
Data Security Categorization Technical Standard
Governor's Office of Information Technology |
601 E. 18th Ave., Suite 250, Denver, CO 80203
© 2017 State of Colorado |
Transparency Online Project