Technical Operating Instruction 6-01

Overview

The modern functioning of State Government relies on the collection, analysis, production, communication, and distribution of information within various state departments, other governmental organizations, business partners, and citizens. The information systems enabling these activities, their users, and supporting infrastructure are crucial, strategic, organizational assets that require efficient quality service to provide maximum value to the organization. Securing this information infrastructure is the responsibility of the security unit within Enterprise Technical Support.

Improving the security posture of enterprise IT operations is a continuing effort to standardize, coordinate, and consolidation access to information resources from internal and external sources. This instruction requires MPA 230 vendors to use DoIT approved methods for remote access to the State Information Infrastructure, or receive written approval from the DoIT Operations Director for alternate methods.

Scope

This instruction pertains to MPA 230 vendors, and contractors providing services to the State Information Infrastructure within the justification of the Chief Information Officer.

Instructions

Effective immediately all MPA 230 contract personnel, their vendors, and others doing work on their behalf and support the infrastructure are required to use DoIT approved access methods. Access methods include:

• Virtual Private Network (VPN)
• Secure Virtual Private Network (SSL VPN)
• Modem Dial-in

All accounts must be registered with the Service Desk including access rights.

Other technologies used to manage the information infrastructure must be approved by the Director of IT Operations, and must be registered with Service Desk and within the control of Enterprise Technical Support.

MPA 230 vendors are responsible for compliance with all policies, procedures and instructions of DoIT and customer agencies by contract personnel.