This is a beta website for the Office of Policy and Management (OPM). Please visit the current OPM website.

Data Classification Policy

Version: 1.1
Date issued: December 9, 2019
Date Effective: immediately
Supersedes: Version 1.0 March 30, 2010

Changes: Eliminate all references to the Department of Information Technology (DOIT).

 
The Office of Policy and Management has established this policy to adopt and apply the Federal Information Processing Standards (FIPS), the National Institute for Standards and Technology (NIST) Special Publications, and the Federal Information System Management Act of 2002 (FISMA - 44 U.S.C. § 3541 et seq.), regarding data classification, to all data within the custody of the State of Connecticut Executive Branch.
The purpose of the policy is to ensure consistency in classification of such state data in accordance with state and relevant federal standards, as referenced in Appendix B of the Data Classification Methodology
This policy enhances the State of Connecticut Policies on Security for Mobile Computing and Storage Devices, Acceptable Use Policy, and the Network Security Policy and Procedures. The Policies should be read together to ensure a full understanding of State policy.
 
This policy applies to all data in the custody of the State of Connecticut Executive Branch. This policy covers State of Connecticut Executive Branch agencies’ employees, whether permanent or non-permanent, full or part-time, and all consultants or contracted individuals so retained by the Executive Branch agency, with access to State data (herein referred to as “users”).
This policy does not apply to the Judicial or Legislative Branches of government, or State institutions of higher education. However, these branches and institutions may consider adopting any or all parts of this policy.
 
In accordance with Conn. Gen. Stat. §4d-8(a), the Office of Policy and Management is responsible for developing and implementing policies pertaining to information and telecommunication systems for State agencies.
 
  1. Each Executive Branch Agency shall assign a classification to all data for which the agency has custodial responsibility.
  2. Each Executive Branch Agency shall follow the Data Classification Methodology.