Information Technology Policies, Standards and Procedures

Information Technology (IT) Policies, Standards, and Procedures are based on Enterprise Architecture (EA) strategies and framework. EA provides a comprehensive framework of business principles, best practices, technical standards, migration and implementation strategies that direct the design, deployment and management of IT for the State of Arizona.

For more information, please contact Enterprise Architecture.

Procurement pricing related to end user devices such as laptops, desktops, etc., is available in the IT Governance section under "1000 - Information Technology" policy. Please contact your SPO representative for assistance with ordering from these contracts.

PSP Training PowerPoint Presentation

Information Security

1.0 Risk Acceptance
Risk Acceptance Form
Risk Acceptance Questionnaire

8280 Acceptable Use
State Access Agreement (Word)
F8280 State Access Agreement (pdf)
Acceptable Use Summary (pdf)

Arizona NIST Baseline Security Controls
Arizona Control Quick Guide v2.0 (pdf)
Arizona Baseline Infrastructure Security Controls Pre-requisite (Excel)
Arizona Baseline Infrastructure Security Controls 2017 (Excel)
NIST SP800-53 R4 (pdf)

Resources
Tailoring PSP Templates Guide

8110 Data Classification Policy
Data Classification Policy (pdf)
Data Classification Policy Template (Word)

8120 Information Security Program
Information Security Program Policy (pdf)
Information Security Program Policy Template (Word)
Information Security Program Standard (pdf)
Information Security Program Summary (pdf)

8130 System Security Acquisition and Development
System Security Acquisition and Development Policy (pdf)
System Security Acquisition and Development Policy Template (Word)
System Security Acquisition and Development Summary (pdf)

8210 Security Awareness Training and Education
Security Awareness Training and Education Policy (pdf)
Security Awareness Training and Education Policy Template (Word)
Security Awareness Training and Education Standard (pdf)
Security Awareness Training and Education Summary (pdf)

8220 System Security Maintenance
System Security Maintenance Policy (pdf)
System Security Maintenance Policy Template (Word)

8230 Contingency Planning
Contingency Planning Policy (pdf)
Contingency Planning Policy Template (Word)
Contingency Planning Summary (pdf)

8240 Incident Response Planning
Incident Response Planning Policy (pdf)
Incident Response Planning Policy Template (Word)
Incident Response Planning Standard (pdf)
Incident Response Planning Summary (pdf)

8250 Media Protection
Media Protection Policy (pdf)
Media Protection Policy Template (Word)
Media Protection Standard (pdf)
Media Protection Summary (pdf)

8260 Physical Security Protections
Physical Security Protections Policy (pdf)
Physical Security Protections Policy Template (Word)
Physical Security Protections Summary (pdf)

8270 Personnel Security Controls
Personnel Security Controls Policy (pdf)
Personnel Security Controls Policy Template (Word)
Personnel Security Controls Summary (pdf)

8280 Acceptable Use
Acceptable Use Policy (pdf)
Acceptable Use Policy Template (Word)

8310 Account Management
Account Management Policy (pdf)
Account Management Policy Template (Word)
Account Management Summary (pdf)

8320 Access Controls
Access Controls Policy (pdf)
Access Controls Policy Template (Word)
Access Control Standard (pdf)
Access Control Summary (pdf)

8330 System Security Audit
System Security Audit Policy (pdf)
System Security Audit Policy Template (Word)

8340 Identification and Authentication
Identification and Authentication Policy (pdf)
Identification and Authentication Policy Template (Word)
Identification and Authentication Standard (pdf)
Identification and Authentication Summary (pdf)

8350 System and Communication Protections
System and Communication Protections Policy (pdf)
System and Communication Protections Policy Template (Word)

8410 System Privacy
System Privacy Policy (pdf)
System Privacy Policy Template (Word)
System Privacy Summary (pdf)

Executive Orders
Executive Order 2008-10 Mitigating Cyber Security Threats

Guest Wi-Fi Terms and Conditions
Guest Wireless Network Terms of Use

8220 System Security Maintenance
System Security Maintenance Standard (pdf)
System Security Maintenance Summary (pdf)

8330 System Security Audit
System Security Audit Standard (pdf)
System Security Audit Summary (pdf)

8350 System and Communication Protections
System and Communication Protections Standard (pdf)
System and Communication Protections Summary (pdf)

8110 Data Classification
Data Classification Summary (pdf)

IT Governance

1360 - Information Technology Planning
Project Summary Form
Information Technology Planning Policy

1000 - Information Technology
Information Technology Policy
Information Technology Policy Template
SPO End User Hardware Pricing 2016-02-11

