The state chief information officer is responsible for overseeing a planning framework to collaboratively develop and publish information technology policy and procedures.

These guide architecture, design, engineering, operations and procurement activities of software, hardware, network solutions, products and services.

These policies apply to state agencies under the authority given to the state chief information officer by N.C.G.S. 143B Article 15.


Policy Date Related
Microsoft 365 Agency Requirements for Email and Collaboration Services Policy Jan. 24, 2024  
Digital Accessibility & Usability Standard April 4, 2024  


Security, Privacy & Data Protection

Policy Date Related
State Adoption of NIST Risk Management Framework    
Statewide Information Security Manual January 2022
High-Risk Applications Policy Jan. 26, 2023  
State Adoption of Fair Information Practice Principles May 2022  
Media Protection Policy January 2022 Provides guidance on NIST 800-53 Security and Privacy Controls
Statewide Glossary of Information Technology Terms February 2024  
Statewide Data Classification and Handling Policy February 2016  
Statewide Acceptable Use Policy March 2022  
Mobile Device Management Policy  March 30, 2021  
Securing Multifunctional Devices (MFDs) and Network Printers Memo Feb.11, 2015  
2018 Continuous Monitoring Plan Memo  June 1, 2018  
2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report Template June 1, 2018  
2016 Continuous Monitoring Plan Memo Jan. 27, 2016  
Corrective Action Plan (CAP) and Instructions    
Secure Cloud Storage, File Sharing and Collaboration Memo Jan. 4, 2017  
Secure Cloud Storage, File Sharing and Collaboration - Phase II Memo Feb. 15, 2018  
Mandatory HTTPS for Public Sites Memo March 8, 2018  
Statewide International Travel Policy    
Vendor Readiness Assessment Report (VRAR) March 2022  
Cloud Vendor Exception Workflow    
ESRMO Forensic Request Form    


Annual Security Training

Policy Date Related
IRS Security Training for Department of IT Employees and Contractors    
IRS Security Training Confirmation Form for Department of IT Contractors     


IT Procurement

Policy Date Related
IT Procurement Rules    
IT Procurement Policies and Procedures