State Government Resources

New Requirements for Cloud Products Beginning April 1, 2026

The State of North Carolina has partnered with GovRAMP to ensure that all cloud services used by executive branch agencies meet rigorous standards for confidentiality, integrity and availability of state data. Learn more about new requirements that go into effect April 1, 2026.

Learn More About GovRAMP

Information & Risk Management Services

State Information Security Policies

Statewide IT Policies & Forms

Reporting Cyber Incidents to the State

Cybersecurity and Privacy Training

TikTok Risks, Restrictions & Guidance

Privacy, cybersecurity and data protection concerns about TikTok have led many federal and state government agencies in the United States to prohibit the app's use on government-issued devices.

Anatomy of a Data Breach

What Are They and What to Do When You Spot One? A vast majority of data breaches are the result of cyberattacks, where a cybercriminal gains unlawful access to sensitive system data.

Online Safety Tips

Do Your Part. Be Cybersmart. Find online safety tips and guidance to help protect your information and devices.

Tips & Guidance

Active Vulnerabilities & News

See the latest cybersecurity alerts, news, and newsletters.

Creating a Culture of Privacy

Privacy's Role in AI Governance

The Importance of Fair Information Practice Principles (FIPPs)

Training Opportunity: Building Privacy Expertise Across North Carolina

More Blog Entries

Featured Videos

Cybersecurity & Phishing Scams

Cybersecurity & Passwords

Cybersecurity & Multifactor Authentication

Enterprise Security & Risk Management Office

About the ESRMO

The N.C. Department of Information Technology’s Enterprise Security and Risk Management Office, or ESRMO, supports the state CIO by providing leadership in the development, delivery and maintenance of a cybersecurity program that safeguards the North Carolina’s information and supporting infrastructure against unauthorized use, disclosure, modification, damage or loss.

ESRMO Initiatives

To support agencies’ efforts to improve their information security and risk management posture, the state helps define and implement the enterprise security and risk management initiatives coordinated for the state chief information officer by the N.C. Department of Information Technology’s Enterprise Security and Risk Management Office.

Reporting Cyber Incidents to the State

Reporting cyber incidents as they occur is a method to reduce the risk to citizen-facing services and sensitive data. Learn more about how to report and how the state responds.

Contact

Enterprise Security & Risk Management Office
P.O. Box 17209
Raleigh, NC 27619-7209

esrmo@nc.gov

Telephone
919-754-6000
800-722-3946