Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 51 – Endpoint Security Policy

Effective December 30, 2021

View All Sections >

49080.5 Roles and Responsibilities

  • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Chief Information Officer (CIO) or Designee

    • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee owns this policy and is responsible for ensuring that all Owners of Information Assets, Information Asset Custodians, and users of CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) information assets are aware of this policy and acknowledge their individual responsibilities.

    • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee is responsible for ensuring that this policy is reviewed annually and updated accordingly.

    • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) CIO or Designee is required to audit and assess compliance with this policy at least once every 2 years.

  • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Information Security Officer (ISOInformation Security Officer)

    • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) ISOInformation Security Officer shall assist Owners of Information Assets and Information Asset Custodians with the identification and selection of endpoint protection controls.

    • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) ISOInformation Security Officer shall ensure that endpoint protection controls meet CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) requirements for security and privacy.

  • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Owners of Information Assets and Program Management

    • Owners of Information Assets in collaboration with the Information Asset Custodians shall ensure that the endpoint protection controls are defined, documented, and implemented, and that implementation is reviewed annually.

    • Owners of Information Assets in collaboration with the Information Asset Custodians shall ensure the endpoint protection controls commensurate with the sensitivity or criticality of the asset are implemented for assets under their purview.

  • CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) Information Asset Custodians

    • Information Asset Custodians shall implement the requisite endpoint protection controls based upon the sensitivity or criticality of the assets as defined by the Owners of Information Assets.

    • Information Asset Custodians shall maintain and update endpoint protection technologies based on best practices.

    • Information Asset Custodians shall maintain records of endpoint protection controls and ensure proper change management.