Information Technology Policies, Standards and Procedures

Information Technology (IT) Policies, Standards, and Procedures are based on ADOA-ASET strategies and framework. This provides a comprehensive framework of business principles, best practices, technical standards, migration, and implementation strategies that direct the design, deployment, and management of IT for the State of Arizona.

Due to changes in P1050, template links for non-security policies have been removed. Please view the presentation for details.

For more information, please reach out to the ADOA-ASET PSP contact at [email protected].

Information Security

1.0 Risk Acceptance
Risk Acceptance Form
Risk Acceptance Questionnaire

8280 Acceptable Use
State Access Agreement (Word)
F8280 State Access Agreement (pdf)
Acceptable Use Summary (pdf)

Arizona NIST Baseline Security Controls
Arizona Control Quick Guide v2.0 (pdf)
Arizona Baseline Infrastructure Security Controls Pre-requisite (Excel)
Arizona Baseline Infrastructure Security Controls 2017 (Excel)
NIST SP800-53 R4 (pdf)

Resources
Tailoring PSP Templates Guide

8110 Data Classification Policy
Data Classification Policy (pdf)
Data Classification Policy Template (Word)

8120 Information Security Program
Information Security Program Policy (pdf)
Information Security Program Policy Template (Word)
Information Security Program Standard (pdf)
Information Security Program Summary (pdf)

8130 System Security Acquisition and Development
System Security Acquisition and Development Policy (pdf)
System Security Acquisition and Development Policy Template (Word)
System Security Acquisition and Development Summary (pdf)

8210 Security Awareness Training and Education
Security Awareness Training and Education Policy (pdf)
Security Awareness Training and Education Policy Template (Word)
Security Awareness Training and Education Standard (pdf)
Security Awareness Training and Education Summary (pdf)

8220 System Security Maintenance
System Security Maintenance Policy (pdf)
System Security Maintenance Policy Template (Word)

8230 Contingency Planning
Contingency Planning Policy (pdf)
Contingency Planning Policy Template (Word)
Contingency Planning Summary (pdf)

8240 Incident Response Planning
Incident Response Planning Policy (pdf)
Incident Response Planning Policy Template (Word)
Incident Response Planning Standard (pdf)
Incident Response Planning Summary (pdf)

8250 Media Protection
Media Protection Policy (pdf)
Media Protection Policy Template (Word)
Media Protection Standard (pdf)
Media Protection Summary (pdf)

8260 Physical Security Protections
Physical Security Protections Policy (pdf)
Physical Security Protections Policy Template (Word)
Physical Security Protections Summary (pdf)

8270 Personnel Security Controls
Personnel Security Controls Policy (pdf)
Personnel Security Controls Policy Template (Word)
Personnel Security Controls Summary (pdf)

8280 Acceptable Use
Acceptable Use Policy (pdf)
Acceptable Use Policy Template (Word)

8310 Account Management
Account Management Policy (pdf)
Account Management Policy Template (Word)
Account Management Summary (pdf)

8320 Access Controls
Access Controls Policy (pdf)
Access Controls Policy Template (Word)
Access Control Standard (pdf)
Access Control Summary (pdf)

8330 System Security Audit
System Security Audit Policy (pdf)
System Security Audit Policy Template (Word)

8340 Identification and Authentication
Identification and Authentication Policy (pdf)
Identification and Authentication Policy Template (Word)
Identification and Authentication Standard (pdf)
Identification and Authentication Summary (pdf)

8350 System and Communication Protections
System and Communication Protections Policy (pdf)
System and Communication Protections Policy Template (Word)

8410 System Privacy
System Privacy Policy (pdf)
System Privacy Policy Template (Word)
System Privacy Summary (pdf)

Executive Orders
Executive Order 2008-10 Mitigating Cyber Security Threats

Guest Wi-Fi Terms and Conditions
Guest Wireless Network Terms of Use

8220 System Security Maintenance
System Security Maintenance Standard (pdf)
System Security Maintenance Summary (pdf)

8330 System Security Audit
System Security Audit Standard (pdf)
System Security Audit Summary (pdf)

8350 System and Communication Protections
System and Communication Protections Standard (pdf)
System and Communication Protections Summary (pdf)

8110 Data Classification
Data Classification Summary (pdf)

IT Governance

1360 - Information Technology Planning
Project Summary Form
Information Technology Planning Policy

1000 - Information Technology
Information Technology Policy
SPO End User Hardware Pricing 2016-02-11

1050 IT Policies, Standards & Procedures Program
IT Policies, Standards & Procedures Program
Policies, Standards and Procedures (PSP) Template

1100 - Cloud First
P1100 - Cloud First Policy 1.1
S1100 - Cloud First Exception Request Standard 1.3

1250 - Website Design
Website Design Policy

1300 - Website Accessibility
Website Accessibility Policy

1310 - Domain Naming
Domain Naming Policy
Domain Naming Standard

1650 - Release Management
Release Management Policy

P340 - Project Investment Justification
Project Investment Justification Policy

3400 Project Investment Justification
Project Investment Justification Standard
Project Status Reporting
Project Special Funding
Project Oversight

Data Governance

Implementation Guidelines
Data Governance policy adoption cost worksheet
Data Governance Policy Implementation Guidelines

4465 State-Owned Cloud Data
State-Owned Cloud Data Policy

Data Governance Documentation
P4470 - Data Governance Documentation Policy

Data Governance Organization
P4400 - Data Governance Organization Policy

Data Governance Technology
P4430 - Data Governance Technology Policy

Data Operations
P4450 - Data Operations Policy

Data Quality
P4460 - Data Governance Data Quality Policy

Data Sharing and Interoperability
P4440 - Data Governance Data Interoperability Policy
AZ Standard Data Sharing Agreement Template
Enterprise Data Sharing Memorandum of Understanding (Amended)

Collaboration and Communication

5050 Social Media
Social Media Policy

P4070 - Electronic and Digital Signatures
Electronic and Digital Signature Policy

State Data Center

6000 State Data Center Contingency Planning
State Data Center Contingency Planning Policy

6100 State Data Center Infrastructure Configuration and Change Control
State Data Center Infrastructure Configuration and Change Control Policy

6200 State Data Center Physical Security
State Data Center Physical Security Policy

Enterprise Architecture

700 Enterprise Architecture
Enterprise Architecture Policy

7100 - Network Architecture
Network Architecture Policy
Network Infrastructure Standard

720 Platform Architecture
Platform Architecture Policy

7300 - Software Architecture
Software Architecture Policy

750 Data Information Architecture
Service Oriented Architecture Policy

IT Governance

3400 Project Investment Justification
Policy/Standard Name	Status	Submit A Comment
Project Investment Justification Policy	Open for Comment Until Friday, April 16, 2021	Submit a Comment

Collaboration and Communication

P4070 - Electronic and Digital Signatures
Policy/Standard Name	Status	Submit A Comment
Electronic and Digital Signature Policy	Open for Comment Until Friday, April 16, 2021	Submit a Comment