The state chief information officer is responsible for overseeing a planning framework to collaboratively develop and publish information technology policy and procedures.
These guide architecture, design, engineering, operations and procurement activities of software, hardware, network solutions, products and services.
These policies apply to state agencies under the authority given to the state chief information officer by N.C.G.S. 143B Article 15.
Security, Privacy & Data Protection Policies & Forms
Policy |
Date |
Related |
State Adoption of NIST Risk Management Framework |
|
|
Statewide Information Security Manual |
January 2022 |
|
High-Risk Applications Policy |
Jan. 26, 2023 |
|
State Adoption of Fair Information Practice Principles |
May 2022 |
|
Media Protection Policy |
January 2022 |
Provides guidance on NIST 800-53 Security and Privacy Controls |
Statewide Glossary of Information Technology Terms |
September 2021 |
|
Statewide Data Classification and Handling Policy |
February 2016 |
|
Statewide Acceptable Use Policy |
March 2022 |
|
Mobile Device Management Policy |
March 30, 2021 |
|
Securing Multifunctional Devices (MFDs) and Network Printers Memo |
Feb.11, 2015 |
|
2018 Continuous Monitoring Plan Memo |
June 1, 2018 |
|
2018 Continuous Monitoring Plan - Annual Assessment & Compliance Report Template |
June 1, 2018 |
|
2016 Continuous Monitoring Plan Memo |
Jan. 27, 2016 |
|
Corrective Action Plan (CAP) and Instructions |
|
|
Secure Cloud Storage, File Sharing and Collaboration Memo |
Jan. 4, 2017 |
|
Secure Cloud Storage, File Sharing and Collaboration - Phase II Memo |
Feb. 15, 2018 |
|
Mandatory HTTPS for Public Sites Memo |
March 8, 2018 |
|
Statewide International Travel Policy |
|
|
Vendor Readiness Assessment Report (VRAR) |
March 2022 |
|
Cloud Vendor Exception Workflow |
|
|
ESRMO Forensic Request Form |
|
|
Annual Security Training
IT Procurement