The Statewide Information Security Manual is the foundation for security and privacy in the state of North Carolina, and is based on industry standards and best practices. The Security Manual provides State agencies with a baseline for managing information security and making risk based decisions. These policies were developed with the assistance of subject matter experts and peer reviewed by agency representatives using NIST 800-53 revision 4 controls as the framework.  The policies align to 17 NIST control families, including much of the previous policies and addressing NIST 800-53 control gaps as appropriate.

For the complete manual and associated policies, please visit the following page:

https://it.nc.gov/statewide-information-security-policies