Information Security Framework

IOT has developed and instituted an Information Security Framework that applies to all state agencies supported by IOT. The ISF sets policy, establishes control objectives/controls and references Standards that secure Indiana government information assets.

The Standards referenced in the Information Security Framework can be accessed by members of the State of Indiana Network through the following links. If you are not on the state network you will receive an error when attempting to access the documents.

NIST Cyber Security Framework (CSF) Policy and Standards:


Identify (ID):

Protect (PR):

Detect (DE):

Respond (RS):

Recover (RC):

Other Operational Standards:

*If you have System Security Plan or Risk Assessment documentation that uses the ISO Framework based naming, please see the following document which maps to the NIST CSF*