Information Technology Policies, Standards and Procedures

Information Technology (IT) Policies, Standards, and Procedures are based on ADOA-ASET strategies and framework. This provides a comprehensive framework of business principles, best practices, technical standards, migration, and implementation strategies that direct the design, deployment, and management of IT for the State of Arizona.

Due to changes in P1050, template links for non-security policies have been removed. Please view the presentation for details.

For more information, please reach out to the ADOA-ASET PSP contact at [email protected]

 

 

P1000: IT Governance

1050 IT Policies, Standards & Procedures Program
P1050 - IT Policies, Standards & Procedures Program
T1050 - Policies, Standards and Procedures (PSP) Template
1100 Cloud First
S1100 - Cloud First Exception Request Standard 1.3
P1100 - Cloud First Policy 1.1
1250 Website and Application Design
P1250 - Website and Application Design Policy
1300 Accessibility of Electronic or Information Technology
P1300 - Accessibility of Electronic or Information Technology Policy
1310 Domain Naming
P1310 - Domain Naming Policy
S1310 - Domain Naming Standard
1360 Information Technology Planning
P1360 - Information Technology Planning Policy
1650 Release Management
P1650 - Release Management Policy
3400 Project Investment Justification
P3400 - Project Investment Justification Policy
S3400 - Project Investment Justification Standard
S3410 - Project Status Reporting
S3420 - Project Special Funding
S3430 - Project Oversight

P4400: Data Governance

4400 Data Governance Organization
P4400 - Data Governance Organization Policy
4430 Data Governance Technology
P4430 - Data Governance Technology Policy
4440 Data Governance Data Interoperability Policy
P4440 - Data Governance Data Interoperability Policy
T4440 - AZ Standard Data Sharing Agreement Template
Enterprise Data Sharing Memorandum of Understanding (Amended)
4450 Data Governance Data Operations
P4450 - Data Governance Data Operations Policy
4460 Data Governance Data Quality
P4460 - Data Governance Data Quality Policy
4465 State-Owned Cloud Data
P4465 - State-Owned Cloud Data Policy
4470 Data Governance Documentation
P4470 - Data Governance Documentation Policy

P5000: Collaboration and Communication

5050 Social Media
P5050 - Social Media Policy
5070 Electronic and Digital Signature
P5070 - Electronic and Digital Signature Policy

P6000: State Data Center

6000 State Data Center Contingency Planning
P6000 - State Data Center Contingency Planning Policy
6100 State Data Center Infrastructure Configuration Management and Change Control
P6100 - State Data Center Infrastructure Configuration Management and Change Control Policy
6200 State Data Center Physical Security
P6200 - State Data Center Physical Security Policy

P7000: Enterprise Architecture

7000 Enterprise Architecture
P7000 - Enterprise Architecture Policy
7100 Network Architecture
P7100 - Network Architecture Policy
S7100 - Network Infrastructure Standard
7200 Platform Architecture
P7200 - Platform Architecture Policy
7300 Software Architecture
P7300 - Software Architecture Policy
7500 Service Oriented Architecture
P7500 - Service Oriented Architecture Policy

P8000: Information Security

1.0 Risk Acceptance
Risk Acceptance Form
Risk Acceptance Questionnaire
8000 Information Security
P8000 Information Security Policies (Combined)
8110 Data Classification
P8110 - Data Classification Policy
T8110 - Data Classification Policy Template
S8110 - Data Classification Summary
8120 Information Security Program
P8120 - Information Security Program Policy
T8120 - Information Security Program Policy Template
S8120 - Information Security Program Standard
S8120 - Information Security Program Summary
8130 System Security Acquisition and Development
P8130 - System Security Acquisition and Development Policy
T8130 - System Security Acquisition and Development Policy Template
S8130 - System Security Acquisition and Development Summary
8210 Security Awareness Training and Education
P8210 - Security Awareness Training and Education Policy
T8210 - Security Awareness Training and Education Policy Template
S8210 - Security Awareness Training and Education Standard
S8210 - Security Awareness Training and Education Summary
8220 System Security Maintenance
P8220 - System Security Maintenance Policy
T8220 - System Security Maintenance Policy Template
S8220 - System Security Maintenance Standard
S8220 - System Security Maintenance Summary
8230 Contingency Planning
P8230 - Contingency Planning Policy
T8230 - Contingency Planning Policy Template
S8230 - Contingency Planning Summary
8240 Incident Response Planning
P8240 - Incident Response Planning Policy
T8240 - Incident Response Planning Policy Template
S8240 - Incident Response Planning Standard
S8240 - Incident Response Planning Summary
8250 Media Protection
P8250 - Media Protection Policy
T8250 - Media Protection Policy Template
S8250 - Media Protection Standard
S8250 - Media Protection Summary
8260 Physical Security Protections
P8260 - Physical Security Protections Policy
T8260 - Physical Security Protections Policy Template
S8260 - Physical Security Protections Summary
8270 Personnel Security Controls
P8270 - Personnel Security Controls Policy
T8270 - Personnel Security Controls Policy Template
S8270 - Personnel Security Controls Summary
8280 Acceptable Use
F8280 - State Access Agreement Form (Word)
F8280 - State Access Agreement Form (pdf)
P8280 - Acceptable Use Policy
T8280 - Acceptable Use Policy Template
S8280 - Acceptable Use Summary
8310 Account Management
P8310 - Account Management Policy
T8310 - Account Management Policy Template
S8310 - Account Management Summary
8320 Access Controls
P8320 - Access Controls Policy
T8320 - Access Controls Policy Template
S8320 - Access Control Standard
S8320 - Access Control Summary
8330 System Security Audit
P8330 - System Security Audit Policy
T8330 - System Security Audit Policy Template
S8330 - System Security Audit Standard
S8330 - System Security Audit Summary
8340 Identification and Authentication
P8340 - Identification and Authentication Policy
T8340 - Identification and Authentication Policy Template
S8340 - Identification and Authentication Standard
S8340 - Identification and Authentication Summary
8350 System and Communication Protections
P8350 - System and Communication Protections Policy
T8350 - System and Communication Protections Policy Template
S8350 - System and Communication Protections Standard
S8350 - System and Communication Protections Summary
8410 System Privacy
P8410 - System Privacy Policy
T8410 - System Privacy Policy Template
S8410 - System Privacy Summary
Arizona NIST Baseline Security Controls
Arizona Control Quick Guide v2.0 (pdf)
Arizona Baseline Infrastructure Security Controls 2017 (Excel)
NIST SP800-53 R4 (pdf)
Arizona Baseline Infrastructure Security Controls Pre-requisite (Excel)
Executive Orders
Executive Order 2008-10 Mitigating Cyber Security Threats
Guest Wi-Fi Terms and Conditions
Guest Wireless Network Terms of Use

P7000: Enterprise Architecture

7300 Software Architecture
Policy/Standard Name Status Submit A Comment
P7300 - Software Architecture Policy Open for Comment Until
Thursday, June 24, 2021 		Submit a Comment