IT Policy and Advice for Idaho Agencies

Resources

ITA Policies (and associated Standards and Guidelines)

Policies, standards and guidelines which are new or have been revised during the current fiscal year (FY2017) are shown in red.

1000 - General

  • P1010 - IT Policies, Standards, and Guidelines Framework
    • G120 - Exemption Process
  • P1020 - Idaho.Gov Portal Privacy Notice
  • P1030 - Electronic Document Management
  • P1040 - Employee Electronic Mail and Messaging Use
    • P1080 - Cloud Computing
    • S2120 - Electronic Mail - Messaging
  • P1050 - Employee Internet Use, Monitoring and Filtering
  • P1060 - Employee Personal Computer Use
  • P1070 - Geographic Information Systems (GIS)
    • S4210 - Single Zone Coordinate System for GIS Data
    • S4220 - Geospatial Metadata
    • G320 - Metadata
    • G420 - Roles of GIS Participants
  • P1080 - Cloud Computing Revised 9/8/2016
    • P1040 - Employee Electronic Email and Messaging Use
    • P4120 - Public Online File Storage Services
Software Standards
S2100 - Operating System (O/S)
S2110 - Office Suite
S2510 - Network Operating System

2000 - IT Planning

  • P2010 - Information Technology Planning Process
    • G110 - Agency IT Plan
  • P2020 - Business Recovery Planning
    • G110 - Agency IT Plan
    • G115 - Business Recovery Plan
    • G580 - Cybersecurity Breach Notification
  • P2030 - Information Technology Large-Scale Project Review
    • G110 - Agency IT Plan
    • G210 - Major Project Summary
    • G215 - Risk Assessment
    • G225 - Cost-Benefit Analysis
    • G230 - IT Projects Best Practices Checklist
  • P2040 - Risk Assessment
    • G210 - Major Project Summary
    • G215 - Risk Assessment
  • P2050 - Cybersecurity Framework Re-numbered as P4140
  • P2060 - Least Privilege and Least Functionality Re-numbered as P4501
  • P2070 - Privacy Re-numbered as P4150
  • P2080 - Privilege Access Management Re-numbered as P4502

3000 - Telecommunications

  • P3010 - Telecommunication Switching and Long distance Services
  • P3020 - Connectivity and Transport Protocols
    • S3510 - Network Connectivity and Transport - Transport
    • S3520 - Network Connectivity and Transport - Local Area Network
    • S3530 - Network Connectivity and Transport - Wireless LAN
    • S3540 - Network Connectivity and Transport - LAN Backbone
    • S3550 - Network Connectivity and Transport - Structured Cabling
  • P3030 - Wide Area Networks (WAN)
  • P3040 - State 911 Multi-Line telephone Systems Network Services
    • S3100 - Network Services - Internet/Intranet Web Server
    • S3110 - Network Services - Internet/Intranet Web Browser
    • S3120 - Network Services - Data/Network Integrity
    • S3130 - Network Services - Video Conferencing

4000 - Security - General

  • P4110 - Agency IT Security Coordinator
    • G510 - Cybersecurity Incident Reporting Classification Template
    • G520 - Cybersecurity Incident Handling
    • G560 - Passwords
    • G570 - Patching & Vulnerability Management
  • P4120 - Public Online File Storage Services Revised 9/8/2016
    • P1080 - Cloud Computing
    • G595 - Public Online File Storage Services Guideline
  • P4130 - Information Systems Classification
    • P1030 - Electronic Document Management
    • G505 - Data Classification and Labeling Guideline
  • P4140 - Cybersecurity Framework (formerly P2050)
    • G501 Cybersecurity Framework Guidance (formerly G220)
  • P4150 - Privacy (formerly P2070) Revised 5/9/2017
    • P4560 - Data Breach Management
    • G502 - Privacy Impact Assessment Guidelines (formerly G130)
Security Standards
  • S2130 - Anti-Virus / Endpoint Security (AV/EPS)
  • S3220 - Security - Virtual Private Network
  • S3230 - Security - Server Security Requirements
    • G590A - Server Operating System; Initial Security Requirements
    • G590B - Public-Facing SQL Server Setup
    • G591B - SQL Injection Attacks: Information and Avoidance
    • G590C - Public-Facing Webserver Setup

4500 - Security - Computer and Operations Management

  • P4501 - Least Privilege and Least Functionality (formerly P2060)
  • P4502 - Privilege Access Management (formerly P2080) New (approved on 12/6/2016)
  • P4505 - Cybersecurity Awareness Training
  • P4510 - Cybersecurity Incident Reporting
    • P4580 - Cybersecurity Incident Management
    • G510 - Cybersecurity Incident Reporting Classification Template
    • G520 - Cybersecurity Incident Handling
    • G580 - Cybersecurity Breach Notification
  • P4520 - Patch & Vulnerability Management
    • G570 - Patching & Vulnerability Management
    • G580 - Cybersecurity Breach Notification
  • P4530 - Cleansing Data From Surplus Computer Equipment
    • G540 - Mobile Devices
    • G550 - Cleansing Data From Surplus Computer Equipment
  • P4540 - Wireless Security for State Local Area Networks
    • S3530 - Network Connectivity and Transport - Wireless LAN
    • G530 - Wireless Local Area Network (LAN) Security
  • P4550 - Mobile Device Management Revised 5/9/2017
    • S2140 - Mobile Device Security Capabilities
    • G540 - Mobile Devices
  • P4560 - Data Breach Management Revised 5/9/2017
    • G580 - Cybersecurity Breach Notification
  • P4570 - Firewall Security
    • G535 - Firewall Configuration Guidelines
    • G536 - Firewall: Ports, Protocols and Services Request
  • P4580 - Cybersecurity Incident Management
    • P4510 - Cybersecurity Incident Reporting
    • G510 - Cybersecurity Incident Reporting Classification
    • G520 - Cybersecurity Incident Handling
    • G580 - Cybersecurity Breach Notification

