POLICY, PROCEDURE AND STANDARDS MANAGEMENT - 5305.2

Policy: Each state entity must provide for the protection of its information assets by establishing appropriate administrative, operational and technical policies, standards, and procedures to ensure its operations conform with business requirements, laws, and administrative policies, and personnel maintain a standard of due care to prevent misuse, loss, disruption or compromise of state entity information assets. Each state entity shall adopt, maintain and enforce internal administrative, operational and technical policies, standards and procedures in accordance with SIMM 5305-A to support information security program plan goals and objectives.

Implementation Controls: NIST SP 800-53: Planning (PL); Program Management (PM); SIMM 5305-A