ENTERPRISE CLOUD AND OFFSITE HOSTING SECURITY POLICY
Enterprise Cloud and Offsite Hosting Security Policy
The State of Mississippi Enterprise Cloud and Offsite Security Policy establishes additional security requirements specifically for cloud and offsite hosting services.
Contract Terms and Conditions
Per rule 1.4 of the State of Mississippi Enterprise Cloud and Offsite Hosting Security Policy, each agency must ensure that new contracts and amendments include the terms and conditions approved by ITS.
State agencies that have a contract for cloud or offsite hosting services that was in place before July 1, 2018 that does not include the contract terms and conditions associated with this policy must ensure that the terms and conditions are included at the time of the next renewal, modification, or renegotiation.
State agencies planning to enter into a new agreement for a cloud or offsite hosting service must ensure the terms and conditions are included in that agreement.
ITS will ensure that it negotiates the inclusion of the contract terms and conditions for all applicable agreements executed by ITS.
Baseline Security Controls
Per rule 1.5A of the State of Mississippi Enterprise Cloud and Offsite Hosting Security Policy, in additional to adhering to the State of Mississippi Enterprise Security Policy, each agency must ensure adherence to the baseline security controls for Cloud and Offsite Hosting implementations.
State agencies planning to utilize cloud or offsite hosting services must require prospective Providers to document their compliance levels to the baseline security controls prior to the agency's selection of a winning Provider. Agencies must use the Provider's documented compliance levels as part of their evaluation and selection criteria.
ITS will ensure that it includes the baseline security controls in all applicable procurements it processes and that they are used as part of the evaluation and award criteria.