State of Maryland Information Technology Security Manual​

The purpose of the Maryland IT Security Manual is to describe the security requirements with which executive departments and independent state agencies must comply to protect the confidentiality, integrity and availability of Maryland Information Systems (MIS) and State-owned data. This document serves as the primary policy for establishing and defining the State’s mandated IT security practices and requirements forall Maryland agencies.

IT Master Plans (ITMP)

• ​State of Maryland Information Technology Master Plan (ITMP) FY 2020-2023​​

(612KB)
• Agency IT Plan - The Agency IT Plans are submitted via online form annually. This form provides an option for uploading supporting documentation if the fields are too restrictive. The ITMP online form will be emailed to the primary IT contact for each agency. The form is unique to your agency and can be received by emailing the IT Service Desk (service.desk@maryland.gov).

Agency IT Plan Waiver

An Agency may be granted a waiver if one or more of the following conditions apply: 

1. ​The Agency is a small agency with less than 10 resources with no IT projects or systems beyond the standard laptops/desktops with office automation software (Microsoft Office, Visio, Outlook, Google, etc.);
2. The Agency does not have any systems beyond a static website with static content; and/or
3. The Agency is not a “Unit” of State government, as defined under MD Code, State Finance and Procurement § 11-101.

Under certain circumstances, the Agency may still be required to complete an abridged ITMP. Please complete the form to request an ITMP waiver, and send the form to epmo.doit@maryland.gov.

IT Requests

The DoIT Intake process has been established to provide agencies with a centralized entry point to request support for their IT needs. While agencies will continue to utilize the service desk and end-user support teams for day-to-day operations, the DoIT Intake process will serve as a “no wrong door” through which agency can initiate conversations with the DoIT team to assist in increasing IT efficiency, cost effectiveness and user experience.

Examples of IT needs would include, but not be limited to the following:

• Obtaining new services from the DoIT Service Catalogue
• Modifying services currently being provided by DoIT
• Identifying IT solutions for business problems
• Leveraging existing or initiating new MITDP projects
• Connecting agencies with available master contract vehicles and other state-wide solutions
• Assisting in the development of long term IT strategy and roadmap planning
• Providing technical writing services to prepare IT solicitations for review
• Conducting IT solicitation reviews

Please send all IT requests intended for the DoIT intake process to DoIT.Intake@maryland.gov. If you would like more information about the request process, please contact your assigned Portfolio Officer​.

This process will eliminate the need for agencies to submit separate IT Solution Requests (ITSRs) Questions regarding the ITSR or ITPR processes should be directed to epmo.doit.maryland.gov.

Other Policies and Guidelines

• Supplemental Guidance on Incident Reporting Requirements
  
• Policy on Shared Risk Management Platform
  
• Resource Sharing Agreements Program Policy​​
• State of Maryland Mobile Devices and Services Statewide Policy
​​DoIT statement of policies pertaining to the acquisition, assignment and use of mobile devices and services by units of State government.
• ​State of Maryland Agile System Development Life Cycle (SDLC) Policy
• State of Maryland Independent Verification and Validation (IV&V) Policy and Process
• State of Maryland Re-Baselining Policy and Process

​ ​​​​​​​​​​​​​​​​​​​​​