Skip to main content
NCDIT logo NCDIT

Topical Navigation

  • Home
  • Services
  • Programs
    Programs
    • Broadband & Digital Equity
    • CJLEADS
    • Privacy & Data Protection
    • IT Volume Purchasing
    • FirstTech
    • N.C. 911 Board
    • N.C. Health Information Exchange Authority
    • NC360
    • Project Portfolio Management
    • Optimization
  • Resources
    Resources
    • Cybersecurity & Risk Management
    • Statewide IT Strategic Plan
    • Statewide IT Procurement
    • State IT Policies
    • IT Application Portfolio Management
    • Standards
    • Resources Guide
    • Knowledge College
    • Documents
    • Reports
  • About
    About
    • Commitment to Customers
    • Leadership
    • Boards & Commissions
    • Climate Change & Clean Energy
    • NCDIT Strategic Plan
    • Work for NCDIT
    • Annual Report
    • Rules Review
  • News & Events
    News & Events
    • Meetings & Events
    • Press Releases
    • Public Access & Participation Plan
  • Support
    Support
    • NCID
    • Training & User Resources
    • Submit a Service Desk Ticket
    • Report a Cybersecurity Incident
    • Services Status
  • Contact
    Contact
    • Media Inquiries
    • Public Records Requests
    • Speaker Requests
  • PASSWORD HELP
  • SERVICE PORTAL
  • CAREERS
  • NC.GOV
NCDIT »   Resources »   State IT Policies

State IT Policies

Statewide IT policies protect the privacy of North Carolinians. By setting rules for state agencies to follow in handling and managing data, the policies protect the security and integrity of citizens’ personal and confidential information, such as Social Security and driver’s license numbers.

Policies also regulate state employees' use of the internet and other IT resources.

Article 3D of N.C. General Statutes Chapter 147 gives the state chief information officer broad authority to adopt policies as well as other technical and security standards for information technology.

Security, Privacy & Data Protection Policies & Forms

  • State Adoption of NIST Risk Management Framework
  • Statewide Information Security Manual (January 2022)
    • 2021 Statewide Information Security Manual Update Memo
    • 2021 Statewide Information Security Manual Updates (Excel Document)
    • NIST 800-53 Security Controls Crosswalk (Jan. 20, 2022)
  • State Adoption of Fair Information Practice Principles (May 2022)
  • Statewide Glossary of Information Technology Terms (September 2021)
  • Statewide Data Classification and Handling Policy (February 2016)
  • Statewide Acceptable Use Policy (March 2022)
  • Mobile Device Management Policy (March 30, 2021)
  • Securing Multifunctional Devices (MFDs) and Network Printers Memo (Feb.11, 2015)
  • 2018 Continuous Monitoring Plan Memo (June 1, 2018)
  • 2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report Template (June 1, 2018)
  • 2016 Continuous Monitoring Plan Memo (Jan. 27, 2016)
  • Corrective Action Plan (CAP) and Instructions
  • Secure Cloud Storage, File Sharing and Collaboration Memo (Jan. 4, 2017)
  • Secure Cloud Storage, File Sharing and Collaboration - Phase II Memo (Feb. 15, 2018)
  • Mandatory HTTPS for Public Sites Memo (March 8, 2018)
  • Statewide International Travel Policy
  • Vendor Readiness Assessment Report (VRAR) (March 2022)
  • Cloud Vendor Exception Workflow
  • ESRMO Forensic Request Form

Annual Security Training

  • IRS Security Training for Department of IT Employees and Contractors

  • IRS Security Training Confirmation Form for Department of IT Contractors 

Procurement

  • IT Procurement Rules

  • IT Procurement Policies and Procedures

All Policy Documents

View Embed
2021 State Information Security Manual Updates Memo
AppenA StateRequestsForLocalData
AppenB Access Guidelines
AppenC InitialDataLayers
AppenD BusinessCaseSum
AppenD1 AmerForestsCITYGreen
AppenD2 ParcelData HurricaneIsabel
Call Transfer Policy
Corrective Action Plan Instructions
Corrective Action Plan Template
FCC 911 Fee Diversion Notice of Proposed Rulemaking
GICC Data Sharing Report 11 07
GICC Procedures for Changing Offensive or Insulting Geographical Place-Names
Guidelines for Providing Appropriate Access to Geospatial Data
IT Procurement Policies and Procedures
Mobile Device Management Policy
NC 911 Board Approved By- Laws December 3, 2021
NC 911 Board Approved Classes Eligibility List
NCID Service Policy
NIST 800-53 Security Controls Crosswalk
Resolution in Support of Aerial Imagery for North Carolina (Imagery for the Nation)
SCIO Access Control
SCIO Audit Accountability
SCIO Configuration Management
SCIO Contingency Planning
SCIO Identification and Authentication
SCIO Incident Response
SCIO Maintenance
SCIO Media Protection
SCIO Personnel Security
SCIO Physical and Environmental Protection
SCIO Risk Assessment
SCIO Security Assessment Authorization
SCIO Security Awareness Training
SCIO Security Planning
SCIO Supply Chain Risk Management
SCIO System and Communications Protection
SCIO System and Information Integrity
SCIO System and Service Acquisition
State Adoption of Fair Information Practice Principles
Statewide Acceptable Use Policy (Microsoft Word)
Statewide Acceptable Use Policy (PDF)
Statewide Data Classification & Handling Policy
Statewide Information Security Manual

Resources

  • Cybersecurity & Risk Management
    • Cyber Incident Reporting
    • Statewide Cybersecurity Incident Report Form
    • Cybersecurity Awareness
    • About the ESRMO
    • ESRMO Initiatives
    • Information & Risk Management Services
    • N.C. Information Sharing & Analysis Center
    • Contact
  • Statewide IT Strategic Plan
  • Statewide IT Procurement
    • IT Procurement Forms & Templates
    • IT Procurement Rules
    • IT Procurement Training
    • Short-Term IT Staffing Contract
    • Statewide IT Contracts
  • State IT Policies
  • IT Application Portfolio Management
  • Standards
  • Resources Guide
  • Knowledge College
  • Documents
  • Reports

Share this page:

  • Facebook
  • Twitter
  • Email

How can we make this page better for you?

Back to top

Contact

N.C. Department of Information Technology

P.O. Box 17209
Raleigh, NC 27619-7209
919-754-6000
800-722-3946

 

@NCDIT

Tweets by @NCDIT

Quick Links

NCDIT Service Portal
NCDIT Service Desk
NCID Assistance
Training & User Resources
Statewide IT Strategic Plan
Cybersecurity Incident Reporting
NCDIT Communications Hub

Follow Us

  • Facebook
  • Twitter
  • Flickr
  • YouTube
  • LinkedIn
  • Accessibility
  • Terms of Use
  • Privacy Policy
  • Open Budget
https://it.nc.gov/resources/state-it-policies