Cyber Threat Level
Right Column
Go RIM for Policy Section 5320 - Asset Protection
The following provides a central location for information security standards, authority, guidance, forms, tools, definitions, and reference to other policies related to asset protection.
- Information Security Policy (State Administrative Manual)
- Authority
- Standards
- Guidance
- Forms
- Tools
- Definitions
- Related Policies
- Go RIM Home
Authority
- Management Memo 08-09, Release of Personal Information for Research
- Government Code Section 11549
- Government Code Section 19572
- Statewide Security Policy, Section 5320
- Encryption on Portable Computing Devices, Budget Letter (BL) 05-32
- Classification of Information, BL 05-08
- Safeguarding Access to State Data, BL 04-35
- Removal of Confidential, Sensitive or Personal Information From State-Owned Surplus Personal Property and State-Owned Surplus Vehicles, Management Memo (MM) 07-09
- Protection of Information Assets, MM 06-12
Standards
- ISO/IEC 27002:2005 (formerly ISO 17799), Section 7, Asset Management
- Federal Information Processing Standards (FIPS)
- HIPAA Security Standards, Sections 164.308(a)(1), 164.310(c), and 164.310(d)(1)
- North America Electric Reliability Corporation (NERC) Standards CIP, 002 - Critical Cyber Asset Identification
- Standards for Categorization of Federal Information and Information Systems (FIPS 199)
Guidance
- NASCIO recommended reading
* July 2008, Ready for the Challenge (Electronic Records)
* April 2008, Data Governance - Information Asset Protection Guideline by ASIS International
Forms
- Stock Received Report, STD. 106 Form
- Returned Stock Report, STD. 108 Form
- Records Inventory Worksheet, STD. 70 Form
- Records Retention Schedules, STD. 73 Form
- Property Inventory Listing, STD. 157 Form
- Property Survey Report, STD.152 Form
Tools
- Sample Record of Property Issued to State Employee (.doc, 74k)
- Sample Employee Exit Checklist (.doc, 120k)
- Sample Management Directive and Procedures for Handling Confidential Documents (.doc, 43k)
- Data Inventory and Classification Project Tools
- Data Inventory and Classification Project Training Slides (.ppt, 191k)
- Data Inventory Project Sample Email from Designee (.doc, 28k)
- Data Inventory Project Survey Instructions (.doc, 159k)
- Data Inventory Project Survey Part I-A and B (.doc, 50k)
- Data Inventory Project Survey Part I-C (.doc, 72k)
- Data Inventory Project Survey Part II, Modified STD. 70 Form (.doc, 206k)
- Data Inventory Project Survey Part II, Modified STD. 70 Form Additional Page (.doc, 298k)
- Data Inventory Project Survey Part II, Modified STD. 70 Form (.xls, 24k)
- DGS Retention Schedule Guidelines, Indexed Version (.doc, 258k)
- DGS State Records Program Resources
- DGS State Records Center and Document Destruction Center
- DGS Master Contracts for Document Conversion Services
- DGS-CalRIM Schedule of Classes on Records Management
Last Updated: Wednesday, August 20, 2008
