Policies & Standards

Welcome to the MaineIT Policies, Standards, and Procedures page. By default, the below content applies to any/all Information Technology Assets under the purview of the Chief Information Officer. You can sort the table below by topic or title, or you can search via the search box for your desired document. Any questions about this content should be directed to the MaineIT Architecture and Policy team.  

For the latest updates about certain policies, please reference this list of Policy Pulses. 

Note: The documents below are in PDF format. To view PDF documents, you will need the free Adobe Reader.

    Title Date Last Updated Security and Privacy Web & Network Accessibility Lifecycle Management Incident Planning & Response Governance Business
    Access Control Policy (AC-1) 2022/07            
    Access Control Procedures for Users (AC-2)


    Application Deployment Certification Guidelines 2011/03            
    Application Deployment Certification Policy 2021/07            
    Application Deployment Certification Templates 2015/08            
    Architecture Compliance Policy 2023/04            
    Audit Policy 2018/07            
    Business Continuity and Disaster Recovery Policy 2017/10          
    Change Management Policy 2019/07            
    Configuration Management Policy (CM-1) 2022/03            
    Copyrightable Works Policy 2002/12          
    COTS-Cloud Policy 2019/07            
    Data Centers Access Control Procedure 2019/04            
    Data Classification Policy 2023/02            
    Data Exchange Policy 2021/03          
    Digital Accessibility Policy 2023/01            
    Domain Name Policy & Procedure 2022/12          
    Drone (Unmanned Aerial Vehicle) Policy 2021/12            
    Enterprise Name Resolution Procedure 2019/04          
    FOAA Policy 2017/10            
    Forensic Investigation Workflow Policy 2018/07            
    Global Address List Standard 2022/04          
    Hosting & Housing Policy 2020/11            
    Hosting-Customization Policy 2019/07            
    Information Privacy Policy 2017/09            
    Information Security Policy 2019/03            
    InforME Network Services Policy 2022/03            
    Infrastructure Deployment Certification Policy 2022/03            
    Major Incident Procedure 2019/05            
    Microsoft Low-Code Governance 2022/07            
    Microsoft Power Platform Governance: Quick Start 2021/10            
    Microsoft Power Platform: Escalation Path 2021/10            
    Mobile Device Policy 2020/12          
    Network Device Management Policy 2023/03        
    Off-Hours Coverage Policy 2018/08          
    OIT Building Access Procedures 2019/04          
    Personnel Security Policy and Procedures (PS-1) 2022/12          
    Physical and Environmental Protection Policy (PE-1) 2023/03          
    Policy, Standard or Procedure Creation Process 2019/09            
    Program Management Policy and Procedures (PM-1) 2022/01          
    Public Data Jack Policy 2018/07            
    Remote Hosting Policy 2022/11          
    Risk Assessment Policy and Procedures (RA-1) 2021/06          
    Rules of Behavior Policy (PL-4) 2021/06            
    Salesforce Governance: Background 2021/09            
    Salesforce Governance: Details 2021/09            
    Salesforce Governance: Executive Summary 2021/09            
    SDLC Policy 2017/03            
    SDLC Procedure 2018/03            
    SecurID Procedure 2019/04          
    Security Assessment and Authorization Policy and Procedures (CA-1) 2022/06            
    Security Awareness and Training Policy and Procedures (AT-1) 2021/06            
    Security Planning Policy (PL-1) 2021/06            
    Social Media for Personal Use Policy 2015/05            
    Social Media for State Business Policy 2020/02          
    System and Communications Protection Policy and Procedures (SC-1) 2021/07          
    System and Communications Protection Policy and Procedures for Encryption Mechanisms (SC-12, 13, 17) 2023/04          
    System and Information Integrity Policy and Procedures (SI-1) 2022/06            
    System and Services Acquisition Policy and Procedures (SA-1) 2020/10      
    Telecommunications Facilities and Wiring Specifications 2021/12            
    User Device and Commodity Application Policy 2022/04            
    Vulnerability Scanning Procedure (RA-5) 2021/06            
    Waiver Policy 2023/04            
    Web Standards 2020/01            
    Website Acceptance Policy 2020/01