Background
The Technology Infrastructure Standards Assessment (TISA) for fiscal year 2012
for Group 1 Agencies is being replaced by remediation of high risk findings
from the FY11 statewide security risk assessment. Agencies participating in
this gap remediation are not required to complete a TISA
survey for FY 2012.
Purpose
The purpose of the gap remediation is to:
- Remediate
high risk vulnerabilities of internal and external devices that were identified
in the security vulnerability scans
- Remediate
high risk gaps in the policy assessment that were identified in the FY11
results
- Reduce
the State’s security risk through prioritized mitigation plans that result from
the assessment
- Follow-up
with SISPO quarterly on actions taken to remediate high risk gaps that were
identified in the FY11 assessment
In
addition to agency gap remediation, special attention should be paid to these
areas, as they apply to your agency:
- Enforcement of Email and Internet policies
- Development of annual IT Security Awareness
program that is implementable
- Continuous patch
management
- IT Disaster Recovery Planning
and documentation for mission-essential functions
Questions
For access to the TISA application, or questions on
TISA or IT security policy and standards
compliance, contact the ISO manager at 602-284-3234 or dchristofferson@azgita.gov,
or the CISO at 602-364-4771 or jryan@azgita.gov.
