Cyber Security Policies

Below are the 25 cyber security policies that govern NMHS Cyber Security Program.

1.0 Cyber Security Program Policy

1.0.a Attachment A Cyber Security Organizational Policy Table of Contents

1.0.b Attachment B CISO Appointment Letter

1.0.c Attachment C Cyber Security Council Charter

1.0.d Attachment D Cyber Security Council Working Group Charter

1.0.e IT Business Continuity and Disaster Recovery Committee Charter

1.0.f Attachment F Exception to Policy Memo

2.0 Cyber Security Review and Audit Policy

3.0 Cyber Security Corrective Actions and Remedial Training Policy

4.0 Acceptable Use Policy

5.0 Audit Logging & Monitoring Policy

6.0 Data Classification Policy

7.0 Identity & Access Management Policy

8.0 Password Management Policy

9.0 Data Retention and Destruction Policy

10.0 IT Business Continuity and Disaster Recovery Policy

11.0 Patch Management Policy

12.0 Risk Management Policy

12.a Vendor Risk Assessment Request Process

13.0 Vulnerability Management Policy

14.0 Email and File Access Policy

15.0 Systems and Network Security Policy

16.0 Portable Media Policy (Combined)

17.0 Mobile Device Management & Bring Your Own Device Policy

18.0 Configuration Management Policy

19.0 Cryptography Controls Policy

19.0.a Attachment A Key Custodian Agreement

19.0.b Attachment B Key Custodian Appointment Letter

20.0 Security Training and Awareness Policy

21.0 Cyber Incident Response Policy

22.0 Physical Security Policy

23.0 Vendor Management Policy

24.0 Secure Mail Policy

24.0.a Attachment A Packaging Sensitive Information

25.0 Systems Development and Life Cycle (SDLC) Policy



Change Control Policy