The state chief information officer is responsible for overseeing a planning framework to collaboratively develop and publish information technology policy and procedures.

These guide architecture, design, engineering, operations and procurement activities of software, hardware, network solutions, products and services.

These policies apply to state agencies under the authority given to the state chief information officer by N.C.G.S. 143B Article 15.

Artificial Intelligence

FrameworkDateRelated
North Carolina State Government Responsible Use of Artificial Intelligence FrameworkAug. 21, 2024

 

Technology

PolicyDateRelated
Microsoft 365 Agency Requirements for Email and Collaboration ServicesOct. 15, 2024 
Digital Accessibility & Usability StandardApril 4, 2024 
Telephony Policy – Direct Inward Dialed NumberNov. 26, 2024 
Copilot for Microsoft 365Dec. 5, 2024 
SL 2024-26 – Prohibition on Viewing Pornography on Government Networks & DevicesDec. 20, 2024Session Law 2024-26

 

Security, Privacy & Data Protection

PolicyDateRelated
State Adoption of NIST Risk Management Framework  
Statewide Information Security ManualJanuary 2022
High-Risk Applications PolicyJan. 26, 2023 
State Adoption of Fair Information Practice PrinciplesMay 2022 
Media Protection PolicyJanuary 2022Provides guidance on NIST 800-53 Security and Privacy Controls
Statewide Glossary of Information Technology TermsFebruary 2024 
Statewide Data Classification and Handling PolicyFebruary 2016 
Statewide Acceptable Use PolicyMarch 2022 
Mobile Device Management Policy March 30, 2021 
Securing Multifunctional Devices (MFDs) and Network Printers MemoFeb.11, 2015 
2018 Continuous Monitoring Plan Memo June 1, 2018 
2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report TemplateJune 1, 2018 
2016 Continuous Monitoring Plan MemoJan. 27, 2016 
Corrective Action Plan (CAP) and Instructions  
Secure Cloud Storage, File Sharing and Collaboration MemoJan. 4, 2017 
Secure Cloud Storage, File Sharing and Collaboration - Phase II MemoFeb. 15, 2018 
Mandatory HTTPS for Public Sites MemoMarch 8, 2018 
Statewide International Travel Policy  
Vendor Readiness Assessment Report (VRAR)March 2022 
Cloud Vendor Exception Workflow  
ESRMO Forensic Request Form  

 

Annual Security Training

PolicyDateRelated
IRS Security Training for Department of IT Employees and Contractors  
IRS Security Training Confirmation Form for Department of IT Contractors   

 

IT Procurement

PolicyDateRelated
IT Procurement Rules  
IT Procurement Policies and Procedures  
On This Page Jump Links
Off