IT Policy and Advice for Idaho Agencies

Resources

ITA Policies (and associated Standards and Guidelines)

Policies, standards and guidelines which are new or have been revised during the current fiscal year (FY2017) are shown in red.

1000 - General

  • P1010 - IT Policies, Standards, and Guidelines Framework
    • G120 - Exemption Process
  • P1020 - Idaho.Gov Portal Privacy Notice
  • P1030 - Electronic Document Management
  • P1040 - Employee Electronic Mail and Messaging Use
    • P1080 - Cloud Computing
    • S2120 - Electronic Mail - Messaging
  • P1050 - Employee Internet Use, Monitoring and Filtering
  • P1060 - Employee Personal Computer Use
  • P1070 - Geographic Information Systems (GIS)
    • S4210 - Single Zone Coordinate System for GIS Data
    • S4220 - Geospatial Metadata
    • G320 - Metadata
    • G420 - Roles of GIS Participants
  • P1080 - Cloud Computing Revised 9/8/2016
    • P1040 - Employee Electronic Email and Messaging Use
    • P4120 - Public Online File Storage Services
Software Standards
S2100 - Operating System (O/S)
S2110 - Office Suite
S2510 - Network Operating System

2000 - IT Planning

  • P2010 - Information Technology Planning Process
    • G110 - Agency IT Plan
  • P2020 - Business Recovery Planning
    • G110 - Agency IT Plan
    • G115 - Business Recovery Plan
    • G580 - Cybersecurity Breach Notification
  • P2030 - Information Technology Large-Scale Project Review
    • G110 - Agency IT Plan
    • G210 - Major Project Summary
    • G215 - Risk Assessment
    • G225 - Cost-Benefit Analysis
    • G230 - IT Projects Best Practices Checklist
  • P2040 - Risk Assessment
    • G210 - Major Project Summary
    • G215 - Risk Assessment
  • P2050 - Cybersecurity Framework
    • G220 - Cybersecurity Framework Guidance
  • P2060 - Least Privilege and Least Functionality
  • P2070 - Privacy New (approved on 12/6/2016)
        • P4560 - Data Breach Management
        • G130 - Privacy Impact Assessment Guidelines
  • P2080 - Privilege Access Management New (approved on 12/6/2016)

3000 - Telecommunications

  • P3010 - Telecommunication Switching and Long distance Services
  • P3020 - Connectivity and Transport Protocols
    • S3510 - Network Connectivity and Transport - Transport
    • S3520 - Network Connectivity and Transport - Local Area Network
    • S3530 - Network Connectivity and Transport - Wireless LAN
    • S3540 - Network Connectivity and Transport - LAN Backbone
    • S3550 - Network Connectivity and Transport - Structured Cabling
  • P3030 - Wide Area Networks (WAN)
  • P3040 - State 911 Multi-Line telephone Systems Network Services
    • S3100 - Network Services - Internet/Intranet Web Server
    • S3110 - Network Services - Internet/Intranet Web Browser
    • S3120 - Network Services - Data/Network Integrity
    • S3130 - Network Services - Video Conferencing

4000 - Security - General

  • P4110 - Agency IT Security Coordinator
    • G510 - Cybersecurity Incident Reporting Classification Template
    • G520 - Cybersecurity Incident Handling
    • G560 - Passwords
    • G570 - Patching & Vulnerability Management
  • P4120 - Public Online File Storage Services Revised 9/8/2016
    • P1080 - Cloud Computing
    • G595 - Public Online File Storage Services Guideline
  • P4130 - Information Systems Classification
    • P1030 - Electronic Document Management
    • G505 - Data Classification and Labeling Guideline
Security Standards
  • S2130 - Anti-Virus / Endpoint Security (AV/EPS)
  • S3220 - Security - Virtual Private Network
  • S3230 - Security - Server Security Requirements
    • G590A - Server Operating System; Initial Security Requirements
    • G590B - Public-Facing SQL Server Setup
    • G591B - SQL Injection Attacks: Information and Avoidance
    • G590C - Public-Facing Webserver Setup

4500 - Security - Computer and Operations Management

  • P4505 - Cybersecurity Awareness Training
  • P4510 - Cybersecurity Incident Reporting
    • P4580 - Cybersecurity Incident Management
    • G510 - Cybersecurity Incident Reporting Classification Template
    • G520 - Cybersecurity Incident Handling
    • G580 - Cybersecurity Breach Notification
  • P4520 - Patch & Vulnerability Management
    • G570 - Patching & Vulnerability Management
    • G580 - Cybersecurity Breach Notification
  • P4530 - Cleansing Data From Surplus Computer Equipment
    • G540 - Mobile Devices
    • G550 - Cleansing Data From Surplus Computer Equipment
  • P4540 - Wireless Security for State Local Area Networks
    • S3530 - Network Connectivity and Transport - Wireless LAN
    • G530 - Wireless Local Area Network (LAN) Security
  • P4550 - Mobile Device Management
  • P4560 - Data Breach Management
    • G580 - Cybersecurity Breach Notification
  • P4570 - Firewall Security
    • G535 - Firewall Configuration Guidelines
    • G536 - Firewall: Ports, Protocols and Services Request
  • P4580 - Cybersecurity Incident Management
    • P4510 - Cybersecurity Incident Reporting
    • G510 - Cybersecurity Incident Reporting Classification
    • G520 - Cybersecurity Incident Handling
    • G580 - Cybersecurity Breach Notification

