Policies & Standards

Welcome to the MaineIT Policies, Standards, and Procedures page. By default, the below content applies to any/all Information Technology Assets under the purview of the Chief Information Officer. You can sort the table below by topic or title, or you can search via the search box for your desired document. Any questions about this content should be directed to the MaineIT Architecture and Policy team

For the latest updates about certain policies, please reference this list of Policy Pulses. 

Note: The documents below are in PDF format. To view PDF documents, you will need the free Adobe Reader.

    Title Security and Privacy Web & Network Accessibility Lifecycle Management Incident Planning & Response Governance Business
    Access Control Policy (AC-1)            
    Access Control Procedures for Users (AC-2)            
    Accessible Information and Effective Communication            
    Application Deployment Certification Guidelines            
    Application Deployment Certification Policy            
    Application Deployment Certification Templates            
    Architecture Compliance Policy            
    Audit Policy            
    Business Continuity and Disaster Recovery Policy          
    Change Management Policy            
    Configuration Management Policy (CM-1)            
    Copyrightable Works Policy          
    COTS-Cloud Policy            
    Data Centers Access Control Procedure            
    Data Exchange Policy          
    Digital Accessibility Policy            
    Domain Name Policy & Procedure          
    Drone (Unmanned Aerial Vehicle) Policy            
    Enterprise Name Resolution Procedure          
    FOAA Policy            
    Forensic Investigation Workflow Policy            
    Global Address List Standard          
    Hosting & Housing Policy            
    Hosting-Customization Policy            
    Information Privacy Policy            
    Information Security Policy            
    InforME Network Services Policy            
    Infrastructure Deployment Certification Policy            
    Major Incident Procedure            
    Mobile Device Policy          
    Network Device Management Policy        
    Off-Hours Coverage Policy          
    OIT Building Access Procedures          
    Physical and Environmental Protection Policy (PE-1)          
    Policy, Standard or Procedure Creation Process            
    Program Management Policy and Procedures (PM-1)          
    Public Data Jack Policy            
    Remote Hosting Policy          
    Risk Assessment Policy and Procedures (RA-1)          
    Rules of Behavior Policy (PL-4)            
    Salesforce Governance: Background            
    Salesforce Governance: Executive Summary            
    Salesforce Governance: Details            
    SDLC Policy            
    SDLC Procedure            
    SecurID Procedure          
    Security Assessment and Authorization Policy and Procedures (CA-1)            
    Security Awareness and Training Policy and Procedures (AT-1)            
    Security Planning Policy (PL-1)            
    Social Media for Personal Use Policy            
    Social Media for State Business Policy          
    State Privacy Policy          
    System and Communications Protection Policy and Procedures (SC-1)          
    System and Information Integrity Policy and Procedures (SI-1)            
    System and Services Acquisition Policy and Procedures (SA-1)      
    Telecommunications Facilities and Wiring Specifications            
    User Device and Commodity Application Policy            
    Vulnerability Scanning Procedure (RA-5)            
    Waiver Policy            
    Web Standards            
    Website Acceptance Policy