Alabama Department of Finance Finance Home  |  Director's Office  |  News  |  Survey/Comments  |  Statements/Policies  |  Contact Finance Dept.     
Alabama Department of Finance Alabama Department of Finance
       Skip Navigation Links
Home
Products/Services
Policies/Security
Planning/Procurement
Customer Service
About Us
Contact Us

Statewide Information Technology Policies, Standards and Guidelines


Released Reviewed Title
01/07/09 Policy 100-00: Information Technology
01/07/09
  
  • Procedure 100-00P1: IT Document Workflow 
    •      
    07/12/06 09/07 Policy 200-00: Annual IT Planning
         
    07/12/06 09/07 Policy 210-00: Agency Technology Advisory Committee
          
    06/08/06 09/07 Policy 300-00: IT Budget
         
    09/22/06 07/08 Policy 340-00: State IT Capital Budget
         
    04/25/06 09/07 Policy 500-00: Statewide Information Systems Architecture
         
    04/26/06 09/07 Policy 545-01: Electronic Collaboration
         
         
    05/29/07 07/08 Policy 600-00: Information Security
         
    12/05/05 07/08 Policy 600-01: Commitment to Information Security
         
    06/08/06 07/08 Policy 600-02: Information Security for Service Providers
         
    01/15/08 07/08 Policy 600-03: Security Council
    03/26/08
    		 07/08
  • Procedure 600-03P1: Security Council
    • 10/24/08 10/08
  • Procedure 600-03P2: Security Doc Work Flow
        *Distribution Restricted to AL Info Security Personnel Only
         (Request a copy)
    		•
         
    03/24/06 08/08 Policy 600-04: Cyber Security Incident Response
    07/24/09 08/08
  • Standard 600-04S1: Incident Response Controls
    • 07/25/08 08/08
  • Procedure 600-04P1: Incident Reporting
    • 04/16/08 08/08
  • Procedure 600-04P2: Incident Handling
    		•
         
    03/21/08 08/08 Policy 600-05: Configuration Management
    03/21/08 08/08
  • Guideline 600-05G1: CM Process
    •      
    01/12/07 08/08 Policy 610-01: Security Awareness & Training
    01/12/07 08/08
  • Standard 610-01S1: Security Awareness
    •      
    01/12/07 04/08 Policy 620-01: Network & Systems Access
    01/12/07 04/08
  • Standard 620-01S1: Access Management
    •      
    10/28/08 10/08 Policy 620-03: Authentication  
    09/21/07 04/08
  • Standard 620-03S1: Authentication - Passwords
    • 10/28/08 10/08
  • Standard 620-03S2: Authentication - Biometrics 
    •      
    02/28/06 08/08 Policy 630-01: Acceptable Use
    12/06/06 08/08
  • Standard 630-01S1: Acceptable Use - Prohibited Activities
    •      
    03/02/06 08/08 Policy 630-02: Internet Access
         
    05/20/09 08/08 Policy 630-03: Email Usage
    12/07/06 08/08
  • Standard 630-03S1: E-Mail Usage
    •      
    03/06/06 09/08 Policy 630-04: Instant Messaging
         
    03/06/06 09/08 Policy 630-05: Internet Content Management
    05/11/09 09/08
  • Standard 630-05S1: Internet Content Management - Blocked Categories
    •      
    09/20/07 09/08 Policy 630-06: Software Licensing & Use
         
    04/17/08 04/08 Policy 640-01: External Connections
    02/16/07
    		 04/08
  • Standard 640-01S1: Interconnecting IT Systems
    • 05/29/07 04/08
  • Standard 640-01S2: Secure Web Application Deployment
    		•
         
    02/13/07 04/08 Policy 640-02: Remote Access
    02/20/08
    		 04/08
  • Standard 640-02S1: Remote Access Controls
    • 02/13/09 04/08
  • Standard 640-02S2: Virtual Private Networks
    • 09/30/09 04/08
  • Standard 640-02S3: Dial-in Access REVISED!
    		•
         
    08/18/08 05/08 Policy 640-03: Wireless Security
    02/16/07
    		 05/08
  • Standard 640-03S1: Wireless Networks
    • 12/18/07 05/08
  • Standard 640-03S2: Wireless Clients
    • 02/16/07 05/08
  • Standard 640-03S3: Bluetooth Security
    		•
         
    10/24/08 10/08 Policy 640-04: Voice Over Internet Protocol 
    10/24/08 10/08
  • Standard 640-04S1: VoIP Security  
    		•
         
    03/09/06 03/08 Policy 650-01: Physical Security
    07/14/06
    		 03/08
  • Standard 650-01S1: Physical Security
    • 01/15/08 03/08
  • Standard 650-01S2: Physical Access Control
    •      
    05/29/07 05/08 Policy 660-01: Application Security
    06/12/08
    		  
