Information Security Policies

The Office of Information Security has issued the following rules and policies under the authority of 24-37.5-401 through 406, C.R.S. These policies apply to public agencies as defined in section 402 of that part.

Rules in support of the Colorado Information Security Act»

Policy Number Description Download
P-CISP-001 Information Security Planning PDF
P-CISP-002 Incident Response PDF
P-CISP-003 IT Risk Management PDF
P-CISP-004 Disaster Recovery PDF
P-CISP-005 Vendor Management PDF
P-CISP-006 Network Operations PDF
P-CISP-007 Systems and Applications Security Operations PDF
P-CISP-008 Access Control PDF
P-CISP-009 Change Control PDF
P-CISP-010 Physical Security PDF
P-CISP-011 Data Classification, Handling, and Disposal PDF
P-CISP-012 Personnel Security PDF
P-CISP-013 System Access and Acceptable Use PDF
P-CISP-014 Online Privacy PDF
P-CISP-015 Security Training and Awareness PDF
P-CISP-016 Self Assessment PDF
P-CISP-017 Security Metrics and Measurement PDF
P-CISP-018 Mobile Computing PDF
P-CISP-019 Wireless Security PDF