Rules Review by JAPC
![]() |
71. Agency for Enterprise Information Technology |
71a. OFFICE OF INFORMATION SECURITY |
71A-1.001. Purpose And Scope |
71A-1.002. Definitions |
71A-1.003. Agency Information Security Program |
71A-1.004. Agency Information Technology Workers |
71A-1.005. Agency Contracts, Providers, And Partners |
71A-1.006. Confidential And Exempt Information |
71A-1.007. Access Control |
71A-1.008. Awareness And Training |
71A-1.009. Audit And Accountability |
71A-1.010. Certification, Accreditation, And Security Assessments |
71A-1.011. Configuration Management |
71A-1.012. Contingency Planning |
71A-1.013. Identification And Authentication |
71A-1.014. Incident Response |
71A-1.015. Maintenance |
71A-1.016. Media Protection |
71A-1.017. Physical And Environmental Protection |
71A-1.018. System And Application Security Planning |
71A-1.019. Personnel Security And Acceptable Use |
71A-1.020. Risk Assessment |
71A-1.021. Systems, Applications And Services Acquisition And Development |
71A-1.022. Systems And Communications Protection |
71A-1.023. System And Information Integrity |
71A-2.001. Purpose; Definitions; Policy; Applicability; Agency Security Programs; Roles And Responsibilities; Risk Management |
71A-2.002. Control Of Computers And Information Resources |
71A-2.003. Physical Security And Access To Data Processing Facilities |
71A-2.004. Logical And Data Access Controls |
71A-2.005. Data And System Integrity |
71A-2.006. Network Security |
71A-2.007. Backup And Disaster Recovery |
71A-2.008. Personnel Security And Security Awareness |
71A-2.009. Systems Acquisition, Disposal, Auditing, And Reporting |
71A-2.010. Standards Adopted |