State IT Policies

The state chief information officer is responsible for overseeing a planning framework to collaboratively develop and publish information technology policy and procedures.

These guide architecture, design, engineering, operations and procurement activities of software, hardware, network solutions, products and services.

These policies apply to state agencies under the authority given to the state chief information officer by N.C.G.S. 143B Article 15.

Tab/Accordion Items

Framework	Date	Related
North Carolina State Government Responsible Use of Artificial Intelligence Framework	Aug. 21, 2024	AI assessment guidance, training and other resources

Policy	Date	Related
Microsoft 365 Agency Requirements for Email and Collaboration Services	Oct. 15, 2024
Digital Accessibility & Usability Standard	April 4, 2024
Telephony Policy – Direct Inward Dialed Number	Nov. 26, 2024
Copilot for Microsoft 365	Dec. 5, 2024
SL 2024-26 – Prohibition on Viewing Pornography on Government Networks & Devices	Dec. 20, 2024	Session Law 2024-26
Application/Data Integration Standard	March 25, 2025

Policy	Date	Related
State Adoption of NIST Risk Management Framework
Statewide Information Security Manual	January 2022	2021 Statewide Information Security Manual Update Memo 2021 Statewide Information Security Manual Updates (Excel Document) NIST 800-53 Security Controls Crosswalk (Jan. 20, 2022)
High-Risk Applications Policy	Feb. 6, 2025
State Adoption of Fair Information Practice Principles	May 2022
Media Protection Policy	January 2022	Provides guidance on NIST 800-53 Security and Privacy Controls
Statewide Glossary of Information Technology Terms	February 2024
Statewide Data Classification and Handling Policy	February 2016
Statewide Acceptable Use Policy	January 2025
Mobile Device Management Policy	March 30, 2021
Securing Multifunctional Devices (MFDs) and Network Printers Memo	Feb.11, 2015
2018 Continuous Monitoring Plan Memo	June 1, 2018
2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report Template	June 1, 2018
2016 Continuous Monitoring Plan Memo	Jan. 27, 2016
Corrective Action Plan (CAP) and Instructions
Secure Cloud Storage, File Sharing and Collaboration Memo	Jan. 4, 2017
Secure Cloud Storage, File Sharing and Collaboration - Phase II Memo	Feb. 15, 2018
Mandatory HTTPS for Public Sites Memo	March 8, 2018
Statewide International Travel Policy
Vendor Readiness Assessment Report (VRAR)	March 2022
Cloud Vendor Exception Workflow
ESRMO Forensic Request Form

Policy	Date	Related
IRS Security Training for Department of IT Employees and Contractors
IRS Security Training Confirmation Form for Department of IT Contractors

Policy	Date	Related
IT Procurement Rules
IT Procurement Policies and Procedures

Off

Artificial Intelligence

Technology

Security, Privacy & Data Protection

Annual Security Training

IT Procurement