|  | | 8/14/2019 1:38 PM |  Perrine, Rob (DARS) | Infastructure | Established the minimum requirements for the IT Accessivle Web and Media, based on SEction 508 of the Rehabilitation Act and the Worldwide Web Consortium (W3C) Web Content Accessibility Guidelines (WGAC) 2.0 level AA compliance | | Accessbility Procedure |
| | | 8/14/2019 1:40 PM | Perrine, Rob (DARS) | Infastructure | Outlines requirements, techniques, and expectations for creating accessible websites and documents within the DSA. | Accessibility Policy | |
| | | 2/5/2019 1:28 PM | Perrine, Rob (DARS) | Application | AWARE Case Management System is a web based application for managing DSA client cases. This manual details account management for DSA staff and interacts with the ISAA application to activate or deactivate accounts | AWARE Release Policy | |
| | | 1/23/2019 10:41 AM | Perrine, Rob (DARS) | Application | A team of users and information technology staff from DARS, DBVI, and WWRC work together to test and implement each release. This details all responsibilities of the user team, and contains a schedule to facilitate upgrades | | |
| | | 1/23/2019 11:49 AM | Perrine, Rob (DARS) | Infastructure | Customer Account Manager meeting charter, outlining responsibilities of the CAM in relation to IT governancy, strategy, procurement and oversight activities of the agency | DARS Incident Response Policy, DARS IT Confirguration Management Policy, DARS IT System and Information Integrity Policy, | |
| | | 2/5/2019 1:58 PM | Perrine, Rob (DARS) | Infastructure | Details procedures and submission of agenda items for bimonthly CAM meetings | CAM Charter | |
|  | | 1/23/2019 2:43 PM | Perrine, Rob (DARS) | Security | DARS has implemented an identification card - based access system for the DARS Central Office. Identification cards can also be made available to all DSA employees as requested. The system provides ingress control to the areas protected by swipe pads. | | |
| | | 2/5/2019 2:00 PM | Perrine, Rob (DARS) | Infastructure | Contains application and database change procedures, as well as back end move requests. This is followed during the execution phase of the Project Management Life Cycle | DARS Confirugration Management Policy, Systems Development Life Cycle Policy | |
| | | 1/22/2019 2:51 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Sets standards for threat detection, security monitoring and logging, as well as incident handling. Also includes incident response training (including testing), handling, monitoring, reporting, planning and assisting | | CAM Charter |
| | | 1/22/2019 3:52 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Sets baseline configuration and establishes configuration change control and settings along with configuration management plan. Also includes security impact analysis, access for change restriction, least functionality, and IS Component inventory | | Change Management Procedure Manual, CCB Charters, CAM Charter, DR Inventory Lists including DRAPE |
| | | 1/22/2019 4:02 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Creates Data Storage/Media Protection practices, including access, storage, transport, and sanitization. Applies to digital and non digital media | | VITA MOU, DARS Access Control Guide, WWRC Out Of Scope Procedures |
| | | 1/22/2019 4:35 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Documents sensitive information and information systems protection for personnel pre and post employment. Includes, personnel screening, transfer, sanctions and termination along with access agreements and third party personnel security | | DARS HR Policy and Procedures, ISAA System Manual |
| | | 9/30/2019 11:59 AM | Perrine, Rob (DARS) | SEC 501 and 525 | Defines level of physical/ environmental security for all facilities to safeguard information resources, including physical access authorizations, controls and monitoring. Emergency power, fire protection and temperature control also included | | DARS and WWRC Badge Security Manual and Contract, SARA Operations Manual |
| | | 1/22/2019 4:02 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Discusses security categorization, risk assessments, and vulnerability scans to be used in the execution, development and implementation of remediation programs. | | DARS RA Template, DARS Risk Assessment Procedure, DARS CAPS Monitoring Procedure, DARS Vulnerability Scanning Procedure |
| | | 1/23/2019 10:39 AM | Perrine, Rob (DARS) | SEC 501 and 525 | Sets Information System Connections, secruity authorizations covering operations and assets, and established a continuous monitoring program | | Application Specific Documentation |
