Information security policies are foundational to an information security program. Metro has adopted the following polices based on industry standards and best practices. Departments or agencies may adopt more stringent policies should circumstances warrant.
Metro continues to evaluate and update existing policies and establish new policies based on an ever-changing environment and new requirements for information security.
Executive Orders
- Mayor Freddie O'Connell Executive Order Number 037
- Mayor Megan Barry Executive Order Number 034, reaffirmed by Mayor John Cooper
Policies
- Metropolitan Government Information Security Management Policy
- Acceptable Use of Information Technology Assets
- Access Control and User Account Management
- Human Resources Security
- Physical and Environmental Security
- External Party Security
- Information Security Incident Management
- Teleworking and Mobile Computing
- Risk Management
- Cryptographic Controls
- Information Classification
- Inventory and Ownership of Assets
- IT Contingency - Disaster Recovery
- Software and System Development
- Patch and Vulnerability Management
- Protection Against Malicious Code
- Change Management
- Cyber Threat Intelligence and Information Sharing
- Audit, Monitoring, and Logging
- Vulnerability Disclosure
- Artificial Intelligence and Generative Artificial Intelligence Use
Supporting Documentation
- Metropolitan Government Scope, Background, and Governance Statement for Information Security Policies
- Metropolitan Government Information Security Glossary
For more information on Metro's information security initiative, please email [email protected]
Last updated 11/29/2022.