Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I skip having an information security program in place in New Mexico? What are the requirements?

New Mexico has specific requirements for information security programs that must be followed by all agencies and organizations that handle sensitive information. Skipping having an information security program in place is not an option. The state requires all agencies to have documented security operating instructions, management processes, and formal incident management procedures in place that define roles and responsibilities of individuals who operate or use agency IT technical operations and facilities [2.1]. Additionally, agencies must require individual accountability at all times, including during remote access. Connection to agency networks must be provided in a secure manner to preserve the integrity of the network, data transmitted over that network, and the availability of the network. Security mechanisms must be in place to control remote access to agency systems and networks from fixed or mobile locations [2.4].

Furthermore, the state prohibits connecting any computing device not owned by the state of New Mexico to a state network or to any state computing device unless authorized in writing by the agency CIO. Installation of any software, executable or other file to any state computing device is prohibited if that software, executable, or other file was downloaded by, is owned by, or was purchased by an employee or contractor with his or her own funds. Installation of downloaded software, executables, or other files to any state computing device is prohibited when downloaded or installed by an employee or contractor for personal use [2.2].

In conclusion, having an information security program in place is mandatory in New Mexico. The state has specific requirements for information security programs that must be followed by all agencies and organizations that handle sensitive information. Skipping having an information security program in place is not an option.

Source(s):
Jurisdiction

New Mexico