5000 - Information and Data

  • P5010 - Web Publishing
    • P1020 - Idaho.Gov Portal Privacy Notice
    • P5020 - .Gov Domain
    • S4221 - Metatags
    • S5120 - Web Publishing
    • G310 - Web Publishing
    • G410 - Idaho.gov and Id.gov Domains
  • P5020 - .Gov Domain
    • G410 - Idaho.gov and Id.gov Domains
  • P5030 - Framework Standards Development
    • S4230 - Data Exchange for Emergency Service Zones
    • S4231 - Structures and Landmarks Data Exchange
    • S4232 - Parcel Data Exchange
  • P5040 - Use of Social Networking Sites
    • G330 - Best Practices for Utilizing Social Networking Sites
  • ITA Standards

    Introduction

    2000 - Software - Desktop, Notebook & Mobile Devices

    • S2100 - Operating System (O/S) - Desktop & Notebook
    • S2110 - Office Suite
    • S2120 - Electronic Mail - Messaging
    • S2130 - Anti-Virus/Endpoint Security (AV/EPS)
    • S2140 - Mobile Device Security Capabilities

    2500 - Software - Server

    • S2510 - Network Operating System

    3000 - Network and Telecommunications

    • S3100 - Network Services - Internet/Intranet Web Server Revised 10/18/2016
    • S3110 - Network Services - Internet/Intranet Web Browser
    • S3120 - Network Services - Data/Network Integrity
    • S3130 - Network Services - Video Conferencing
    • S3131 - Network Servcies - Video Conference Dialing Plan
    • S3220 - Security - Virtual Private Network
    • S3230 - Security - Server Security Requirements
    • S3510 - Network Connectivity and Transport - Transport
    • S3520 - Network Connectivity and Transport - Local Area Network
    • S3530 - Network Connectivity and Transport - Wireless LAN
    • S3540 - Network Connectivity and Transport - LAN Backbone
    • S3550 - Network Connectivity and Transport - Structured Cabling

    4000 - Information and Data

    • S4210 - Single Zone Coordinate System for GIS Data
    • S4220 - Geospatial Metadata
    • S4221 - Metatags
    • S4230 - Framework Standard for Emergency Service Zones
    • S4231 - Structures and Landmarks Data Exchange
    • S4232 - Parcel Data Exchange
    • S4240 - Idaho Land Cover Dataset Standard
    • S4250 - GIS Data Sharing Standards

    5000 - Web

    ITA Guidelines

    G100 - Information Technology Planning

    • G110 - Agency IT Plan
    • G115 - Business Recovery Plan
    • G120 - Exemption Process
    • G130 - Privacy Impact Assessment Guidelines Re-numbered as G502

    G200 - Project Profile

    • G210 - IT Project Profile
    • G215 - Risk Assessment
    • G220 - Cybersecurity Framework Guidance Re-numbered as G501
    • G225 - Cost-Benefit Analysis
    • G230 - IT Projects Best Practices Checklist

    G300 - Information and Data

    • G310 - Web Publishing
    • G320 - Geographic Metadata (RESCINDED - Effective June 14, 2016)
    • G330 - Best Practices for Utilizing Social Networking Sites
    • G340 - Statewide Geospatial Clearinghouse
    • G350 - Methodology for Recognizing a TIM Framework Dataset

    G400 - Architecture and Design

    • G410 - Idaho.gov, Id.gov Domains
    • G420 - Roles of GIS Participants

    G500 - Security Procedures

    • G501 - Cybersecurity Framework Guidance (formerly G220)
    • G502 - Privacy Impact Assessment Guidelines (formerly G130) New (approved 10/18/2016)
    • G505 - Data Classification and Labeling Guidelines
    • G510 - Cybersecurity Incident Reporting Classification Template
    • G520 - Cybersecurity Incident Handling
    • G530 - Wireless Local Area Network (LAN) Security
    • G535 - Firewall Configuration Guidelines
    • G536 - Firewall: Ports, Protocols and Services Request
    • G540 - Mobile Devices Revised 4/18/2017
    • G550 - Cleansing Data From Surplus Computer Equipment
    • G560 - Passwords
    • G570 - Patching & Vulnerabiltiy Management
    • G580 - Cybersecurity Breach Notification
    • G590A - Server Operating System; Initial Security Requirements
    • G590B - Public-Facing SQL Server Setup
    • G591B - SQL Injection Attacks: Information and Avoidance
    • G590C - Public-Facing Webserver Setup
    • G595 - Public Online File Storage Service Guideline

    Executive Orders

    The following Executive Orders are referenced in some of the ITA Policies, Standards and Guidelines.

    State IT Projects

    Strategic Plans

    Annual Reports

  • Meetings at a glance

    • Access Idaho Steering Committee

      Thursday, June 22, 2017
      1:30 - 3:00 pm (Mountain)
      LBJ Building, Room 155
      650 W. State St., Boise

    • IT Leadership Council

      Tuesday, June 20, 2017
      9:30 - 11:30 am (Mountain)
      JRW Building
      East Conference Room
      700 W. State St., Boise

    • IGC - Executive Committee

      Thursday, July 20, 2017
      9:30-11:30 am (Mountain)
      JRW Building
      East Conference Room
      700 W. State St., Boise

      2017 MEETING SCHEDULE:
      IGC-EC and IGC

    • Idaho Technology Authority

      To be announced