Information Technology Policies, Standards and Procedures

Information Technology (IT) Policies, Standards, and Procedures are based on ADOA-ASET strategies and framework. This provides a comprehensive framework of business principles, best practices, technical standards, migration, and implementation strategies that direct the design, deployment, and management of IT for the State of Arizona.

Due to changes in P1050, template links for non-security policies have been removed. Please view the presentation for details.

For more information, please reach out to the ADOA-ASET PSP contact at [email protected]

 

P1000: IT Governance

1050 IT Policies, Standards & Procedures Program
P1050 - IT Policies, Standards & Procedures Program
T1050 - Policy Template
T1060 - Standard Template
1100 Cloud First
P1100 - Cloud First Policy 1.1
S1100 - Cloud First Exception Request Standard 1.3
1110 Google Workspace Platform
S1110 - Google Workspace Platform Standard
1250 Website and Application Design
P1250 - Website and Application Design Policy
1300 Accessibility of Electronic or Information Technology
P1300 - Accessibility of Electronic or Information Technology Policy
1310 Domain Naming
P1310 - Domain Naming Policy
S1310 - Domain Naming Standard
1360 Information Technology Planning
P1360 - Information Technology Planning Policy
1650 Release Management
P1650 - Release Management Policy
3400 Project Investment Justification
P3400 - Project Investment Justification Policy
S3400 - Project Investment Justification Standard
S3410 - Project Status Reporting
S3420 - Project Special Funding
S3430 - Project Oversight

P4400: Data Governance

4400 Data Governance Organization
P4400 - Data Governance Organization Policy
S4400 - Data Governance Organization Policy Exception Standard
4430 Data Governance Technology
P4430 - Data Governance Technology Policy
4440 Interagency Data Sharing
P4440 - Data Governance Data Interoperability Policy
T4440 - AZ Standard Data Sharing Agreement Template
Enterprise Data Sharing Memorandum of Understanding (Amended)
4450 Data Governance Data Operations
P4450 - Data Governance Data Operations Policy
4460 Data Governance Data Quality
P4460 - Data Governance Data Quality Policy
4465 State-Owned Cloud Data
P4465 - State-Owned Cloud Data Policy
4470 Data Governance Documentation
P4470 - Data Governance Documentation Policy
Implementation Guidelines
Data Governance policy adoption cost worksheet
Data Governance Policy Implementation Guidelines

P5000: Collaboration and Communication

5050 Social Media
P5050 - Social Media Policy
5070 Electronic and Digital Signature
P5070 - Electronic and Digital Signature Policy

P6000: State Data Center

6000 State Data Center Contingency Planning
P6000 - State Data Center Contingency Planning Policy
6100 State Data Center Infrastructure Configuration Management and Change Control
P6100 - State Data Center Infrastructure Configuration Management and Change Control Policy
6200 State Data Center Physical Security
P6200 - State Data Center Physical Security Policy

P7000: Enterprise Architecture

7100 Network Architecture
P7100 - Network Architecture Policy
S7100 - Network Infrastructure Standard
7300 Software Architecture
P7300 - Software Architecture Policy

P8000: Information Security

1.0 Risk Acceptance
Risk Acceptance Form
Risk Acceptance Questionnaire
8000 Information Security
P8000 Information Security Policies (Combined)
8110 Data Classification
P8110 - Data Classification Policy
T8110 - Data Classification Policy Template
S8110 - Data Classification Summary
8120 Information Security Program
P8120 - Information Security Program Policy
T8120 - Information Security Program Policy Template
S8120 - Information Security Program Standard
S8120 - Information Security Program Summary
8130 System Security Acquisition and Development
P8130 - System Security Acquisition and Development Policy
T8130 - System Security Acquisition and Development Policy Template
S8130 - System Security Acquisition and Development Summary
8210 Security Awareness Training and Education
P8210 - Security Awareness Training and Education Policy
T8210 - Security Awareness Training and Education Policy Template
S8210 - Security Awareness Training and Education Standard
S8210 - Security Awareness Training and Education Summary
8220 System Security Maintenance
P8220 - System Security Maintenance Policy
T8220 - System Security Maintenance Policy Template
S8220 - System Security Maintenance Standard
S8220 - System Security Maintenance Summary
8230 Contingency Planning
P8230 - Contingency Planning Policy
T8230 - Contingency Planning Policy Template
S8230 - Contingency Planning Summary
8240 Incident Response Planning
P8240 - Incident Response Planning Policy
T8240 - Incident Response Planning Policy Template
S8240 - Incident Response Planning Standard
S8240 - Incident Response Planning Summary
8250 Media Protection
P8250 - Media Protection Policy
T8250 - Media Protection Policy Template
S8250 - Media Protection Standard
S8250 - Media Protection Summary
8260 Physical Security Protections
P8260 - Physical Security Protections Policy
T8260 - Physical Security Protections Policy Template
S8260 - Physical Security Protections Summary
8270 Personnel Security Controls
P8270 - Personnel Security Controls Policy
T8270 - Personnel Security Controls Policy Template
S8270 - Personnel Security Controls Summary
8280 Acceptable Use
P8280 - Acceptable Use Policy
T8280 - Acceptable Use Policy Template
F8280 - State Access Agreement Form (Word)
F8280 - State Access Agreement Form (pdf)
S8280 - Acceptable Use Summary
8310 Account Management
P8310 - Account Management Policy
T8310 - Account Management Policy Template
S8310 - Account Management Summary
8320 Access Controls
P8320 - Access Controls Policy
T8320 - Access Controls Policy Template
S8320 - Access Control Standard
S8320 - Access Control Summary
8330 System Security Audit
P8330 - System Security Audit Policy
T8330 - System Security Audit Policy Template
S8330 - System Security Audit Standard
S8330 - System Security Audit Summary
8340 Identification and Authentication
P8340 - Identification and Authentication Policy
T8340 - Identification and Authentication Policy Template
S8340 - Identification and Authentication Standard
S8340 - Identification and Authentication Summary
8350 System and Communication Protections
P8350 - System and Communication Protections Policy
T8350 - System and Communication Protections Policy Template
S8350 - System and Communication Protections Standard
S8350 - System and Communication Protections Summary
8410 System Privacy
P8410 - System Privacy Policy
T8410 - System Privacy Policy Template
S8410 - System Privacy Summary
Arizona NIST Baseline Security Controls
Arizona Baseline Infrastructure Security Controls 2017 (Excel)
NIST SP800-53 R4 (pdf)
Arizona Baseline Infrastructure Security Controls Pre-requisite (Excel)
Arizona Control Quick Guide v2.0 (pdf)
Executive Orders
Executive Order 2008-10 Mitigating Cyber Security Threats
Guest Wi-Fi Terms and Conditions
Guest Wireless Network Terms of Use