  • Standard 660-01S1: Mobile Code
    • 03/21/08  
  • Guideline 660-01G1: SQL Injection
    		•
    07/14/08  
  • Guideline 660-01G2: Input Validation
    		•
    07/14/08  
  • Guideline 660-01G3: Database Security
    		•
    07/14/08  
  • Guideline 660-01G4: Error Handling
    		•
         
    05/29/07 06/08 Policy 660-02: System Security
    01/30/08 06/08
  • Standard 660-02S1: Laptop Security 
    		•
    05/11/09  
  • Standard 660-02S2: PDA Security  
    • 09/18/08  
  • Baseline 660-02B1: Server Security
    • 01/14/08 06/08
  • Baseline 660-02B2: Client Security
    		•
    01/30/08 06/08
  • Guideline 660-02G1: Router Security
    		•
    01/30/08 06/08
  • Guideline 660-02G2: Firewall Security
    		•
    01/30/08  
  • Guideline 660-02G3: Midrange Security
    • 02/20/08  
  • Guideline 660-02G4: Mainframe Security
    		•
    06/04/08  
  • Guideline 660-02G5: Engineering Principles
    • 08/21/08  
  • Guideline 660-02G6: Domain Name System Security
    		•
    09/12/08  
  • Guideline 660-02G7: Video Conferencing Security
    •      
    06/04/08   Policy 660-03: Application Security Testing
         
    12/11/08 Policy 660-04: POS Systems Security
         
    12/12/06 03/09 Policy 670-01: Risk Management
    12/12/06
    		 03/09
  • Standard 670-01S1: Risk Assessment
    • 12/12/06 03/09
  • Standard 670-01S2: Risk Mitigation
    • 12/12/06 03/09
  • Standard 670-01S3: Vulnerability Scanning
    		•
         
    12/12/06 03/09 Policy 670-02: Monitoring and Reporting
    12/12/06 03/09
  • Standard 670-02S1: Monitoring and Reporting
    •      
    12/12/06 03/09 Policy 670-03: Vulnerability Management
    12/12/06
    		 03/09
  • Standard 670-03S1: Vulnerability Management
    •      
    04/17/08 02/09 Policy 670-04: Virus Protection
    09/28/09 02/09
  • Standard 670-04S1: Virus Protection UPDATED!
    		•
    12/12/06 02/09 Policy 670-05: Intrusion Detection/Prevention
    08/05/08 02/09
  • Standard 670-05S1: Intrusion Detection/Prevention Systems
    •      
    12/12/06 03/09 Policy 670-06: Log Management
    12/12/06 03/09
  • Standard 670-06S1: Log Management
    •      
    12/12/06 03/09 Policy 670-07: Backup and Recovery
    12/12/06 03/09
  • Standard 670-07S1: Backup and Recovery
    •      
    07/09/09   Policy 670-08: System Maintenance
    07/09/09  
  • Standard 670-08S1: Secure Maintenance
    •      
    06/08/06 03/09 Policy 680-01: Information Protection
    09/05/07
    		 03/09
  • Standard 680-01S1: Information Protection
    • 02/06/07 03/09
  • Standard 680-01S2: Protecting PII
    • 12/12/06 03/09
  • Standard 680-01S3: Removable Storage Devices
    		•
    06/10/09 03/09
  • Standard 680-01S4: Media Sanitization 
    		•
         
    06/08/06 03/09 Policy 680-02: Public Information Dissemination
         
    06/08/06 03/09 Policy 680-03: Encryption
    08/05/08 03/09
  • Standard 680-03S1: Encryption
    •      
    09/22/06 09/07 Policy 700-00: Disaster Recovery
         
    09/25/08    Policy 900-00: IT Procurement
    09/25/08  
  • Standard 900-00S1: IT Procurement
    •      
    07/21/08 07/08 Policy 1200-00: Digital Government
    07/21/08 07/08
  • Standard 1200-00S1: Domain Naming and Registration
    •      
    09/22/06 07/08 Policy 1210-00: Web Development
    07/21/08
    		 07/08
  • Standard 1210-00S1: Online Privacy and Data Collection
    • 09/25/06 07/08
  • Standard 1210-00S2: Universal Accessibility
    		•
    09/27/06 07/08
  • Standard 1210-00S3: Online Security Statement
    		•
    07/21/08 07/08
  • Standard 1210-00S4: Hypertext Linking
    •  
    06/23/09  Information Technology Dictionary
     
    Contact ISD
    help.desk@isd.alabama.gov (334) 242-2222         1-877-ALISDHELP or 1-877-254-7343
    Finance Home   |   Alabama Directory   |   Media   |   Online Services   |   Alabama.gov   |   Alerts   |   Feeds
    Governor's Site   |   Translation Services:   German (Deutsch)   |   Japanese 日本語   |   Korean 한국어   |   Spanish (Español)