Information Technology Policies, Standards and Procedures

Information Technology (IT) Policies, Standards, and Procedures are based on Enterprise Architecture (EA) strategies and framework. EA provides a comprehensive framework of business principles, best practices, technical standards, migration and implementation strategies that direct the design, deployment and management of IT for the State of Arizona.

For more information, please contact Enterprise Architecture.

Procurement pricing related to end user devices such as laptops, desktops, etc., is available in the IT Governance section under "1000 - Information Technology" policy. Please contact your SPO representative for assistance with ordering from these contracts.

PSP Training PowerPoint Presentation

 

Information Security

1.0 Risk Acceptance
Risk Acceptance Form
Risk Acceptance Questionnaire
8280 Acceptable Use
State Access Agreement (Word)
F8280 State Access Agreement (pdf)
Acceptable Use Policy (pdf)
Acceptable Use Policy Template (Word)
Acceptable Use Summary (pdf)
Arizona NIST Baseline Security Controls
Arizona Control Quick Guide v2.0 (pdf)
Arizona Baseline Infrastructure Security Controls 2017 (Excel)
NIST SP800-53 R4 (pdf)
Arizona Baseline Infrastructure Security Controls Pre-requisite (Excel)
Resources
Tailoring PSP Templates Guide
8110 Data Classification
Data Classification Policy (pdf)
Data Classification Policy Template (Word)
Data Classification Summary (pdf)
8120 Information Security Program
Information Security Program Policy (pdf)
Information Security Program Policy Template (Word)
Information Security Program Standard (pdf)
Information Security Program Summary (pdf)
8130 System Security Acquisition and Development
System Security Acquisition and Development Policy (pdf)
System Security Acquisition and Development Policy Template (Word)
System Security Acquisition and Development Summary (pdf)
8210 Security Awareness Training and Education
Security Awareness Training and Education Policy (pdf)
Security Awareness Training and Education Policy Template (Word)
Security Awareness Training and Education Standard (pdf)
Security Awareness Training and Education Summary (pdf)
8220 System Security Maintenance
System Security Maintenance Policy (pdf)
System Security Maintenance Policy Template (Word)
System Security Maintenance Standard (pdf)
System Security Maintenance Summary (pdf)
8230 Contingency Planning
Contingency Planning Policy (pdf)
Contingency Planning Policy Template (Word)
Contingency Planning Summary (pdf)
8240 Incident Response Planning
Incident Response Planning Policy (pdf)
Incident Response Planning Policy Template (Word)
Incident Response Planning Standard (pdf)
Incident Response Planning Summary (pdf)
8250 Media Protection
Media Protection Policy (pdf)
Media Protection Policy Template (Word)
Media Protection Standard (pdf)
Media Protection Summary (pdf)
8260 Physical Security Protections
Physical Security Protections Policy (pdf)
Physical Security Protections Policy Template (Word)
Physical Security Protections Summary (pdf)
8270 Personnel Security Controls
Personnel Security Controls Policy (pdf)
Personnel Security Controls Policy Template (Word)
Personnel Security Controls Summary (pdf)
8310 Account Management
Account Management Policy (pdf)
Account Management Policy Template (Word)
Account Management Summary (pdf)
8320 Access Controls
Access Control Policy (pdf)
Access Controls Policy Template (Word)
Access Control Standard (pdf)
Access Control Summary (pdf)
8330 System Security Audit
System Security Audit Policy (pdf)
System Security Audit Policy Template (Word)
System Security Audit Standard (pdf)
System Security Audit Summary (pdf)
8340 Identification and Authentication
Identification and Authentication Policy (pdf)
Identification and Authentication Policy Template (Word)
Identification and Authentication Standard (pdf)
Identification and Authentication Summary (pdf)
8350 System and Communication Protections
System and Communication Protections Policy (pdf)
System and Communication Protections Policy Template (Word)
System and Communication Protections Standard (pdf)
System and Communication Protections Summary (pdf)
8410 System Privacy
System Privacy Policy (pdf)
System Privacy Policy Template (Word)
System Privacy Summary (pdf)
Executive Orders
Executive Order 2008-10 Mitigating Cyber Security Threats

