Highlights of IS.006 Communication and Network Security Standard
The IS.006 Communication and Network Security Standard details requirements for network security management, remote access security management, third-party network access and secure file transfer by the Commonwealth of Massachusetts. This standard establishes security requirements for the Commonwealth’s network infrastructure and connectivity, including:
- Network architecture requirements to include redundancy, network segmentation, encryption and the documentation of network diagrams
- Use of network infrastructure protection such as firewalls, intrusion detection systems, web-proxies and data loss prevention
- Controls to protect end-point computing systems
- Requirements for remote access security management
- Requirements for third-party business-to-business connections
- Requirements for secure file transfer
See the Enterprise Information Security Standards Self-Assessment Questionnaire (Excel) that can be used to track compliance with implementing these internal controls. Departments should expect to be audited on compliance with these internal controls.
The Executive Office of Technology Services and Security (EOTSS) publishes Enterprise Information Security Policies and Standards which must be included in a Department’s Internal Control Plan, implemented, tested, and included in staff training.