Policies & Standards

Welcome to the fb88IT Policies, Standards, and Procedures page.��By default, the below content applies to any/all Information Technology Assets under the purview of the Chief Information Officer.��You can sort the table below by topic or title, or you can search via the search box for your desired document. Any questions about this content should be directed to the��fb88IT Architecture and Policy team.��

Title	Date Last Updated	Security and Privacy	Web & Network	NIST	Lifecycle Management	Incident Planning & Response	Governance	Business
Access Control Policy (AC-1)	2024/07	●	��	●	��	��	��	��
Access Control Procedures for Users (AC-2)	2024/12	●	��	●	��	��	��	��
Application Deployment Certification Guidelines	2025/02	��	��	��	●	��	��	��
Application Deployment Certification Policy	2023/12	��	��	��	●	��	��	��
Application Deployment Certification Templates	2015/08	��	��	��	●	��	��	��
Architecture Compliance Policy	2023/04	��	��	��	��	��	●	��
Business Continuity and Disaster Recovery Policy	2017/10	��	��	��	��	●	��	●
Change Management Policy	2024/07	��	��	●	��	��	●	��
Configuration Management Policy (CM-1)	2024/03	��	��	●	��	��	●	��
Copyrightable Works Policy	2025/02	��	��	��	��	��	●	●
COTS-Cloud Policy	2019/07	��	��	��	��	��	��	●
Data Centers Access Control Procedure	2019/04	●	��	��	��	��	��	��
Data Classification Policy	2024/10	●	��	��	��	��	��	��
Data Exchange Policy	2025/01	●	●	��	��	��	��	��
Digital Accessibility Policy	2024/02	��	��	��	��	��	��	��
Domain Name Policy & Procedure	2022/12	��	●	��	��	��	●	��
Drone (Unmanned Aerial Vehicle) Policy	2024/08	●	��	��	��	��	��	��
Enterprise Name Resolution Procedure	2019/04	��	●	��	��	��	●	��
FOAA Policy	2017/10	●	��	��	��	��	��	��
Forensic Investigation Workflow Policy	2023/11	��	��	��	��	��	●	��
GenAI Policy	2025/02	●	��	��	��	��	●	��
Global Address List Standard	2024/03	��	●	��	��	��	●	��
Hosting & Housing Policy	2020/11	��	��	��	��	��	●	��
Hosting-Customization Policy	2019/07	��	��	��	��	��	●	��
Information Privacy Policy	2017/09	●	��	��	��	��	��	��
Information Security Policy	2024/05	●	��	��	��	��	��	��
InforME Network Services Policy	2022/03	��	●	��	��	��	��	��
Infrastructure Deployment Certification Policy	2022/03	��	��	��	●	��	��	��
Major Incident Procedure	2023/12	��	��	��	��	●	��	��
Microsoft Low-Code Governance	2023/12	��	��	��	��	��	●	��
Microsoft Power Platform Governance: Quick Start	2021/10	��	��	��	��	��	●	��
Microsoft Power Platform: Escalation Path	2021/10	��	��	��	��	��	●	��
Mobile Device Policy	2024/03	●	��	��	��	��	●	��
Network Device Management Policy	2023/03	●	●	��	��	��	●	��
Off-Hours Coverage Policy	2018/08	●	��	��	��	��	●	��
OIT Building Access Procedures	2019/04	●	��	��	��	��	●	��
Personnel Security Policy and Procedures (PS-1)	2024/12	●	��	●	��	��	��	●
Physical and Environmental Protection Policy (PE-1)	2024/12	●	��	●	��	��	●	��
Policy, Standard or Procedure Creation Process	2019/09	��	��	��	��	��	●	��
Program Management Policy and Procedures (PM-1)	2024/12	●	��	●	��	��	●	��
Public Data Jack Policy	2018/07	��	��	��	��	��	●	��
Remote Hosting Policy	2025/01	��	●	��	��	��	��	●
Risk Assessment Policy and Procedures (RA-1)	2024/12	●	��	●	��	●	��	��
Rules of Behavior Policy (PL-4)	2024/10	��	��	●	��	��	��	●
Salesforce Governance: Background	2021/09	��	��	��	��	��	●	��
Salesforce Governance: Details	2021/09	��	��	��	��	��	●	��
Salesforce Governance: Executive Summary	2021/09	��	��	��	��	��	●	��
SDLC Policy	2017/03	��	��	��	●	��	��	��
SDLC Procedure	2018/03	��	��	��	●	��	��	��
Security Assessment and Authorization Policy and Procedures (CA-1)	2024/09	●	��	●	��	��	��	��
Security Awareness and Training Policy and Procedures (AT-1)	2024/12	●	��	●	��	��	��	��
Security Planning Policy (PL-1)	2024/08	●	��	●	��	��	��	��
Site-to-Site VPN Policy	2024/10	��	●	��	��	��	��	��
Social Media for Personal Use Policy	2015/05	��	��	��	��	��	●	��
Social Media for State Business Policy	2024/06	��	●	��	��	��	●	��
System and Communications Protection Policy and Procedures (SC-1)	2024/11	●	●	●	��	��	��	��
System and Communications Protection Policy and Procedures for Defense in Depth (SC-2, 4, 5, 20, 21, 22, 23, 28, 32, 39)	2024/03	●	●	●	��	��	��	��
System and Communications Protection Policy and Procedures for Encryption Mechanisms (SC-12, 13, 17)	2024/03	●	●	●	��	��	��	��
System and Communications Protection Policy and Procedures for Specific Technologies (SC-6, 10, 15, 18, 19)	2024/11	●	●	●	��	��	��	��
System and Information Integrity Policy and Procedures (SI-1)	2025/02	●	��	●	��	��	��	��
System and Services Acquisition Policy and Procedures (SA-1)	2024/12	●	��	●	●	��	●	●
Telecommunications Facilities and Wiring Specifications	2021/12	��	��	��	��	��	●	��
User Device and Commodity Application Policy	2025/02	●	��	��	��	��	��	��
Vendor Identity System Integration Policy	2024/10	��	●	��	��	��	��	��
Vulnerability Scanning Procedure (RA-5)	2024/12	●	��	●	��	��	��	��
Waiver Policy	2024/09	��	��	��	��	��	●	��
Web Standards	2020/01	��	●	��	��	��	��	��
Website Acceptance Policy	2020/01	��	●	��	��	��	��	��