Based on industry standards and best practices, the Statewide Information Security Manual is the foundation for security in the state of North Carolina. It provides state agencies with a baseline for managing information security and making risk-based decisions. 

These policies were developed with the assistance of subject matter experts and peer-reviewed by agency representatives using NIST 800-53 revision 5 controls as the framework. The policies align to 18 NIST control families, including previous policies and addressing NIST 800-53 control gaps, as appropriate.

View the complete manual and associated policies.

Policies
Document Entity Terms
Cybersecurity
Last Updated