Skip to Main Content
October 5, 2022

Highlights of IS.003 Access Management Standard

Cybersecurity Awareness Month Enterprise Information Security

The IS.003 Access Management Standard  sets policy standards for implementing user access management, network access control and system authentication control in order to protect Commonwealth of Massachusetts information assets and network services. 

See the Enterprise Information Security Standards Self-Assessment Questionnaire [Excel] that can be used to track compliance with implementing these internal controls. Departments should expect to be audited on compliance with these internal controls.   

The Executive Office of Technology Services and Security (EOTSS) publishes Enterprise Information Security Policies and Standards which must be included in a Department’s Internal Control Plan, implemented, tested, and included in staff training. These standards apply to all Executive Department offices and agencies and are the default standard for non-Executive departments.