Rule 36-3-1.5 - Cloud and Offsite Hosting Security Each agency must ensure the implementation of reasonable measures to preserve the confidentiality, integrity, and availability of State of Mississippi information and information technology (IT) systems (hereafter referred to collectively as "SOM Assets") from unauthorized use, access, disclosure, modification, or destruction. For any measure that the agency cannot directly implement due to the SOM Asset being managed by another organization, contractor, or other source, the agency must implement periodic verification/audit to ensure that the measure is properly implemented.
A. Each agency must ensure adherence to all applicable security requirements established by the State of Mississippi Enterprise Security Policy. 1. Each agency must ensure adherence to the baseline security controls for Cloud and Offsite Hosting implementations. The baseline security controls can be found on the ITS website. B. Each agency must adhere to the following for all assets encrypted at rest. 1. Evaluate the risks with available key location and key management implementations and select the implementation that adequately protects the data;2. Implement security controls to reduce and mitigate risks when encryption of data at rest is not possible; and3. Secure and maintain adequate liability coverage when encryption of data at rest is not possible. Miss. Code Ann. § 25-53-201.