Go RIM for Policy Section 5340
- Access Control
The following provides a central location for information security standards, authority, guidance, forms, tools, definitions, and reference to other policies related to access control.
- Information Security Policy
(State Administrative Manual) - Authority
- Standards
- Guidance
- Forms
Standards
- ISO/IEC 27002:2005 (formerly ISO 17799)
- Federal Information Processing Standards (FIPS)
- HIPAA Security Standards, Section 164.308 (a) (4), Section 164.308 (a) (5), Section 164.310 (b), Section 164.310 (c), and Section 164.312 (a) (1)
- North America Electric Reliability Corporation (NERC) Standards, CIP 003 - Security Management Controls, CIP 004 - Personnel and Training, CIP 005 - Electronic Security Perimeter, and CIP 007 - System Security Management
- PCI-DSS, Requirements 1, 2, 6, 8, 10, and 12
- Role Engineering and RBAC Standards
- Telework and Remote Access Security Standard (SIMM 66A) (.pdf)
- Social Media Standard (SIMM 66B) (.pdf)
Guidance
- January 2009 Newsletter: Challenge or Secret Questions (.pdf)
- Information Sheet No. 9, Security Considerations for Multi-Function Devices (.pdf)
- Information Sheet No. 8, Refresher Course on Password Use (.pdf)
- Information Sheet No. 7, Does Your Agency Implement Forced Password Changes (pdf)
- Information Sheet No. 6, Telework Security Considerations (.pdf)
- Users Guide to User's Guide to Securing External Devices for Telework and Remote Access, NIST SP 800-114
- Assessment of Access Controls, NIST Report - September 2006
- An Introduction to Role-Based Access Control, NIST ITL Bulletin - December 1995
- Role Based Access Control, NIST Abstract
- Identification and Authentication (NIST SP 800-12, Chapter 16)
- Network Access Control Learning Guide
- Best Practices for Social Media Usage in North Carolina
- CIO Council's Guidelines for Secure Use of Social Media by Federal Departments and Agencies
- IBM Social Computing Guidelines
- Intel Social Media Guidelines
- New Media and the Air Force, Air Force Public Affairs Agency, Emerging Technology Division
Cyber Threat Level
Quick Links
Related Websites
- California Technology Agency
- CA Highway Patrol
- CA Emergency Management Agency
- CA Office of Health Information Integrity
- CA Office of Privacy Protection
