State Information Security Policies, Standards, and Procedures

The information security policies, standards, and procedures adopted by the State define the principles and terms of the Information Security Program for the Executive Branch of the Nevada State Government, and establish the baseline for agencies’ information security programs.

Security Policies, Standards, and Procedures

100 - State Information Security Program Policy

Effective January 26, 2023

S.2.03.01 - Information Security Committee Charter

Effective December 31, 2020

S.2.04.01.1F - State Security PSP Exception Request Form

Effective December 31, 2020

S.2.05.01 - Information Security Evaluations

Effective December 31, 2020

S.3.02.02 - Information Security Policy Statement

Effective December 31, 2020

S.3.03.01 - Information Security Officer (ISO) Roles & Responsibilities

Effective December 31, 2020

S.3.04.03 - Social Media for Business Use

Effective December 31, 2020

S.3.07.01 - Information Security Risk Analysis

Effective December 31, 2020

S.4.01.01 - Enterprise Physical Security and Environmental Controls

Effective December 31, 2020

S.4.02.02 - Mobile and Non-State Device Security Management

Effective December 31, 2020

S.4.02.02.1F - Mobile and Non-State Device Agreement Form

Effective December 31, 2020

S.4.02.03 - Multi-Function Devices (MFDs)

Effective July 13, 2022

S.4.08.02 - Information Security Incident Management

Effective October 26, 2022

S.4.08.02.1F - Information Security Incident Report Form

Effective December 31, 2020

S.5.01.01 - User Identification and Authentication (Passwords)

Effective December 31, 2020

S.5.02.02 - Access Controls and Audit Trails

Effective December 31, 2020

S.5.04.02 - Data Communication and Remote Connections

Effective December 31, 2020

S.5.06.01.1F - Cloud Services Assessment Worksheet

Effective October 20, 2021

S.5.06.02 - Domain Name System (DNS)

Effective January 9, 2023

S.6.03.01 - Software Patch Management

Effective December 31, 2020

S.6.03.02 - Vulnerability Management

Effective September 1, 2021

S.6.10.01 - Backup and Recovery Capabilities

Effective December 31, 2020

S.6.17.01 - Information Security Awareness and Training Program

Effective December 31, 2020