IT Governance

1360 - Information Technology Planning
Project Summary Form
Information Technology Planning Policy
1000 - Information Technology
Information Technology Policy
Information Technology Policy Template
SPO End User Hardware Pricing 2016-02-11
1050 - Policies, Standards and Procedures
Policies, Standards and Procedures (PSP) Policy
Policies, Standards and Procedures (PSP) Template
1250 - Website Design
Website Design Policy
1300 - Website Accessibility
Website Accessibility Policy
Website Accessibility Policy Template
1310 - Domain Naming
Domain Naming Policy
Domain Naming Standard
1650 - Release Management
Release Management Policy
Release Management Policy Template
340 Project Investment Justification
Project Investment Justification Policy
Project Investment Justification Standard
Project Status Reporting
Project Special Funding
Project Oversight

Data Governance

Implementation Guidelines
Data Governance policy adoption cost worksheet
Data Governance Policy Implementation Guidelines
Data Governance Documentation
P4470 - Data Governance Documentation Policy
P4470 - Data Governance Documentation Policy Template
Data Governance Organization
P4400 - Data Governance Organization Policy
P4400 Data Governance Organization Policy Template
Data Governance Technology
P4430 - Data Governance Technology Policy
P4430 Data Governance Technology Policy Template

Collaboration and Communication

4050 Email Public Records Management
Email Public Records Management Policy
5050 Social Media
Social Media Policy
Social Media Policy Template
P4070 - Electronic and Digital Signatures
Electronic and Digital Signature Policy

State Data Center

6000 State Data Center Contingency Planning
State Data Center Contingency Planning Policy
6100 State Data Center Infrastructure Configuration and Change Control
State Data Center Infrastructure Configuration and Change Control Policy
6200 State Data Center Physical Security
State Data Center Physical Security Policy

Enterprise Architecture

700 Enterprise Architecture
Enterprise Architecture Policy
7100 - Network Architecture
Network Architecture Policy
Network Infrastructure Standard
720 Platform Architecture
Platform Architecture Policy
730 Software Architecture
Software Architecture Policy
Application Software Standard
Software Productivity Tools Standard
7300 - Software Architecture
Software Architecture Policy
Software Architecture Policy Template
740 Data Information Architecture
Data Information Architecture Policy
Data Modeling Policy
Database Access Standard
750 Data Information Architecture
Service Oriented Architecture Policy

Enterprise Architecture

7000 - Enterprise Architecture
Policy/Standard Name Status Submit A Comment
Enterprise Architecture Policy Open for Comment Submit a Comment
P1100
Policy/Standard Name Status Submit A Comment
Cloud First Policy Open for Comment Until
Monday, April 30, 2018 		Submit a Comment

Policies and documents on this tab represent transformational initiatives undertaken by Enterprise Architecture at ADOA-ASET. We invite you to actively participate in developing these by submitting comments, making recommendations and participating in one or more working sessions that we are planning in the near future. With your active participation we plan to eventually tune these into statewide polices or templates that you can tailor to your agency’s needs.

There is no set target date for implementation of the items in this tab. Please e-mail [email protected] or click the “Submit a Comment” link below to submit comments,  join a working group or submit suggestions for new policies to bridge gaps in your environment.

IT Governance

1800 - Vendor Management
Policy/Standard Name Submit A Comment
Vendor Management Policy Submit a Comment

Data Governance

Data Operations
Policy/Standard Name Submit A Comment
P4450 - Data Operations Policy Submit a Comment
Data Governance Data Interoperability Policy
Policy/Standard Name Submit A Comment
P4440 - Data Governance Data Interoperability Policy Submit a Comment