Policies

ITA Policy P1010 ensures statewide integration of information resources, providing seamless access to data, computer services, and communication resources.

ITA Policy P1015 outlines the process for developing IT policies, standards, and guidelines, ensuring consistency and effectiveness statewide.

ITA Policy P1020 outlines the privacy notice, ensuring protection of user data and privacy across the state’s web portal.

ITA Policy P1030 outlines the management of electronic documents, ensuring compliance with state records management policies and statutes.

ITA Policy P1040 ensures proper and efficient use of Idaho’s email and messaging systems by employees, promoting ethical and lawful communication.

ITA Policy P1050 ensures responsible and secure internet use, monitoring, and filtering to protect state resources and enhance productivity.

ITA Policy P1060 outlines the expectations for the use of state-issued IT devices, ensuring proper management and security.

ITA Policy P1070 defines GIS as a key part of Idaho’s IT architecture, promoting data compatibility and interoperability among state agencies.

ITA Policy P1090 establishes a cloud services security policy to ensure the wise use of state resources while mitigating risks and legal liabilities.

ITA Policy 2010 outlines the Information Technology Planning Process, ensuring strategic alignment and effective resource management.

ITA Policy P2020 establishes a statewide business recovery planning policy, ensuring agencies can continue mission-critical IT services during disruptions.

ITA Policy P2030 mandates the review of large-scale IT projects by state agencies to ensure alignment with statewide IT plans and standards.

ITA Policy P2040 mandates risk assessments for large-scale IT projects, ensuring agencies minimize potential failures and maintain project success.

ITA Policy P2045 requires state agencies to adopt a risk management program to manage risks to the confidentiality, integrity, and availability of data.

ITA Policy P3010 mandates the use of ITS’s central statewide system for telecommunications, ensuring cost-effective and efficient services.

ITA Policy P3020 mandates the use of compatible network protocols for connectivity, ensuring reliable and economical communication across state agencies.

ITA Policy P3030 mandates the use of ITS’s statewide hardware and service contracts for WAN services, ensuring cost-effective and efficient connectivity.

ITA Policy P3040 ensures that state 911 multi-line telephone systems meet safety standards, providing accurate location information during emergencies.

ITA Policy P4110 mandates the designation of an Agency Cybersecurity Coordinator to oversee and implement cybersecurity measures within state agencies.

ITA Policy P4130 establishes information systems classification categories for state agencies, promoting effective management and security of information.

ITA Policy P4140 mandates the adoption of the NIST Cybersecurity Framework by state agencies to enhance cybersecurity posture and risk management.

ITA Policy P4150 mandates the protection of Personally Identifiable Information (PII) by state agencies, ensuring data privacy and security.

ITA Policy P4501 mandates the principles of least privilege and least functionality, minimizing vulnerabilities to information and assets.

ITA Policy P4502 mandates the use of multifactor authentication for privileged accounts to reduce the risk of compromise to agency information and assets.

ITA Policy P4503 mandates identity and access management practices to protect state agency assets with best practice authentication standards.

ITA Policy P4505 mandates cybersecurity awareness training for all state agency personnel, ensuring they understand and mitigate cybersecurity risks.

ITA Policy P4520 establishes guidelines for managing IT vulnerabilities, ensuring timely deployment of patches to prevent exploitation.

ITA Policy P4530 defines requirements for data removal from surplus computer equipment, ensuring sensitive information is unrecoverable.

ITA Policy P4540 defines security requirements for state agency wireless networks, ensuring secure communications and restricted access.

ITA Policy P4550 ensures mobile device use does not compromise state information security, defining minimum security requirements for all devices.

ITA Policy P4570 defines security requirements for state agency firewalls, ensuring secure network communications and restricted access.

ITA Policy P4590 mandates the establishment of an incident response program within state agencies, ensuring timely reporting and management of cybersecurity incidents and breaches.