5000 - Information and Data

  • P5010 - Web Publishing
    • P1020 - Idaho.Gov Portal Privacy Notice
    • P5020 - .Gov Domain
    • S4221 - Metatags
    • S5120 - Web Publishing
    • G310 - Web Publishing
    • G410 - Idaho.gov and Id.gov Domains
  • P5020 - .Gov Domain
    • G410 - Idaho.gov and Id.gov Domains
  • P5030 - Framework Standards Development
    • S4230 - Data Exchange for Emergency Service Zones
    • S4231 - Structures and Landmarks Data Exchange
    • S4232 - Parcel Data Exchange
  • P5040 - Use of Social Networking Sites
    • G330 - Best Practices for Utilizing Social Networking Sites
  • ITA Standards

    Introduction

    2000 - Software - Desktop, Notebook & Mobile Devices

    • S2100 - Operating System (O/S) - Desktop & Notebook
    • S2110 - Office Suite
    • S2120 - Electronic Mail - Messaging
    • S2130 - Anti-Virus/Endpoint Security (AV/EPS)
    • S2140 - Mobile Device Security Capabilities

    2500 - Software - Server

    • S2510 - Network Operating System

    3000 - Network and Telecommunications

    • S3100 - Network Services - Internet/Intranet Web Server Revised 10/18/2016
    • S3110 - Network Services - Internet/Intranet Web Browser
    • S3120 - Network Services - Data/Network Integrity
    • S3130 - Network Services - Video Conferencing
    • S3131 - Network Servcies - Video Conference Dialing Plan
    • S3220 - Security - Virtual Private Network
    • S3230 - Security - Server Security Requirements
    • S3510 - Network Connectivity and Transport - Transport
    • S3520 - Network Connectivity and Transport - Local Area Network
    • S3530 - Network Connectivity and Transport - Wireless LAN
    • S3540 - Network Connectivity and Transport - LAN Backbone
    • S3550 - Network Connectivity and Transport - Structured Cabling

    4000 - Information and Data

    • S4210 - Single Zone Coordinate System for GIS Data
    • S4220 - Geospatial Metadata
    • S4221 - Metatags
    • S4230 - Framework Standard for Emergency Service Zones
    • S4231 - Structures and Landmarks Data Exchange
    • S4232 - Parcel Data Exchange
    • S4240 - Idaho Land Cover Dataset Standard
    • S4250 - GIS Data Sharing Standards

    5000 - Web

    ITA Guidelines

    G100 - Information Technology Planning

    • G110 - Agency IT Plan
    • G115 - Business Recovery Plan
    • G120 - Exemption Process
    • G130 - Privacy Impact Assessment Guidelines New (approved 10/18/2016)

    G200 - Project Profile

    • G210 - IT Project Profile
    • G215 - Risk Assessment
    • G220 - Cybersecurity Framework Guidance
    • G225 - Cost-Benefit Analysis
    • G230 - IT Projects Best Practices Checklist

    G300 - Information and Data

    • G310 - Web Publishing
    • G320 - Geographic Metadata (RESCINDED - Effective June 14, 2016)
    • G330 - Best Practices for Utilizing Social Networking Sites
    • G340 - Statewide Geospatial Clearinghouse
    • G350 - Methodology for Recognizing a TIM Framework Dataset

    G400 - Architecture and Design

    • G410 - Idaho.gov, Id.gov Domains
    • G420 - Roles of GIS Participants

    G500 - Security Procedures

    • G505 - Data Classification and Labeling Guidelines
    • G510 - Cybersecurity Incident Reporting Classification Template
    • G520 - Cybersecurity Incident Handling
    • G530 - Wireless Local Area Network (LAN) Security
    • G535 - Firewall Configuration Guidelines
    • G536 - Firewall: Ports, Protocols and Services Request
    • G540 - Mobile Devices
    • G550 - Cleansing Data From Surplus Computer Equipment
    • G560 - Passwords
    • G570 - Patching & Vulnerabiltiy Management
    • G580 - Cybersecurity Breach Notification
    • G590A - Server Operating System; Initial Security Requirements
    • G590B - Public-Facing SQL Server Setup
    • G591B - SQL Injection Attacks: Information and Avoidance
    • G590C - Public-Facing Webserver Setup
    • G595 - Public Online File Storage Service Guideline

    Executive Orders

    The following Executive Orders are referenced in some of the ITA Policies, Standards and Guidelines.

    State IT Projects

    Strategic Plans

    Annual Reports

  • Meetings at a glance

    • Access Idaho Steering Committee

      Thursday, December 22
      1:30 - 3:00 pm (Mountain)
      LBJ Building, Room 155
      650 W. State St., Boise

    • IT Leadership Council

      Tuesday, December 20, 2016
      9:30 - 11:30 a.m. (Mountain)
      JRW Building
      East Conference Room
      700 W. State St., Boise

    • IGC - Executive Committee

      Thursday, January 19, 2017
      9:30 - 11:30 am (Mountain)
      Idaho Dept. of Fish and Game
      Washington Group Plaza
      720 E. Park Blvd., Boise
      NOTE: Please arrive in the lobby
      a few minutes before 9:30,
      Pam Bond will escort the group
      to the conference room

    • Idaho Technology Authority

      To be announced