The Technology Infrastructure Standards Assessment (TISA) for fiscal year 2012 for Group 1 Agencies is being replaced by remediation of high risk findings from the FY11 statewide security risk assessment. Agencies participating in this gap remediation are not required to complete a TISA survey for FY 2012.
The purpose of the gap remediation is to:
- Remediate high risk vulnerabilities of internal and external devices that were identified in the security vulnerability scans
- Remediate high risk gaps in the policy assessment that were identified in the FY11 results
- Reduce the State’s security risk through prioritized mitigation plans that result from the assessment
- Follow-up with SISPO quarterly on actions taken to remediate high risk gaps that were identified in the FY11 assessment
In addition to agency gap remediation, special attention should be paid to these areas, as they apply to your agency:
- Enforcement of Email and Internet policies
- Development of annual IT Security Awareness program that is implementable
- Continuous patch management
- IT Disaster Recovery Planning and documentation for mission-essential functions
For access to the TISA application, or questions on TISA or IT security policy and standards compliance, contact the Enterprise Architecture Team.