Associated Policy
Associated Procedure
Accessibility Policy.docx
  
8/14/2019 1:38 PMPerrine, Rob (DARS)InfastructureEstablished the minimum requirements for the IT Accessivle Web and Media, based on SEction 508 of the Rehabilitation Act and the Worldwide Web Consortium (W3C) Web Content Accessibility Guidelines (WGAC) 2.0 level AA compliance
Accessbility Procedure
Accessibility Procedure.docx
  
8/14/2019 1:40 PMPerrine, Rob (DARS)InfastructureOutlines requirements, techniques, and expectations for creating accessible websites and documents within the DSA.
Accessibility Policy
AWARE Account Management Procedure.docx
  
2/5/2019 1:28 PMPerrine, Rob (DARS)ApplicationAWARE Case Management System is a web based application for managing DSA client cases. This manual details account management for DSA staff and interacts with the ISAA application to activate or deactivate accounts
AWARE Release Policy
AWARE Release Policy and Procedures.docx
  
1/23/2019 10:41 AMPerrine, Rob (DARS)ApplicationA team of users and information technology staff from DARS, DBVI, and WWRC work together to test and implement each release. This details all responsibilities of the user team, and contains a schedule to facilitate upgrades
CAM CHARTER.docx
  
1/23/2019 11:49 AMPerrine, Rob (DARS)InfastructureCustomer Account Manager meeting charter, outlining responsibilities of the CAM in relation to IT governancy, strategy, procurement and oversight activities of the agency
DARS Incident Response Policy, DARS IT Confirguration Management Policy, DARS IT System and Information Integrity Policy,
CAM meeting procedures.docx
  
2/5/2019 1:58 PMPerrine, Rob (DARS)InfastructureDetails procedures and submission of agenda items for bimonthly CAM meetings
CAM Charter
DARS Central Security System Access Policy.doc
  
1/23/2019 2:43 PMPerrine, Rob (DARS)SecurityDARS has implemented an identification card - based access system for the DARS Central Office.  Identification cards can also be made available to all DSA employees as requested. The system provides ingress control to the areas protected by swipe pads.
DARS Change Management Process.doc
  
2/5/2019 2:00 PMPerrine, Rob (DARS)InfastructureContains application and database change procedures, as well as back end move requests. This is followed during the execution phase of the Project Management Life Cycle
DARS Confirugration Management Policy, Systems Development Life Cycle Policy
DARS Incident Response Policy.docx
  
1/22/2019 2:51 PMPerrine, Rob (DARS)SEC 501 and 525Sets standards for threat detection, security monitoring and logging, as well as incident handling. Also includes incident response training (including testing), handling, monitoring, reporting, planning and assisting
CAM Charter
DARS IT Configuration Management Policy.docx
  
1/22/2019 3:52 PMPerrine, Rob (DARS)SEC 501 and 525Sets baseline configuration and establishes configuration change control and settings along with configuration management plan. Also includes security impact analysis, access for change restriction, least functionality, and IS Component inventory
Change Management Procedure Manual, CCB Charters, CAM Charter, DR Inventory Lists including DRAPE
DARS IT Media Protection Policy.docx
  
1/22/2019 4:02 PMPerrine, Rob (DARS)SEC 501 and 525Creates Data Storage/Media Protection practices, including access, storage, transport, and sanitization. Applies to digital and non digital media
VITA MOU, DARS Access Control Guide, WWRC Out Of Scope Procedures
DARS IT Personnel Security Policy.docx
  
1/22/2019 4:35 PMPerrine, Rob (DARS)SEC 501 and 525Documents sensitive information and information systems protection for personnel pre and post employment. Includes, personnel screening, transfer, sanctions and termination along with access agreements and third party personnel security
DARS HR Policy and Procedures, ISAA System Manual
DARS IT Physical Environmental Protection Policy.docx
  
9/30/2019 11:59 AMPerrine, Rob (DARS)SEC 501 and 525Defines level of physical/ environmental security for all facilities to safeguard information resources, including physical access authorizations, controls and monitoring. Emergency power, fire protection and temperature control also included
DARS and WWRC Badge Security Manual and Contract, SARA Operations Manual
DARS IT Risk Assessment Policy.docx
  
1/22/2019 4:02 PMPerrine, Rob (DARS)SEC 501 and 525Discusses security categorization, risk assessments, and vulnerability scans to be used in the execution, development and implementation of remediation programs.
DARS RA Template, DARS Risk Assessment Procedure, DARS CAPS Monitoring Procedure, DARS Vulnerability Scanning Procedure
DARS IT Security Assessment and Authorization Policy.docx
  
1/23/2019 10:39 AMPerrine, Rob (DARS)SEC 501 and 525Sets Information System Connections, secruity authorizations covering operations and assets, and established a continuous monitoring program
Application Specific Documentation
DARS IT System and Communications Protection Policy.docx
  
