New Mexico Administrative Code
Title 1 - GENERAL GOVERNMENT ADMINISTRATION
Chapter 12 - INFORMATION TECHNOLOGY
Part 20 - INFORMATION SECURITY OPERATION MANAGEMENT
Section 1.12.20.30 - PUBLIC WEBSITES CONTENT APPROVAL PROCESS
Current through Register Vol. 35, No. 18, September 24, 2024
A. Sensitive and confidential information shall not be available through a server accessible to a public network without appropriate safeguards in place as approved in writing by the agency CIO in consultation with the agency legal counsel. The agency ISO shall implement safeguards to ensure user authentication, data confidentiality and integrity, access control, data protection and logging mechanisms.
B. The design of any proposed web service shall be first reviewed and approved in writing by the agency CIO in coordination with DoIT to ensure that the security of the web server, protection of agency networks, performance of the site, integrity, and availability considerations are adequately addressed.
C. Agency websites and agency websites hosted outside the state network shall be tested for security vulnerabilities prior to being put into production by DoIT or a DoIT approved contractor.
D. Agency website content shall first be reviewed by the agency information owner and approved by the agency CIO to ensure that the collection and processing of information meets state security and privacy requirements. Such review shall ensure that the information is adequately protected in transit over public and state networks, in storage, and while being processed.