Policies & Standards

Welcome to the MaineIT Policies, Standards, and Procedures page. By default, the below content applies to any/all Information Technology Assets under the purview of the Chief Information Officer. You can sort the table below by topic or title, or you can search via the search box for your desired document. Any questions about this content should be directed to the MaineIT Architecture and Policy team.  

For the latest updates about certain policies, please reference this list of Policy Pulses. 

Title Date Last Updated Security and Privacy Web & Network NIST Lifecycle Management Incident Planning & Response Governance Business
Access Control Policy (AC-1) 2023/07          
Access Control Procedures for Users (AC-2)


Application Deployment Certification Guidelines 2023/11            
Application Deployment Certification Policy 2023/12            
Application Deployment Certification Templates 2015/08            
Architecture Compliance Policy 2023/04            
Business Continuity and Disaster Recovery Policy 2017/10          
Change Management Policy 2023/11          
Configuration Management Policy (CM-1) 2024/03          
Copyrightable Works Policy 2002/12          
COTS-Cloud Policy 2019/07            
Data Centers Access Control Procedure 2019/04            
Data Classification Policy 2023/02            
Data Exchange Policy 2023/11          
Digital Accessibility Policy 2024/02              
Domain Name Policy & Procedure 2022/12          
Drone (Unmanned Aerial Vehicle) Policy 2021/12            
Enterprise Name Resolution Procedure 2019/04          
FOAA Policy 2017/10            
Forensic Investigation Workflow Policy 2023/11            
Global Address List Standard 2024/03          
Hosting & Housing Policy 2020/11            
Hosting-Customization Policy 2019/07            
Information Privacy Policy 2017/09            
Information Security Policy 2024/05            
InforME Network Services Policy 2022/03            
Infrastructure Deployment Certification Policy 2022/03            
Major Incident Procedure 2023/12            
Microsoft Low-Code Governance 2023/12            
Microsoft Power Platform Governance: Quick Start 2021/10            
Microsoft Power Platform: Escalation Path 2021/10            
Mobile Device Policy 2024/03          
Network Device Management Policy 2023/03        
Off-Hours Coverage Policy 2018/08          
OIT Building Access Procedures 2019/04          
Personnel Security Policy and Procedures (PS-1) 2022/12        
Physical and Environmental Protection Policy (PE-1) 2024/02        
Policy, Standard or Procedure Creation Process 2019/09            
Program Management Policy and Procedures (PM-1) 2023/11        
Public Data Jack Policy 2018/07            
Remote Hosting Policy 2023/10          
Risk Assessment Policy and Procedures (RA-1) 2023/10        
Rules of Behavior Policy (PL-4) 2023/12          
Salesforce Governance: Background 2021/09            
Salesforce Governance: Details 2021/09            
Salesforce Governance: Executive Summary 2021/09            
SDLC Policy 2017/03            
SDLC Procedure 2018/03            
Security Assessment and Authorization Policy and Procedures (CA-1) 2022/06          
Security Awareness and Training Policy and Procedures (AT-1) 2021/06          
Security Planning Policy (PL-1) 2021/06          
Social Media for Personal Use Policy 2015/05            
Social Media for State Business Policy 2020/02          
System and Communications Protection Policy and Procedures (SC-1) 2021/07        
System and Communications Protection Policy and Procedures for Defense in Depth (SC-2, 4, 5, 20, 21, 22, 23, 28, 32, 39) 2024/03        
System and Communications Protection Policy and Procedures for Encryption Mechanisms (SC-12, 13, 17) 2024/03        
System and Information Integrity Policy and Procedures (SI-1) 2022/06          
System and Services Acquisition Policy and Procedures (SA-1) 2023/11    
Telecommunications Facilities and Wiring Specifications 2021/12            
User Device and Commodity Application Policy 2024/04            
Vulnerability Scanning Procedure (RA-5) 2021/06          
Waiver Policy 2024/01            
Web Standards 2020/01            
Website Acceptance Policy 2020/01