1050 - Policies, Standards and Procedures
Policies, Standards and Procedures (PSP) Policy
Policies, Standards and Procedures (PSP) Template

1100 - Cloud First
P1100 - Cloud First Policy 1.1

1250 - Website Design
Website Design Policy

1300 - Website Accessibility
Website Accessibility Policy
Website Accessibility Policy Template

1310 - Domain Naming
Domain Naming Policy
Domain Naming Standard

1650 - Release Management
Release Management Policy
Release Management Policy Template

340 Project Investment Justification
Project Investment Justification Policy
Project Investment Justification Standard
Project Status Reporting
Project Special Funding
Project Oversight

Data Governance

Implementation Guidelines
Data Governance Policy Implementation Guidelines
Data Governance policy adoption cost worksheet

Data Governance Documentation
P4470 - Data Governance Documentation Policy
P4470 - Data Governance Documentation Policy Template

Data Governance Organization
P4400 - Data Governance Organization Policy
P4400 Data Governance Organization Policy Template

Data Governance Technology
P4430 - Data Governance Technology Policy
P4430 Data Governance Technology Policy Template

Data Operations
P4450 - Data Operations Policy
P4450 - Data Governance Data Operations Policy Template

Data Sharing and Interoperability
P4440 - Data Governance Data Interoperability Policy
AZ Standard Data Sharing Agreement Template
Enterprise Data Sharing Memorandum of Understanding (Amended)

Collaboration and Communication

4050 Email Public Records Management
Email Public Records Management Policy

5050 Social Media
Social Media Policy
Social Media Policy Template

P4070 - Electronic and Digital Signatures
Electronic and Digital Signature Policy

State Data Center

6000 State Data Center Contingency Planning
State Data Center Contingency Planning Policy

6100 State Data Center Infrastructure Configuration and Change Control
State Data Center Infrastructure Configuration and Change Control Policy

6200 State Data Center Physical Security
State Data Center Physical Security Policy

Enterprise Architecture

700 Enterprise Architecture
Enterprise Architecture Policy

7100 - Network Architecture
Network Architecture Policy
Network Infrastructure Standard

720 Platform Architecture
Platform Architecture Policy

730 Software Architecture
Software Architecture Policy
Application Software Standard
Software Productivity Tools Standard

7300 - Software Architecture
Software Architecture Policy
Software Architecture Policy Template

740 Data Information Architecture
Data Information Architecture Policy
Data Modeling Policy
Database Access Standard

750 Data Information Architecture
Service Oriented Architecture Policy

Enterprise Architecture

7000 - Enterprise Architecture
Policy/Standard Name	Status	Submit A Comment
Enterprise Architecture Policy	Open for Comment Until Friday, December 27, 2019	Submit a Comment

Information Security

User Owned Device Guidelines
Policy/Standard Name	Status	Submit A Comment
User Owned Device Guidelines	Open for Comment Until Friday, December 27, 2019	Submit a Comment

XXXX User Owned Devices
Policy/Standard Name	Status	Submit A Comment
User Owned Devices	Open for Comment Until Friday, December 27, 2019	Submit a Comment

Collaboration and Communication

4050 Email Public Records Management
Policy/Standard Name	Status	Submit A Comment
Email Public Records Management	Open for Comment Until Friday, December 20, 2019	Submit a Comment

4060 Electronic and Digital File Management
Policy/Standard Name	Status	Submit A Comment
Electronic and Digital File Management	Open for Comment Until Friday, December 20, 2019	Submit a Comment

Data Governance

Data Quality
Policy/Standard Name	Status	Submit A Comment
P4460 - Data Governance Data Quality Policy	Open for Comment Until Monday, June 15, 2020	Submit a Comment

Policies and documents on this tab represent transformational initiatives undertaken by Enterprise Architecture at ADOA-ASET. We invite you to actively participate in developing these by submitting comments, making recommendations and participating in one or more working sessions that we are planning in the near future. With your active participation we plan to eventually tune these into statewide polices or templates that you can tailor to your agency’s needs.

There is no set target date for implementation of the items in this tab. Please e-mail [email protected] or click the “Submit a Comment” link below to submit comments, join a working group or submit suggestions for new policies to bridge gaps in your environment.

IT Governance

1800 - Vendor Management
Policy/Standard Name	Submit A Comment
Vendor Management Policy	Submit a Comment

Data Governance

4465 State-Owned Cloud Data
Policy/Standard Name	Submit A Comment
State-Owned Cloud Data Policy	Submit a Comment