Colorado.gov adheres to five main security standards:
- Sarbanes-Oxley – Legislation passed in 2002 to establish corporate accountability for financial transactions.
- Payment Card Industry Data Security Standards – Developed for members, merchants and service providers that transmit, store or process payment card information.
- Cybertrust Enterprise Security Management Program – A comprehensive security assessment program aimed at identifying vulnerabilities at all levels. The Program is comprised of 186 Essential Practice controls, which each have a minimum verification method NICUSA, Colorado.gov’s parent company, and its subsidiaries use to secure their environments. The five principle verification methods are: policy review, attestation by qualified authority, demonstration, inspection, and testing.
- State Security Standards – The Technology Security Policy details the statewide IT policy that applies to all state agencies, CRS 24-37.5-102(5). Core policies addressed are: privacy, interoperability, infrastructure, lifecycle management, project management, and aggregation.
- NICUSA Policies – Colorado.gov evaluates and modifies security standards based on vast experience and knowledge from the other NICUSA portals in 34 states.