20-07 IT Security Policy

Purpose: This document establishes the requirement that units within the Executive Branch must comply with the Information Technology Security manuals, standards, processes/procedures, and guidelines.

Policy Statement: The Governor created the Office of Security Management (OSM) with Executive Order 01.01.2019.07, establishing the role of State Chief Information Security Officer (SCISO) as the head of the OSM. The SCISO is responsible for the direction, coordination, and implementation of the overall cybersecurity strategy and policy for the Executive Branch of State government. Additionally, this authorization includes managing the Security Awareness and Training program to ensure that all Units either utilize the OSM managed solution or operate an internal program consistent with the requirements and guidance prescribed by the SCISO. The Department of Information Technology maintains a manual of information security standards, as well as standalone guidance documents and standards that shall apply to covered units of state government.

Applicable Law & Other Policy:

  • MD State Finance and Procurement Code Ann. § 3A-301-309

  • Governor’s Executive Order 01.01.2019.07

  • MD State Government Code §10-1301-1308

  • Maryland IT Security Manual, version 1.2, 28 June, 2019

Scope and Responsibilities: All units of the Executive Branch of the State Government are required to comply with this Policy. Agency executives and applicable staff covered by this Policy shall ensure adherence.

Key Terms:

Department of Information Technology (DoIT): An executive branch unit of Maryland state government, organized according to Maryland Code, State Finance and Procurement Article, § 3A.

Policy: A statement of jurisdiction and methods to guide agencies in the management of IT resources and services.

Units: All executive branch units of state government, except those identified in Maryland Code, SF&P § 3A-302.

Technical Specifications: State of Maryland Information Technology Security Manual v1.2.

Policy Review: By the DoIT IT Policy Review Board annually or as needed.

Contact Information: Chair, IT Policy Review Board, doit-oea@maryland.gov 410-697-9724. The policy steward is the State Chief Information Security Officer.​​​​​


Human Trafficking GET HELP

National Human Trafficking Hotline - 24/7 Confidential

1-888-373-7888 233733 More Information
on human trafficking in Maryland

Customer Service Promise

The State of Maryland pledges to provide constituents, businesses, customers, and stakeholders with friendly and courteous, timely and responsive, accurate and consistent, accessible and convenient, and truthful and transparent services.

Take Our Survey

Help Stop Fraud in State Government

The Maryland General Assembly’s Office of Legislative Audits operates a toll-free fraud hotline to receive allegations of fraud and/or abuse of State government resources. Information reported to the hotline in the past has helped to eliminate certain fraudulent activities and protect State resources.

More Information