ITA Policy P5010 mandates the use of the State Web Design Template, ensuring a consistent look and navigation experience across all State of Idaho websites.

ITA Policy P5020 establishes a framework for a single, integrated enterprise domain for all Idaho government entities, ensuring official state website identification.

ITA Policy P5030 sets the process for developing framework standards, ensuring consistency and compliance across Idaho’s spatial data infrastructure.

ITA Policy P5040 provides guidelines for the use of social networking sites by state agencies, ensuring secure, consistent, and effective communication.

ITA Standard S2100 standardizes operating systems for desktops and notebooks, ensuring consistency, stability, and reduced support costs.

ITA Standard S2110 outlines the required features and security protocols for Office Suite software used by state agencies.

ITA Standard S2120 mandates security measures and usage policies for state agency email systems to ensure data integrity and confidentiality.

ITA Standard S2130 mandates anti-virus and endpoint security measures for state agencies to protect systems from malware and cyber threats.

ITA Standard S2140 mandates security measures for mobile devices used by state agencies, ensuring data protection and compliance.

ITA Standard S2510 mandates the security and operational requirements for network operating systems to ensure reliability and protection.

ITA Standard S3100 mandates security and operational protocols for internet/intranet web servers to ensure robust and secure network services.

ITA Standard S3110 mandates security and operational protocols for web browsers to ensure safe and efficient internet/intranet access.

ITA Standard S3120 mandates measures to ensure the integrity and reliability of data and network services, preventing unauthorized alterations.

ITA Standard S3130 mandates security and operational protocols for video conferencing services to ensure secure and reliable communication.

ITA Standard S3130 mandates security and operational protocols for video conferencing services to ensure secure and reliable communication.

ITA Standard S3220 mandates the use of secure protocols and encryption for virtual private networks to ensure safe and private communication.

ITA Standard S3230 mandates comprehensive security measures for servers to ensure data protection and system integrity.

ITA Standard S3510 outlines the requirements for secure and efficient network transport, ensuring reliable data transmission.

ITA Standard S3520 mandates secure and efficient LAN connectivity within state agencies, ensuring robust network transport and data integrity.

ITA Standard S3530 ensures secure and efficient Wireless LAN connectivity for state agencies, ensuring robust network transport and data integrity.

ITA Standard S3540 mandates robust LAN backbone connectivity for state agencies, ensuring secure and efficient network transport.

ITA Standard S3550 establishes guidelines for structured cabling systems in state agencies, ensuring reliable and efficient network connectivity and transport.

ITA Standard S4210 establishes a single zone coordinate system for GIS data, ensuring uniformity and accuracy in geospatial data across state agencies.

ITA Standard S4220 outlines requirements for geospatial metadata management, ensuring data accuracy, discoverability, and standardized spatial documentation.

ITA Standard S4221 defines the use of metatags for state data, ensuring consistent metadata practices and improved data discoverability across state agencies.

ITA Standard S4228 defines the data standards for Idaho bridge information, ensuring accurate and consistent bridge data for state agencies.

ITA Standard S4229 defines the data layer for Idaho airports, ensuring accurate and consistent airport information for state agencies.

ITA Standard S4230 establishes a framework for defining emergency service zones, ensuring efficient and coordinated emergency response efforts.

ITA Standard S4231 standardizes the exchange of structures and landmarks data, ensuring accurate and efficient information sharing across state agencies.

ITA Standard S4232 standardizes the exchange of parcel data, ensuring accurate and efficient property information sharing across state agencies.

ITA Standard S4233 facilitates the exchange of hydrography data, ensuring accurate and consistent water resource information across state agencies.

ITA Standard S4234 defines control points for state infrastructure, ensuring precise management and coordination of resources.

ITA Standard S4235 delineates the boundaries for Idaho’s legislative and congressional districts, ensuring accurate representation and governance.

ITA Standard S4240 defines the standards for the Idaho Land Cover Dataset, ensuring consistent and accurate land cover data for state agencies.

