ENTERPRISE SECURITY POLICIES AND STANDARDS
ITS is responsible for implementing and maintaining security polices and standards capable of improving the cybersecurity posture in the function of any state agency, institution or function of state government as a whole.
Enterprise Security Policy
The State of Mississippi Enterprise Security Policy establishes the minimum requirements for preserving the confidentiality, integrity, and availability of State data and information technology (IT) resources from unauthorized use, access, disclosure, modification, or destruction. This policy was last revised on July 1, 2025.
Enterprise Cloud and Offsite Hosting Security Policy
The State of Mississippi Enterprise Cloud and Offsite Security Policy establishes additional security requirements specifically for cloud and offsite hosting services. The requirements of this policy references contract terms and conditions and baseline security controls specially for cloud and offsite hosting services. This policy, the contract terms and conditions, and the baseline security controls were last revised on July 1, 2018.
Enterprise Security Awareness Training Standard​
The Enterprise Security Awareness Training Standard establishes an enterprise standard for a computer-based solution to be utilized by all state agencies that rely on computer-based training for delivering security awareness to their users.  This standard was last revised on September 9, 2019.
Cybersecurity Incident Notification Response Standard
The Cybersecurity Incident Notification Response Standard establishes resolution response requirements that state agencies shall follow when addressing a cybersecurity incident notification received from ITS. This standard was last revised on May 13, 2025.
Virtual Private Network (VPN) Standard 
The Virtual Private Network (VPN) Standard establishes the ITS-managed enterprise VPN as the enterprise standard for all virtual circuits connecting the Enterprise State Network to external locations. "Virtual circuits" includes both client and network-based circuits, and "external locations" means any location that does not connect exclusively to the Enterprise State Network whether the location is third party or state.  This standard was last revised on June 13, 2025.
Email Gateway Solution Standard
The Email Gateway Solution Standard establishes the ITS-managed enterprise email gateway as the enterprise standard for consolidating email security management for state government. This standard was last revised on June 13, 2025.
Agency Firewall Standard
The Agency Firewall Standard establishes the official firewall standard for state agencies that connect to the enterprise state network.. This standard was last revised on October 3, 2025.
Enterprise Guest-Public Access to State Network Standard
The Enterprise Guest-Public Access to State Network Standard establishes the requirements for ensuring that guest/public users are prohibited from accessing state network resources.  To facilitate guest/public access, ITS has approved several methods for providing Internet access to guest users while maintaining compliance with state cybersecurity policies. This standard was last revised on October 3, 2025.