CYBERSECURITY POLICIES
The Maryland Department of Information Technology (DoIT) is committed to managing the confidentiality, integrity, and availability of State information technology networks, systems and applications (IT Systems). The State supports and utilizes the standards developed by the National Institute of Standards and Technology (NIST) as the framework behind the planning, procurement, development, and implementation of State IT and telecommunications systems.
The Maryland Cybersecurity Program implements information security initiatives across all IT Systems supported by, or under the policy authority of, DoIT as directed within the scope of the Secretary of Information Technology’s authority under the 2013 Maryland Code §§ 3A-303 and 3A-305. One of the most important measures in managing the risk associated with information technology is the implementation of sound policies and processes that reinforce established standards and best practices throughout the cybersecurity industry.
The image above provides a link to a graphical view of these policies, categorized by security family, so the reader may have a clearer understanding of how the policies support and affect the State’s mission. These policies are described below in an alphabetical format for the reader to reference any specific policy at their leisure. If there are any questions, concerns, or suggestions please submit a ServiceNow ticket assigned to “Security Services” through the DoIT Service Desk by calling (410) 697-9700, or submit an email by clicking on this email link: service.desk@maryland.gov.