ITA Standard S4245 establishes protocols for the Idaho Trails Data Exchange, ensuring accurate, consistent, and accessible trail data for state agencies and the public.

ITA Standard S4246 outlines procedures for managing recent and historical digital imagery to support accurate geographic and infrastructure data.

ITA Standard S4247 establishes protocols for exchanging elevation data, promoting consistency, accuracy, and seamless integration across state agencies.

ITA Standard S4250 defines guidelines for GIS data sharing, ensuring state agencies can efficiently exchange accurate and secure geospatial information.

ITA Standard S4255 mandates protocols for NAIP digital orthoimagery, ensuring state agencies maintain accurate, high-quality geospatial data for effective use.

ITA Standard S4256 defines protocols for managing and sharing Geological Map of Idaho data, supporting accurate geoscience analysis and informed planning.

ITA Standard S4259 details processes for managing National Soil Survey-derived layers, ensuring reliable soil data for analysis, planning, and land use.

ITA Standard S4260 specifies procedures for managing soils dataset information, promoting consistent data usage for land planning and environmental analysis.

ITA Standard S4261 sets procedures for exchanging landslide inventory data, enhancing risk assessment, hazard mapping, and geospatial planning statewide.

ITA Standard S4262 establishes data protocols for managing active fault information, aiding seismic hazard analysis, infrastructure safety, and public planning.

ITA Standard S4263 outlines management and data-sharing protocols for the Idaho Dam Inventory, supporting infrastructure assessment and water resource planning.

ITA Standard S4264 outlines methods for managing historical earthquakes data, ensuring maintenance of accurate seismic records for analysis and planning.

ITA Standard S4265 provides guidelines for managing Idaho Radon data, ensuring state agencies maintain accurate radon information for public health and safety.

ITA Standard S4266 establishes guidelines for managing flood hazard layers data, ensuring accurate and detailed flood risk information for effective planning.

ITA Standard S4270 defines processes for managing site structure address points, ensuring precise geolocation for emergency response, planning, and services.

ITA Standard S4271 outlines procedures for managing Road Center Line data, enabling accurate roadway mapping, navigation, and emergency response planning.

ITA Standard S4272 ensures efficient and secure operations at public safety answering points, enhancing emergency response capabilities.

ITA Standard S4273 defines the boundaries for emergency services, ensuring clear jurisdiction and efficient response coordination.

ITA Standard S4274 establishes clear boundaries for service provisions, ensuring efficient resource allocation and jurisdictional clarity.

ITA Standard S5120 establishes web publishing protocols for state agencies, ensuring consistent digital content delivery, accessibility, and compliance.

ITA Standard S6010 outlines procedures for managing and reporting cybersecurity incidents and breaches, ensuring effective response across state agencies.

ITA Standard S6020 adopts the CIS Critical Security Controls baseline, guiding agencies in implementing best practices for cybersecurity risk reduction.

ITA Standard S6030 defines identity and authentication requirements to safeguard system access, ensure user verification, and uphold cybersecurity across agencies.

ITA Guideline G105 provides a standardized glossary to promote consistent understanding of IT terminology across Idaho state agencies and documentation.

ITA Guideline G110 provides a structured approach for developing agency IT plans, ensuring alignment with state IT strategies and goals.

ITA Guideline G115 outlines business recovery planning for agencies to ensure continuity and restoration of operations following disruptive events.

ITA Guideline G120 outlines the process for requesting exemptions from ITA policies and standards, ensuring a clear and consistent approach for state agencies.

ITA Guideline G210 provides a template for creating IT project profiles, ensuring comprehensive documentation and alignment with state IT objectives.

ITA Guideline G215 provides a structured risk assessment process, ensuring state agencies can identify and mitigate potential IT risks effectively.

ITA Guideline G225 outlines cost-benefit analysis requirements to help agencies evaluate IT investments and ensure strategic decision-making.

