Appendix A: Example Policies (FISMA Framework)

The following set of information security policy examples are based on information security and privacy policies the author created for the State of Arizona Department of Administration. There are several elements of these example policies that are important to understand:

•  Application indicators: Each policy statement required for all systems unless there is an application indicator at the front of the policy statement. All application indicators are enclosed in parenthesis at the front of the policy statement. Examples of these indicators include (C)—applies to confidential data only; (P)—applies to “protected” systems only; and (P-PCI)—applies to “protected” systems with cardholder data (CHD). ...

Get Information Security Policies, Procedures, and Standards now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.