State IT Policies

The state chief information officer is responsible for overseeing a planning framework to collaboratively develop and publish information technology policy and procedures.

These guide architecture, design, engineering, operations and procurement activities of software, hardware, network solutions, products and services.

These policies apply to state agencies under the authority given to the state chief information officer by N.C.G.S. 143B Article 15.

Tab/Accordion Items

Framework	Date	Related
North Carolina State Government Responsible Use of Artificial Intelligence Framework	August 2024	AI assessment guidance, training and other resources

Policy	Date	Related
Microsoft 365 Agency Requirements for Email and Collaboration Services	October 2024
Digital Accessibility & Usability Standard	April 2024
Telephony Policy – Direct Inward Dialed Number	November 2024
Copilot for Microsoft 365	December 2024
SL 2024-26 – Prohibition on Viewing Pornography on Government Networks & Devices	December 2024	Session Law 2024-26
Application/Data Integration Standard	March 2025

Policy	Date	Related
State Adoption of NIST Risk Management Framework
Statewide Information Security Manual	March 2025	2025 Statewide Information Security Manual Revisions (March 2025) NIST 800-53 Security Controls Crosswalk (January 2022)
High-Risk Applications Policy	February 2025
State Adoption of Fair Information Practice Principles	May 2022
Media Protection Policy	March 2025	Provides guidance on NIST 800-53 Security and Privacy Controls
Statewide Glossary of Information Technology Terms	March 2025	Statewide Glossary of Information Technology Terms Version Updates
Statewide Data Classification and Handling Policy	February 2016
Statewide Acceptable Use Policy	January 2025
Mobile Device Management Policy	March 2021
Securing Multifunctional Devices (MFDs) and Network Printers Memo	February 2015
2018 Continuous Monitoring Plan Memo	June 2018
2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report Template	June 2018
2016 Continuous Monitoring Plan Memo	January 2016
Corrective Action Plan (CAP) and Instructions
Secure Cloud Storage, File Sharing and Collaboration Memo	January 2017
Secure Cloud Storage, File Sharing and Collaboration - Phase II Memo	February 2018
Mandatory HTTPS for Public Sites Memo	March 2018
Statewide International Travel Policy	April 2025
Vendor Readiness Assessment Report (VRAR)	March 2022
Cloud Vendor Exception Workflow	June 2018
ESRMO Forensic Request Form	August 2018

Policy	Date	Related
IRS Security Training for Department of IT Employees and Contractors
IRS Security Training Confirmation Form for Department of IT Contractors

Policy	Date	Related
IT Procurement Rules
IT Procurement Policies & Procedures	July 2017

Off

Artificial Intelligence

Technology

Security, Privacy & Data Protection

Annual Security Training

IT Procurement