Statewide Information Security Policies
The Statewide Information Security Manual is the foundation for security and privacy in the state of North Carolina and is based on industry standards and best practices.
The Security Manual provides state agencies with a baseline for managing information security and making risk-based decisions. These policies were developed with the assistance of subject matter experts and peer reviewed by agency representatives using NIST 800-53 revision 5 controls as the framework. The policies align to 18 NIST control families, including previous policies and addressing NIST 800-53 control gaps, as appropriate.