1/22/2019 4:03 PMPerrine, Rob (DARS)SEC 501 and 525Establishes application partitioning, security function isolation,  boundary protection, public access protections, secure name/address resolution, as well as information in shared resources
DARS Change Management Procedure, DARS Network Administrator Manual, DARS IIS Maintenance Manual
DARS IT System and Data Classification Policy.docx
  
3/10/2020 10:20 AMPerrine, Rob (DARS)SEC 501 and 525Designate data types and owner, to ensure systems are properly protected and configured based on the information containted in them
DARS Information Security Program Policy
DARS IT System and Information Integrity Policy.docx
  
1/22/2019 4:03 PMPerrine, Rob (DARS)SEC 501 and 525Addresses the implementation of the system and information integrity  controls including flaw remediation, malicious code protection, information system monitoring, spam protection, security alert/advisories/directives, and information input validation
DARS Change Management Procedures, CAM Charter
DARS IT System and Services Acquisition Policy.docx
  
1/22/2019 2:48 PMPerrine, Rob (DARS)SEC 501 and 525Addresses purpose, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and Procedures to facilitate the implementation of an IT system
SDLC Policy
Project Management Manual, Access Control Manual
DARS IT System Maintenance Policy.docx
  
1/22/2019 4:03 PMPerrine, Rob (DARS)SEC 501 and 525Maintenance, diagnostic, and repair activities, performed on site or remotely, are managed and monitored to preserve the confidentiality, integrity, and availability of DARS information systems
DARS WR Procedures, WWRC Out of Scope Infrastructure Maintenance Manual
DARS IT System Security Planning Policy.docx
  
1/23/2019 10:38 AMPerrine, Rob (DARS)SEC 501 and 525Develops system security plan for each information system classified as sensitive. Also contains rules to address user behavior with sensitive information and system usage.  Plan and coordinate security-related activities affecting systems
DARS Security Awareness and Training Policy, DARS Logical Access Control Policy
DARS Logical Access Controls Policy.docx
  
10/1/2019 12:25 PMPerrine, Rob (DARS)SEC 501 and 525Ensures access controls to all information systems, including test and production envorinments. Includes account management, access enforcement, information flow enforcement, separation of duties, least privilege, session lock, unsuccessful login attempts
ISAA User Manual, ISO Access Control Guide, Application Specific Documentation
DARS Mobile Device Access Controls Policy.docx
  
1/23/2019 11:53 AMPerrine, Rob (DARS)InfastructureMinimum requirements for the use of a COV owned and maintained mobile device, a non-COV owned and maintained mobile device, as well as any mobile device taken outside the borders of the COV that is used to access, process or store DARS data
Remote and Wireless Access Controls, DDA DDS Telecommunications Policy
DARS Remote and Wireless Access Controls Policy.docx
  
1/23/2019 11:54 AMPerrine, Rob (DARS)InfastructureEstablishes minimum for remote and wireless access to information systems, permitted only as necessary to support the purpose of the agency via authorized job functions.
DARS Mobile Device Access Control Policy
Mobile Device Application Manual, Network Administrator Guide
DARS Security Audit, Monitoring and Logging Policy.docx
  
1/22/2019 4:35 PMPerrine, Rob (DARS)SecurityFacilitate implementation of processes necessary to meet audit and accountability requirements in SEC 501 and 502, with security audit best practices for all sensitive information systems
DARS Information Security Program Policy
DARS Security Awareness and Training Policy.docx
  
1/22/2019 4:35 PMPerrine, Rob (DARS)SecurityEnsures the Disability Services Agencies comply with the Commonwealth’s Security Awareness and Training Program.  Establishes requirements for Security Awareness Training intended to educate users and foster understanding on protection of agency business
DSA/WWRC Information Security Program Policy

DARS SharePoint Governance for End Users.doc
  
1/23/2019 2:48 PMPerrine, Rob (DARS)ApplicationOutlines roles and responsibilities, usage, communications, references to policies, and generally answer question about the DSA’s implementation of this framework. 
DARS-IT-Identification-and-Authentication-Policy.docx
  
10/1/2019 12:36 PMPerrine, Rob (DARS)SEC 501 and 525DARS users will be assigned a unique identity to securely authenticate to the systems that they have been authorized to access. Also includes identifier and authenticator management, along with authenticator feedback
DARS Information Security Program Manual, ISAA User Manual, ISO Access Control Guide, Application Specific Documentation.
DocFinity Policy and Procedures Manual - Business Process.docx
  
1/23/2019 10:45 AMPerrine, Rob (DARS)ApplicationDSA Electronic Document Imaging, includeing DocFinity EDMS, Business Process Monitoring & Workflow System, Barcoding & Scanning, Records Management, eForms, Dashboards, Hierarchial Storage Management, and DocFinity Core
DSA and DDS Telecommunications Policy and Procedures.docx
  
1/23/2019 11:57 AMPerrine, Rob (DARS)InfastructureProvide Unified Communications as a Service (UCaaS) telecommunications system-related guidance and support for Disability Services Agencies (DSA) and Disability Determination Services (DDS) staff.
1 - 30Next