State IT Policies Statewide IT policies protect the privacy of North Carolinians. By setting rules for state agencies to follow in handling and managing data, the policies protect the security and integrity of citizens’ personal and confidential information, such as Social Security and driver’s license numbers. Policies also regulate state employees' use of the internet and other IT resources. Article 3D of N.C. General Statutes Chapter 147 gives the state chief information officer broad authority to adopt policies as well as other technical and security standards for information technology. Security, Privacy & Data Protection Policies & Forms State Adoption of NIST Risk Management Framework Statewide Information Security Manual (January 2022) 2021 Statewide Information Security Manual Update Memo 2021 Statewide Information Security Manual Updates (Excel Document) NIST 800-53 Security Controls Crosswalk (Jan. 20, 2022) State Adoption of Fair Information Practice Principles (May 2022) Statewide Glossary of Information Technology Terms (September 2021) Statewide Data Classification and Handling Policy (February 2016) Statewide Acceptable Use Policy (March 2022) Mobile Device Management Policy (March 30, 2021) Securing Multifunctional Devices (MFDs) and Network Printers Memo (Feb.11, 2015) 2018 Continuous Monitoring Plan Memo (June 1, 2018) 2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report Template (June 1, 2018) 2016 Continuous Monitoring Plan Memo (Jan. 27, 2016) Corrective Action Plan (CAP) and Instructions Secure Cloud Storage, File Sharing and Collaboration Memo (Jan. 4, 2017) Secure Cloud Storage, File Sharing and Collaboration - Phase II Memo (Feb. 15, 2018) Mandatory HTTPS for Public Sites Memo (March 8, 2018) Statewide International Travel Policy Vendor Readiness Assessment Report (VRAR) (March 2022) Cloud Vendor Exception Workflow ESRMO Forensic Request Form Annual Security Training IRS Security Training for Department of IT Employees and Contractors IRS Security Training Confirmation Form for Department of IT Contractors Procurement IT Procurement Rules IT Procurement Policies and Procedures All Policy Documents View Embed 2021 State Information Security Manual Updates Memo AppenA StateRequestsForLocalData AppenB Access Guidelines AppenC InitialDataLayers AppenD BusinessCaseSum AppenD1 AmerForestsCITYGreen AppenD2 ParcelData HurricaneIsabel Call Transfer Policy Corrective Action Plan Instructions Corrective Action Plan Template FCC 911 Fee Diversion Notice of Proposed Rulemaking GICC Data Sharing Report 11 07 GICC Procedures for Changing Offensive or Insulting Geographical Place-Names Guidelines for Providing Appropriate Access to Geospatial Data IT Procurement Policies and Procedures Mobile Device Management Policy NC 911 Board Approved By- Laws December 3, 2021 NC 911 Board Approved Classes Eligibility List NCID Service Policy NIST 800-53 Security Controls Crosswalk Resolution in Support of Aerial Imagery for North Carolina (Imagery for the Nation) SCIO Access Control SCIO Audit Accountability SCIO Configuration Management SCIO Contingency Planning SCIO Identification and Authentication SCIO Incident Response SCIO Maintenance SCIO Media Protection SCIO Personnel Security SCIO Physical and Environmental Protection SCIO Risk Assessment SCIO Security Assessment Authorization SCIO Security Awareness Training SCIO Security Planning SCIO Supply Chain Risk Management SCIO System and Communications Protection SCIO System and Information Integrity SCIO System and Service Acquisition State Adoption of Fair Information Practice Principles Statewide Acceptable Use Policy (Microsoft Word) Statewide Acceptable Use Policy (PDF) Statewide Data Classification & Handling Policy Statewide Information Security Manual
State IT Policies Statewide IT policies protect the privacy of North Carolinians. By setting rules for state agencies to follow in handling and managing data, the policies protect the security and integrity of citizens’ personal and confidential information, such as Social Security and driver’s license numbers. Policies also regulate state employees' use of the internet and other IT resources. Article 3D of N.C. General Statutes Chapter 147 gives the state chief information officer broad authority to adopt policies as well as other technical and security standards for information technology. Security, Privacy & Data Protection Policies & Forms State Adoption of NIST Risk Management Framework Statewide Information Security Manual (January 2022) 2021 Statewide Information Security Manual Update Memo 2021 Statewide Information Security Manual Updates (Excel Document) NIST 800-53 Security Controls Crosswalk (Jan. 20, 2022) State Adoption of Fair Information Practice Principles (May 2022) Statewide Glossary of Information Technology Terms (September 2021) Statewide Data Classification and Handling Policy (February 2016) Statewide Acceptable Use Policy (March 2022) Mobile Device Management Policy (March 30, 2021) Securing Multifunctional Devices (MFDs) and Network Printers Memo (Feb.11, 2015) 2018 Continuous Monitoring Plan Memo (June 1, 2018) 2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report Template (June 1, 2018) 2016 Continuous Monitoring Plan Memo (Jan. 27, 2016) Corrective Action Plan (CAP) and Instructions Secure Cloud Storage, File Sharing and Collaboration Memo (Jan. 4, 2017) Secure Cloud Storage, File Sharing and Collaboration - Phase II Memo (Feb. 15, 2018) Mandatory HTTPS for Public Sites Memo (March 8, 2018) Statewide International Travel Policy Vendor Readiness Assessment Report (VRAR) (March 2022) Cloud Vendor Exception Workflow ESRMO Forensic Request Form Annual Security Training IRS Security Training for Department of IT Employees and Contractors IRS Security Training Confirmation Form for Department of IT Contractors Procurement IT Procurement Rules IT Procurement Policies and Procedures All Policy Documents View Embed 2021 State Information Security Manual Updates Memo AppenA StateRequestsForLocalData AppenB Access Guidelines AppenC InitialDataLayers AppenD BusinessCaseSum AppenD1 AmerForestsCITYGreen AppenD2 ParcelData HurricaneIsabel Call Transfer Policy Corrective Action Plan Instructions Corrective Action Plan Template FCC 911 Fee Diversion Notice of Proposed Rulemaking GICC Data Sharing Report 11 07 GICC Procedures for Changing Offensive or Insulting Geographical Place-Names Guidelines for Providing Appropriate Access to Geospatial Data IT Procurement Policies and Procedures Mobile Device Management Policy NC 911 Board Approved By- Laws December 3, 2021 NC 911 Board Approved Classes Eligibility List NCID Service Policy NIST 800-53 Security Controls Crosswalk Resolution in Support of Aerial Imagery for North Carolina (Imagery for the Nation) SCIO Access Control SCIO Audit Accountability SCIO Configuration Management SCIO Contingency Planning SCIO Identification and Authentication SCIO Incident Response SCIO Maintenance SCIO Media Protection SCIO Personnel Security SCIO Physical and Environmental Protection SCIO Risk Assessment SCIO Security Assessment Authorization SCIO Security Awareness Training SCIO Security Planning SCIO Supply Chain Risk Management SCIO System and Communications Protection SCIO System and Information Integrity SCIO System and Service Acquisition State Adoption of Fair Information Practice Principles Statewide Acceptable Use Policy (Microsoft Word) Statewide Acceptable Use Policy (PDF) Statewide Data Classification & Handling Policy Statewide Information Security Manual