Cyber Security Policies

Below are the 25 cyber security policies that govern NMHS Cyber Security Program.

1.0 Cyber Security Program Policy

1.0.a Attachment A Cyber Security Organizational Policy Table of Contents

1.0.b Attachment B CISO Appointment Letter

1.0.c Attachment C Cyber Security Council Charter

1.0.d Attachment D Cyber Security Council Working Group Charter

1.0.e IT Business Continuity and Disaster Recovery Comittiee Charter

1.0.f Attachment F Exception to Policy Memo

2.0 Cyber Security Review and Audit Policy

3.0 Cyber Security Sanctions and Remedial Training Policy

4.0 Acceptable Use Policy

5.0 Audit Logging & Monitoring Policy

6.0 Data Classification Policy

7.0 Identity & Access Management Policy – Coming Soon!

8.0 Password Management Policy

9.0 Data Retention and Destruction Policy

10.0 IT Business Continuity and Disaster Recovery Policy

11.0 Patch Management Policy

12.0 Risk Management Policy

12.a Vendor Risk Assessment Request Process

13.0 Vulnerability Management Policy

14.0 Email and File Access Policy

15.0 Systems and Network Security Policy – Coming Soon!

16.0 Portable Media Policy (Combined)

17.0 Mobile Device Management & Bring Your Own Device Policy

18.0 Configuration Management Policy – Coming Soon!

19.0 Cryptography Controls Policy

19.0.a Attachment A Key Custodian Agreement

19.0.b Attachment B Key Custodian Appointment Letter

20.0 Security Training and Awareness Policy

21.0 Cyber Incident Response Policy – Coming Soon!

22.0 Physical Security Policy

23.0 Vendor Managment Policy

24.0 Secure Mail Policy

24.0.a Attachment A Packaging Sensitive Information

25.0 Systems Development and Life Cycle (SDLC) Policy – Coming Soon!



Change Control Policy