CYBERSECURITY RESOURCES

Policies

Security Policies

There are several ways to search for a policy. Find helpful information on how to search for a specific policy HERE.

• Montana Operations Manual (MOM) - Enterprise Policy
• Information Security Policy (Search by Policy Title)
  • Appendix A (Baseline Security Controls)
  • Appendix B (Roles and Responsibilities)
  • Appendix C (Standards)
    • Acceptable Use of IT Resources Standard
    • Cyber Incident Handling Steps
      • Large Cyber Incident Standard
      • Small Cyber Incident Standard
      • Cyber Incident Report Form
    • Cybersecurity for International Travel Standard
    • Identification and Authentication Standard
    • Disposal of Media Storage Device Standard
      • Disposal of Media Storage Device Form
    • Hardening Of Devices Standard
    • Vulnerability Management Standard
  • Appendix D (Cybersecurity Framework crosswalk to Baseline Security Controls)
• Data Loss Prevention (DLP) System

Policy Exceptions

• Search Action and Exception Request Procedure at policy.mt.gov
• Policy Exception Form

Department of Administration

• Department of Administration Policies (State employees only)
• SITSD Policies and Procedures (State employees only)

Montana Information Security Advisory Council (MT-ISAC)

• MT-ISAC Website
• MT-ISAC SharePoint Site (State employees only)
• MT-ISAC Best Practices Workgroup SharePoint Site (State employees only)

Nationwide Cyber Security Review

• Nationwide Cyber Security Review (NCSR)
• NCSR Login (instance number is 20244)

State Law

• Montana Code Annotated (MCA)
• Montana Information Technology Act (MITA)