Maine State Government
Dept. of Administrative & Financial Services
Office of Information Technology
State of Maine employees shall use State owned/approved
software and devices in the absence of a compelling reason to the contrary.
provides the leadership and guidance to executive branch agencies and others
with regard to the use of
software and IT devices, not owned or leased by the State, to be used for
State’s business. The State of Maine conducts the majority of its
business through software and IT devices. The use of non-approved software and
IT devices can seriously jeopardize the security and confidentiality of
important information of the State of Maine. This policy expands upon the
State of Maine Information Technology Security Policy adopted by the
Information Services Policy Board (ISPB) 12/19/2002, and replaces the Software
Usage Policy adopted by the ISPB 12/2002.
1. State Executive Branch
agencies are responsible for managing the use of
non-state owned/approved software or devices for state business.
This policy is intended to govern the use of non-state
owned/approved software or devices connected to the State of Maine wide area
Branch and semi-autonomous State agencies
from other Maine State government branches
conducting business with the State of Maine and
D. All other
entities that host applications on devices operated by the OIT or other
applications which traverse the State’s wide area and radio networks.
Information Officer (CIO) - Title 5, Maine Revised Statutes, Chapter 163 §1973,
Section 1, Paragraph B authorizes the CIO to “set policies and standards for
the implementation and use of information and telecommunications technologies,”
1. The CIO directs the Chief
Technology Officer to implement the provisions of this policy.
B. In support
of the above, the Chief Technology Officer will:
1. Establish the procedures
to govern the use of software and IT devices, not owned or leased by the State,
that are used for State’s business.
2. Create and manage an electronic
procedures process for vendors, agency directors or designees to request
permission for the use of software and IT devices, not owned or leased by the
3. Assure the process defined to
implement the policy and procedures is in accordance with ALL State and OIT policies.
1. Submit a request to use
software and IT devices, not owned or leased by the State. See procedure
associated with this policy.
2. Adhere to the procedures
associated with this policy.
owned – For the purpose of this policy, the phrase “non-State owned” includes,
but is not limited to, any equipment to be used for approved State business
1. Maine State employees,
2. Vendors under contract
with the State of Maine,
3. Political subdivisions of
the State of Maine (e.g. counties, municipalities, and by extension their
instrumentalities such as municipal fire departments, and regional agencies
such as Public Safety Answering Points),
4. Federal government and
5. Others that access or
store State of Maine information.
B. IT Device: For the purpose of
this policy IT Devices are defined broadly, to include desktop computers as
well as other technology devices used to transact business electronically.
Software - OIT permitted software is listed on OIT’s intranet site: http://inet.state.me.us/oit/services/index.html
. See Procedure for the Use of Non-State Owned/Approved Software and Devices
for State Business for the process on adding software to the State’s permitted
D. agency director(s): For the purposes of this policy, the
term “agency director(s)” refers to the agency policy influencing leaders
identified in Maine Revised Statutes Annotated, Title 5 section 932 etc.
state agency: An agency created
by an act of the Legislative Branch that is not a part of the Executive Branch.
This term does not include the Legislative and Judicial Branches, Offices of
the Attorney General, Secretary of State, State Treasurer and Audit Department.
VIII. Document Information
Reference Number: 17
B. Category: Security
F. Point of
Contact: Office of Information Technology: Mark Kemmerle, Enterprise Information
Security Officer, telephone: 207-624-8892, and Karen Curtis, Director of Client
Technologies Services, telephone 207-624-9508
By: Richard B. Thompson, Chief Information Officer
Title(s) or Agency Responsible for Enforcement: Greg McNeal, Chief Technology
Officer, telephone 207-624-9471
Citation: 5 M.R.S.A. Chapter 163 §
1973. Responsibilities of the Chief Information Officer, paragraph 1B “Set policies and standards for the implementation
and use of information and telecommunications technologies, including privacy
and security standards…”
Process: The CIO or his/her designee may
authorize an exception on a case-by-case basis.
Apply for a waiver as follows:
Address an email to Richard
B. Thompson and include as a CC: the Associate Chief Information Officer or the
agency Agency Information Technology Officer.
If you require assistance with determining the correct person, contact the
CIO’s office at 624-8800.
Include the following in the
Document a compelling technical or business case that
identifies the specific action
and how it warrants exemption.
Include any supporting documentation you may have.
When a decision has been reached in granting or denying the
waiver, the CIO will respond to the submitter, the AITD, and the following
three designated people whose names are located on the policy/standard for
which the waiver is being sought: Point of Contact, Approved By and Position
Title(s) or Agency Responsible for Enforcement.