ITA Guideline G230 provides a checklist of best practices for IT projects, ensuring successful planning, execution, and completion within state agencies.

ITA Guideline G310 outlines web publishing requirements for state agencies, ensuring digital content is accessible, accurate, and compliant with state policies.

ITA Guideline G330 outlines best practices for state agencies using social media, ensuring effective communication while safeguarding privacy and security.

ITA Guideline G340 provides standards for managing the statewide geospatial clearinghouse, ensuring data quality, accessibility, and interoperability.

ITA Guideline G350 outlines the methodology for recognizing TIM framework datasets, ensuring consistency and quality in geospatial data management.

ITA Guideline G360 is intended to clarify how publicly-shared authoritative GIS content can be made discoverable in the official statewide geospatial clearinghouse, INSIDE Idaho.

ITA Guideline G410 establishes standards for the procedures and use of Idaho.gov and Id.gov domains, ensuring proper management across state entities.

ITA Guideline G420 defines and clarifies the relationships of the various participants involved in statewide geographic information systems (GIS) activities.

ITA Guideline G501 provides guidance on implementing the Cybersecurity Framework to help identify and prioritize actions for reducing cybersecurity risk.

ITA Guideline G502 outlines the process for conducting Privacy Impact Assessments, ensuring state agencies identify and mitigate privacy risks to maintain PII.

ITA Guideline G505 outlines procedures for data classification and labeling, ensuring state agencies properly identify and protect sensitive information.

ITA Guideline G515 establishes a baseline of template language for use by agencies for written
policy development in support of CSCs 1-6.

ITA Guideline G530 outlines measures for security of wireless LANs for state agency networks.

ITA Guideline G535 mandates firewall mechanisms in the DMZ to control access, ensuring secure routing, authentication, and traffic control for state networks.

ITA Guideline G536 outlines the process for requesting firewall ports, protocols, and services, ensuring secure network configurations for state agencies.

ITA Guideline G540 provides a framework for managing and administering policies for mobile and handheld devices to ensure security and efficient use.

ITA Guideline G550 outlines procedures for cleansing data from surplus computer equipment, ensuring secure and compliant disposal of state-owned devices.

ITA Guideline G570 outlines procedures for patching and vulnerability management, ensuring state agency systems are secure and up-to-date against threats.

ITA Guideline G590A outlines initial security requirements for server operating systems, ensuring robust protection and compliance for state agency servers.

ITA Guideline G590B provides a security baseline for state server administrators to use in hardening their SQL servers to comply with state requirements.

ITA Guideline G591B provides background information regarding SQL Injection Attacks so agencies understand related risks and techniques to avoid attacks.

ITA Guideline G590C provides a security baseline for state server administrators to use in setting up public-facing web servers.

ITA Guideline G595 provides best practices for using public online file storage services, ensuring data security and efficient file management.

-Clearer IT Strategy Alignment: The updated version explicitly defines IT strategy integration with organizational goals, focusing on resource allocation, risk management, and adaptability.

-Material Changes Tracking: Agencies must now note material changes from prior IT plans, ensuring transparency in decision-making.

-Refined Compliance Expectations: Strengthens compliance mandates by specifying alignment with statewide IT strategies and formal review procedures under ITA Policy P2030.

-Responsiveness to Emerging Initiatives: Clarifies how new IT initiatives arising outside the formal submission process should be promptly updated in agency planning.

-Refined scope: Applies only to devices accessing Level 2 or higher classified state data. 

-Strengthened authentication: PIN must meet a separate authentication standard (S6030).

-Expanded agency discretion: Agencies can limit data types mobile devices process and enforce stricter security based on compliance requirements.

-Clarified agreements: Explicit requirement for users to sign a Mobile Device User Agreement.

-Enhanced encryption: Encryption enforcement moved to a general requirement rather than being tied to sensitive data classification.

-Restructured policy to allow agencies more authority