Information Security Services
Security Standards Exception Reporting
Exceptions to the Statewide Information Security Manual may be reported using an Exception Request Form.
This template should be used when engaging vendors for solutions that are both hosted on the State's infrastructure (e.g. EDC or WDC) and those that are not hosted on the state's infrastructure, such as Infrastructure as a Service, Platform as a Service and Software as a Service. The document captures the “baseline” security requirements that MUST be addressed by vendors to ensure the security of the State’s data. Agencies may add additional requirements due to Federal or other statutory mandates.
North Carolina government agencies handle security breaches and other incidents involving information technology under the terms and conditions of the Memorandum of Understanding for Information Security Threat Responsibilities.
Organizations that provide information on the development and operation of incident management plans are listed below:
The following links provide a clearinghouse of information on new and existing vulnerabilities:
The latest vendor patches, virus alerts, updates and hoax information:
- International Information Systems Security Certification Consortium
- Information Systems Security Association
- Information Systems Audit and Control Association
- National Institute of Standards and Technology
- National Security Agency
- KnowBe4
- SANS Institute
- University of North Carolina at Charlotte
- Cybersecurity and Infrastructure Security Agency
- National Cybersecurity Alliance