5.3 Policy Management
The purpose of information security policies, standards, and procedures are to establish and maintain a standard of due care to prevent misuse or loss of state or USG information assets.
5.3.1 Institution, USO, and GPLS Responsibilities
Each USG institution, the USO, and the GPLS must provide for the integrity and security of its information assets by establishing appropriate internal policies, standards, and procedures for preserving the integrity and security of each information system, paper file, or database. Institution, USO, and GPLS policies, standards, and procedures must at a minimum comply with the USG policies, standards, and/or procedures.
The USG institution, USO, or GPLS ISO will establish a process to develop information security policies. This process will include provisions for the review of existing and proposed policies by institution, the USO, or the GPLS, and will allow sufficient time for participants to submit comments for consideration about the policies under review.