State IT Policies

The state chief information officer is responsible for overseeing a planning framework to collaboratively develop and publish information technology policy and procedures.

These guide architecture, design, engineering, operations and procurement activities of software, hardware, network solutions, products and services.

These policies apply to state agencies under the authority given to the state chief information officer by N.C.G.S. 143B Article 15.

Artificial Intelligence

Framework	Date	Related
North Carolina State Government Responsible Use of Artificial Intelligence Framework	Aug. 21, 2024	AI assessment guidance, training and other resources

Technology

Policy	Date	Related
Microsoft 365 Agency Requirements for Email and Collaboration Services Policy	Oct. 15, 2024
Digital Accessibility & Usability Standard	April 4, 2024

Security, Privacy & Data Protection

Policy	Date	Related
State Adoption of NIST Risk Management Framework
Statewide Information Security Manual	January 2022	2021 Statewide Information Security Manual Update Memo 2021 Statewide Information Security Manual Updates (Excel Document) NIST 800-53 Security Controls Crosswalk (Jan. 20, 2022)
High-Risk Applications Policy	Jan. 26, 2023
State Adoption of Fair Information Practice Principles	May 2022
Media Protection Policy	January 2022	Provides guidance on NIST 800-53 Security and Privacy Controls
Statewide Glossary of Information Technology Terms	February 2024
Statewide Data Classification and Handling Policy	February 2016
Statewide Acceptable Use Policy	March 2022
Mobile Device Management Policy	March 30, 2021
Securing Multifunctional Devices (MFDs) and Network Printers Memo	Feb.11, 2015
2018 Continuous Monitoring Plan Memo	June 1, 2018
2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report Template	June 1, 2018
2016 Continuous Monitoring Plan Memo	Jan. 27, 2016
Corrective Action Plan (CAP) and Instructions
Secure Cloud Storage, File Sharing and Collaboration Memo	Jan. 4, 2017
Secure Cloud Storage, File Sharing and Collaboration - Phase II Memo	Feb. 15, 2018
Mandatory HTTPS for Public Sites Memo	March 8, 2018
Statewide International Travel Policy
Vendor Readiness Assessment Report (VRAR)	March 2022
Cloud Vendor Exception Workflow
ESRMO Forensic Request Form

Annual Security Training

Policy	Date	Related
IRS Security Training for Department of IT Employees and Contractors
IRS Security Training Confirmation Form for Department of IT Contractors

IT Procurement

Policy	Date	Related
IT Procurement Rules
IT Procurement Policies and Procedures