Title
Title
Judicial Branch Technology: Information Security Framework Update (Action Required)
body
Summary
Summary
The Judicial Council Technology Committee (JCTC) recommends approval of revisions to the Judicial Branch Information Security Framework. The original framework was approved by the Judicial Council in June 2014 with the understanding that it would require periodic updates. This revision cycle is focused on updates to make the document easier to use and on the addition of privacy controls specified in recently updated federal standards.
body
Recommendation
Recommendation
The Judicial Council Technology Committee recommends that the Judicial Council approve revisions to the Judicial Branch Information Security Framework:
1. Additional guidance has been added on the subjects of standards and how to establish security requirements.
2. Policy statements have been transferred to a separate policy manual template. This allows a clear demarcation to be maintained between the framework, which is intended to be a resource for courts to use in the development of local policies, and the policies themselves (which serve to implement the framework).
3. Privacy controls have been incorporated as set forth in the National Institute of Standards and Technology Special Publication 800-53. These controls provide guidance on the handling of personally identifiable information (PII) and serve as a reference in the development operational resources such as the Judicial Branch Privacy Resource Guide.
4. Requirements have been relabeled as controls to maintain consistency and alignment with federal standards.