Highlights of IS.006 Communication and Network Security Standard
The IS.006 Communication and Network Security Standard details requirements for network security management, remote access security management, third-party network access and secure file transfer by the Commonwealth of Massachusetts. This standard establishes security requirements for the Commonwealth’s network infrastructure and connectivity, including:
- Network architecture requirements to include redundancy, network segmentation, encryption and the documentation of network diagrams
- Use of network infrastructure protection such as firewalls, intrusion detection systems, web-proxies and data loss prevention
- Controls to protect end-point computing systems
- Requirements for remote access security management
- Requirements for third-party business-to-business connections
- Requirements for secure file transfer
The Executive Office of Technology Services and Security (EOTSS) publishes Enterprise Information Security Policies and Standards which must be included in a Department’s Internal Control Plan, implemented, tested, and included in staff training.