All Policies and Standards
# A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Access Control PS-08-009.01
Access to state information assets is to be controlled and monitored to protect from authorized access and disclosure.
Accountability of Assets PS-08-002.01
Establishes accountability for all hardware and software acquired using public funds.
Acquisition and Use of Telecom Services and Equipment, PM-04-002.01
Procedures governing the acquisition and use of telecommunications services and equipment.
Active Directory, SA-03-009.01
Specifies the Active Directory (AD) requirements, topology and design.
Applications with Standard Desktop Clients, SA-10-004
This standard sets design criteria for client application software running on users' computers.
Appropriate Use and Monitoring SS-08-001.01
Establishes an enterprise standard regarding appropriate use and monitoring of State of Georgia information technology (IT) resources.
Appropriate Use of IT Resources PS-08.003.01
Establishes an enterprise policy regarding appropriate use of State of Georgia information technology (IT) resources.
Authorization and Access Management SS-08-010.01
Agencies must limit access to state facilities and information resources and manage access once granted.
Bluetooth Standard, SO-06-004.02
Deployment of wireless technology.
Business Continuity and Disaster Recovery PS-08.025.01
Requires agencies to develop a plan to maintain continuity (recovery and restoration) of essential state government operations and services during or following an emergency.
Change Management PS-08-015.01
Establishes requirement for agencies to establish a formal change management process.
Classification of Personal Information SS-08-002.01
Establishes a statewide standard for categorizing personal information
Computer Operations Center Security SS-08.016.01
Establishes minimum security requirements for computer operations centers.
Computer Security Incident Management PS-08-004.01
Establishes a requirement that each agency establish a process for detecting and responding to security incidents.
Contingency Planning SS-08-045.01
Each agency must have a plan to sustain or recover/restore critical operations in the event of a system disruption or disaster.
Cryptographic Controls SS-08-040.02
Establishes the minimum requirements for implementing cryptographic controls.
Data Categorization - Impact Level SS-08-014.01
Establishes Impact Level definitions and standards to be assigned to information assets throughout the enterprise.
Data Security - Electronic Records SS-08-003.01
Establishes a standard that electronic records (1) are relied upon as official records and (2) must adhere to records retention requirements.
Data Sharing, PM-07-003.02
Promotes sharing of data among agencies.
Data and Asset Categorization PS-08-012.01
Establishes a policy requirement to inventory and classify all state data and information processing systems throughout the enterprise.
Deployed Software Currency, SA-10-010
This standard sets the requirement for agencies to upgrade to current releases of software programs as quickly as possible.
Deployment Certification, SA-10-009
This standard requires an authorized agency official to certify an application prior to deployment.
Design Criteria for Data Network Protocols, SA-10-002
This standard requires state communications to use IP-based protocols.
Design Criteria for e-Records Management Applications, SA-06-006.01
Defines the standards used when purchasing a records management application in the state of Georgia.
Disaster Recovery - System Backups SS-08-046.01
Requires agencies to establish backup and recovery procedures for critical software and data.
E-Mail Use and Protection SS-08-011.01
Sets standards for appropriate use and security of state e-mail systems.
E-mail Calendaring, SA-07-004.01
Establishes the state standard for the calendaring format for users of email systems.
E-mail Distribution Lists, SA-07-010.01
Standard regarding the creation and use of large inter-agency and all multi-agency e-mail distribution lists.
E-mail Naming, SA-07-005.01
Establishes the state standard for the email address for users of email systems.
Electronic Communications Accountability SS-08-009.01
Provides a standard of responsibility for the content and transfer of information through electronic communications from state information systems.
Enterprise Architecture, PM-03-003.02
Defines Enterprise Architecture technology infrastructure policy.
Enterprise Information Security Charter PS-08-005.01
Commits the State of Georgia to protecting information systems and data from unauthorized disclosure, modification, use or destruction.
Enterprise Operational Environment, SO-10-003.02
This standard specifies Georgia’s enterprise operational environment and establishes application conversion priorities.
Exemption from State Policies and Standards, SM-11-007.01
Requirements for a request for an exemption from an IT policy or standard.
Facilities Security SS-08-015.01
Establishes minimum requirements to incorporate security of facilities into the overall measures to protect information assets.
Georgia.gov Doman Name, SA-03-007.03
Domain naming convention and federal dot-gov final rule.
Georgia.gov Intellectual Property Display, SA-03-005.03
Relating to third-party intellectual property displays on georgia.gov.
Georgia.gov Linking, SA-03-008.02
Relating to the appropriate use, placement and removal of links on georgia.gov.
IBM Mainframe Batch Job Processing, SO-04-001-.03
Batch run times, automated scheduler and tools to modify batch job data.
