Security Statement | colorado.gov
Source: https://www.colorado.gov/security-statement
Archived: 2026-04-23 17:19
Security Statement | colorado.gov
Security Statement
Security Statement
Colorado.gov adheres to five main security standards:
Sarbanes-Oxley – Legislation passed in 2002 to establish corporate accountability for financial transactions.
Payment Card Industry Data Security Standards – Developed for members, merchants and service providers that transmit, store or process payment card information.
Cybertrust Enterprise Security Management Program – A comprehensive security assessment program aimed at identifying vulnerabilities at all levels. The Program is comprised of 186 Essential Practice controls, which each have a minimum verification method NICUSA, Colorado.gov's parent company, and its subsidiaries use to secure their environments. The five principle verification methods are: policy review, attestation by qualified authority, demonstration, inspection, and testing.
State Security Standards – The Technology Security Policy details the statewide IT policy that applies to all state agencies, CRS 24-37.5-102(5). Core policies addressed are: privacy, interoperability, infrastructure, lifecycle management, project management, and aggregation.
NICUSA Policies – Colorado.gov evaluates and modifies security standards based on vast experience and knowledge from the other NICUSA portals in 34 states.
Security Statement
Security Statement
Colorado.gov adheres to five main security standards:
Sarbanes-Oxley – Legislation passed in 2002 to establish corporate accountability for financial transactions.
Payment Card Industry Data Security Standards – Developed for members, merchants and service providers that transmit, store or process payment card information.
Cybertrust Enterprise Security Management Program – A comprehensive security assessment program aimed at identifying vulnerabilities at all levels. The Program is comprised of 186 Essential Practice controls, which each have a minimum verification method NICUSA, Colorado.gov's parent company, and its subsidiaries use to secure their environments. The five principle verification methods are: policy review, attestation by qualified authority, demonstration, inspection, and testing.
State Security Standards – The Technology Security Policy details the statewide IT policy that applies to all state agencies, CRS 24-37.5-102(5). Core policies addressed are: privacy, interoperability, infrastructure, lifecycle management, project management, and aggregation.
NICUSA Policies – Colorado.gov evaluates and modifies security standards based on vast experience and knowledge from the other NICUSA portals in 34 states.