Cybersecurity standards and directives outline the state's efforts to safeguard government information systems. Below includes policies, directives, and specific actions required to enhance cybersecurity.
Information Security Foundations Policy
December 2024
Provides a foundational framework for information security across state government operations. The policy establishes consistent guidelines and best practices to safeguard public assets and sensitive information. The policy includes directives for securing data, ensuring compliance with legal and regulatory requirements, and promoting risk management. It serves as a cornerstone document for more specific cybersecurity standards, incident response protocols, and other operational security measures implemented within Vermont state agencies.
Cybersecurity Standard Update
January 2023
Outlines measures to enhance the security of information systems across Vermont's executive branch agencies. It supersedes previous standards from 2019 and 2022, emphasizing the prohibition of specific high-risk products and services.
Past updates and directives for reference:
January 2022
January 2019