IBM Mainframe Production Acceptance - Batch Jobs, SO-04-003.02
Standard to ensure batch jobs are consistently packaged to meet production acceptance requirements, thereby resulting in a quick turnover into the production environment.
IT Strategic Plan, SM-09-003.01
Establishes requirements for an agency information technology strategic planning process.
Incident Response and Reporting SS-08-004.01
Sets minimum requirements for information security incident response and reporting.
Independent Security Assessments SS-08-042.01
Establishes requirement for agencies to have IT systems assessed by an independent third-party.
Independent Verification and Validation, SM-06-001.02
Requires that agencies use GTA to contract for services to independently verify and validate information technology projects with budgets of $1 million or greater.
Information Security - Risk Management PS-08-031.01
Establishes a requirement for agencies to implement a risk-based approach to cost-effective information security
management.
Information Security Infrastructure SS-08-005.01
Sets standards for creating an information security program and infrastructure.
Information Security Management Organization SS-08-006.01
Sets minimum standards for an information security management organization.
Information Technology Policies, Standards and Guidelines, PM-04-001.03
GTA’s statutory authority and approach for setting technology policies, standards and guidelines.
Information Technology Reporting SS-08-053.04
Updated for 2011. Requires agencies to report the status of their information technology projects and security program to GTA.
Instant Messaging Services, SO-11-005.02
This standard describes controls for the use of instant messaging in state agencies.
Integration Middleware, SA-7-020.02
Promotes a uniform middleware platform for enterprise integration.
Log Management Infrastructure SS-08-036.01
Requires agencies to monitor and analyze systems logs to record events and detect anomalies.
Malicious Code Incident Prevention SS-08-033.01
Establishes controls to protect systems against malicious software.
Management of IT Operations, PO-09-002.01
This policy establishes the IT Infrastructure Library (ITIL) as the basis for IT infrastructure management, service delivery and support.
Media Controls PS-08.026.01
Establishes requirement for agencies to implement media controls and procedures to protect system media from unauthorized disclosure, modification, destruction or loss.
Media Protection and Handling SS-08-043.01
Establishes protection requirements for system media.
Media Sanitization - Vendor Return SS-08-035.01
Establishes standards for sanitization and disposal of all electronic media subject to vendor return.
Network Access and Session Controls SS-08-048.01
Establishes requirements for agencies to control and monitor network sessions.
Network Boundary Controls SS-08-047.01
Establishes requirements for agencies to implement network boundary protection strategies.
Network Security - Information Flow PS-08-030.01
Establishes a requirement for agencies to control the flow of information traversing their networks.
Network Security Controls PS-08-027.01
Establishes requirement for agencies to implement network security controls.
Non-State Technology and Computing Devices SS-12-002
Rules of appropriate use and all other governance regarding information and data security apply to non-State issued technology devices used to access non-public State information and technology resources.
Operational Change Control SS-08-026.01
Establishes a requirement for changes to operational systems be controlled and monitored.
Outsourced Facilities Management PS-08-019.01
Establishes requirements around the outsourcing of data processing facilities.
Outsourced IT Services SS-08-044.01
Establishes requirements for agencies to ensure adherence to established security requirements by third-party IT service providers and/or interconnections.
Password Authentication PS-08-006.01
Establishes use of passwords as the primary authentication mechanism.
Password Security SS-08-007.01
Establishes standards for protecting passwords.
Performance Lifecycle Framework, SM-10-006.02
The Enterprise Performance Lifecycle Framework ensures that all IT investments are valuated at specific points in their lifecycle to ensure the investments meet the business performance needs and expectations of the agencies and the enterprise.
Performance Lifecycle Management Guideline, GM-11-001.01
This guideline provides a framework for state agencies to manage their technology investments in order to achieve consistently successful outcomes that maximize alignment with enterprise-wide and agency-specific goals and objectives.
Performance Lifecycle Management, SM-10-007.02
This standard establishes the minimum common practices for managing the life of an IT system from initiation through disposition.
Performance Lifecycle Stage Gate, SM-10-008.02
This standard requires a stage gate review at the end of each stage of an IT project to determine whether the project advances to the next phase, or stage.
Personal Identity Verification and Screening SS-08-017.01
Establishes standards for verifying the identities of state personnel and contractors.
Personnel Security PS-08-014.01
Establishes a requirement for identityproofing of all state employees and contractors.
Physical and Environmental Security PS-08-013.01
Establishes physical security as an essential element to the overall security posture of state information resources.
Placing Applications into Production, SA-10-001
This standard sets procedural requirements for placing applications into production.
Portfolio Management, GM-09-002.01
Guidelines to implement an IT portfolio management methodology.
