You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Sign In
IMT Policy Instruments
Acts and Regulations
Schedules
Strategies
Policies
Directives
Control Frameworks & Controls
Cybersecurity Control Framework
Cybersecurity Awareness Program Control
Disaster Recovery Control
Cybersecurity Incident Handling and Response Control
Change Management Control
Risk Management Control
Security Management Control
Solution Acquisition and Development Control
Vulnerability Management Control
Application Access Control
Standards
Procedures
Guidelines
Sitemap
About IMT Policy
Help
About Us
Cybersecurity Policy Instruments
Currently selected
Data, Privacy and Innovation Policy Instruments
Contacts
IMT Policy Program Information
How Do I Create A Policy
Glossary
Recent Updates
Cybersecurity Policy Instruments
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
Home
Acts and Regulations
Schedules
Strategies
Policies
Directives
Control Frameworks & Controls
Standards
Procedures
Guidelines
About IMT Policy
Help
About Us
Cybersecurity Policy Instruments
Currently selected
Data, Privacy and Innovation Policy Instruments
Contacts
IMT Policy Program Information
How Do I Create A Policy
Glossary
Recent Updates
Page Content
Policy instruments owned by the Cybersecurity Division.
Policies
Cybersecurity Policy (under development)
Processes and Procedures
Device Exception Process
Government of Alberta Security Incident Response Process
Security Threat and Risk Assessment (STRA) Process
Statement of Acceptable Risk (SoAR) Process / Exception
Control Frameworks
Cybersecurity Control Framework
Controls
Application Access Control
Change Management Control
Cybersecurity Awareness Program Control
Cybersecurity Incident Handling and Response Control
Disaster Recovery Control
Risk Management Control
Security Management Control
Solution Acquisition and Development Control
Vulnerability Management Control
Directives
Acceptable Use of GoA IT Assets Directive
Information Security Management Directives
Guidelines
Allowing External Access to Non-Production Services Guideline
Information Technology (IT) Security Risk Management Practice
Tools and Forms
Cybersecurity Intake Sound Check Form
Security Threat and Risk Assessment (STRA) Template
Statement of Acceptable Risk (SoAR) Template
Standards
Accessing GoA IT Resources with Non-GoA-Managed Devices Standard
Application Vulnerability Reporting Standard
Cryptographic Algorithms Standard
Data and Information Security in the Cloud
Data and Information Security on Premise Standard
Digital User Credentials Standard
Encrypted Traffic Inspection
File and Media Encryption
Log Management Standard
Naming Standard - GoA Network Accounts
Secure Digital Media Sanitization
Server Hardening Standard
Software Version Maintenance Standard
Web Application Security Standard