File #: 21-00847    Version: 1
Type: Administrative Item Status: Agenda Ready
File created: 9/9/2021 In control: BOARD OF SUPERVISORS
On agenda: 9/21/2021 Final action: 9/21/2021
Title: Consider recommendations regarding Countywide Technical Cyber Security Policies, as follows: a) Approve the following 20 Technical Security Policies: i) IT Security Program Description (ITAM-0600); ii) IT Security Program Implementation Plan (ITAM-0601); iii) Glossary of IT Security Terms (ITAM-0602); iv) Access Control (AC) (ITAM-0610); v) Awareness and Training (AT) (ITAM-0611); vi) Audit and Accountability (AU) (ITAM-0612); vii) Security Assessment and Authorization (CA) (ITAM-0613); viii) Configuration Management (CM) (ITAM-0614); ix) Contingency Planning (CP) (ITAM-0615); x) Identification and Authentication (IA) (ITAM-0616); xi) Incident Response (IR) (ITAM-0617); xii) Maintenance (MA) (ITAM-0618); xiii) Media Protection (MP) (ITAM-0619); xiv) Physical and Environmental Protection (PE) (ITAM-0620); xv) Planning (PL) (ITAM-0621); xvi) Personnel Security (PS) (ITAM-0623); xvii) Risk Assessment (RA) (ITAM-0625); xviii) System and Services Acquisition (SA) (ITAM-0626); xix) System ...
Sponsors: COUNTY EXECUTIVE OFFICE
Attachments: 1. Board Letter, 2. Attachment A: IT Security Program Description - ITAM0600, 3. Attachment B: IT Security Program Implementation Plan-ITAM-0601, 4. Attachment C: Glossary of Definitions - ITAM-0602, 5. Attachment D: Access Control Policy - ITAM-0610, 6. Attachment E: Security Awareness and Training Policy - ITAM-0611, 7. Attachment F: Auditing and Accountability Policy - ITAM-0612, 8. Attachment G: Security Assessment and Authorization Policy - ITAM-0613, 9. Attachment H: County Configuration Management Policy - ITAM-0614, 10. Attachment I: Contingency Planning Policy - ITAM-0615, 11. Attachment J: Identification and Authentication Policy - ITAM-0616, 12. Attachment K: Incident Response Policy - ITAM-0617, 13. Attachment L: Maintenance Policy - ITAM-0618, 14. Attachment M: Media Protection Policy - ITAM-0619, 15. Attachment N: Physical and Environmental Protection Policy - ITAM-0620, 16. Attachment O: Planning Policy - ITAM-0621, 17. Attachment P: Personnel Security Policy - ITAM-0623, 18. Attachment Q: Risk Assessment Policy - ITAM-0625, 19. Attachment R: System and Services Acquisition Policy - ITAM-0626, 20. Attachment S: System and Communications Protection Policy - ITAM-0627, 21. Attachment T: System and Information Integrity Policy - ITAM-0628, 22. Minute Order

Title

Consider recommendations regarding Countywide Technical Cyber Security Policies, as follows:

 

a) Approve the following 20 Technical Security Policies:

 

i) IT Security Program Description (ITAM-0600);

ii) IT Security Program Implementation Plan (ITAM-0601);

iii) Glossary of IT Security Terms (ITAM-0602);

iv) Access Control (AC) (ITAM-0610);

v) Awareness and Training (AT) (ITAM-0611);

vi) Audit and Accountability (AU) (ITAM-0612);

vii) Security Assessment and Authorization (CA) (ITAM-0613);

viii) Configuration Management (CM) (ITAM-0614);

ix) Contingency Planning (CP) (ITAM-0615);

x) Identification and Authentication (IA) (ITAM-0616);

xi) Incident Response (IR) (ITAM-0617);

xii) Maintenance (MA) (ITAM-0618);

xiii) Media Protection (MP) (ITAM-0619);

xiv) Physical and Environmental Protection (PE) (ITAM-0620);

xv) Planning (PL) (ITAM-0621);

xvi) Personnel Security (PS) (ITAM-0623);

xvii) Risk Assessment (RA) (ITAM-0625);

xviii) System and Services Acquisition (SA) (ITAM-0626);

xix) System and Communications Protection (SC) (ITAM-0627); and

xx) System and Information Integrity (SI) (ITAM-0628); and

 

b) Determine that the above action is not a project under the California Environmental Quality Act (CEQA) pursuant to CEQA Guidelines Sections 15378(b)(2) and 15378(b)(5) because it consists of government administrative activities, including general policy or procedure making, that will not result in direct or indirect physical changes in the environment.