Privacy in the Workplace SS-12-001
No expectation of privacy shall be assumed when accessing non-public State information resources and assets.
Project Charter Template, GM-09-003.01
A project charter is a statement of the scope, objectives and participants in a project. It
delineates roles and responsibilities, outlines the project objectives, identifies the main stakeholders and defines the authority of the project manager.
Project Charter, SM-09-004.01
A project charter is required for projects that have an information technology component.
Project Financial Management, GM-09-001.01
Guidelines for technology project financial management.
Project Financial Management, SM-09-001.01
Project expenditures shall be planned and tracked with a financial management process.
Project Management Glossary, GM-08-104.01
Protection from Malicious Software PS-08-021.01
Establishes requirement to protect systems against malicious software.
Public Access Systems PS-08-028.01
Requires agencies to implement security controls on public-facing systems.
Radio Communications: Non-Public Safety, SO-04-004.02
Non-public safety radio communications systems design standard.
Radio Public Safety, SO-04-005.02
Public safety radio communications systems design standard.
Reliance on Electronic Records PS-08-007.01
Establishes the state’s intent to rely on electronic data as a form of official record and to adhere to proscribed records retention requirements.
Remote Access PS-08-023.01
Establishes a requirement to protect internal state information systems from the risks associated with remote access.
Risk Management Framework, SS-08-041.01
Adopts the risk management framework developed by the National Institute of Standards and Technology for managing risk and implementing security.
Secure Remote Access SS-08-038.01
Establishes a requirement to protect internal state information systems from risks associated with remote access.
Security Awareness Program PS-08-010.01
Establishes a requirement to increase user security awareness through an awareness and training program.
Security Controls Review and Assessments PS-08-029.01
Establishes a requirement for agencies to assess security controls for IT systems.
Security Education and Awareness SS-08-012.01
Establishes a requirement for all state of Georgia employees and contractors to attend annual security awareness training.
Security Log Management PS-08-022.01
Requires agencies to implement log management practices.
Separate Production and Development Environments SS-08-031.01
Establishes requirements for separating production/operational and development/test environments.
Separation of Production and Test Environments PS-08-020.01
Establishes a policy for the separation of production from development and test environments.
Social Media GM-11-002.01
Methodology to employ social media.
Strong Password Use SS-08-008.01
Establishes standards for creating and using strong passwords.
Surplus Electronic Media Disposal SS-08-034.02
Establishes a statewide standard on disposition of surplus electronic media.
System Development Lifecycle, SM-10-005
This standard requires agencies to select and use a System Development Lifecycle methodology.
System Implementation and Acceptance SS-08-032.01
Requires agencies to establish criteria for accepting a system from development to operations.
System Lifecycle Management SS-08-025.01
Requires agencies to implement a formal lifecycle
management program for systems in development or
operation.
System Operations Documentation SS-08-027.01
Requires agencies to document system operational
procedures.
System Security Plans SS-08-028.01
Requires data and system owners to create and maintain system security plans.
Systems and Development Lifecycle PS-08-018.01
Requires agencies to implement a formal lifecycle
management program for systems in development or
operation.
Technology Project Management, GM-08-101.01
GTA recommends a project management methodology to be used for projects with a $100,000 or greater investment in technology.
Technology Project Management, SM-03-006.03
Sets forth the requirement that agencies utilize and apply a project management methodology to those projects that have a $100,000 or greater investment in technology.
Technology Review (eAPR), SM-08-103.01
GTA reviews all IT initiatives for compliance with state and agency strategic goals and with enterprise policies and standards.
Technology Review, PM-06-001.04
This policy establishes GTA's process for review and recommendation of all information technology initiatives.
Telecom Technology Review, SM-05-001.03
Administering enterprise and agency open contracts for telecommunications systems and long distance services.
Teleworking and Remote Access SS-08-037.01
Establishes minimum security requirements for teleworking and remotely accessing state information systems.
Third-Party Access PS-08-011.01
Establishes provisions for third-party access to state facilities and information systems.
Third-Party Security Requirements SS-08-013.01
Establishes security requirements for state agencies when conducting business with and/or sponsoring engagement contractors, outsourcing vendors and/or other third-parties.
Use of Cryptography PS-08-024.01
Where the confidentiality, authenticity, or integrity of information is critical, the use of cryptographic controls may be warranted.
Web and E-Commerce Security SS-08-049.01
Establishes a requirement for agencies to control and manage web services.
Wireless and Mobile Computing SS-08-039.01
Establishes minimum security requirements for wireless network implementation.
Workstation Operating System, SO-03-010.02
Establishes a standard desktop and laptop/notebook OS.
XML, SA-03-004.01
Establishes XML standards for state agencies based upon W3C Consortium XML open standard recommendations.