CTR Announcements

Highlights of IS.006 Communication and Network Security Standard

The IS.006 Communication and Network Security Standard  details requirements for network security management, remote access security management, third-party network access and secure file transfer by the Commonwealth of Massachusetts.  This standard establishes security requirements for the Commonwealth’s network infrastructure and connectivity, including:

• Network architecture requirements to include redundancy, network segmentation, encryption and the documentation of network diagrams
• Use of network infrastructure protection such as firewalls, intrusion detection systems, web-proxies and data loss prevention
• Controls to protect end-point computing systems
• Requirements for remote access security management
• Requirements for third-party business-to-business connections
• Requirements for secure file transfer

The Executive Office of Technology Services and Security (EOTSS) publishes Enterprise Information Security Policies and Standards which must be included in a Department’s Internal Control Plan, implemented, tested, and included in staff training.