Contact Us  |  Twitter  |  Facebook
 
Government Information Technology Agency - Home Technology Graphics AZ.GOV - Arizona's Official Web Site

 

About GITA

IT Coordination and Planning
  Statewide Plan and Applications
  Enterprise Architecture
  Service Oriented Architecture
  Policies, Standards, Procedures

IT Project Review and Monitoring
   Project Investment Justification
  Project Oversight
  Project Management Certification

E-Government

Information Security and Privacy
  Incident Response
  Security Practitioner Certification

Public Safety Communications

Strategic Initiatives 

Telecommunications

Councils and Committees

 

Technology Infrastructure and Security Assessment (TISA)

 Web Applications

Group 1 Agencies -- FY 2010
Technology Infrastructure Standards Assessment (TISA)

 

Background

 

The Technology Infrastructure Standards Assessment (TISA) is performed annually by Group1 state agencies to determine the versatility, functionality, scalability, adaptability and security of target technologies for the five Enterprise Architecture domains of the state.  They are 1) Platform, 2) Software, 3) Network, 4) Data/Information and 5) Security.  The P136 IT Planning Policy and the S805 IT Risk Standard identifies further direction and expectations for TISA compliance which can be located at www.azgita.gov/planning/.

 

Purpose

 

The purpose of the TISA assessment is as follows:

1.      To assess overall compliance of Group 1 agencies with statewide IT policies and standards;

2.      To create awareness among state agencies of statewide IT policies and standards with emphasis on security practices for confidential and sensitive information of the state;

3.      To identify IT security vulnerabilities of the state to mitigate further risks of the agency.

4.      To help prepare for technical compliance reviews with GITA.

After compliance reviews with GITA, if security vulnerabilities are not mitigated immediately, vulnerabilities and risks shall be identified in the agency’s annual IT plan under Security for planned resolution.

 

Requirements

 

Each Group 1 agency shall evaluate its IT environment through TISA on or before September 2nd of the current year.  If there have been significant changes to infrastructure and technologies which may reveal vulnerabilities and risks, mid-year updates to TISA are recommended. 

 

For FY2010, there are 29 categories of risk that deal with platform architecture, software architecture, network architecture, data/ information architecture, and IT security. All categories and questions have been developed from statewide IT policies and standards for compliance with specific paragraph/section numbers referenced at the end of each question.  For FY2010 a number of questions have been revised for better understanding. 

Refer to GITA’s web site at www.azgita.gov/policies_standards/ for IT policies and standards.  

 

Group 1 agencies are required to estimate their percent (%) of compliance for the current fiscal year with a projection over the next three years. The intent is to use weighted and aggregate data to identify statewide technology trends and practices for the state.  For FY 2010, a threshold of 80% compliance has been established by the State CIO as a reported compliance goal for all Group 1 agencies.  If not 80% for the current fiscal year, then IT plans should be developed to obtain the threshold by the next fiscal year.   

 

Guidelines

 

While the use of “Not applicable” or a reported percent of “zero” are valid responses to TISA questions, it must be agreed to in advance by SISPO of GITA as statewide standards apply to all state agencies.

 

All state agencies should strive to achieve the compliance threshold for as many categories and questions of the assessment as possible and eventually 100% over time. If funding and/or resources are issues for reporting percentages less than 100%, agencies shall address compliance gaps in the agency’s IT Plan with goals, objectives and performances measures for implementation.

 

All agencies shall submit a Data Exchange Matrix by uploading it to the DOCUMENT section of TISA. Requirements for the Data Exchange Matrix are described in  the Statewide Standard P740-S741,Classification and Categorization of Data.  The Data Exchange Matrix is a critical part of the TISA approval from GITA.

 

Questions

 

For access to the TISA application or general questions, contact the IT Planning Manager at 364-4790 or ITPlanning@azgita.gov.  For specific questions regarding compliance to a particular standard, contact the Chief Information Security Officer at 364-4771 or jryan@azgita.gov.

Page last edited: 06/09/2009

Top

 

Privacy Policy    Accessibility Policy    Contact GITA |  © Copyright 2009 GITA