For immediate release:
July 1, 2019
Contact: Patrick Mulford
patrick.mulford@maryland.gov
410-697-9495

Annapolis, MD—The Maryland Department of Information Technology’s (DoIT) Office of Security Management (OSM) has released the Information Technology Security Manual which will optimize cybersecurity and data governance in a coordinated effort across all departments, agencies and units of the executive branch. The Hogan administration is continuing its leadership in IT security by requiring the implementation of best practices to protect the confidentiality, integrity, and availability of Maryland Information Systems (MIS) throughout state government.

The IT security policies captured within this manual were developed to align with federal and state government standards and procedures issued by the National Institute of Standards and Technology (NIST), the Centers for Medicare, and Medicaid Services (CMS), Internal Revenue Service (IRS), Office of Legislative Audits (OLA), Office of Management and Budget (OMB), Social Security Administration (SSA), and the General Services Administration (GSA).

“It is essential that Maryland’s overall cybersecurity strategy and policy are in alignment with best practices and the latest standards and guidelines,“ said John Evans, State Chief Information Security Officer. “This IT Security Manual sets forth a minimum level of security requirements for state agencies and streamlines the path toward compliance.”

The State Chief Information Security Officer and the OSM will work with agencies to evaluate needs and assist them in implementing the relevant policies and practices to be in compliance with state security policy. Maryland agencies may set their own organizational policies, based on business needs or legal requirements, which exceed the security requirements expressed in this manual, but must at a minimum, conform to the requirements defined in the manual.

To view the manual please click here.​