10.1 Program Requirements

10.1 Program Requirements

Copyright(c), 1995 - Management Analytics - All Rights Reserved

All DOC organizations will establish, implement and maintain an IT security program consistent with the Department and government-wide laws, regulations, policies, procedures and standards. The program must include as a minimum, adequate and appropriate levels of protection for all IT resources within the organization, including hardware, software, physical and environmental facilities that support IT systems, telecommunications, administrative, personnel and data.

All IT systems will be identified and appropriate controls implemented in the following categories:

Responsibilities for the DOC IT security program starts at the Department level and flows down through management of all organizations to the individual users.

IT security program responsibilities are assigned to the Department and all operating units in line with the requirements outlined in section F. below.