State Information Security Policies, Standards, and Procedures

The information security policies, standards, and procedures adopted by the State define the principles and terms of the Information Security Program for the Executive Branch of the Nevada State Government, and establish the baseline for agencies’ information security programs.

Security Policies, Standards, and Procedures

100 - State Information Security Program Policy

Effective January 26, 2023

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_100_State_Security_Program_Policy.pdf

S.2.03.01 - Information Security Committee Charter

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_2_03_01_Security_Committee_Charter.pdf

S.2.04.01.1F - State Security PSP Exception Request Form

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_2_04_01_1F_Exception_Request_Form.docx

S.2.05.01 - Information Security Evaluations

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_2_05_01_Security_Evaluations.pdf

S.2.05.02 - Suspension of Services

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_2_05_02_Suspension_of_Services.pdf

S.3.02.01 - Data Sensitivity

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_3_02_01_Data_Sensitivity.pdf

S.3.02.02 - Information Security Policy Statement

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_3_02_02_Information_Security_Policy_Statement.pdf

S.3.03.01 - Information Security Officer (ISO) Roles & Responsibilities

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_3_03_01_ISO_Roles_and_Responsibilities.pdf

S.3.04.01 - Personnel Security

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_3_04_01_Personnel_Security.pdf

S.3.04.03 - Social Media for Business Use

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_3_04_03_Social_Media.pdf

S.3.04.04.1F - Acceptable Use Agreement

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_3_04_04_1F_Acceptable_Use_Agreement.docx

S.3.07.01 - Information Security Risk Analysis

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_3_07_01_Risk_Analysis.pdf

S.3.09.01 - IT Contingency Planning

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_3_09_01_IT_Contingency_Planning.pdf

S.4.01.01 - Enterprise Physical Security and Environmental Controls

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_4_01_01_Enterprise_Physical_Security_and_Environmental_Controls.pdf

S.4.02.02 - Mobile and Non-State Device Security Management

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_4_02_02_Mobile_Device_Security.pdf

S.4.02.02.1F - Mobile and Non-State Device Agreement Form

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_4_02_02_1F_Mobile_And_Non-State_Device.docx

S.4.02.03 - Multi-Function Devices (MFDs)

Effective July 13, 2022

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_4_02_03_Multi_Function_Devices.pdf

S.4.03.01 - Electronic Media Security

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_4_03_01_Electronic_Media_Protection_Marking_and_Sanitization.pdf

S.4.07.01 - Security for System Development

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_4_07_01_Security_for_Software_Development.pdf

S.4.08.02 - Information Security Incident Management

Effective October 26, 2022

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_4_08_02_Security_Incident_Management.pdf

S.4.08.02.1F - Information Security Incident Report Form

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_4_08_02_1F_Security_Incident_Report_Form.docx

S.5.01.01 - User Identification and Authentication (Passwords)

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_01_01_User_Identification_and_Authentication.pdf

S.5.02.02 - Access Controls and Audit Trails

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_02_02_Access_Controls_and_Auditing.pdf

S.5.04.01 - Border Security

Effective July 13, 2022

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_04_01_Border_Security.pdf

S.5.04.02 - Data Communication and Remote Connections

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_04_02_Data_Comm_and_Remote_Connections.pdf

S.5.04.03 - Remote Access

Effective September 1, 2021

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_04_03_Remote_Access.pdf

S.5.04.04 - Data Security Architecture

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_04_04_Data_Security_Architecture.pdf

S.5.06.01 - Cloud Services

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_06_01_G_Cloud_Services.pdf

S.5.06.01.1F - Cloud Services Assessment Worksheet

Effective October 20, 2021

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_06_01_1F_Cloud_Checklist.xlsx

S.5.06.02 - Domain Name System (DNS)

Effective January 9, 2023

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_06_02_DNS.pdf

S.5.08.01 - Wireless Networks

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_5_08_01_Wireless_Network.pdf

S.6.02.01 - Software Inventory and Control

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_02_01_Software_Inventory_and_Control.pdf

S.6.02.07 - Technology Bans

Effective April 6, 2023

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_02_07_TechnologyBans.pdf

S.6.02.07A - Banned Technology List

Effective April 6, 2023

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_02_07_C Banned Technology List.pdf

S.6.03.01 - Software Patch Management

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_03_01_Software_Patch_Mgmt.pdf

S.6.03.02 - Vulnerability Management

Effective September 1, 2021

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_03_02_Vuln_Management.pdf

S.6.05.01 - Secure Software Configuration

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_05_01_Secure_Software_Configuration.pdf

S.6.08.01 - Malware Defenses

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_08_01_Malware_Defenses.pdf

S.6.10.01 - Backup and Recovery Capabilities

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_10_01_Backup_and_Recovery.pdf

S.6.13.01 - Data Protection

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_13_01_Data_Protection.pdf

S.6.15.01 - Wireless Access Control

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_15_01_Wireless_Access_Control.pdf

S.6.16.01 - Account Monitoring and Control

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_16_01_Account_Monitoring_and_Control.pdf

S.6.17.01 - Information Security Awareness and Training Program

Effective December 31, 2020

/uploadedFiles/itnewnvgov/content/Governance/Security/FINAL_S_6_17_01_Information_Security_Awareness_Training.pdf