OPM: Data Classification Policy

Data Classification Policy

 
Version: 1.0
Date issued:      March 30, 2010 
Date Effective:   March 30, 2010
Supersedes: N/A
 
Document Includes:
 
 
The Chief Information Officer for the State of Connecticut Department of Information Technology (DOIT) has established this policy to adopt and apply the Federal Information Processing Standards (FIPS), the National Institute for Standards and Technology (NIST) Special Publications, and the Federal Information System Management Act of 2002 (FISMA - 44 U.S.C. § 3541 et seq.), regarding data classification, to all data within the custody of the State of Connecticut Executive Branch.
 
The purpose of the policy is to ensure consistency in classification of such state data in accordance with state and relevant federal standards, as referenced in Appendix B of DOIT’s Data Classification Methodology

This policy enhances the State of Connecticut Policies on Security for Mobile Computing and Storage Devices, Acceptable Use Policy, and the Network Security Policy and Procedures. The Policies should be read together to ensure a full understanding of State policy.
 
This policy applies to all data in the custody of the State of Connecticut Executive Branch. This policy covers State of Connecticut Executive Branch agencies’ employees, whether permanent or non-permanent, full or part-time, and all consultants or contracted individuals so retained by the Executive Branch agency, with access to State data (herein referred to as “users”).

This policy does not apply to the Judicial or Legislative Branches of government, or State institutions of higher education. However, these branches and institutions may consider adopting any or all parts of this policy.
 
 
In accordance with Conn. Gen. Stat. §4d-2(c)(1), the Chief Information Officer (CIO) is responsible for developing and implementing policies pertaining to information and telecommunication systems for State agencies.
  1. Each Executive Branch Agency shall assign a classification to all data for which the agency has custodial responsibility.
  2. Each Executive Branch Agency shall follow the Data Classification Methodology as developed and provided by DOIT.