POLICIES
OTECH Information Technology Policies and Procedures
Policy No | Title | Publish / Revision Dates | Purpose |
---|---|---|---|
OTECH-POL2024-001 | External Storage Devices Policy | 2024-07-16 | To define inherent risk and acceptable use of removable storage devices. |
OTECH-POL2021-008 | Facility Physical Security and Access Control Policy | 2021-08-30 2022-06-07 2024-03-01 | To provide a process that is required to ensure an organized approach to managing cyber incidents within Government of Guam (GovGuam) entities supported by the Office of Technology (OTECH) and to coordinate response and resolution efforts to prevent or limit damage that may be caused. |
OTECH-POL2021-007 | Cyber Incident Response Policy | 2021-08-31 2024-03-01 | To provide a process that is required to ensure an organized approach to managing cyber incidents within Government of Guam (GovGuam) entities supported by the Office of Technology (OTECH) and to coordinate response and resolution efforts to prevent or limit damage that may be caused. |
OTECH-POL2021-006 | Security Awareness Training Policy | 2021-08-30 2022-03-29 2024-03-01 | To bring awareness of security risks associated with information systems and of the applicable federal and agency requirements related to the security of strategic information systems. |
OTECH-POL2021-005 | Password Policy | 2021-09-06 2024-03-01 | To establish controls relating to password requirements of Government of Guam Information Technology (IT) Systems. |
OTECH-POL2021-004 | Email Policy | 2021-08-06 2024-03-01 | To provide guidelines to secure access and usage of Government of Guam e-mail services by its users. |
OTECH-POL2021-003 | Risk Assessment Policy & Procedures | 2021-08-27 2024-03-01 | To provide guidelines for assessing and addressing security risks on Government of Guam (GovGuam) Information Systems. |
OTECH-POL2021-002 | IT System Development Requirements & Security Assessment Standards | 2021-08-27 2022-01-20 2024-03-01 | To provide security control standards for all Government of Guam (GovGuam) Information Systems, to include all GovGuam Information Systems hosted outside of the GovGuam Network (GGWAN). |
OTECH-POL2021-001 | IT Audit & Accountability Policy | 2021-08-27 2022-03-29 2024-03-01 | To provide guidance for the Audit and Accountability (AU) security controls on Government of Guam (GovGuam) information systems. |
OTECH-POL2020-005 | Personally Identifiable Information (PII) Policy | 2020-03-04 2024-03-01 | To establish adequate controls to Government of Guam Information Technology (IT) systems and devices maintained by the Office of Technology (OTECH). As part of daily operational activities, GovGuam staff may have access to citizen or staff PII. This information is generally found in personnel files, citizen data sets, performance reports, program evaluations, grant and contract files, or other sources. Federal law and federal policies require that PII and other sensitive information be secured and protected at all times. |
OTECH-POL2020-004 | Change Management Policy | 2020-03-04 2024-03-01 | To define responsibilities, policies and procedures for changes to the Government of Guam network. |
OTECH-POL2020-003 | Remote Access Policy | 2020-03-04 2022-07-05 2024-03-01 2024-05-22 | To define rules and requirements for connecting to the Government of Guam’s network from any host. |
OTECH-POL2020-002 | User Access & Control Management Policy | 2020-03-04 2024-03-01 | To establish adequate controls to Government of Guam Information Technology (IT) systems and devices maintained by the Office of Technology (OTECH). |
OTECH-POL2020-001 | IT Hardware and Software Acquisition Policy | 2020-03-04 2024-03-01 | To define the process by which Information Technology (IT) hardware and software are reviewed, purchased and maintained. |
OTECH-POL2019-008 | Personally Owned Device Policy | 2019-07-26 2024-03-01 | To define standards, procedures, and restrictions for end users connecting a personally owned device to the Government of Guam Wide Area Network for business purposes. |
OTECH-POL2019-007 | IT Security Policy End User Protection | 2019-07-26 2024-03-01 | To establish a standard baseline for effective security measures enforced on all end user computing (EUC) hardware connected to the Government of Guam Wide Area Network (GGWAN), as well as any future security requirements for portable storage and mobile device management. |
OTECH-POL2019-006 | Data Destruction & Sanitization Policy | 2019-07-19 2024-03-01 | To provide proper procedures for disposal and disposition of surplus computer hardware and other storage media. |
OTECH-POL2019-005 | Social Media Policy | 2019-07-18 2024-03-01 | To establish a baseline standard for the proper use of social media networks within the Government of Guam Network. |
OTECH-POL2017-006 | Backup Policy and Procedures | 2017-08-04 2024-03-01 | To provide details on the stipulations of data backup and retrieval operations for critical servers. |
OTECH-POL2017-005 | IT Disaster Recovery Plan | 2017-08-04 2024-03-01 | To define protocols and procedures in the event OTECH experiences a disaster. |
OTECH Directives, Memos and IT Guidelines
Document No. | Title | Publication Date | Purpose |
---|---|---|---|
Enterprise VPN Security | Government of Guam Virtual Private Network (VPN) Security | 2022-07-08 | Memo establishing enhanced Virtual Private Network (VPN) security for remote access to the Government of Guam Wide Area Network. |
GovGuam AUP | Acceptable Use of Government Issued Computers, Digital Equipment, and Internet Access | 2019-07-01 | Employee agreement to the terms of the GovGuam Acceptable Use Policy for Government-issued computers, digital equipment and internet access. |
Governor’s Directive No.2009-001 | Bureau of Information Technology | 2009-04-27 | Directive tasking the Bureau of Information Technology to identify opportunities for reducing the government’s cost while promoting a more environmentally friendly approach to the deployment of government technology. |
Governor’s Circular No. 2008-0073 | Government of Guam Domain | 2008-12-19 | Circular informing all Government of Guam line agencies of the domain name format and standards. |
GovGuam Domain Name Directive | Government of Guam Domain Name Directive | Directive regarding the new domain naming standard and transition phase requirement. | |
BIT Directive-AntiVirus | BIT Directive – Anti Virus Requirement | 2008-08-19 | Directive requiring all GoveGuam PCs to have active and current anti-virus installed. |