Subject Section
INTRODUCTION 5300
ARRANGEMENT OF CHAPTER 5300.1
GOVERNING PROVISIONS 5300.2
APPLICABILITY 5300.3
DEFINITIONS 5300.4
MINIMUM SECURITY CONTROLS 5300.5
INFORMATION SECURITY PROGRAM 5305
INFORMATION SECURITY PROGRAM MANAGEMENT 5305.1
POLICY, PROCEDURE AND STANDARDS MANAGEMENT 5305.2
INFORMATION SECURITY ROLES AND RESPONSIBILITIES 5305.3
PERSONNEL MANAGEMENT 5305.4
INFORMATION ASSET MANAGEMENT 5305.5
RISK MANAGEMENT 5305.6
RISK ASSESSMENT 5305.7
PROVISIONS FOR AGREEMENTS WITH STATE AND NON-STATE ENTITIES 5305-8
INFORMATION SECURITY PROGRAM METRICS 5305.9
PRIVACY 5310
STATE ENTITY PRIVACY STATEMENT AND NOTICE ON COLLECTION 5310.1
LIMITING COLLECTION 5310-2
LIMITING USE AND DISCLOSURE 5310.3
INDIVIDUAL ACCESS TO PERSONAL INFORMATION 5310.4
INFORMATION INTEGRITY 5310.5
DATA RETENTION AND DESTRUCTION 5310.6
SECURITY SAFEGUARDS 5310.7
PRIVACY THRESHOLD AND PRIVACY IMPACT ASSESSMENTS 5310.8
INFORMATION SECURITY INTEGRATION 5315
SYSTEM AND SERVICES ACQUISITION 5315.1
SYSTEM DEVELOPMENT LIFECYCLE 5315.2
INFORMATION ASSET DOCUMENTATION 5315.3
SYSTEM DEVELOPER SECURITY TESTING 5315.4
CONFIGURATION MANAGEMENT 5315.5
ACTIVATE ONLY ESSENTIAL FUNCTIONALITY 5315.6
SOFTWARE USAGE RESTRICTIONS 5315.7
INFORMATION ASSET CONNECTIONS 5315.8
SECURITY AUTHORIZATION 5315.9
TRAINING AND AWARENESS FOR INFORMATION SECURITY AND PRIVACY 5320
SECURITY AND PRIVACY AWARENESS 5320.1
SECURITY AND PRIVACY TRAINING 5320.2
SECURITY AND PRIVACY TRAINING RECORDS 5320.3
PERSONNEL SECURITY 5320.4
BUSINESS CONTINUITY WITH TECHNOLOGY RECOVERY 5325
TECHNOLOGY RECOVERY PLAN 5325.1
TECHNOLOGY RECOVERY PLAN 5325.2
TECHNOLOGY RECOVERY TESTING 5325.3
ALTERNATE STORAGE AND PROCESSING SITE 5325.4
TELECOMMUNICATIONS SERVICES 5325.5
INFORMATION SYSTEM BACKUPS 5325.6
INFORMATION SECURITY COMPLIANCE 5330
SECURITY ASSESSMENTS 5330.1
COMPLIANCE REPORTING 5330.2
INFORMATION SECURITY MONITORING 5335
CONTINUOUS MONITORING 5335.1
AUDITABLE EVENTS 5335.2
INFORMATION SECURITY INCIDENT MANAGEMENT 5340
INCIDENT RESPONSE TRAINING 5340.1
INCIDENT RESPONSE TESTING 5340.2
INCIDENT HANDLING 5340.3
INCIDENT REPORTING 5340.4
VULNERABILITY AND THREAT MANAGEMENT 5345
OPERATIONAL SECURITY 5350
ENCRYPTION 5350.1
ENDPOINT DEFENSE 5355
MALICIOUS CODE PROTECTION 5355.1
SECURITY ALERTS, ADVISORIES, AND DIRECTIVES 5355.2
IDENTITY AND ACCESS MANAGEMENT 5360
REMOTE ACCESS 5360.1
WIRELESS ACCESS 5360.2
PHYSICAL SECURITY 5365
ACCESS CONTROL FOR OUTPUT DEVICES 5365.1
MEDIA PROTECTION 5365.2
MEDIA DISPOSAL 5365.3

Searchable SAM

Chapter-View

Print Entire SAM