Cybersecurity & Privacy Policy Transitional Governing Policy Documents

​​​​​​​Transitional governing policies serve as a critical bridge during the state’s shift to the mode​rnized Cybersecurity and Privacy Policy Suite. The set of policies below remain in transition while the new Cybersecurity and Privacy Policy Suite is being fully implemented.

The transitional governing policy repository ensures operational continuity by providing a central location for evolving standards, alongside additional specific requirements necessary for agency alignment. By utilizing these policies, departments can maintain compliance and clarity as they navigate the path from legacy practices to the updated enterprise security standards. 

For additional guidance review DoIT’s cybersecurity services, or connect with a DoIT Information Security Officer.

If you experience a cybersecurity or privacy incident, please report it immediately through the Maryland Incident Reporting System.
​

Explore​ the Broader Cybersecurity and Privacy Policy Suite

Transitional Governing Policies

• Communication Recordings
• Cybersecurity Incident Reporting Requirements for Local Governments (Issued: 2022-10)
• Cybersecurity Incident Reporting Requirements for Public Utilities (Last Revised: 2023-11)
• Cybersecurity Incident Reporting Requirements for State Government (Issued: 2023-07)
• Cybersecurity Legal Requirements for Local Governments (Local Cybersecurity Act of 2022)
• Guidelines for Locals to Certify Compliance with State Minimum Cybersecurity Standards (Last Revised: 2023-6)
• Guidelines for the Public Disclosure of Cybersecurity Incidents (Issued: 2022-10)
• IT Security Manual (Last Revised: 2019-06)
• IT Security Policy
• Minimum Security Standards for Connecting to networkMaryland  (Issued 2022-10)
• State Information Security Foreign Travel Policy (Last Revised: 2025-01)
• State Minimum Cybersecurity Standards (Issued: 2023-5)
• State Minimum Cybersecurity Standards Best Practices Guidebook (Issued: 2024-05)
• Standards and Guidance for Authentication of External Users (Issued: 2021-07)
• Supplemental Guidance on Passwords and Password Managers (Issued: 2022-10)​