Information Technology Policies, Standards and Procedures

Information Technology (IT) Policies, Standards, and Procedures are based on ADOA-ASET strategies and framework. This provides a comprehensive framework of business principles, best practices, technical standards, migration, and implementation strategies that direct the design, deployment, and management of IT for the State of Arizona.

Due to changes in P1050, template links for non-security policies have been removed. Please view the presentation for details.

For more information, please reach out to the ADOA-ASET PSP contact at [email protected].

P1000: IT Governance

**1050 IT Policies, Standards & Procedures Program**
P1050 - IT Policies, Standards & Procedures Program
T1050 - Policies, Standards and Procedures (PSP) Template

**1100 Cloud First**
P1100 - Cloud First Policy 1.1
S1100 - Cloud First Exception Request Standard 1.3

**1110 Google Workspace Platform**
S1110 - Google Workspace Platform Standard

**1250 Website and Application Design**
P1250 - Website and Application Design Policy

**1300 Accessibility of Electronic or Information Technology**
P1300 - Accessibility of Electronic or Information Technology Policy

**1310 Domain Naming**
P1310 - Domain Naming Policy
S1310 - Domain Naming Standard

**1360 Information Technology Planning**
P1360 - Information Technology Planning Policy

**1650 Release Management**
P1650 - Release Management Policy

**3400 Project Investment Justification**
P3400 - Project Investment Justification Policy
S3400 - Project Investment Justification Standard
S3410 - Project Status Reporting
S3420 - Project Special Funding
S3430 - Project Oversight

P4400: Data Governance

**4400 Data Governance Organization**
P4400 - Data Governance Organization Policy

**4430 Data Governance Technology**
P4430 - Data Governance Technology Policy

**4440 Data Governance Data Interoperability Policy**
P4440 - Data Governance Data Interoperability Policy
T4440 - AZ Standard Data Sharing Agreement Template
Enterprise Data Sharing Memorandum of Understanding (Amended)

**4450 Data Governance Data Operations**
P4450 - Data Governance Data Operations Policy

**4460 Data Governance Data Quality**
P4460 - Data Governance Data Quality Policy

**4465 State-Owned Cloud Data**
P4465 - State-Owned Cloud Data Policy

**4470 Data Governance Documentation**
P4470 - Data Governance Documentation Policy

**Implementation Guidelines**
Data Governance Policy Implementation Guidelines
Data Governance policy adoption cost worksheet

P5000: Collaboration and Communication

**5050 Social Media**
P5050 - Social Media Policy

**5070 Electronic and Digital Signature**
P5070 - Electronic and Digital Signature Policy

P6000: State Data Center

**6000 State Data Center Contingency Planning**
P6000 - State Data Center Contingency Planning Policy

**6100 State Data Center Infrastructure Configuration Management and Change Control**
P6100 - State Data Center Infrastructure Configuration Management and Change Control Policy

**6200 State Data Center Physical Security**
P6200 - State Data Center Physical Security Policy

P7000: Enterprise Architecture

**7000 Enterprise Architecture**
P7000 - Enterprise Architecture Policy

**7100 Network Architecture**
P7100 - Network Architecture Policy
S7100 - Network Infrastructure Standard

**7200 Platform Architecture**
P7200 - Platform Architecture Policy

**7300 Software Architecture**
P7300 - Software Architecture Policy

**7500 Service Oriented Architecture**
P7500 - Service Oriented Architecture Policy

P8000: Information Security

**8110 Data Classification**
P8110 - Data Classification Policy
P8110 - Data Classification Policy
T8110 - Data Classification Policy Template
S8110 - Data Classification Summary

**1.0 Risk Acceptance**
Risk Acceptance Form
Risk Acceptance Questionnaire

**8000 Information Security**
P8000 Information Security Policies (Combined)

**8120 Information Security Program**
P8120 - Information Security Program Policy
T8120 - Information Security Program Policy Template
S8120 - Information Security Program Standard
S8120 - Information Security Program Summary

**8130 System Security Acquisition and Development**
P8130 - System Security Acquisition and Development Policy
T8130 - System Security Acquisition and Development Policy Template
S8130 - System Security Acquisition and Development Summary

**8210 Security Awareness Training and Education**
P8210 - Security Awareness Training and Education Policy
T8210 - Security Awareness Training and Education Policy Template
S8210 - Security Awareness Training and Education Standard
S8210 - Security Awareness Training and Education Summary

**8220 System Security Maintenance**
P8220 - System Security Maintenance Policy
T8220 - System Security Maintenance Policy Template
S8220 - System Security Maintenance Standard
S8220 - System Security Maintenance Summary

**8230 Contingency Planning**
P8230 - Contingency Planning Policy
T8230 - Contingency Planning Policy Template
S8230 - Contingency Planning Summary

**8240 Incident Response Planning**
P8240 - Incident Response Planning Policy
T8240 - Incident Response Planning Policy Template
S8240 - Incident Response Planning Standard
S8240 - Incident Response Planning Summary

**8250 Media Protection**
P8250 - Media Protection Policy
T8250 - Media Protection Policy Template
S8250 - Media Protection Standard
S8250 - Media Protection Summary

**8260 Physical Security Protections**
P8260 - Physical Security Protections Policy
T8260 - Physical Security Protections Policy Template
S8260 - Physical Security Protections Summary

**8270 Personnel Security Controls**
P8270 - Personnel Security Controls Policy
T8270 - Personnel Security Controls Policy Template
S8270 - Personnel Security Controls Summary

**8280 Acceptable Use**
P8280 - Acceptable Use Policy
T8280 - Acceptable Use Policy Template
F8280 - State Access Agreement Form (Word)
F8280 - State Access Agreement Form (pdf)
S8280 - Acceptable Use Summary

**8310 Account Management**
P8310 - Account Management Policy
T8310 - Account Management Policy Template
S8310 - Account Management Summary

**8320 Access Controls**
P8320 - Access Controls Policy
T8320 - Access Controls Policy Template
S8320 - Access Control Standard
S8320 - Access Control Summary

**8330 System Security Audit**
P8330 - System Security Audit Policy
T8330 - System Security Audit Policy Template
S8330 - System Security Audit Standard
S8330 - System Security Audit Summary

**8340 Identification and Authentication**
P8340 - Identification and Authentication Policy
T8340 - Identification and Authentication Policy Template
S8340 - Identification and Authentication Standard
S8340 - Identification and Authentication Summary

**8350 System and Communication Protections**
P8350 - System and Communication Protections Policy
T8350 - System and Communication Protections Policy Template
S8350 - System and Communication Protections Standard
S8350 - System and Communication Protections Summary

**8410 System Privacy**
P8410 - System Privacy Policy
T8410 - System Privacy Policy Template
S8410 - System Privacy Summary

**Arizona NIST Baseline Security Controls**
Arizona Baseline Infrastructure Security Controls 2017 (Excel)
NIST SP800-53 R4 (pdf)
Arizona Baseline Infrastructure Security Controls Pre-requisite (Excel)
Arizona Control Quick Guide v2.0 (pdf)

**Executive Orders**
Executive Order 2008-10 Mitigating Cyber Security Threats

**Guest Wi-Fi Terms and Conditions**
Guest Wireless Network Terms of Use