| | | 1/22/2019 4:03 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Establishes application partitioning, security function isolation, boundary protection, public access protections, secure name/address resolution, as well as information in shared resources | | DARS Change Management Procedure, DARS Network Administrator Manual, DARS IIS Maintenance Manual |
| | | 3/10/2020 10:20 AM | Perrine, Rob (DARS) | SEC 501 and 525 | Designate data types and owner, to ensure systems are properly protected and configured based on the information containted in them | DARS Information Security Program Policy | |
| | | 1/22/2019 4:03 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Addresses the implementation of the system and information integrity controls including flaw remediation, malicious code protection, information system monitoring, spam protection, security alert/advisories/directives, and information input validation | | DARS Change Management Procedures, CAM Charter |
| | | 1/22/2019 2:48 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Addresses purpose, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Procedures to facilitate the implementation of an IT system | SDLC Policy | Project Management Manual, Access Control Manual |
| | | 1/22/2019 4:03 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Maintenance, diagnostic, and repair activities, performed on site or remotely, are managed and monitored to preserve the confidentiality, integrity, and availability of DARS information systems | | DARS WR Procedures, WWRC Out of Scope Infrastructure Maintenance Manual
|
| | | 1/23/2019 10:38 AM | Perrine, Rob (DARS) | SEC 501 and 525 | Develops system security plan for each information system classified as sensitive. Also contains rules to address user behavior with sensitive information and system usage. Plan and coordinate security-related activities affecting systems | DARS Security Awareness and Training Policy, DARS Logical Access Control Policy | |
| | | 10/1/2019 12:25 PM | Perrine, Rob (DARS) | SEC 501 and 525 | Ensures access controls to all information systems, including test and production envorinments. Includes account management, access enforcement, information flow enforcement, separation of duties, least privilege, session lock, unsuccessful login attempts | | ISAA User Manual, ISO Access Control Guide, Application Specific Documentation |
| | | 1/23/2019 11:53 AM | Perrine, Rob (DARS) | Infastructure | Minimum requirements for the use of a COV owned and maintained mobile device, a non-COV owned and maintained mobile device, as well as any mobile device taken outside the borders of the COV that is used to access, process or store DARS data | Remote and Wireless Access Controls, DDA DDS Telecommunications Policy | |
| | | 1/23/2019 11:54 AM | Perrine, Rob (DARS) | Infastructure | Establishes minimum for remote and wireless access to information systems, permitted only as necessary to support the purpose of the agency via authorized job functions. | DARS Mobile Device Access Control Policy | Mobile Device Application Manual, Network Administrator Guide |
| | | 1/22/2019 4:35 PM | Perrine, Rob (DARS) | Security | Facilitate implementation of processes necessary to meet audit and accountability requirements in SEC 501 and 502, with security audit best practices for all sensitive information systems | DARS Information Security Program Policy | |
| | | 1/22/2019 4:35 PM | Perrine, Rob (DARS) | Security | Ensures the Disability Services Agencies comply with the Commonwealth’s Security Awareness and Training Program. Establishes requirements for Security Awareness Training intended to educate users and foster understanding on protection of agency business | | DSA/WWRC Information Security Program Policy
|
| | | 1/23/2019 2:48 PM | Perrine, Rob (DARS) | Application | Outlines roles and responsibilities, usage, communications, references to policies, and generally answer question about the DSA’s implementation of this framework. | | |
| | | 10/1/2019 12:36 PM | Perrine, Rob (DARS) | SEC 501 and 525 | DARS users will be assigned a unique identity to securely authenticate to the systems that they have been authorized to access. Also includes identifier and authenticator management, along with authenticator feedback | | DARS Information Security Program Manual, ISAA User Manual, ISO Access Control Guide, Application Specific Documentation. |
| | | 1/23/2019 10:45 AM | Perrine, Rob (DARS) | Application | DSA Electronic Document Imaging, includeing DocFinity EDMS, Business Process Monitoring & Workflow System, Barcoding & Scanning, Records Management, eForms, Dashboards, Hierarchial Storage Management, and DocFinity Core | | |
| | | 1/23/2019 11:57 AM | Perrine, Rob (DARS) | Infastructure | Provide Unified Communications as a Service (UCaaS) telecommunications system-related guidance and support for Disability Services Agencies (DSA) and Disability Determination Services (DDS) staff. | | |
