Policies and Guidance

State of Maryland Information Technology Security Manual​

The purpose of the Maryland IT Security Manual is to describe the security requirements with which executive departments and independent state agencies must comply to protect the confidentiality, integrity and availability of Maryland Information Systems (MIS) and State-owned data. This document serves as the primary policy for establishing and defining the State’s mandated IT security practices and requirements forall Maryland agencies.

IT Master Plans (ITMP)


Agency IT Plan Waiver

An Agency may be granted a waiver if one or more of the following conditions apply: 

  1. ​The Agency is a small agency with less than 10 resources with no IT projects or systems beyond the standard laptops/desktops with office automation software (Microsoft Office, Visio, Outlook, Google, etc.);
  2. The Agency does not have any systems beyond a static website with static content; and/or
  3. The Agency is not a “Unit” of State government, as defined under MD Code, State Finance and Procurement § 11-101.

Under certain circumstances, the Agency may still be required to complete an abridged ITMP. Please complete the form to request an ITMP waiver, and send the form to epmo.doit@maryland.gov.

IT Requests

The Department of IT is implementing the start of an Enterprise Portfolio Management process. We will be collecting IT Solution Requests (ITSRs) for new projects and initiatives, and ensuring they are properly scoped as enterprise initiatives in accordance with the State ITMP.

An IT Solution Request Form will be required for all new IT requests.

Only previously approved and budgeted IT Project Requests (ITPRs) are excluded from this request form. Updates to these projects should be done through the ITPR process in ITAC. 

For information or questions on filling out the ITSR or ITPR please contact epmo.doit@maryland.gov​.

Other Policies and Guidelines

​ ​​​​