Statewide Information Security Policies

Based on industry standards and best practices, the Statewide Information Security Manual is the foundation for security in the state of North Carolina. It provides state agencies with a baseline for managing information security and making risk-based decisions. 

These policies were developed with the assistance of subject matter experts and peer-reviewed by agency representatives using NIST 800-53 revision 5 controls as the framework. The policies align to 18 NIST control families, including previous policies and addressing NIST 800-53 control gaps, as appropriate.

Statewide Information Security Policies